Se connecter / S'enregistrer
Votre question

Virus chevale de troie

Tags :
  • Virus
  • Sécurité
Dernière réponse : dans Sécurité et virus
17 Janvier 2008 19:01:46

Bonsoir,

je sais que plusieurs membres, vous en déjà fait part du même virus, mais aucune de vos solution m'a résolu mon problème, je pense que vous connaissez déjà très bien ce virus et j'espère que grâce à votre aide, ceci va partir, car maintenant depuis un certains temps il commence à me soûler..

Dites moi quoi faire, je suivrais vos consignes au bout des doigts ;) 


Merci d'avance !

Pour info: je dispose du logiciel Symantec Antivirus qui je crois à détecter le virus et de IE et mozilla.

Autres pages sur : virus chevale troie

17 Janvier 2008 19:08:38

Merci de ta réponse rapide, je fais sa de suite !


voila:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:06:56, on 17/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\services.exe
C:\WINDOWS\mrofinu1148.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\servicestub.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Symantec AntiVirus\VPC32.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini"
O4 - HKLM\..\Run: [Flash Player2] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\services.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1148.exe 61A847B5BBF72813339F30466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKLM\..\Run: [servicestub.exe] C:\WINDOWS\servicestub.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 7641 bytes
Contenus similaires
a b 8 Sécurité
17 Janvier 2008 19:43:49

Re,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

  • Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
    17 Janvier 2008 20:07:07

    ComboFix 08-01-09.2 - Administrateur 2008-01-17 19:48:34.1 - NTFSx86
    Running from: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
    * Created a new restore point
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\mrofinu1148.exe
    C:\WINDOWS\W0034_jpg.zip

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2007-12-17 to 2008-01-17 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-17 19:47 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2008-01-17 19:45 . 2008-01-17 19:45 42,941 --a------ C:\Documents and Settings\Administrateur\rqswxq.exe
    2008-01-17 19:41 . 2008-01-17 19:41 42,941 --a------ C:\Documents and Settings\Administrateur\huqlqp.exe
    2008-01-17 19:36 . 2008-01-17 19:36 42,941 --a------ C:\Documents and Settings\Administrateur\qyjdos.exe
    2008-01-17 19:32 . 2008-01-17 19:32 42,941 --a------ C:\Documents and Settings\Administrateur\fnhokv.exe
    2008-01-17 19:27 . 2008-01-17 19:27 42,941 --a------ C:\Documents and Settings\Administrateur\fmwqfu.exe
    2008-01-17 19:23 . 2008-01-17 19:23 42,941 --a------ C:\Documents and Settings\Administrateur\rkblra.exe
    2008-01-17 19:19 . 2008-01-17 19:19 42,941 --a------ C:\Documents and Settings\Administrateur\mhyqlf.exe
    2008-01-17 19:15 . 2008-01-17 19:15 42,941 --a------ C:\Documents and Settings\Administrateur\ekjcto.exe
    2008-01-17 19:11 . 2008-01-17 19:11 42,941 --a------ C:\Documents and Settings\Administrateur\tklakp.exe
    2008-01-17 19:07 . 2008-01-17 19:07 42,941 --a------ C:\Documents and Settings\Administrateur\wxdawm.exe
    2008-01-17 19:05 . 2008-01-17 19:05 <REP> d-------- C:\Program Files\Trend Micro
    2008-01-17 19:02 . 2008-01-17 19:02 42,941 --a------ C:\Documents and Settings\Administrateur\escbuh.exe
    2008-01-17 18:58 . 2008-01-17 18:58 42,941 --a------ C:\Documents and Settings\Administrateur\enektu.exe
    2008-01-17 18:54 . 2008-01-17 18:54 42,941 --a------ C:\Documents and Settings\Administrateur\oqjsxu.exe
    2008-01-17 18:50 . 2008-01-17 18:50 42,941 --a------ C:\Documents and Settings\Administrateur\anrgnh.exe
    2008-01-17 18:46 . 2008-01-17 18:46 42,941 --a------ C:\Documents and Settings\Administrateur\atcqyf.exe
    2008-01-17 18:42 . 2008-01-17 18:42 42,941 -r-hs---- C:\WINDOWS\servicestub.exe
    2008-01-17 18:42 . 2008-01-17 18:42 42,941 --a------ C:\Documents and Settings\Administrateur\zhdzeh.exe
    2008-01-17 18:29 . 2008-01-17 18:29 36,864 --a------ C:\WINDOWS\17PHolmes1148.exe
    2008-01-17 18:24 . 2008-01-17 18:24 8,192 --ahs---- C:\WINDOWS\Thumbs.db
    2008-01-17 18:21 . 2008-01-17 18:21 36,864 --a------ C:\WINDOWS\mrofinu1148.exe.tmp
    2008-01-17 09:49 . 2008-01-17 09:49 268 --ah----- C:\sqmdata19.sqm
    2008-01-17 09:49 . 2008-01-17 09:49 244 --ah----- C:\sqmnoopt19.sqm
    2008-01-16 22:37 . 2008-01-16 22:37 268 --ah----- C:\sqmdata18.sqm
    2008-01-16 22:37 . 2008-01-16 22:37 244 --ah----- C:\sqmnoopt18.sqm
    2008-01-08 00:36 . 2004-08-16 21:00 116,736 --a------ C:\WINDOWS\system32\CNMLM6f.DLL
    2008-01-08 00:36 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
    2008-01-08 00:36 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
    2008-01-08 00:36 . 2004-08-16 21:00 7,680 --a------ C:\WINDOWS\system32\CNMVS6f.DLL
    2008-01-08 00:35 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
    2008-01-08 00:35 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
    2008-01-08 00:06 . 2008-01-08 00:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SSScanWizard
    2008-01-08 00:06 . 2008-01-08 00:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
    2008-01-08 00:06 . 2008-01-08 00:06 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ScanSoft
    2008-01-08 00:06 . 2008-01-08 00:06 532 --a------ C:\WINDOWS\MAXLINK.INI
    2008-01-08 00:03 . 2008-01-08 00:03 <REP> d-------- C:\Program Files\ScanSoft
    2008-01-08 00:03 . 2008-01-08 00:06 <REP> d-------- C:\Program Files\Fichiers communs\ScanSoft Shared
    2008-01-07 23:59 . 2008-01-07 23:59 <REP> d-------- C:\Program Files\ArcSoft
    2008-01-07 23:59 . 1995-08-01 04:44 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
    2008-01-07 23:50 . 2008-01-08 00:32 <REP> d-------- C:\Program Files\Canon
    2008-01-06 22:29 . 2008-01-06 22:29 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Samsung
    2008-01-06 21:59 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
    2008-01-06 21:58 . 2005-08-30 01:49 94,000 --a------ C:\WINDOWS\system32\drivers\ssm_mdm.sys
    2008-01-06 21:58 . 2005-08-30 01:47 58,320 --a------ C:\WINDOWS\system32\drivers\ssm_bus.sys
    2008-01-06 21:58 . 2005-08-30 01:49 8,336 --a------ C:\WINDOWS\system32\drivers\ssm_mdfl.sys
    2008-01-06 21:58 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cmnt.sys
    2008-01-06 21:58 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cm.sys
    2008-01-06 21:58 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_whnt.sys
    2008-01-06 21:58 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_wh.sys
    2008-01-06 21:57 . 2008-01-06 21:58 <REP> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
    2008-01-06 21:57 . 2005-08-30 17:59 94,000 --a------ C:\WINDOWS\system32\drivers\ss_mdm.sys
    2008-01-06 21:57 . 2005-08-30 17:57 58,320 --a------ C:\WINDOWS\system32\drivers\ss_bus.sys
    2008-01-06 21:57 . 2005-08-30 17:58 8,304 --a------ C:\WINDOWS\system32\drivers\ss_mdfl.sys
    2008-01-06 21:57 . 2005-08-30 17:58 6,144 --a------ C:\WINDOWS\system32\drivers\ss_cmnt.sys
    2008-01-06 21:57 . 2005-08-30 17:58 6,144 --a------ C:\WINDOWS\system32\drivers\ss_cm.sys
    2008-01-06 21:57 . 2005-08-30 17:57 5,808 --a------ C:\WINDOWS\system32\drivers\ss_whnt.sys
    2008-01-06 21:57 . 2005-08-30 17:57 5,808 --a------ C:\WINDOWS\system32\drivers\ss_wh.sys
    2008-01-06 21:56 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
    2008-01-06 21:56 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico
    2008-01-06 21:55 . 2008-01-06 21:55 <REP> d-------- C:\Program Files\Samsung
    2008-01-06 20:45 . 2008-01-16 11:33 230,424 --a------ C:\img2-001.raw
    2008-01-02 18:56 . 2008-01-16 21:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-01-02 18:40 . 2008-01-02 18:40 <REP> d-------- C:\WINDOWS\system32\fr-fr
    2008-01-02 12:40 . 2008-01-02 12:40 268 --ah----- C:\sqmdata17.sqm
    2008-01-02 12:40 . 2008-01-02 12:40 244 --ah----- C:\sqmnoopt17.sqm
    2008-01-02 11:36 . 2008-01-02 11:36 280 --ah----- C:\sqmdata16.sqm
    2008-01-02 11:36 . 2008-01-02 11:36 244 --ah----- C:\sqmnoopt16.sqm
    2008-01-02 11:32 . 2008-01-02 11:32 280 --ah----- C:\sqmdata15.sqm
    2008-01-02 11:32 . 2008-01-02 11:32 244 --ah----- C:\sqmnoopt15.sqm
    2008-01-01 21:02 . 2006-03-01 18:37 217,088 -ra------ C:\WINDOWS\system32\drivers\sis163u.sys
    2008-01-01 21:02 . 2005-01-06 21:14 49,152 -ra------ C:\WINDOWS\system32\unwlsdrv.exe
    2008-01-01 20:59 . 2008-01-01 20:59 278,528 --a------ C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    2008-01-01 20:59 . 2008-01-01 20:59 81,920 --a------ C:\WINDOWS\system32\W32N50.DLL
    2008-01-01 20:59 . 2008-01-01 20:59 17,134 --a------ C:\WINDOWS\system32\PCANDIS5.SYS
    2008-01-01 20:58 . 2008-01-01 20:59 <REP> d-------- C:\Program Files\Inventel
    2008-01-01 20:58 . 2005-02-03 10:51 225,280 --a------ C:\WINDOWS\OptChecker.exe
    2008-01-01 20:58 . 2005-02-03 10:51 159,744 --a------ C:\WINDOWS\OptRemove.exe
    2008-01-01 16:36 . 2008-01-01 16:36 244 --ah----- C:\sqmnoopt14.sqm
    2008-01-01 16:36 . 2008-01-01 16:36 232 --ah----- C:\sqmdata14.sqm
    2008-01-01 15:27 . 2008-01-01 15:27 244 --ah----- C:\sqmnoopt13.sqm
    2008-01-01 15:27 . 2008-01-01 15:27 244 --ah----- C:\sqmnoopt12.sqm
    2008-01-01 15:27 . 2008-01-01 15:27 232 --ah----- C:\sqmdata13.sqm
    2008-01-01 15:27 . 2008-01-01 15:27 232 --ah----- C:\sqmdata12.sqm
    2007-12-26 20:29 . 2007-12-26 20:29 <REP> d-------- C:\Program Files\IVCsoft
    2007-12-26 20:04 . 2007-03-04 13:55 1,936,528 --a------ C:\WINDOWS\system32\ltmm15.dll
    2007-12-26 20:04 . 2007-03-04 13:55 135,168 --a------ C:\WINDOWS\system32\DSKernel2.dll
    2007-12-26 20:03 . 2007-12-26 20:01 737,280 --a------ C:\WINDOWS\iun6002.exe
    2007-12-26 20:01 . 2007-12-26 20:07 <REP> d-------- C:\Program Files\Replay Converter
    2007-12-26 19:57 . 2007-12-26 20:01 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\GetRightToGo
    2007-12-26 19:49 . 2007-12-26 19:49 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2007-12-26 19:49 . 2007-12-26 19:49 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Eltima Software
    2007-12-26 19:48 . 2007-12-26 19:48 <REP> d-------- C:\Program Files\Fichiers communs\Eltima Shared
    2007-12-26 19:48 . 2007-12-26 19:48 <REP> d-------- C:\Program Files\Eltima Software
    2007-12-26 19:48 . 2007-12-02 14:14 3,345,408 --a------ C:\WINDOWS\system32\avcodec-51.dll
    2007-12-26 19:48 . 2007-12-02 14:14 448,512 --a------ C:\WINDOWS\system32\avformat-50.dll
    2007-12-26 19:48 . 2007-12-02 14:13 40,960 --a------ C:\WINDOWS\wavdest.ax
    2007-12-26 19:48 . 2007-12-02 14:14 19,968 --a------ C:\WINDOWS\system32\avutil-49.dll
    2007-12-26 19:35 . 2007-12-26 19:35 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\vlc
    2007-12-26 19:34 . 2007-12-26 19:34 <REP> d-------- C:\Program Files\VideoLAN

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-17 18:46 --------- d-----w C:\Program Files\Symantec AntiVirus
    2008-01-17 17:42 46,080 ----a-w C:\WINDOWS\system32\ftp.exe
    2008-01-17 17:42 359,040 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2008-01-17 17:42 17,920 ----a-w C:\WINDOWS\system32\tftp.exe
    2008-01-07 23:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-01-02 17:56 --------- d-----w C:\Program Files\Google
    2007-12-14 23:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Age of Empires 3
    2007-12-13 16:18 --------- d-----w C:\Program Files\Microsoft Games
    2007-12-13 16:17 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2007-12-08 17:21 --------- d-----w C:\Program Files\blaxxun Contact
    2007-12-08 16:51 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\blaxxun interactive
    2007-12-08 16:50 --------- d-----w C:\Program Files\Simcity 3D 2.0
    2007-11-20 15:18 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\PowerChallenge
    2007-11-17 00:33 --------- d-----w C:\Program Files\Windows Media Connect 2
    2007-03-09 08:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-19 15:22 1667584]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-02 18:56 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
    "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2004-03-31 14:38 66656]
    "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-03-31 14:46 124128]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-02-10 10:55 155648]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-02-10 10:51 118784]
    "SNPSTD2"="C:\WINDOWS\vsnpstd2.exe" [2004-06-10 10:54 286720]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00 49152]
    "OPSE reminder"="C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" [2003-07-07 10:30 729088]
    "servicestub.exe"="C:\WINDOWS\servicestub.exe" [2008-01-17 18:42 42941]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 16:09 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 08:01:04]
    Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-01-02 18:56:12]

    S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2006-03-01 18:37]
    S3 snpstd2;VideoCAM Look;C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-07-28 10:49]
    S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
    S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
    S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab4532fc-7294-11dc-a020-000d561641f7}]
    \Shell\AutoRun\command - G:\start.exe
    \Shell\iledefrance\command - G:\start.exe

    *Newly Created Service* - PROCEXP90
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-17 19:53:12
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-01-17 19:54:40
    ComboFix-quarantined-files.txt 2008-01-17 18:54:36
    a b 8 Sécurité
    17 Janvier 2008 20:26:20

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    C:\Documents and Settings\Administrateur\rqswxq.exe
    C:\Documents and Settings\Administrateur\huqlqp.exe
    C:\Documents and Settings\Administrateur\qyjdos.exe
    C:\Documents and Settings\Administrateur\fnhokv.exe
    C:\Documents and Settings\Administrateur\fmwqfu.exe
    C:\Documents and Settings\Administrateur\rkblra.exe
    C:\Documents and Settings\Administrateur\mhyqlf.exe
    C:\Documents and Settings\Administrateur\ekjcto.exe
    C:\Documents and Settings\Administrateur\tklakp.exe
    C:\Documents and Settings\Administrateur\wxdawm.exe
    C:\WINDOWS\servicestub.exe
    C:\Documents and Settings\Administrateur\zhdzeh.exe
    C:\WINDOWS\17PHolmes1148.exe
    C:\WINDOWS\mrofinu1148.exe.tmp

    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "servicestub.exe"=-


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    17 Janvier 2008 20:56:10

    ComboFix 08-01-09.2 - Administrateur 2008-01-17 20:35:44.2 - NTFSx86
    Running from: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
    Command switches used :: D:\CFScript.txt..txt

    FILE
    C:\Documents and Settings\Administrateur\ekjcto.exe
    C:\Documents and Settings\Administrateur\fmwqfu.exe
    C:\Documents and Settings\Administrateur\fnhokv.exe
    C:\Documents and Settings\Administrateur\huqlqp.exe
    C:\Documents and Settings\Administrateur\mhyqlf.exe
    C:\Documents and Settings\Administrateur\qyjdos.exe
    C:\Documents and Settings\Administrateur\rkblra.exe
    C:\Documents and Settings\Administrateur\rqswxq.exe
    C:\Documents and Settings\Administrateur\tklakp.exe
    C:\Documents and Settings\Administrateur\wxdawm.exe
    C:\Documents and Settings\Administrateur\zhdzeh.exe
    C:\WINDOWS\17PHolmes1148.exe
    C:\WINDOWS\mrofinu1148.exe.tmp
    C:\WINDOWS\servicestub.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Administrateur\ekjcto.exe
    C:\Documents and Settings\Administrateur\fmwqfu.exe
    C:\Documents and Settings\Administrateur\fnhokv.exe
    C:\Documents and Settings\Administrateur\huqlqp.exe
    C:\Documents and Settings\Administrateur\mhyqlf.exe
    C:\Documents and Settings\Administrateur\qyjdos.exe
    C:\Documents and Settings\Administrateur\rkblra.exe
    C:\Documents and Settings\Administrateur\rqswxq.exe
    C:\Documents and Settings\Administrateur\tklakp.exe
    C:\Documents and Settings\Administrateur\wxdawm.exe
    C:\Documents and Settings\Administrateur\zhdzeh.exe
    C:\WINDOWS\mrofinu1148.exe.tmp
    C:\WINDOWS\servicestub.exe
    C:\WINDOWS\W0034_jpg.zip

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2007-12-17 to 2008-01-17 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-17 20:36 . 2008-01-17 20:36 42,941 --a------ C:\Documents and Settings\Administrateur\rtiewd.exe
    2008-01-17 20:31 . 2008-01-17 20:31 42,941 --a------ C:\Documents and Settings\Administrateur\xtnrlu.exe
    2008-01-17 20:27 . 2008-01-17 20:27 42,941 --a------ C:\Documents and Settings\Administrateur\cpwoyb.exe
    2008-01-17 20:23 . 2008-01-17 20:23 42,941 --a------ C:\Documents and Settings\Administrateur\huuwbc.exe
    2008-01-17 20:19 . 2008-01-17 20:19 42,941 --a------ C:\Documents and Settings\Administrateur\wueutv.exe
    2008-01-17 20:15 . 2008-01-17 20:15 42,941 --a------ C:\Documents and Settings\Administrateur\bdxiky.exe
    2008-01-17 20:11 . 2008-01-17 20:11 42,941 --a------ C:\Documents and Settings\Administrateur\ixpwcr.exe
    2008-01-17 19:59 . 2008-01-17 19:59 42,941 --a------ C:\Documents and Settings\Administrateur\zdurje.exe
    2008-01-17 19:57 . 2008-01-17 19:57 42,941 --a------ C:\Documents and Settings\Administrateur\kizmpj.exe
    2008-01-17 19:47 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2008-01-17 19:05 . 2008-01-17 19:05 <REP> d-------- C:\Program Files\Trend Micro
    2008-01-17 19:02 . 2008-01-17 19:02 42,941 --a------ C:\Documents and Settings\Administrateur\escbuh.exe
    2008-01-17 18:58 . 2008-01-17 18:58 42,941 --a------ C:\Documents and Settings\Administrateur\enektu.exe
    2008-01-17 18:54 . 2008-01-17 18:54 42,941 --a------ C:\Documents and Settings\Administrateur\oqjsxu.exe
    2008-01-17 18:50 . 2008-01-17 18:50 42,941 --a------ C:\Documents and Settings\Administrateur\anrgnh.exe
    2008-01-17 18:46 . 2008-01-17 18:46 42,941 --a------ C:\Documents and Settings\Administrateur\atcqyf.exe
    2008-01-17 18:24 . 2008-01-17 18:24 8,192 --ahs---- C:\WINDOWS\Thumbs.db
    2008-01-17 09:49 . 2008-01-17 09:49 268 --ah----- C:\sqmdata19.sqm
    2008-01-17 09:49 . 2008-01-17 09:49 244 --ah----- C:\sqmnoopt19.sqm
    2008-01-16 22:37 . 2008-01-16 22:37 268 --ah----- C:\sqmdata18.sqm
    2008-01-16 22:37 . 2008-01-16 22:37 244 --ah----- C:\sqmnoopt18.sqm
    2008-01-08 00:36 . 2004-08-16 21:00 116,736 --a------ C:\WINDOWS\system32\CNMLM6f.DLL
    2008-01-08 00:36 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
    2008-01-08 00:36 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
    2008-01-08 00:36 . 2004-08-16 21:00 7,680 --a------ C:\WINDOWS\system32\CNMVS6f.DLL
    2008-01-08 00:35 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
    2008-01-08 00:35 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
    2008-01-08 00:06 . 2008-01-08 00:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SSScanWizard
    2008-01-08 00:06 . 2008-01-08 00:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
    2008-01-08 00:06 . 2008-01-08 00:06 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ScanSoft
    2008-01-08 00:06 . 2008-01-08 00:06 532 --a------ C:\WINDOWS\MAXLINK.INI
    2008-01-08 00:03 . 2008-01-08 00:03 <REP> d-------- C:\Program Files\ScanSoft
    2008-01-08 00:03 . 2008-01-08 00:06 <REP> d-------- C:\Program Files\Fichiers communs\ScanSoft Shared
    2008-01-07 23:59 . 2008-01-07 23:59 <REP> d-------- C:\Program Files\ArcSoft
    2008-01-07 23:59 . 1995-08-01 04:44 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
    2008-01-07 23:50 . 2008-01-08 00:32 <REP> d-------- C:\Program Files\Canon
    2008-01-06 22:29 . 2008-01-06 22:29 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Samsung
    2008-01-06 21:59 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
    2008-01-06 21:58 . 2005-08-30 01:49 94,000 --a------ C:\WINDOWS\system32\drivers\ssm_mdm.sys
    2008-01-06 21:58 . 2005-08-30 01:47 58,320 --a------ C:\WINDOWS\system32\drivers\ssm_bus.sys
    2008-01-06 21:58 . 2005-08-30 01:49 8,336 --a------ C:\WINDOWS\system32\drivers\ssm_mdfl.sys
    2008-01-06 21:58 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cmnt.sys
    2008-01-06 21:58 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cm.sys
    2008-01-06 21:58 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_whnt.sys
    2008-01-06 21:58 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_wh.sys
    2008-01-06 21:57 . 2008-01-06 21:58 <REP> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
    2008-01-06 21:57 . 2005-08-30 17:59 94,000 --a------ C:\WINDOWS\system32\drivers\ss_mdm.sys
    2008-01-06 21:57 . 2005-08-30 17:57 58,320 --a------ C:\WINDOWS\system32\drivers\ss_bus.sys
    2008-01-06 21:57 . 2005-08-30 17:58 8,304 --a------ C:\WINDOWS\system32\drivers\ss_mdfl.sys
    2008-01-06 21:57 . 2005-08-30 17:58 6,144 --a------ C:\WINDOWS\system32\drivers\ss_cmnt.sys
    2008-01-06 21:57 . 2005-08-30 17:58 6,144 --a------ C:\WINDOWS\system32\drivers\ss_cm.sys
    2008-01-06 21:57 . 2005-08-30 17:57 5,808 --a------ C:\WINDOWS\system32\drivers\ss_whnt.sys
    2008-01-06 21:57 . 2005-08-30 17:57 5,808 --a------ C:\WINDOWS\system32\drivers\ss_wh.sys
    2008-01-06 21:56 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
    2008-01-06 21:56 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico
    2008-01-06 21:55 . 2008-01-06 21:55 <REP> d-------- C:\Program Files\Samsung
    2008-01-06 20:45 . 2008-01-16 11:33 230,424 --a------ C:\img2-001.raw
    2008-01-02 18:56 . 2008-01-16 21:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-01-02 18:40 . 2008-01-02 18:40 <REP> d-------- C:\WINDOWS\system32\fr-fr
    2008-01-02 12:40 . 2008-01-02 12:40 268 --ah----- C:\sqmdata17.sqm
    2008-01-02 12:40 . 2008-01-02 12:40 244 --ah----- C:\sqmnoopt17.sqm
    2008-01-02 11:36 . 2008-01-02 11:36 280 --ah----- C:\sqmdata16.sqm
    2008-01-02 11:36 . 2008-01-02 11:36 244 --ah----- C:\sqmnoopt16.sqm
    2008-01-02 11:32 . 2008-01-02 11:32 280 --ah----- C:\sqmdata15.sqm
    2008-01-02 11:32 . 2008-01-02 11:32 244 --ah----- C:\sqmnoopt15.sqm
    2008-01-01 21:02 . 2006-03-01 18:37 217,088 -ra------ C:\WINDOWS\system32\drivers\sis163u.sys
    2008-01-01 21:02 . 2005-01-06 21:14 49,152 -ra------ C:\WINDOWS\system32\unwlsdrv.exe
    2008-01-01 20:59 . 2008-01-01 20:59 278,528 --a------ C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    2008-01-01 20:59 . 2008-01-01 20:59 81,920 --a------ C:\WINDOWS\system32\W32N50.DLL
    2008-01-01 20:59 . 2008-01-01 20:59 17,134 --a------ C:\WINDOWS\system32\PCANDIS5.SYS
    2008-01-01 20:58 . 2008-01-01 20:59 <REP> d-------- C:\Program Files\Inventel
    2008-01-01 20:58 . 2005-02-03 10:51 225,280 --a------ C:\WINDOWS\OptChecker.exe
    2008-01-01 20:58 . 2005-02-03 10:51 159,744 --a------ C:\WINDOWS\OptRemove.exe
    2008-01-01 16:36 . 2008-01-01 16:36 244 --ah----- C:\sqmnoopt14.sqm
    2008-01-01 16:36 . 2008-01-01 16:36 232 --ah----- C:\sqmdata14.sqm
    2008-01-01 15:27 . 2008-01-01 15:27 244 --ah----- C:\sqmnoopt13.sqm
    2008-01-01 15:27 . 2008-01-01 15:27 244 --ah----- C:\sqmnoopt12.sqm
    2008-01-01 15:27 . 2008-01-01 15:27 232 --ah----- C:\sqmdata13.sqm
    2008-01-01 15:27 . 2008-01-01 15:27 232 --ah----- C:\sqmdata12.sqm
    2007-12-26 20:29 . 2007-12-26 20:29 <REP> d-------- C:\Program Files\IVCsoft
    2007-12-26 20:04 . 2007-03-04 13:55 1,936,528 --a------ C:\WINDOWS\system32\ltmm15.dll
    2007-12-26 20:04 . 2007-03-04 13:55 135,168 --a------ C:\WINDOWS\system32\DSKernel2.dll
    2007-12-26 20:03 . 2007-12-26 20:01 737,280 --a------ C:\WINDOWS\iun6002.exe
    2007-12-26 20:01 . 2007-12-26 20:07 <REP> d-------- C:\Program Files\Replay Converter
    2007-12-26 19:57 . 2007-12-26 20:01 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\GetRightToGo
    2007-12-26 19:49 . 2007-12-26 19:49 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2007-12-26 19:49 . 2007-12-26 19:49 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Eltima Software
    2007-12-26 19:48 . 2007-12-26 19:48 <REP> d-------- C:\Program Files\Fichiers communs\Eltima Shared
    2007-12-26 19:48 . 2007-12-26 19:48 <REP> d-------- C:\Program Files\Eltima Software
    2007-12-26 19:48 . 2007-12-02 14:14 3,345,408 --a------ C:\WINDOWS\system32\avcodec-51.dll
    2007-12-26 19:48 . 2007-12-02 14:14 448,512 --a------ C:\WINDOWS\system32\avformat-50.dll
    2007-12-26 19:48 . 2007-12-02 14:13 40,960 --a------ C:\WINDOWS\wavdest.ax
    2007-12-26 19:48 . 2007-12-02 14:14 19,968 --a------ C:\WINDOWS\system32\avutil-49.dll
    2007-12-26 19:35 . 2007-12-26 19:35 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\vlc
    2007-12-26 19:34 . 2007-12-26 19:34 <REP> d-------- C:\Program Files\VideoLAN
    2007-12-22 14:17 . 2007-12-22 14:17 <REP> d-------- C:\Program Files\VirtualDJ
    2007-12-18 08:28 . 2007-12-18 08:28 268 --ah----- C:\sqmdata11.sqm
    2007-12-18 08:28 . 2007-12-18 08:28 244 --ah----- C:\sqmnoopt11.sqm

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-17 19:16 --------- d-----w C:\Program Files\Symantec AntiVirus
    2008-01-17 17:42 46,080 ----a-w C:\WINDOWS\system32\ftp.exe
    2008-01-17 17:42 359,040 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2008-01-17 17:42 17,920 ----a-w C:\WINDOWS\system32\tftp.exe
    2008-01-07 23:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-01-02 17:56 --------- d-----w C:\Program Files\Google
    2007-12-14 23:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Age of Empires 3
    2007-12-13 16:18 --------- d-----w C:\Program Files\Microsoft Games
    2007-12-13 16:17 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2007-12-08 17:21 --------- d-----w C:\Program Files\blaxxun Contact
    2007-12-08 16:51 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\blaxxun interactive
    2007-12-08 16:50 --------- d-----w C:\Program Files\Simcity 3D 2.0
    2007-11-20 15:18 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\PowerChallenge
    2007-11-17 00:33 --------- d-----w C:\Program Files\Windows Media Connect 2
    2007-03-09 08:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-01-17_19.54.17,34 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-01-17 18:48:07 1,228,800 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
    + 2008-01-17 19:35:07 1,228,800 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
    - 2008-01-17 18:48:07 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
    + 2008-01-17 19:35:07 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
    - 2008-01-17 18:48:07 1,228,800 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
    + 2008-01-17 19:35:08 1,228,800 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
    - 2008-01-17 18:48:07 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
    + 2008-01-17 19:35:08 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
    - 2008-01-17 18:48:08 5,136,384 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
    + 2008-01-17 19:35:10 5,144,576 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
    - 2008-01-17 18:48:08 147,456 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
    + 2008-01-17 19:35:11 147,456 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-19 15:22 1667584]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-02 18:56 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
    "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2004-03-31 14:38 66656]
    "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-03-31 14:46 124128]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-02-10 10:55 155648]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-02-10 10:51 118784]
    "SNPSTD2"="C:\WINDOWS\vsnpstd2.exe" [2004-06-10 10:54 286720]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00 49152]
    "OPSE reminder"="C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" [2003-07-07 10:30 729088]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 16:09 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 08:01:04]
    Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-01-02 18:56:12]

    S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2006-03-01 18:37]
    S3 snpstd2;VideoCAM Look;C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-07-28 10:49]
    S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
    S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
    S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab4532fc-7294-11dc-a020-000d561641f7}]
    \Shell\AutoRun\command - G:\start.exe
    \Shell\iledefrance\command - G:\start.exe

    *Newly Created Service* - PROCEXP90
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-17 20:43:12
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-01-17 20:45:02
    ComboFix-quarantined-files.txt 2008-01-17 19:44:56
    ComboFix2.txt 2008-01-17 18:54:40
    a b 8 Sécurité
    17 Janvier 2008 21:07:39

    Reposte un rapport Hijackthis.
    17 Janvier 2008 21:16:32

    post à supprimer.
    17 Janvier 2008 21:22:42

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:22:23, on 17/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0013)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\vsnpstd2.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\services.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

    --
    End of file - 7262 bytes
    17 Janvier 2008 21:37:19


    Désolé pour le triple post, je n'ai pas le droit d'effacer mes messages :/ 
    a b 8 Sécurité
    18 Janvier 2008 13:14:26

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    C:\Documents and Settings\Administrateur\rtiewd.exe
    C:\Documents and Settings\Administrateur\xtnrlu.exe
    C:\Documents and Settings\Administrateur\cpwoyb.exe
    C:\Documents and Settings\Administrateur\huuwbc.exe
    C:\Documents and Settings\Administrateur\wueutv.exe
    C:\Documents and Settings\Administrateur\bdxiky.exe
    C:\Documents and Settings\Administrateur\ixpwcr.exe
    C:\Documents and Settings\Administrateur\zdurje.exe
    C:\Documents and Settings\Administrateur\kizmpj.exe
    C:\Documents and Settings\Administrateur\escbuh.exe
    C:\Documents and Settings\Administrateur\enektu.exe
    C:\Documents and Settings\Administrateur\oqjsxu.exe
    C:\Documents and Settings\Administrateur\anrgnh.exe
    C:\Documents and Settings\Administrateur\atcqyf.exe


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    18 Janvier 2008 16:29:33

    ComboFix 08-01-09.2 - Administrateur 2008-01-18 16:23:32.3 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.46 [GMT 1:00]
    Running from: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
    Command switches used :: D:\CFScript.txt..txt
    * Created a new restore point

    FILE
    C:\Documents and Settings\Administrateur\anrgnh.exe
    C:\Documents and Settings\Administrateur\atcqyf.exe
    C:\Documents and Settings\Administrateur\bdxiky.exe
    C:\Documents and Settings\Administrateur\cpwoyb.exe
    C:\Documents and Settings\Administrateur\enektu.exe
    C:\Documents and Settings\Administrateur\escbuh.exe
    C:\Documents and Settings\Administrateur\huuwbc.exe
    C:\Documents and Settings\Administrateur\ixpwcr.exe
    C:\Documents and Settings\Administrateur\kizmpj.exe
    C:\Documents and Settings\Administrateur\oqjsxu.exe
    C:\Documents and Settings\Administrateur\rtiewd.exe
    C:\Documents and Settings\Administrateur\wueutv.exe
    C:\Documents and Settings\Administrateur\xtnrlu.exe
    C:\Documents and Settings\Administrateur\zdurje.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Administrateur\anrgnh.exe
    C:\Documents and Settings\Administrateur\atcqyf.exe
    C:\Documents and Settings\Administrateur\bdxiky.exe
    C:\Documents and Settings\Administrateur\cpwoyb.exe
    C:\Documents and Settings\Administrateur\enektu.exe
    C:\Documents and Settings\Administrateur\escbuh.exe
    C:\Documents and Settings\Administrateur\huuwbc.exe
    C:\Documents and Settings\Administrateur\ixpwcr.exe
    C:\Documents and Settings\Administrateur\kizmpj.exe
    C:\Documents and Settings\Administrateur\oqjsxu.exe
    C:\Documents and Settings\Administrateur\rtiewd.exe
    C:\Documents and Settings\Administrateur\wueutv.exe
    C:\Documents and Settings\Administrateur\xtnrlu.exe
    C:\Documents and Settings\Administrateur\zdurje.exe
    C:\WINDOWS\W0034_jpg.zip

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2007-12-18 to 2008-01-18 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-17 22:38 . 2008-01-17 22:38 42,941 --a------ C:\Documents and Settings\Administrateur\tqckjt.exe
    2008-01-17 22:33 . 2008-01-17 22:33 42,941 --a------ C:\Documents and Settings\Administrateur\kprfee.exe
    2008-01-17 22:29 . 2008-01-17 22:29 42,941 --a------ C:\Documents and Settings\Administrateur\fiaiwa.exe
    2008-01-17 22:25 . 2008-01-17 22:25 42,941 --a------ C:\Documents and Settings\Administrateur\vdhimg.exe
    2008-01-17 22:21 . 2008-01-17 22:21 42,941 --a------ C:\Documents and Settings\Administrateur\kchixe.exe
    2008-01-17 22:17 . 2008-01-17 22:17 42,941 --a------ C:\Documents and Settings\Administrateur\kvvgvq.exe
    2008-01-17 22:12 . 2008-01-17 22:12 42,941 --a------ C:\Documents and Settings\Administrateur\mplmqv.exe
    2008-01-17 22:08 . 2008-01-17 22:08 42,941 --a------ C:\Documents and Settings\Administrateur\svcicd.exe
    2008-01-17 22:04 . 2008-01-17 22:04 42,941 --a------ C:\Documents and Settings\Administrateur\kcsibv.exe
    2008-01-17 22:00 . 2008-01-17 22:00 42,941 --a------ C:\Documents and Settings\Administrateur\regtom.exe
    2008-01-17 21:56 . 2008-01-17 21:56 42,941 --a------ C:\Documents and Settings\Administrateur\wubsfw.exe
    2008-01-17 21:52 . 2008-01-17 21:52 42,941 --a------ C:\Documents and Settings\Administrateur\tzllsc.exe
    2008-01-17 21:47 . 2008-01-17 21:47 42,941 --a------ C:\Documents and Settings\Administrateur\dpbdcw.exe
    2008-01-17 21:43 . 2008-01-17 21:43 42,941 --a------ C:\Documents and Settings\Administrateur\labrzo.exe
    2008-01-17 21:39 . 2008-01-17 21:39 42,941 -r-hs---- C:\WINDOWS\servicestub.exe
    2008-01-17 19:47 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2008-01-17 19:05 . 2008-01-17 19:05 <REP> d-------- C:\Program Files\Trend Micro
    2008-01-17 18:24 . 2008-01-17 18:24 8,192 --ahs---- C:\WINDOWS\Thumbs.db
    2008-01-17 09:49 . 2008-01-17 09:49 268 --ah----- C:\sqmdata19.sqm
    2008-01-17 09:49 . 2008-01-17 09:49 244 --ah----- C:\sqmnoopt19.sqm
    2008-01-16 22:37 . 2008-01-16 22:37 268 --ah----- C:\sqmdata18.sqm
    2008-01-16 22:37 . 2008-01-16 22:37 244 --ah----- C:\sqmnoopt18.sqm
    2008-01-08 00:36 . 2004-08-16 21:00 116,736 --a------ C:\WINDOWS\system32\CNMLM6f.DLL
    2008-01-08 00:36 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
    2008-01-08 00:36 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
    2008-01-08 00:36 . 2004-08-16 21:00 7,680 --a------ C:\WINDOWS\system32\CNMVS6f.DLL
    2008-01-08 00:35 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
    2008-01-08 00:35 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
    2008-01-08 00:06 . 2008-01-08 00:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SSScanWizard
    2008-01-08 00:06 . 2008-01-08 00:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
    2008-01-08 00:06 . 2008-01-08 00:06 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ScanSoft
    2008-01-08 00:06 . 2008-01-08 00:06 532 --a------ C:\WINDOWS\MAXLINK.INI
    2008-01-08 00:03 . 2008-01-08 00:03 <REP> d-------- C:\Program Files\ScanSoft
    2008-01-08 00:03 . 2008-01-08 00:06 <REP> d-------- C:\Program Files\Fichiers communs\ScanSoft Shared
    2008-01-07 23:59 . 2008-01-07 23:59 <REP> d-------- C:\Program Files\ArcSoft
    2008-01-07 23:59 . 1995-08-01 04:44 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
    2008-01-07 23:50 . 2008-01-08 00:32 <REP> d-------- C:\Program Files\Canon
    2008-01-06 22:29 . 2008-01-06 22:29 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Samsung
    2008-01-06 21:59 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
    2008-01-06 21:58 . 2005-08-30 01:49 94,000 --a------ C:\WINDOWS\system32\drivers\ssm_mdm.sys
    2008-01-06 21:58 . 2005-08-30 01:47 58,320 --a------ C:\WINDOWS\system32\drivers\ssm_bus.sys
    2008-01-06 21:58 . 2005-08-30 01:49 8,336 --a------ C:\WINDOWS\system32\drivers\ssm_mdfl.sys
    2008-01-06 21:58 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cmnt.sys
    2008-01-06 21:58 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cm.sys
    2008-01-06 21:58 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_whnt.sys
    2008-01-06 21:58 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_wh.sys
    2008-01-06 21:57 . 2008-01-06 21:58 <REP> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
    2008-01-06 21:57 . 2005-08-30 17:59 94,000 --a------ C:\WINDOWS\system32\drivers\ss_mdm.sys
    2008-01-06 21:57 . 2005-08-30 17:57 58,320 --a------ C:\WINDOWS\system32\drivers\ss_bus.sys
    2008-01-06 21:57 . 2005-08-30 17:58 8,304 --a------ C:\WINDOWS\system32\drivers\ss_mdfl.sys
    2008-01-06 21:57 . 2005-08-30 17:58 6,144 --a------ C:\WINDOWS\system32\drivers\ss_cmnt.sys
    2008-01-06 21:57 . 2005-08-30 17:58 6,144 --a------ C:\WINDOWS\system32\drivers\ss_cm.sys
    2008-01-06 21:57 . 2005-08-30 17:57 5,808 --a------ C:\WINDOWS\system32\drivers\ss_whnt.sys
    2008-01-06 21:57 . 2005-08-30 17:57 5,808 --a------ C:\WINDOWS\system32\drivers\ss_wh.sys
    2008-01-06 21:56 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
    2008-01-06 21:56 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico
    2008-01-06 21:55 . 2008-01-06 21:55 <REP> d-------- C:\Program Files\Samsung
    2008-01-06 20:45 . 2008-01-16 11:33 230,424 --a------ C:\img2-001.raw
    2008-01-02 18:56 . 2008-01-17 22:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-01-02 18:40 . 2008-01-02 18:40 <REP> d-------- C:\WINDOWS\system32\fr-fr
    2008-01-02 12:40 . 2008-01-02 12:40 268 --ah----- C:\sqmdata17.sqm
    2008-01-02 12:40 . 2008-01-02 12:40 244 --ah----- C:\sqmnoopt17.sqm
    2008-01-02 11:36 . 2008-01-02 11:36 280 --ah----- C:\sqmdata16.sqm
    2008-01-02 11:36 . 2008-01-02 11:36 244 --ah----- C:\sqmnoopt16.sqm
    2008-01-02 11:32 . 2008-01-02 11:32 280 --ah----- C:\sqmdata15.sqm
    2008-01-02 11:32 . 2008-01-02 11:32 244 --ah----- C:\sqmnoopt15.sqm
    2008-01-01 21:02 . 2006-03-01 18:37 217,088 -ra------ C:\WINDOWS\system32\drivers\sis163u.sys
    2008-01-01 21:02 . 2005-01-06 21:14 49,152 -ra------ C:\WINDOWS\system32\unwlsdrv.exe
    2008-01-01 20:59 . 2008-01-01 20:59 278,528 --a------ C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    2008-01-01 20:59 . 2008-01-01 20:59 81,920 --a------ C:\WINDOWS\system32\W32N50.DLL
    2008-01-01 20:59 . 2008-01-01 20:59 17,134 --a------ C:\WINDOWS\system32\PCANDIS5.SYS
    2008-01-01 20:58 . 2008-01-01 20:59 <REP> d-------- C:\Program Files\Inventel
    2008-01-01 20:58 . 2005-02-03 10:51 225,280 --a------ C:\WINDOWS\OptChecker.exe
    2008-01-01 20:58 . 2005-02-03 10:51 159,744 --a------ C:\WINDOWS\OptRemove.exe
    2008-01-01 16:36 . 2008-01-01 16:36 244 --ah----- C:\sqmnoopt14.sqm
    2008-01-01 16:36 . 2008-01-01 16:36 232 --ah----- C:\sqmdata14.sqm
    2008-01-01 15:27 . 2008-01-01 15:27 244 --ah----- C:\sqmnoopt13.sqm
    2008-01-01 15:27 . 2008-01-01 15:27 244 --ah----- C:\sqmnoopt12.sqm
    2008-01-01 15:27 . 2008-01-01 15:27 232 --ah----- C:\sqmdata13.sqm
    2008-01-01 15:27 . 2008-01-01 15:27 232 --ah----- C:\sqmdata12.sqm
    2007-12-26 20:29 . 2007-12-26 20:29 <REP> d-------- C:\Program Files\IVCsoft
    2007-12-26 20:04 . 2007-03-04 13:55 1,936,528 --a------ C:\WINDOWS\system32\ltmm15.dll
    2007-12-26 20:04 . 2007-03-04 13:55 135,168 --a------ C:\WINDOWS\system32\DSKernel2.dll
    2007-12-26 20:03 . 2007-12-26 20:01 737,280 --a------ C:\WINDOWS\iun6002.exe
    2007-12-26 20:01 . 2007-12-26 20:07 <REP> d-------- C:\Program Files\Replay Converter
    2007-12-26 19:57 . 2007-12-26 20:01 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\GetRightToGo
    2007-12-26 19:49 . 2007-12-26 19:49 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2007-12-26 19:49 . 2007-12-26 19:49 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Eltima Software
    2007-12-26 19:48 . 2007-12-26 19:48 <REP> d-------- C:\Program Files\Fichiers communs\Eltima Shared
    2007-12-26 19:48 . 2007-12-26 19:48 <REP> d-------- C:\Program Files\Eltima Software
    2007-12-26 19:48 . 2007-12-02 14:14 3,345,408 --a------ C:\WINDOWS\system32\avcodec-51.dll
    2007-12-26 19:48 . 2007-12-02 14:14 448,512 --a------ C:\WINDOWS\system32\avformat-50.dll
    2007-12-26 19:48 . 2007-12-02 14:13 40,960 --a------ C:\WINDOWS\wavdest.ax
    2007-12-26 19:48 . 2007-12-02 14:14 19,968 --a------ C:\WINDOWS\system32\avutil-49.dll
    2007-12-26 19:35 . 2007-12-26 19:35 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\vlc
    2007-12-26 19:34 . 2007-12-26 19:34 <REP> d-------- C:\Program Files\VideoLAN
    2007-12-22 14:17 . 2007-12-22 14:17 <REP> d-------- C:\Program Files\VirtualDJ
    2007-12-18 08:28 . 2007-12-18 08:28 268 --ah----- C:\sqmdata11.sqm
    2007-12-18 08:28 . 2007-12-18 08:28 244 --ah----- C:\sqmnoopt11.sqm

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-18 15:21 --------- d-----w C:\Program Files\Symantec AntiVirus
    2008-01-18 11:26 46,080 ----a-w C:\WINDOWS\system32\ftp.exe
    2008-01-18 11:26 17,920 ----a-w C:\WINDOWS\system32\tftp.exe
    2008-01-17 17:42 359,040 ------w C:\WINDOWS\system32\drivers\tcpip.sys
    2008-01-07 23:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-01-02 17:56 --------- d-----w C:\Program Files\Google
    2007-12-14 23:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Age of Empires 3
    2007-12-13 16:18 --------- d-----w C:\Program Files\Microsoft Games
    2007-12-13 16:17 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2007-12-08 17:21 --------- d-----w C:\Program Files\blaxxun Contact
    2007-12-08 16:51 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\blaxxun interactive
    2007-12-08 16:50 --------- d-----w C:\Program Files\Simcity 3D 2.0
    2007-11-20 15:18 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\PowerChallenge
    2007-03-09 08:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-01-17_19.54.17,34 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-01-17 18:48:07 1,228,800 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
    + 2008-01-18 15:23:09 1,228,800 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
    - 2008-01-17 18:48:07 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
    + 2008-01-18 15:23:09 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
    - 2008-01-17 18:48:07 1,228,800 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
    + 2008-01-18 15:23:09 1,228,800 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
    - 2008-01-17 18:48:07 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
    + 2008-01-18 15:23:09 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
    - 2008-01-17 18:48:08 5,136,384 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
    + 2008-01-18 15:23:09 5,144,576 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
    - 2008-01-17 18:48:08 147,456 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
    + 2008-01-18 15:23:09 147,456 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
    - 2008-01-17 17:42:45 46,080 -c--a-w C:\WINDOWS\system32\dllcache\ftp.exe
    + 2008-01-18 11:26:26 46,080 -c--a-w C:\WINDOWS\system32\dllcache\ftp.exe
    - 2008-01-17 17:42:45 17,920 -c--a-w C:\WINDOWS\system32\dllcache\tftp.exe
    + 2008-01-18 11:26:26 17,920 -c--a-w C:\WINDOWS\system32\dllcache\tftp.exe
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-19 15:22 1667584]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-02 18:56 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
    "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2004-03-31 14:38 66656]
    "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-03-31 14:46 124128]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-02-10 10:55 155648]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-02-10 10:51 118784]
    "SNPSTD2"="C:\WINDOWS\vsnpstd2.exe" [2004-06-10 10:54 286720]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00 49152]
    "OPSE reminder"="C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" [2003-07-07 10:30 729088]
    "servicestub.exe"="C:\WINDOWS\servicestub.exe" [2008-01-17 21:39 42941]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 16:09 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 08:01:04]
    Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-01-02 18:56:12]

    S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2006-03-01 18:37]
    S3 snpstd2;VideoCAM Look;C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-07-28 10:49]
    S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
    S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
    S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab4532fc-7294-11dc-a020-000d561641f7}]
    \Shell\AutoRun\command - G:\start.exe
    \Shell\iledefrance\command - G:\start.exe

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-18 16:26:10
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-01-18 16:27:31
    ComboFix-quarantined-files.txt 2008-01-18 15:27:28
    ComboFix2.txt 2008-01-17 19:45:03
    ComboFix3.txt 2008-01-17 18:54:40
    a b 8 Sécurité
    18 Janvier 2008 17:43:38

    Bizarre.

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    C:\Documents and Settings\Administrateur\tqckjt.exe
    C:\Documents and Settings\Administrateur\kprfee.exe
    C:\Documents and Settings\Administrateur\fiaiwa.exe
    C:\Documents and Settings\Administrateur\vdhimg.exe
    C:\Documents and Settings\Administrateur\kchixe.exe
    C:\Documents and Settings\Administrateur\kvvgvq.exe
    C:\Documents and Settings\Administrateur\mplmqv.exe
    C:\Documents and Settings\Administrateur\svcicd.exe
    C:\Documents and Settings\Administrateur\kcsibv.exe
    C:\Documents and Settings\Administrateur\regtom.exe
    C:\Documents and Settings\Administrateur\wubsfw.exe
    C:\Documents and Settings\Administrateur\tzllsc.exe
    C:\Documents and Settings\Administrateur\dpbdcw.exe
    C:\Documents and Settings\Administrateur\labrzo.exe
    C:\WINDOWS\servicestub.exe

    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "servicestub.exe"=-


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    18 Janvier 2008 18:00:21

    C'est quoi qui est bizarre ? peux-tu m'éclaircir ?

    ComboFix 08-01-09.2 - Administrateur 2008-01-18 17:55:09.4 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.31 [GMT 1:00]
    Running from: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
    Command switches used :: and Settings\Administrateur\Bureau\ComboFix.exe D:\CFScript.txt..txt
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2007-12-18 to 2008-01-18 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-17 22:38 . 2008-01-17 22:38 42,941 --a------ C:\Documents and Settings\Administrateur\tqckjt.exe
    2008-01-17 22:33 . 2008-01-17 22:33 42,941 --a------ C:\Documents and Settings\Administrateur\kprfee.exe
    2008-01-17 22:29 . 2008-01-17 22:29 42,941 --a------ C:\Documents and Settings\Administrateur\fiaiwa.exe
    2008-01-17 22:25 . 2008-01-17 22:25 42,941 --a------ C:\Documents and Settings\Administrateur\vdhimg.exe
    2008-01-17 22:21 . 2008-01-17 22:21 42,941 --a------ C:\Documents and Settings\Administrateur\kchixe.exe
    2008-01-17 22:17 . 2008-01-17 22:17 42,941 --a------ C:\Documents and Settings\Administrateur\kvvgvq.exe
    2008-01-17 22:12 . 2008-01-17 22:12 42,941 --a------ C:\Documents and Settings\Administrateur\mplmqv.exe
    2008-01-17 22:08 . 2008-01-17 22:08 42,941 --a------ C:\Documents and Settings\Administrateur\svcicd.exe
    2008-01-17 22:04 . 2008-01-17 22:04 42,941 --a------ C:\Documents and Settings\Administrateur\kcsibv.exe
    2008-01-17 22:00 . 2008-01-17 22:00 42,941 --a------ C:\Documents and Settings\Administrateur\regtom.exe
    2008-01-17 21:56 . 2008-01-17 21:56 42,941 --a------ C:\Documents and Settings\Administrateur\wubsfw.exe
    2008-01-17 21:52 . 2008-01-17 21:52 42,941 --a------ C:\Documents and Settings\Administrateur\tzllsc.exe
    2008-01-17 21:47 . 2008-01-17 21:47 42,941 --a------ C:\Documents and Settings\Administrateur\dpbdcw.exe
    2008-01-17 21:43 . 2008-01-17 21:43 42,941 --a------ C:\Documents and Settings\Administrateur\labrzo.exe
    2008-01-17 21:39 . 2008-01-17 21:39 42,941 -r-hs---- C:\WINDOWS\servicestub.exe
    2008-01-17 19:47 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2008-01-17 19:05 . 2008-01-17 19:05 <REP> d-------- C:\Program Files\Trend Micro
    2008-01-17 18:24 . 2008-01-17 18:24 8,192 --ahs---- C:\WINDOWS\Thumbs.db
    2008-01-17 09:49 . 2008-01-17 09:49 268 --ah----- C:\sqmdata19.sqm
    2008-01-17 09:49 . 2008-01-17 09:49 244 --ah----- C:\sqmnoopt19.sqm
    2008-01-16 22:37 . 2008-01-16 22:37 268 --ah----- C:\sqmdata18.sqm
    2008-01-16 22:37 . 2008-01-16 22:37 244 --ah----- C:\sqmnoopt18.sqm
    2008-01-08 00:36 . 2004-08-16 21:00 116,736 --a------ C:\WINDOWS\system32\CNMLM6f.DLL
    2008-01-08 00:36 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
    2008-01-08 00:36 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
    2008-01-08 00:36 . 2004-08-16 21:00 7,680 --a------ C:\WINDOWS\system32\CNMVS6f.DLL
    2008-01-08 00:35 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
    2008-01-08 00:35 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
    2008-01-08 00:06 . 2008-01-08 00:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SSScanWizard
    2008-01-08 00:06 . 2008-01-08 00:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
    2008-01-08 00:06 . 2008-01-08 00:06 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ScanSoft
    2008-01-08 00:06 . 2008-01-08 00:06 532 --a------ C:\WINDOWS\MAXLINK.INI
    2008-01-08 00:03 . 2008-01-08 00:03 <REP> d-------- C:\Program Files\ScanSoft
    2008-01-08 00:03 . 2008-01-08 00:06 <REP> d-------- C:\Program Files\Fichiers communs\ScanSoft Shared
    2008-01-07 23:59 . 2008-01-07 23:59 <REP> d-------- C:\Program Files\ArcSoft
    2008-01-07 23:59 . 1995-08-01 04:44 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
    2008-01-07 23:50 . 2008-01-08 00:32 <REP> