Votre question

[Résolu] cheval de troie et alertes spyware/windows security etc...

Tags :
  • Spyware
  • Sécurité
Dernière réponse : dans Sécurité et virus
26 Janvier 2008 13:33:03

bonjour, je viens d'acquérir un nouvel ordinateur et voilà que je suis infesté par un cheval de troie (peut être plusieurs) ainsi que 2 alertes spyware (le triangle jaune et la croix sur rond rouge)
le programme suspect se nomme : Win32:Alphabet-P [Trj]
je crois qu'il y en a d'autres
Avast ne résoud aucun problème, ni les 2 autres logiciels que j'ai (Ad-Aware et spybot search & destroy)
j'ai aussi le problème de la pub round.starsdoors ou quelque chose comme ça, apparemment je suis pas le seul d'après ce que j'ai pu lire en parcourant le forum...

j'ai vu qu'il fallait poster un rapport Hijackthis, le voilà :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:26:03, on 26/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\TEMP\win1DD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Dot1XCfg\Dot1XCfg.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6750EF42-09E0-4238-B283-20F4E1697A85} - C:\Program Files\Windows NT\hokenowC:\WINDOWS\system32\uwcee9\renamd83122.exe.dll (file missing)
O2 - BHO: (no name) - {A051B1FF-8D7E-418B-AABE-4FF82F4280A2} - C:\WINDOWS\system32\urqrpml.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKLM\..\Run: [MSDisp32] rundll32.exe C:\WINDOWS\system32\drvwon.dll,startup
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win1DD.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O20 - Winlogon Notify: urqrpml - C:\WINDOWS\SYSTEM32\urqrpml.dll
O20 - Winlogon Notify: winopn32 - C:\WINDOWS\SYSTEM32\winopn32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5968 bytes

voilà, bon évidemment, moi j'y comprends rien, ça serait trop simple ^^

Autres pages sur : resolu cheval troie alertes spyware windows security

a b 8 Sécurité
26 Janvier 2008 14:08:03

Bonjour,

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
  • Double-clique VundoFix.exe afin de le lancer
  • Clique sur le bouton Scan for Vundo
  • Lorsque le scan est complété, clique sur le bouton Remove Vundo
  • Une invite te demandera si tu veux supprimer les fichiers, clique YES
  • Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
  • Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
  • Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse
    Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
    26 Janvier 2008 20:14:38

    voilà c'est fait, voici les nouveaux rapports :) 

    vundofix :


    VundoFix V6.7.7

    Checking Java version...

    Sun Java not detected
    Scan started at 19:56:44 26/01/2008

    Listing files found while scanning....

    C:\WINDOWS\system32\byxyxyx.dll
    C:\WINDOWS\system32\khfffdd.dll
    C:\WINDOWS\system32\qomnnmj.dll
    C:\WINDOWS\system32\tuvwxuv.dll
    C:\WINDOWS\system32\urqrpml.dll
    C:\WINDOWS\system32\winjjq32.dll
    C:\WINDOWS\system32\winjks32.dll
    C:\WINDOWS\system32\winopn32.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\byxyxyx.dll
    C:\WINDOWS\system32\byxyxyx.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\khfffdd.dll
    C:\WINDOWS\system32\khfffdd.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qomnnmj.dll
    C:\WINDOWS\system32\qomnnmj.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\tuvwxuv.dll
    C:\WINDOWS\system32\tuvwxuv.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\urqrpml.dll
    C:\WINDOWS\system32\urqrpml.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\winjjq32.dll
    C:\WINDOWS\system32\winjjq32.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\winjks32.dll
    C:\WINDOWS\system32\winjks32.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\winopn32.dll
    C:\WINDOWS\system32\winopn32.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\urqrpml.dll
    C:\WINDOWS\system32\urqrpml.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    et Hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:14:34, on 26/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\ATKKBService.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\TEMP\win1DD.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Dot1XCfg\Dot1XCfg.exe
    C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {6750EF42-09E0-4238-B283-20F4E1697A85} - C:\Program Files\Windows NT\hokenowC:\WINDOWS\system32\uwcee9\renamd83122.exe.dll (file missing)
    O2 - BHO: (no name) - {A051B1FF-8D7E-418B-AABE-4FF82F4280A2} - C:\WINDOWS\system32\urqrpml.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [GamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
    O4 - HKLM\..\Run: [MSDisp32] rundll32.exe C:\WINDOWS\system32\drvwon.dll,startup
    O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win1DD.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 5921 bytes


    Contenus similaires
    a b 8 Sécurité
    27 Janvier 2008 19:13:16

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

  • Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
    27 Janvier 2008 20:47:24

    voilà le rapport combofix :

    ComboFix 08-01-23.1C - Propri‚taire 2008-01-27 20:41:20.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.609 [GMT 1:00]
    Endroit: C:\Documents and Settings\Propri‚taire\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Propri‚taire\Bureau\Find Spyware Remover.lnk
    C:\Documents and Settings\Propri‚taire\Bureau\Free Online Dating.lnk
    C:\Documents and Settings\Propri‚taire\Bureau\Go to Casino.lnk
    C:\Program Files\Helper
    C:\Program Files\Helper\Helper10.dll
    C:\Program Files\lsass.exe
    C:\Program Files\outerinfo
    C:\Program Files\outerinfo\OiUninstaller.exe
    C:\Program Files\outerinfo\outerinfo.ico
    C:\Program Files\smss.exe
    C:\Program Files\spoolsv.exe
    C:\Program Files\Temporary
    C:\Program Files\Temporary\kernInst.exe
    C:\Temp\1cb
    C:\Temp\1cb\syscheck.log
    C:\WINDOWS\b122.exe
    C:\WINDOWS\Casino.ico
    C:\WINDOWS\Downloaded Program Files\UGA6PV_0001_N122M2910NetInstaller.exe
    C:\WINDOWS\Free Online Dating.ico
    C:\WINDOWS\lsass.exe
    C:\WINDOWS\mgrs.exe
    C:\WINDOWS\mrofinu1000106.exe
    C:\WINDOWS\Spyware Remover.ico
    C:\WINDOWS\system32\pac.txt
    C:\WINDOWS\system32\urqrpml.dll

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-27 to 2008-01-27 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-27 20:40 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
    2008-01-26 19:56 . 2008-01-26 20:09 <REP> d-------- C:\VundoFix Backups
    2008-01-26 13:25 . 2008-01-26 13:25 <REP> d-------- C:\Program Files\Trend Micro
    2008-01-25 22:07 . 2008-01-25 22:07 15,619 --a------ C:\WINDOWS\g2078000.exe
    2008-01-25 21:48 . 2008-01-25 21:48 <REP> d-------- C:\Program Files\MSXML 4.0
    2008-01-25 21:30 . 2008-01-25 21:30 <REP> d--h----- C:\WINDOWS\msdownld.tmp
    2008-01-25 21:29 . 2008-01-26 20:18 <REP> d-------- C:\WINDOWS\system32\fr-fr
    2008-01-25 21:24 . 2008-01-25 21:24 18,944 --a------ C:\WINDOWS\system32\drvwon.dll
    2008-01-25 21:19 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
    2008-01-25 21:18 . 2008-01-25 21:19 <REP> d-------- C:\Program Files\Fichiers communs\AntivirusFiable
    2008-01-25 21:18 . 2008-01-25 21:18 <REP> d-------- C:\Program Files\Dot1XCfg
    2008-01-25 21:18 . 2008-01-25 21:19 <REP> d-------- C:\Program Files\AntivirusFiable
    2008-01-25 21:18 . 2004-10-07 13:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
    2008-01-25 21:18 . 2008-01-25 21:18 36,864 --a------ C:\WINDOWS\17PHolmes572.exe
    2008-01-25 21:15 . 2008-01-25 21:15 <REP> d-------- C:\WINDOWS\system32\uwcee9
    2008-01-25 21:14 . 2008-01-25 21:14 <REP> d-------- C:\WINDOWS\system32\nGpxx01
    2008-01-25 21:14 . 2008-01-25 21:15 <REP> d-------- C:\WINDOWS\system32\aee1
    2008-01-25 21:14 . 2008-01-25 21:14 <REP> d-------- C:\Temp\gTiis19
    2008-01-25 21:14 . 2008-01-25 21:14 <REP> d-------- C:\Temp\cXzz9
    2008-01-25 21:14 . 2008-01-27 20:42 <REP> d-------- C:\Temp
    2008-01-25 21:14 . 2008-01-25 21:14 224,758 --a------ C:\Temp\hKKsb1910.exe
    2008-01-25 21:14 . 2008-01-25 21:14 36,864 --a------ C:\WINDOWS\mrofinu572.exe.tmp
    2008-01-25 20:32 . 2008-01-25 21:33 <REP> d-------- C:\WINDOWS\system32\AlertModule
    2008-01-25 20:32 . 2003-08-04 14:22 94,208 --a------ C:\WINDOWS\system32\W32n50.dll
    2008-01-25 20:32 . 2004-08-23 14:49 40,960 --a------ C:\WINDOWS\system32\FTRTSVC.exe
    2008-01-25 20:32 . 2005-10-06 14:55 36,864 --a------ C:\WINDOWS\system32\IfHelper.dll
    2008-01-25 20:32 . 2004-08-23 14:50 32,768 --a------ C:\WINDOWS\system32\WooDial2000.dll
    2008-01-25 20:32 . 2003-08-04 14:22 16,128 --------- C:\WINDOWS\system32\PCANDIS5.SYS
    2008-01-25 20:31 . 2008-01-27 20:43 <REP> d-------- C:\Program Files\Wanadoo
    2008-01-25 20:26 . 2008-01-25 20:26 <REP> d-------- C:\Program Files\Securitoo
    2008-01-25 20:26 . 2008-01-25 20:26 <REP> d-------- C:\Program Files\Inventel
    2008-01-25 20:13 . 2004-08-19 16:09 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
    2008-01-25 20:13 . 2004-08-19 16:09 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
    2008-01-25 20:13 . 2004-08-19 16:00 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
    2008-01-25 20:13 . 2004-08-19 16:00 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
    2008-01-25 20:13 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
    2008-01-25 20:13 . 2001-08-23 17:04 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
    2008-01-25 20:12 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
    2008-01-25 20:12 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
    2008-01-25 20:12 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
    2008-01-25 20:12 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
    2008-01-18 21:20 . 2008-01-18 21:20 <REP> d-------- C:\Program Files\Nero
    2008-01-18 21:20 . 2008-01-18 21:23 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
    2008-01-18 15:02 . 2008-01-18 15:02 69 --a------ C:\WINDOWS\NeroDigital.ini
    2008-01-18 14:57 . 2008-01-18 14:57 <REP> d-------- C:\Program Files\Alwil Software
    2008-01-18 14:57 . 2003-03-18 21:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
    2008-01-18 14:57 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
    2008-01-18 14:57 . 2003-03-18 20:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
    2008-01-18 14:57 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
    2008-01-18 14:57 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
    2008-01-18 14:57 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2008-01-18 14:57 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2008-01-18 14:57 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2008-01-18 14:57 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2008-01-18 14:57 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2008-01-18 14:51 . 2008-01-18 14:51 <REP> d-------- C:\Program Files\Lavasoft
    2008-01-18 14:51 . 2008-01-18 14:51 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-01-18 14:43 . 2008-01-18 14:43 <REP> d-------- C:\WINDOWS\system32\Lang
    2008-01-18 14:43 . 2008-01-18 14:43 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
    2008-01-18 14:43 . 2008-01-18 14:43 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
    2008-01-18 14:43 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
    2008-01-18 14:35 . 2008-01-18 14:35 <REP> d-------- C:\WINDOWS\system32\RTCOM
    2008-01-18 14:34 . 2008-01-18 14:34 <REP> d-------- C:\Program Files\Realtek
    2008-01-18 14:33 . 2007-01-16 09:54 520,192 -r------- C:\WINDOWS\RtlExUpd.dll
    2008-01-18 14:33 . 2008-01-18 14:33 315,392 --a------ C:\WINDOWS\HideWin.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-18 17:51 --------- d-----w C:\Program Files\My Company Name
    2008-01-18 17:45 --------- d-----w C:\Program Files\ASUS
    2008-01-18 17:44 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
    2008-01-18 17:44 --------- d-----w C:\Program Files\Fichiers communs\ODBC
    2008-01-18 17:11 --------- d-----w C:\Program Files\S3
    2008-01-18 17:11 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-01-18 17:09 --------- d-----w C:\Program Files\VIA
    2008-01-18 17:07 --------- d-----w C:\Program Files\DIFX
    2008-01-18 17:04 --------- d--h--w C:\Program Files\Uninstall Information
    2008-01-18 17:00 --------- d-----w C:\Program Files\microsoft frontpage
    2008-01-18 16:58 --------- d-----w C:\Program Files\Services en ligne
    2008-01-18 16:58 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
    2008-01-18 14:02 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin
    2008-01-18 13:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
    2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6750EF42-09E0-4238-B283-20F4E1697A85}]
    C:\Program Files\Windows NT\hokenowC:\WINDOWS\system32\uwcee9\renamd83122.exe.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 10:21 153136]
    "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50 122880]
    "Dot1XCfg"="C:\Program Files\Dot1XCfg\Dot1XCfg.exe" [2008-01-25 21:18 61440]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 06:26 7700480]
    "nwiz"="nwiz.exe" []
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-19 06:26 86016]
    "GamerOSD"="C:\Program Files\ASUS\GamerOSD\GamerOSD.exe" [2007-02-14 09:42 380928]
    "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
    "RTHDCPL"="RTHDCPL.EXE" [2007-02-03 11:54 16116224 C:\WINDOWS\RTHDCPL.exe]
    "SkyTel"="SkyTel.EXE" [2006-05-20 11:04 2879488 C:\WINDOWS\SkyTel.exe]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
    "MSDisp32"="C:\WINDOWS\system32\drvwon.dll" [2008-01-25 21:24 18944]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]

    R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-22 13:22]
    R1 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb32.sys [2005-10-20 16:25]
    R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-04-17 04:58]
    R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2006-09-29 10:06]
    S3 s3chipid;s3chipid;C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\s3chipid.sys [2008-01-18 18:32]

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-27 20:43:45
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    --------------------- DLLs a charg‚ sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
    -> C:\WINDOWS\system32\drvwon.dll
    .
    Temps d'accomplissement: 2008-01-27 20:45:19 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-01-27 19:44:41
    .
    2008-01-26 19:19:01 --- E O F ---
    27 Janvier 2008 20:55:00

    ah, tiens, j'ai redemmaré Avast et les alertes de fichiers infectés n'apparaissent plus...
    les windows alerts et spyware sont toujours là par contre...
    c'est encourageant ^^ merci !
    a b 8 Sécurité
    27 Janvier 2008 22:41:15

    On continue :) 

    Télécharge MSNFix.zip ([#ff0000]!aur3n7[/#f]) sur ton Bureau.
    Décompresse-le sur ton bureau (Clique-Droit/Extraire tout).

    Ouvre le dossier MSNFix puis double-clique sur MSNFix.bat.
    - Exécute l'option R.
    -- Si l'infection est détectée, presse une touche pour lancer le nettoyage.

    [#ff0000]Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations.
    Dans ce cas il suffit de redémarrer l'ordinateur manuellement.[/#f]

    Poste le rapport situé dans le dossier MSNFix.
    Le nom du rapport correspond au moment de sa création : date_heure.log
    28 Janvier 2008 20:22:16


    C:\Documents and Settings\Propriétaire\Bureau\MSNFix\MSNFix
    Fix exécuté le 28/01/2008 - 20:14:55,54 By Propriétaire
    mode normal

    ************************ Recherche les fichiers présents

    ... C:\Program Files\Dot1XCfg\Dot1XCfg.exe
    ... C:\WINDOWS\mrofinu*.exe.tmp

    ************************ Recherche les dossiers présents

    ... C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft\Network\Downloader\
    ... C:\Program Files\Dot1XCfg\
    ... C:\Temp\




    ************************ Suppression des fichiers

    .. OK ... C:\Program Files\Dot1XCfg\Dot1XCfg.exe
    .. OK ... C:\WINDOWS\mrofinu*.exe.tmp


    ************************ Suppression des dossiers

    /!\ ... C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft\Network\Downloader\
    .. OK ... C:\Program Files\Dot1XCfg\
    /!\ ... C:\Temp\


    ************************ Nettoyage du registre



    ************************ Fichiers suspects

    Aucun Fichier trouvé


    Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 28012008_20154296.zip


    ------------------------------------------------------------------------
    Auteur : !aur3n7 Contact: http://changelog.fr
    ------------------------------------------------------------------------

    --------------------------------------------- END ---------------------------------------------

    a b 8 Sécurité
    28 Janvier 2008 20:26:25

    Refais un scan Combofix.
    28 Janvier 2008 20:47:33

    voilà:

    ComboFix 08-01-23.1C - Propriétaire 2008-01-28 20:38:38.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.635 [GMT 1:00]
    Endroit: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2007-12-28 to 2008-01-28 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-27 20:40 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
    2008-01-26 19:56 . 2008-01-26 20:09 <REP> d-------- C:\VundoFix Backups
    2008-01-26 13:25 . 2008-01-26 13:25 <REP> d-------- C:\Program Files\Trend Micro
    2008-01-25 22:07 . 2008-01-25 22:07 15,619 --a------ C:\WINDOWS\g2078000.exe
    2008-01-25 21:48 . 2008-01-25 21:48 <REP> d-------- C:\Program Files\MSXML 4.0
    2008-01-25 21:30 . 2008-01-25 21:30 <REP> d--h----- C:\WINDOWS\msdownld.tmp
    2008-01-25 21:29 . 2008-01-26 20:18 <REP> d-------- C:\WINDOWS\system32\fr-fr
    2008-01-25 21:24 . 2008-01-25 21:24 18,944 --a------ C:\WINDOWS\system32\drvwon.dll
    2008-01-25 21:19 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
    2008-01-25 21:18 . 2008-01-25 21:19 <REP> d-------- C:\Program Files\Fichiers communs\AntivirusFiable
    2008-01-25 21:18 . 2008-01-25 21:19 <REP> d-------- C:\Program Files\AntivirusFiable
    2008-01-25 21:18 . 2004-10-07 13:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
    2008-01-25 21:18 . 2008-01-25 21:18 36,864 --a------ C:\WINDOWS\17PHolmes572.exe
    2008-01-25 21:15 . 2008-01-25 21:15 <REP> d-------- C:\WINDOWS\system32\uwcee9
    2008-01-25 21:14 . 2008-01-25 21:14 <REP> d-------- C:\WINDOWS\system32\nGpxx01
    2008-01-25 21:14 . 2008-01-25 21:15 <REP> d-------- C:\WINDOWS\system32\aee1
    2008-01-25 21:14 . 2008-01-25 21:14 <REP> d-------- C:\Temp\gTiis19
    2008-01-25 21:14 . 2008-01-25 21:14 <REP> d-------- C:\Temp\cXzz9
    2008-01-25 21:14 . 2008-01-27 20:42 <REP> d-------- C:\Temp
    2008-01-25 21:14 . 2008-01-25 21:14 224,758 --a------ C:\Temp\hKKsb1910.exe
    2008-01-25 20:32 . 2008-01-25 21:33 <REP> d-------- C:\WINDOWS\system32\AlertModule
    2008-01-25 20:32 . 2003-08-04 14:22 94,208 --a------ C:\WINDOWS\system32\W32n50.dll
    2008-01-25 20:32 . 2004-08-23 14:49 40,960 --a------ C:\WINDOWS\system32\FTRTSVC.exe
    2008-01-25 20:32 . 2005-10-06 14:55 36,864 --a------ C:\WINDOWS\system32\IfHelper.dll
    2008-01-25 20:32 . 2004-08-23 14:50 32,768 --a------ C:\WINDOWS\system32\WooDial2000.dll
    2008-01-25 20:32 . 2003-08-04 14:22 16,128 --------- C:\WINDOWS\system32\PCANDIS5.SYS
    2008-01-25 20:31 . 2008-01-28 20:11 <REP> d-------- C:\Program Files\Wanadoo
    2008-01-25 20:26 . 2008-01-25 20:26 <REP> d-------- C:\Program Files\Securitoo
    2008-01-25 20:26 . 2008-01-25 20:26 <REP> d-------- C:\Program Files\Inventel
    2008-01-25 20:13 . 2004-08-19 16:09 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
    2008-01-25 20:13 . 2004-08-19 16:09 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
    2008-01-25 20:13 . 2004-08-19 16:00 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
    2008-01-25 20:13 . 2004-08-19 16:00 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
    2008-01-25 20:13 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
    2008-01-25 20:13 . 2001-08-23 17:04 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
    2008-01-25 20:12 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
    2008-01-25 20:12 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
    2008-01-25 20:12 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
    2008-01-25 20:12 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
    2008-01-18 21:20 . 2008-01-18 21:20 <REP> d-------- C:\Program Files\Nero
    2008-01-18 21:20 . 2008-01-18 21:23 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
    2008-01-18 15:02 . 2008-01-28 11:16 69 --a------ C:\WINDOWS\NeroDigital.ini
    2008-01-18 14:57 . 2008-01-18 14:57 <REP> d-------- C:\Program Files\Alwil Software
    2008-01-18 14:57 . 2003-03-18 21:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
    2008-01-18 14:57 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
    2008-01-18 14:57 . 2003-03-18 20:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
    2008-01-18 14:57 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
    2008-01-18 14:57 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
    2008-01-18 14:57 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2008-01-18 14:57 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2008-01-18 14:57 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2008-01-18 14:57 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2008-01-18 14:57 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2008-01-18 14:51 . 2008-01-18 14:51 <REP> d-------- C:\Program Files\Lavasoft
    2008-01-18 14:51 . 2008-01-18 14:51 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-01-18 14:43 . 2008-01-18 14:43 <REP> d-------- C:\WINDOWS\system32\Lang
    2008-01-18 14:43 . 2008-01-18 14:43 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
    2008-01-18 14:43 . 2008-01-18 14:43 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
    2008-01-18 14:43 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
    2008-01-18 14:35 . 2008-01-18 14:35 <REP> d-------- C:\WINDOWS\system32\RTCOM
    2008-01-18 14:34 . 2008-01-18 14:34 <REP> d-------- C:\Program Files\Realtek
    2008-01-18 14:33 . 2007-01-16 09:54 520,192 -r------- C:\WINDOWS\RtlExUpd.dll
    2008-01-18 14:33 . 2008-01-18 14:33 315,392 --a------ C:\WINDOWS\HideWin.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-28 10:20 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin
    2008-01-18 17:51 --------- d-----w C:\Program Files\My Company Name
    2008-01-18 17:45 --------- d-----w C:\Program Files\ASUS
    2008-01-18 17:44 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
    2008-01-18 17:44 --------- d-----w C:\Program Files\Fichiers communs\ODBC
    2008-01-18 17:11 --------- d-----w C:\Program Files\S3
    2008-01-18 17:11 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-01-18 17:09 --------- d-----w C:\Program Files\VIA
    2008-01-18 17:07 --------- d-----w C:\Program Files\DIFX
    2008-01-18 17:04 --------- d--h--w C:\Program Files\Uninstall Information
    2008-01-18 17:00 --------- d-----w C:\Program Files\microsoft frontpage
    2008-01-18 16:58 --------- d-----w C:\Program Files\Services en ligne
    2008-01-18 16:58 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
    2008-01-18 13:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
    2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-01-27_20.44.28.03 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-01-28 18:28:38 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_538.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6750EF42-09E0-4238-B283-20F4E1697A85}]
    C:\Program Files\Windows NT\hokenowC:\WINDOWS\system32\uwcee9\renamd83122.exe.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 10:21 153136]
    "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50 122880]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 06:26 7700480]
    "nwiz"="nwiz.exe" []
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-19 06:26 86016]
    "GamerOSD"="C:\Program Files\ASUS\GamerOSD\GamerOSD.exe" [2007-02-14 09:42 380928]
    "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
    "RTHDCPL"="RTHDCPL.EXE" [2007-02-03 11:54 16116224 C:\WINDOWS\RTHDCPL.exe]
    "SkyTel"="SkyTel.EXE" [2006-05-20 11:04 2879488 C:\WINDOWS\SkyTel.exe]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
    "MSDisp32"="C:\WINDOWS\system32\drvwon.dll" [2008-01-25 21:24 18944]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]

    R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-22 13:22]
    R1 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb32.sys [2005-10-20 16:25]
    R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-04-17 04:58]
    R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2006-09-29 10:06]
    S3 s3chipid;s3chipid;C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\s3chipid.sys []

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-28 20:39:29
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...c

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-01-28 20:40:03
    ComboFix-quarantined-files.txt 2008-01-28 19:39:42
    ComboFix2.txt 2008-01-27 19:45:19
    .
    2008-01-26 19:19:01 --- E O F ---
    a b 8 Sécurité
    28 Janvier 2008 21:17:51

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    C:\WINDOWS\g2078000.exe
    C:\WINDOWS\system32\drvwon.dll
    C:\WINDOWS\17PHolmes572.exe
    C:\Temp\hKKsb1910.exe

    Folder::
    C:\Program Files\AntivirusFiable
    C:\WINDOWS\system32\uwcee9
    C:\WINDOWS\system32\nGpxx01
    C:\WINDOWS\system32\aee1
    C:\Temp\gTiis19
    C:\Temp\cXzz9

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6750EF42-09E0-4238-B283-20F4E1697A85}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSDisp32"=-


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    29 Janvier 2008 13:19:10

    voilà c'est fait, le rapport combofix :

    ComboFix 08-01-23.1C - Propriétaire 2008-01-29 13:14:49.3 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.642 [GMT 1:00]
    Endroit: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Propriétaire\Mes documents\CFScript.txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE
    C:\Temp\hKKsb1910.exe
    C:\WINDOWS\17PHolmes572.exe
    C:\WINDOWS\g2078000.exe
    C:\WINDOWS\system32\drvwon.dll
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\AntivirusFiable
    C:\Program Files\AntivirusFiable\Activate.exe
    C:\Program Files\AntivirusFiable\al.dat
    C:\Program Files\AntivirusFiable\Config\pgs.xml
    C:\Program Files\AntivirusFiable\Dat\BkSites.dat
    C:\Program Files\AntivirusFiable\Dat\cd.dat
    C:\Program Files\AntivirusFiable\Dat\incmp.dat
    C:\Program Files\AntivirusFiable\Dat\index.dat
    C:\Program Files\AntivirusFiable\dhlp.dll
    C:\Program Files\AntivirusFiable\Engines\plugins\BORLNDMM.DLL
    C:\Program Files\AntivirusFiable\Engines\plugins\SCANADWR.DLL
    C:\Program Files\AntivirusFiable\Engines\plugins\SCANBCDR.DLL
    C:\Program Files\AntivirusFiable\Engines\plugins\SCANDLDR.DLL
    C:\Program Files\AntivirusFiable\Engines\plugins\SCANDOS1.DLL
    C:\Program Files\AntivirusFiable\Engines\plugins\SCANEMUL.DLL
    C:\Program Files\AntivirusFiable\Engines\plugins\SCANFUNC.DLL
    C:\Program Files\AntivirusFiable\Graphics\cross.gif
    C:\Program Files\AntivirusFiable\Graphics\ga6p.gif
    C:\Program Files\AntivirusFiable\Graphics\main.ico
    C:\Program Files\AntivirusFiable\Graphics\mini.ico
    C:\Program Files\AntivirusFiable\Graphics\support.ico
    C:\Program Files\AntivirusFiable\Graphics\uninstall.ico
    C:\Program Files\AntivirusFiable\LA\License.rtf
    C:\Program Files\AntivirusFiable\pgs.exe
    C:\Program Files\AntivirusFiable\ptask.exe
    C:\Program Files\AntivirusFiable\reload.exe
    C:\Program Files\AntivirusFiable\scnkrnl.dll
    C:\Program Files\AntivirusFiable\sqlite3.dll
    C:\Program Files\AntivirusFiable\Tools\pblock.dll
    C:\Program Files\AntivirusFiable\Tools\sbiebho.dll
    C:\Program Files\AntivirusFiable\unins000.dat
    C:\Program Files\AntivirusFiable\unins000.exe
    C:\Program Files\AntivirusFiable\Up\gup.exe
    C:\Temp\cXzz9
    C:\Temp\gTiis19
    C:\Temp\gTiis19\lTig.log
    C:\Temp\hKKsb1910.exe
    C:\WINDOWS\17PHolmes572.exe
    C:\WINDOWS\g2078000.exe
    C:\WINDOWS\system32\aee1
    C:\WINDOWS\system32\drvwon.dll
    C:\WINDOWS\system32\nGpxx01
    C:\WINDOWS\system32\nGpxx01\nGpxx011065.exe
    C:\WINDOWS\system32\uwcee9
    C:\WINDOWS\system32\uwcee9\renamd83122.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2007-12-28 to 2008-01-29 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-27 20:40 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
    2008-01-26 19:56 . 2008-01-26 20:09 <REP> d-------- C:\VundoFix Backups
    2008-01-26 13:25 . 2008-01-26 13:25 <REP> d-------- C:\Program Files\Trend Micro
    2008-01-25 21:48 . 2008-01-25 21:48 <REP> d-------- C:\Program Files\MSXML 4.0
    2008-01-25 21:30 . 2008-01-25 21:30 <REP> d--h----- C:\WINDOWS\msdownld.tmp
    2008-01-25 21:29 . 2008-01-26 20:18 <REP> d-------- C:\WINDOWS\system32\fr-fr
    2008-01-25 21:19 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
    2008-01-25 21:18 . 2008-01-25 21:19 <REP> d-------- C:\Program Files\Fichiers communs\AntivirusFiable
    2008-01-25 21:18 . 2004-10-07 13:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
    2008-01-25 21:14 . 2008-01-29 13:15 <REP> d-------- C:\Temp
    2008-01-25 20:32 . 2008-01-25 21:33 <REP> d-------- C:\WINDOWS\system32\AlertModule
    2008-01-25 20:32 . 2003-08-04 14:22 94,208 --a------ C:\WINDOWS\system32\W32n50.dll
    2008-01-25 20:32 . 2004-08-23 14:49 40,960 --a------ C:\WINDOWS\system32\FTRTSVC.exe
    2008-01-25 20:32 . 2005-10-06 14:55 36,864 --a------ C:\WINDOWS\system32\IfHelper.dll
    2008-01-25 20:32 . 2004-08-23 14:50 32,768 --a------ C:\WINDOWS\system32\WooDial2000.dll
    2008-01-25 20:32 . 2003-08-04 14:22 16,128 --------- C:\WINDOWS\system32\PCANDIS5.SYS
    2008-01-25 20:31 . 2008-01-29 13:10 <REP> d-------- C:\Program Files\Wanadoo
    2008-01-25 20:26 . 2008-01-25 20:26 <REP> d-------- C:\Program Files\Securitoo
    2008-01-25 20:26 . 2008-01-25 20:26 <REP> d-------- C:\Program Files\Inventel
    2008-01-25 20:13 . 2004-08-19 16:09 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
    2008-01-25 20:13 . 2004-08-19 16:09 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
    2008-01-25 20:13 . 2004-08-19 16:00 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
    2008-01-25 20:13 . 2004-08-19 16:00 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
    2008-01-25 20:13 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
    2008-01-25 20:13 . 2001-08-23 17:04 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
    2008-01-25 20:12 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
    2008-01-25 20:12 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
    2008-01-25 20:12 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
    2008-01-25 20:12 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
    2008-01-18 21:20 . 2008-01-18 21:20 <REP> d-------- C:\Program Files\Nero
    2008-01-18 21:20 . 2008-01-18 21:23 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
    2008-01-18 15:02 . 2008-01-28 11:16 69 --a------ C:\WINDOWS\NeroDigital.ini
    2008-01-18 14:57 . 2008-01-18 14:57 <REP> d-------- C:\Program Files\Alwil Software
    2008-01-18 14:57 . 2003-03-18 21:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
    2008-01-18 14:57 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
    2008-01-18 14:57 . 2003-03-18 20:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
    2008-01-18 14:57 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
    2008-01-18 14:57 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
    2008-01-18 14:57 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2008-01-18 14:57 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2008-01-18 14:57 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2008-01-18 14:57 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2008-01-18 14:57 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2008-01-18 14:51 . 2008-01-18 14:51 <REP> d-------- C:\Program Files\Lavasoft
    2008-01-18 14:51 . 2008-01-18 14:51 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-01-18 14:43 . 2008-01-18 14:43 <REP> d-------- C:\WINDOWS\system32\Lang
    2008-01-18 14:43 . 2008-01-18 14:43 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
    2008-01-18 14:43 . 2008-01-18 14:43 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
    2008-01-18 14:43 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
    2008-01-18 14:35 . 2008-01-18 14:35 <REP> d-------- C:\WINDOWS\system32\RTCOM
    2008-01-18 14:34 . 2008-01-18 14:34 <REP> d-------- C:\Program Files\Realtek
    2008-01-18 14:33 . 2007-01-16 09:54 520,192 -r------- C:\WINDOWS\RtlExUpd.dll
    2008-01-18 14:33 . 2008-01-18 14:33 315,392 --a------ C:\WINDOWS\HideWin.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-28 10:20 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin
    2008-01-18 17:51 --------- d-----w C:\Program Files\My Company Name
    2008-01-18 17:45 --------- d-----w C:\Program Files\ASUS
    2008-01-18 17:44 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
    2008-01-18 17:44 --------- d-----w C:\Program Files\Fichiers communs\ODBC
    2008-01-18 17:11 --------- d-----w C:\Program Files\S3
    2008-01-18 17:11 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-01-18 17:09 --------- d-----w C:\Program Files\VIA
    2008-01-18 17:07 --------- d-----w C:\Program Files\DIFX
    2008-01-18 17:04 --------- d--h--w C:\Program Files\Uninstall Information
    2008-01-18 17:00 --------- d-----w C:\Program Files\microsoft frontpage
    2008-01-18 16:58 --------- d-----w C:\Program Files\Services en ligne
    2008-01-18 16:58 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
    2008-01-18 13:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
    2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-01-27_20.44.28.03 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-01-27 19:41:11 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
    + 2008-01-29 12:14:37 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
    - 2008-01-27 19:41:11 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
    + 2008-01-29 12:14:37 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
    - 2008-01-27 19:41:11 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
    + 2008-01-29 12:14:37 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
    - 2008-01-27 19:41:11 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
    + 2008-01-29 12:14:38 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
    - 2008-01-27 19:41:11 1,286,144 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
    + 2008-01-29 12:14:38 1,359,872 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
    - 2008-01-27 19:41:11 24,576 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
    + 2008-01-29 12:14:38 24,576 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
    + 2008-01-29 12:08:48 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5a0.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 10:21 153136]
    "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50 122880]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 06:26 7700480]
    "nwiz"="nwiz.exe" []
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-19 06:26 86016]
    "GamerOSD"="C:\Program Files\ASUS\GamerOSD\GamerOSD.exe" [2007-02-14 09:42 380928]
    "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
    "RTHDCPL"="RTHDCPL.EXE" [2007-02-03 11:54 16116224 C:\WINDOWS\RTHDCPL.exe]
    "SkyTel"="SkyTel.EXE" [2006-05-20 11:04 2879488 C:\WINDOWS\SkyTel.exe]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]

    R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-22 13:22]
    R1 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb32.sys [2005-10-20 16:25]
    R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-04-17 04:58]
    R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2006-09-29 10:06]
    S3 s3chipid;s3chipid;C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\s3chipid.sys []

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-29 13:15:59
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-01-29 13:16:30
    ComboFix-quarantined-files.txt 2008-01-29 12:16:11
    ComboFix2.txt 2008-01-28 19:40:03
    ComboFix3.txt 2008-01-27 19:45:19
    .
    2008-01-26 19:19:01 --- E O F ---

    et voilà le Hijackthis :

    ComboFix 08-01-23.1C - Propriétaire 2008-01-29 13:14:49.3 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.642 [GMT 1:00]
    Endroit: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Propriétaire\Mes documents\CFScript.txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE
    C:\Temp\hKKsb1910.exe
    C:\WINDOWS\17PHolmes572.exe
    C:\WINDOWS\g2078000.exe
    C:\WINDOWS\system32\drvwon.dll
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\AntivirusFiable
    C:\Program Files\AntivirusFiable\Activate.exe
    C:\Program Files\AntivirusFiable\al.dat
    C:\Program Files\AntivirusFiable\Config\pgs.xml
    C:\Program Files\AntivirusFiable\Dat\BkSites.dat
    C:\Program Files\AntivirusFiable\Dat\cd.dat
    C:\Program Files\AntivirusFiable\Dat\incmp.dat
    C:\Program Files\AntivirusFiable\Dat\index.dat
    C:\Program Files\AntivirusFiable\dhlp.dll
    C:\Program Files\AntivirusFiable\Engines\plugins\BORLNDMM.DLL
    C:\Program Files\AntivirusFiable\Engines\plugins\SCANADWR.DLL
    C:\Program Files\AntivirusFiable\Engines\plugins\SCANBCDR.DLL
    C:\Program Files\AntivirusFiable\Engines\plugins\SCANDLDR.DLL
    C:\Program Files\AntivirusFiable\Engines\plugins\SCANDOS1.DLL
    C:\Program Files\AntivirusFiable\Engines\plugins\SCANEMUL.DLL
    C:\Program Files\AntivirusFiable\Engines\plugins\SCANFUNC.DLL
    C:\Program Files\AntivirusFiable\Graphics\cross.gif
    C:\Program Files\AntivirusFiable\Graphics\ga6p.gif
    C:\Program Files\AntivirusFiable\Graphics\main.ico
    C:\Program Files\AntivirusFiable\Graphics\mini.ico
    C:\Program Files\AntivirusFiable\Graphics\support.ico
    C:\Program Files\AntivirusFiable\Graphics\uninstall.ico
    C:\Program Files\AntivirusFiable\LA\License.rtf
    C:\Program Files\AntivirusFiable\pgs.exe
    C:\Program Files\AntivirusFiable\ptask.exe
    C:\Program Files\AntivirusFiable\reload.exe
    C:\Program Files\AntivirusFiable\scnkrnl.dll
    C:\Program Files\AntivirusFiable\sqlite3.dll
    C:\Program Files\AntivirusFiable\Tools\pblock.dll
    C:\Program Files\AntivirusFiable\Tools\sbiebho.dll
    C:\Program Files\AntivirusFiable\unins000.dat
    C:\Program Files\AntivirusFiable\unins000.exe
    C:\Program Files\AntivirusFiable\Up\gup.exe
    C:\Temp\cXzz9
    C:\Temp\gTiis19
    C:\Temp\gTiis19\lTig.log
    C:\Temp\hKKsb1910.exe
    C:\WINDOWS\17PHolmes572.exe
    C:\WINDOWS\g2078000.exe
    C:\WINDOWS\system32\aee1
    C:\WINDOWS\system32\drvwon.dll
    C:\WINDOWS\system32\nGpxx01
    C:\WINDOWS\system32\nGpxx01\nGpxx011065.exe
    C:\WINDOWS\system32\uwcee9
    C:\WINDOWS\system32\uwcee9\renamd83122.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2007-12-28 to 2008-01-29 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-27 20:40 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
    2008-01-26 19:56 . 2008-01-26 20:09 <REP> d-------- C:\VundoFix Backups
    2008-01-26 13:25 . 2008-01-26 13:25 <REP> d-------- C:\Program Files\Trend Micro
    2008-01-25 21:48 . 2008-01-25 21:48 <REP> d-------- C:\Program Files\MSXML 4.0
    2008-01-25 21:30 . 2008-01-25 21:30 <REP> d--h----- C:\WINDOWS\msdownld.tmp
    2008-01-25 21:29 . 2008-01-26 20:18 <REP> d-------- C:\WINDOWS\system32\fr-fr
    2008-01-25 21:19 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
    2008-01-25 21:18 . 2008-01-25 21:19 <REP> d-------- C:\Program Files\Fichiers communs\AntivirusFiable
    2008-01-25 21:18 . 2004-10-07 13:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
    2008-01-25 21:14 . 2008-01-29 13:15 <REP> d-------- C:\Temp
    2008-01-25 20:32 . 2008-01-25 21:33 <REP> d-------- C:\WINDOWS\system32\AlertModule
    2008-01-25 20:32 . 2003-08-04 14:22 94,208 --a------ C:\WINDOWS\system32\W32n50.dll
    2008-01-25 20:32 . 2004-08-23 14:49 40,960 --a------ C:\WINDOWS\system32\FTRTSVC.exe
    2008-01-25 20:32 . 2005-10-06 14:55 36,864 --a------ C:\WINDOWS\system32\IfHelper.dll
    2008-01-25 20:32 . 2004-08-23 14:50 32,768 --a------ C:\WINDOWS\system32\WooDial2000.dll
    2008-01-25 20:32 . 2003-08-04 14:22 16,128 --------- C:\WINDOWS\system32\PCANDIS5.SYS
    2008-01-25 20:31 . 2008-01-29 13:10 <REP> d-------- C:\Program Files\Wanadoo
    2008-01-25 20:26 . 2008-01-25 20:26 <REP> d-------- C:\Program Files\Securitoo
    2008-01-25 20:26 . 2008-01-25 20:26 <REP> d-------- C:\Program Files\Inventel
    2008-01-25 20:13 . 2004-08-19 16:09 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
    2008-01-25 20:13 . 2004-08-19 16:09 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
    2008-01-25 20:13 . 2004-08-19 16:00 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
    2008-01-25 20:13 . 2004-08-19 16:00 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
    2008-01-25 20:13 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
    2008-01-25 20:13 . 2001-08-23 17:04 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
    2008-01-25 20:12 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
    2008-01-25 20:12 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
    2008-01-25 20:12 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
    2008-01-25 20:12 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
    2008-01-18 21:20 . 2008-01-18 21:20 <REP> d-------- C:\Program Files\Nero
    2008-01-18 21:20 . 2008-01-18 21:23 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
    2008-01-18 15:02 . 2008-01-28 11:16 69 --a------ C:\WINDOWS\NeroDigital.ini
    2008-01-18 14:57 . 2008-01-18 14:57 <REP> d-------- C:\Program Files\Alwil Software
    2008-01-18 14:57 . 2003-03-18 21:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
    2008-01-18 14:57 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
    2008-01-18 14:57 . 2003-03-18 20:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
    2008-01-18 14:57 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
    2008-01-18 14:57 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
    2008-01-18 14:57 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2008-01-18 14:57 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2008-01-18 14:57 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2008-01-18 14:57 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2008-01-18 14:57 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2008-01-18 14:51 . 2008-01-18 14:51 <REP> d-------- C:\Program Files\Lavasoft
    2008-01-18 14:51 . 2008-01-18 14:51 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-01-18 14:43 . 2008-01-18 14:43 <REP> d-------- C:\WINDOWS\system32\Lang
    2008-01-18 14:43 . 2008-01-18 14:43 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
    2008-01-18 14:43 . 2008-01-18 14:43 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
    2008-01-18 14:43 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
    2008-01-18 14:35 . 2008-01-18 14:35 <REP> d-------- C:\WINDOWS\system32\RTCOM
    2008-01-18 14:34 . 2008-01-18 14:34 <REP> d-------- C:\Program Files\Realtek
    2008-01-18 14:33 . 2007-01-16 09:54 520,192 -r------- C:\WINDOWS\RtlExUpd.dll
    2008-01-18 14:33 . 2008-01-18 14:33 315,392 --a------ C:\WINDOWS\HideWin.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-28 10:20 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin
    2008-01-18 17:51 --------- d-----w C:\Program Files\My Company Name
    2008-01-18 17:45 --------- d-----w C:\Program Files\ASUS
    2008-01-18 17:44 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
    2008-01-18 17:44 --------- d-----w C:\Program Files\Fichiers communs\ODBC
    2008-01-18 17:11 --------- d-----w C:\Program Files\S3
    2008-01-18 17:11 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-01-18 17:09 --------- d-----w C:\Program Files\VIA
    2008-01-18 17:07 --------- d-----w C:\Program Files\DIFX
    2008-01-18 17:04 --------- d--h--w C:\Program Files\Uninstall Information
    2008-01-18 17:00 --------- d-----w C:\Program Files\microsoft frontpage
    2008-01-18 16:58 --------- d-----w C:\Program Files\Services en ligne
    2008-01-18 16:58 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
    2008-01-18 13:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
    2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-01-27_20.44.28.03 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-01-27 19:41:11 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
    + 2008-01-29 12:14:37 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
    - 2008-01-27 19:41:11 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
    + 2008-01-29 12:14:37 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
    - 2008-01-27 19:41:11 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
    + 2008-01-29 12:14:37 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
    - 2008-01-27 19:41:11 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
    + 2008-01-29 12:14:38 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
    - 2008-01-27 19:41:11 1,286,144 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
    + 2008-01-29 12:14:38 1,359,872 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
    - 2008-01-27 19:41:11 24,576 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
    + 2008-01-29 12:14:38 24,576 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
    + 2008-01-29 12:08:48 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5a0.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 10:21 153136]
    "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50 122880]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 06:26 7700480]
    "nwiz"="nwiz.exe" []
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-19 06:26 86016]
    "GamerOSD"="C:\Program Files\ASUS\GamerOSD\GamerOSD.exe" [2007-02-14 09:42 380928]
    "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
    "RTHDCPL"="RTHDCPL.EXE" [2007-02-03 11:54 16116224 C:\WINDOWS\RTHDCPL.exe]
    "SkyTel"="SkyTel.EXE" [2006-05-20 11:04 2879488 C:\WINDOWS\SkyTel.exe]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]

    R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-22 13:22]
    R1 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb32.sys [2005-10-20 16:25]
    R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-04-17 04:58]
    R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2006-09-29 10:06]
    S3 s3chipid;s3chipid;C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\s3chipid.sys []

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-29 13:15:59
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-01-29 13:16:30
    ComboFix-quarantined-files.txt 2008-01-29 12:16:11
    ComboFix2.txt 2008-01-28 19:40:03
    ComboFix3.txt 2008-01-27 19:45:19
    .
    2008-01-26 19:19:01 --- E O F ---
    29 Janvier 2008 20:51:54

    analyse finie ! voilà le rapport d'Antivir :ange: 



    AntiVir PersonalEdition Classic
    Report file date: mardi 29 janvier 2008 20:38

    Scanning for 1084249 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: SYSTEM
    Computer name: UTILISAT-5836A4

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
    ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 19:37:07
    ANTIVIR2.VDF : 7.0.2.49 1339904 Bytes 25/01/2008 19:37:07
    ANTIVIR3.VDF : 7.0.2.68 189440 Bytes 29/01/2008 19:37:07
    AVEWIN32.DLL : 7.6.0.57 3215872 Bytes 29/01/2008 19:37:07
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
    AVPACK32.DLL : 7.6.0.3 360488 Bytes 29/01/2008 19:37:07
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: C:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: mardi 29 janvier 2008 20:38

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'iexplore.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'NMIndexStoreSvr.exe' - '1' Module(s) have been scanned
    Scan process 'NMIndexingService.exe' - '1' Module(s) have been scanned
    Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
    Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
    Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned
    Scan process 'ATKKBService.exe' - '1' Module(s) have been scanned
    Scan process 'PollingModule.exe' - '1' Module(s) have been scanned
    Scan process 'ComComp.exe' - '1' Module(s) have been scanned
    Scan process 'GestionnaireInternet.exe' - '1' Module(s) have been scanned
    Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned
    Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
    Scan process 'GamerOSD.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    35 processes with 35 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '29' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Documents and Settings\Propriétaire\Bureau\MSNFix\MSNFix\28012008_20154296.zip
    [0] Archive type: ZIP
    --> backup/mrofinu572.exe.tmp
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '47cf80ff.qua'!
    C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\1010[1].exe
    [DETECTION] Is the Trojan horse TR/Delf.KH.12
    [INFO] The file was moved to '47d0811b.qua'!
    C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\CA6TTVZO
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '47d5813b.qua'!
    C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\css4[1]
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '48128170.qua'!
    C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\css4[2]
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '48128172.qua'!
    C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\spoolsv[1].exe
    [DETECTION] Is the Trojan horse TR/Downloader.Gen
    [INFO] The file was moved to '480e817b.qua'!
    C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\css4[1]
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '481281d1.qua'!
    C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\css4[2]
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '481281d3.qua'!
    C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\VDAJ856R\css4[1]
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '48128200.qua'!
    C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\VDAJ856R\css4[2]
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '48128201.qua'!
    C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\VDAJ856R\smss[1].exe
    [DETECTION] Is the Trojan horse TR/Downloader.Gen
    [INFO] The file was moved to '48128203.qua'!
    C:\Program Files\Fichiers communs\AntivirusFiable\ugac.exe
    [DETECTION] Is the Trojan horse TR/Spy.Agent.271360
    [INFO] The file was moved to '4800820e.qua'!
    C:\QooBox\Quarantine\C\Program Files\lsass.exe.vir
    [DETECTION] Is the Trojan horse TR/Delf.KH.12
    [INFO] The file was moved to '4800825a.qua'!
    C:\QooBox\Quarantine\C\Program Files\smss.exe.vir
    [DETECTION] Is the Trojan horse TR/Downloader.Gen
    [INFO] The file was moved to '48128256.qua'!
    C:\QooBox\Quarantine\C\Program Files\spoolsv.exe.vir
    [DETECTION] Is the Trojan horse TR/Downloader.Gen
    [INFO] The file was moved to '480e825b.qua'!
    C:\QooBox\Quarantine\C\Program Files\Helper\Helper10.dll.vir
    [DETECTION] Is the Trojan horse TR/Downloader.Gen
    [INFO] The file was moved to '480b8252.qua'!
    C:\QooBox\Quarantine\C\Program Files\Outerinfo\OiUninstaller.exe.vir
    [DETECTION] Contains detection pattern of the dropper DR/PurityScan.GN.2
    [INFO] The file was moved to '47f48258.qua'!
    C:\QooBox\Quarantine\C\Program Files\Temporary\kernInst.exe.vir
    [DETECTION] Is the Trojan horse TR/Agent.edq
    [INFO] The file was moved to '48118256.qua'!
    C:\QooBox\Quarantine\C\Temp\hKKsb1910.exe.vir
    [DETECTION] Is the Trojan horse TR/Dldr.Agen.buy.47
    [INFO] The file was moved to '47ea823d.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\17PHolmes572.exe.vir
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '47ef822b.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\b122.exe.vir
    [DETECTION] Is the Trojan horse TR/Dldr.Agent.hvj.1
    [INFO] The file was moved to '47d18226.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\g2078000.exe.vir
    [DETECTION] Is the Trojan horse TR/Dialer.ZZ
    [INFO] The file was moved to '47cf8229.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\lsass.exe.vir
    [DETECTION] Is the Trojan horse TR/Delf.KH.12
    [INFO] The file was moved to '4800826b.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\mgrs.exe.vir
    [DETECTION] Is the Trojan horse TR/Dldr.Alphabet.11264.53
    [INFO] The file was moved to '48118261.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\mrofinu1000106.exe.vir
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '480e826d.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\drvwon.dll.vir
    [DETECTION] Is the Trojan horse TR/Crypt.PEC2X.Gen
    [INFO] The file was moved to '4815826f.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\nGpxx01\nGpxx011065.exe.vir
    [DETECTION] Is the Trojan horse TR/Dldr.VB.cge
    [INFO] The file was moved to '480f8246.qua'!
    C:\System Volume Information\_restore{596FF071-05B0-4A0B-A5AF-AE86D1F40DF5}\RP12\A0001552.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '47cf8237.qua'!
    C:\System Volume Information\_restore{596FF071-05B0-4A0B-A5AF-AE86D1F40DF5}\RP13\A0001907.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Purity.BV.7
    [INFO] The file was moved to '47cf8243.qua'!
    C:\System Volume Information\_restore{596FF071-05B0-4A0B-A5AF-AE86D1F40DF5}\RP13\A0001916.exe
    [DETECTION] Is the Trojan horse TR/Crypt.PEC2X.Gen
    [INFO] The file was moved to '47cf8244.qua'!
    C:\System Volume Information\_restore{596FF071-05B0-4A0B-A5AF-AE86D1F40DF5}\RP13\A0001922.exe
    [DETECTION] Contains detection pattern of the dropper DR/PurityScan.GN.2
    [INFO] The file was moved to '47cf8246.qua'!
    C:\System Volume Information\_restore{596FF071-05B0-4A0B-A5AF-AE86D1F40DF5}\RP14\A0002268.dll
    [DETECTION] Is the Trojan horse TR/Drop.Vundo.dvo
    [INFO] The file was moved to '47cf8253.qua'!
    C:\System Volume Information\_restore{596FF071-05B0-4A0B-A5AF-AE86D1F40DF5}\RP14\A0002269.dll
    [DETECTION] Is the Trojan horse TR/Drop.Vundo.dvo
    [INFO] The file was moved to '47cf8254.qua'!
    C:\System Volume Information\_restore{596FF071-05B0-4A0B-A5AF-AE86D1F40DF5}\RP14\A0002271.dll
    [DETECTION] Is the Trojan horse TR/Crypt.PEC2X.Gen
    [INFO] The file was moved to '47cf8256.qua'!
    C:\System Volume Information\_restore{596FF071-05B0-4A0B-A5AF-AE86D1F40DF5}\RP14\A0002272.dll
    [DETECTION] Is the Trojan horse TR/Crypt.PEC2X.Gen
    [INFO] The file was moved to '47cf8258.qua'!
    C:\System Volume Information\_restore{596FF071-05B0-4A0B-A5AF-AE86D1F40DF5}\RP14\A0002273.dll
    [DETECTION] Is the Trojan horse TR/Crypt.PEC2X.Gen
    [INFO] The file was moved to '47cf825a.qua'!
    C:\System Volume Information\_restore{596FF071-05B0-4A0B-A5AF-AE86D1F40DF5}\RP16\A0002384.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '47cf825f.qua'!
    C:\System Volume Information\_restore{596FF071-05B0-4A0B-A5AF-AE86D1F40DF5}\RP16\A0002385.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Agent.hvj.1
    [INFO] The file was moved to '47cf8264.qua'!
    C:\System Volume Information\_restore{596FF071-05B0-4A0B-A5AF-AE86D1F40DF5}\RP16\A0002387.dll
    [DETECTION] Is the Trojan horse TR/Downloader.Gen
    [INFO] The file was moved to '47cf8265.qua'!
    C:\System Volume Information\_restore{596FF071-05B0-4A0B-A5AF-AE86D1F40DF5}\RP16\A0002388.exe
    [DETECTION] Contains detection pattern of the dropper DR/PurityScan.GN.2
    [INFO] The file was moved to '47cf826e.qua'!
    C:\System Volume Information\_restore{596FF071-05B0-4A0B-A5AF-AE86D1F40DF5}\RP16\A0002390.exe
    [DETECTION] Is the Trojan horse TR/Agent.edq
    [INFO] The file was moved to '47cf8270.qua'!
    C:\System Volume Information\_restore{596FF071-05B0-4A0B-A5AF-AE86D1F40DF5}\RP16\A0002391.exe
    [DETECTION] Is the Trojan horse TR/Downloader.Gen
    [INFO] The file was moved to '47cf8272.qua'!
    C:\System Volume Information\_restore{596FF071-05B0-4A0B-A5AF-AE86D1F40DF5}\RP16\A0002392.exe
    [DETECTION] Is the Trojan horse TR/Downloader.Gen
    [INFO] The file was moved to '47cf8274.qua'!
    C:\System Volume Information\_restore{596FF071-05B0-4A0B-A5AF-AE86D1F40DF5}\RP16\A0002395.exe
    [DETECTION] Is the Trojan horse TR/Delf.KH.12
    [INFO] The file was moved to '47cf8276.qua'!
    C:\System Volume Information\_restore{596FF071-05B0-4A0B-A5AF-AE86D1F40DF5}\RP16\A0002396.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Alphabet.11264.53
    [INFO] The file was moved to '47cf8277.qua'!
    C:\System Volume Information\_restore{596FF071-05B0-4A0B-A5AF-AE86D1F40DF5}\RP16\A0002398.exe
    [DETECTION] Is the Trojan horse TR/Delf.KH.12
    [INFO] The file was moved to '47cf8278.qua'!
    C:\System Volume Information\_restore{596FF071-05B0-4A0B-A5AF-AE86D1F40DF5}\RP16\A0002404.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Alphabet.11264.53
    [INFO] The file was moved to '47cf827a.qua'!
    C:\System Volume Information\_restore{596FF071-05B0-4A0B-A5AF-AE86D1F40DF5}\RP16\A0002467.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Adload.PR.2
    [INFO] The file was moved to '47cf827d.qua'!
    C:\System Volume Information\_restore{596FF071-05B0-4A0B-A5AF-AE86D1F40DF5}\RP17\A0002508.exe
    [DETECTION] Is the Trojan horse TR/Dldr.VB.cge
    [INFO] The file was moved to '47cf8281.qua'!
    C:\System Volume Information\_restore{596FF071-05B0-4A0B-A5AF-AE86D1F40DF5}\RP17\A0002510.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '47cf8282.qua'!
    C:\System Volume Information\_restore{596FF071-05B0-4A0B-A5AF-AE86D1F40DF5}\RP17\A0002511.exe
    [DETECTION] Is the Trojan horse TR/Dialer.ZZ
    [INFO] The file was moved to '47cf8284.qua'!
    C:\System Volume Information\_restore{596FF071-05B0-4A0B-A5AF-AE86D1F40DF5}\RP17\A0002512.dll
    [DETECTION] Is the Trojan horse TR/Crypt.PEC2X.Gen
    [INFO] The file was moved to '47cf8285.qua'!
    C:\System Volume Information\_restore{596FF071-05B0-4A0B-A5AF-AE86D1F40DF5}\RP18\A0002659.exe
    [DETECTION] Is the Trojan horse TR/Spy.Agent.271360
    [INFO] The file was moved to '47cf828b.qua'!
    C:\System Volume Information\_restore{596FF071-05B0-4A0B-A5AF-AE86D1F40DF5}\RP7\A0000383.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '47cf8295.qua'!
    C:\VundoFix Backups\khfffdd.dll.bad
    [DETECTION] Is the Trojan horse TR/Drop.Vundo.dvo
    [INFO] The file was moved to '480582d1.qua'!
    C:\VundoFix Backups\qomnnmj.dll.bad
    [DETECTION] Is the Trojan horse TR/Drop.Vundo.dvo
    [INFO] The file was moved to '480c82d9.qua'!
    C:\VundoFix Backups\winjjq32.dll.bad
    [DETECTION] Is the Trojan horse TR/Crypt.PEC2X.Gen
    [INFO] The file was moved to '480d82d5.qua'!
    C:\VundoFix Backups\winjks32.dll.bad
    [DETECTION] Is the Trojan horse TR/Crypt.PEC2X.Gen
    [INFO] The file was moved to '480d82d6.qua'!
    C:\VundoFix Backups\winopn32.dll.bad
    [DETECTION] Is the Trojan horse TR/Crypt.PEC2X.Gen
    [INFO] The file was moved to '480d82d7.qua'!


    End of the scan: mardi 29 janvier 2008 20:50
    Used time: 11:42 min

    The scan has been done completely.

    2223 Scanning directories
    60298 Files were scanned
    59 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    59 files were moved to quarantine
    0 files were renamed
    1 Files cannot be scanned
    60239 Files not concerned
    800 Archives were scanned
    1 Warnings
    0 Notes

    a b 8 Sécurité
    29 Janvier 2008 21:20:11

    Reposte un rapport Hijackthis.
    29 Janvier 2008 22:14:53

    le rapport hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:12:40, on 29/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\ATKKBService.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [GamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 4978 bytes

    a b 8 Sécurité
    30 Janvier 2008 13:27:00

    C'est mieux ?
    31 Janvier 2008 13:02:34

    oui !! j'ai attendu un peu, pour voir si il n'y avait pas d'autres soucis qui se présentaient, ça a pas l'air... tous les problèmes ont disparu, ça marche impec ! Antivir fonctionne bien, tout va bien quoi ^^
    merci pour tout :D  :D  :D  :D  :D  :D  :D  :D 
    a b 8 Sécurité
    31 Janvier 2008 18:19:44

    Ok ;) 

  • Télécharge ToolsCleaner sur ton Bureau.
  • Clique sur Recherche et laisse le scan se terminer.
  • Clique sur Suppression pour finaliser.
  • Clique sur Quitter, pour que le rapport puisse se créer.
  • Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\)

    Désactive puis réactive la restauration du système : Voir aide

    Ajoute maintenant [Résolu] au titre. Pour cela :
    * Clique, dans ton premier message, sur le bouton "Editer"
    * Rajoute la mention [Résolu] au titre
    * Clique ensuite sur "Valider votre message"

    Lis le dossier dossier sur la prévention et la protection pour ne plus avoir ce genre de problème en cliquant sur l'image ci-dessous :

    1 Février 2008 21:05:49

    voilà le rapport TCleaner :

    -->- Recherche:

    C:\Combofix: trouvé !
    C:\Vundofix backups: trouvé !
    C:\Qoobox: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
    C:\Documents and Settings\Propriétaire\Bureau\HijackThis.lnk: trouvé !
    C:\Documents and Settings\Propriétaire\Bureau\Msnfix.zip: trouvé !
    C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe: trouvé !
    C:\Documents and Settings\Propriétaire\Bureau\MsnFix: trouvé !
    C:\Documents and Settings\Propriétaire\Bureau\MSNFix\MsnFix: trouvé !
    C:\Documents and Settings\Propriétaire\Mes documents\vundoFix.exe: trouvé !
    C:\Documents and Settings\Propriétaire\Mes documents\HJTInstall.exe: trouvé !
    C:\Documents and Settings\Propriétaire\Recent\MSNFix.lnk: trouvé !
    C:\Program Files\Trend Micro\HijackThis: trouvé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
    C:\QooBox\Quarantine\C\Combofix: trouvé !

    ---------------------------------
    -->- Suppression:

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
    C:\Documents and Settings\Propriétaire\Bureau\HijackThis.lnk: supprimé !
    C:\Documents and Settings\Propriétaire\Bureau\Msnfix.zip: supprimé !
    C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe: supprimé !
    C:\Documents and Settings\Propriétaire\Mes documents\vundoFix.exe: supprimé !
    C:\Documents and Settings\Propriétaire\Mes documents\HJTInstall.exe: supprimé !
    C:\Documents and Settings\Propriétaire\Recent\MSNFix.lnk: supprimé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
    C:\Combofix: supprimé !
    C:\Vundofix backups: supprimé !
    C:\Qoobox: supprimé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
    C:\Documents and Settings\Propriétaire\Bureau\MsnFix: supprimé !
    C:\Program Files\Trend Micro\HijackThis: supprimé !
    a b 8 Sécurité
    3 Février 2008 19:13:22

    Message supprimé : chachun son sujet !
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS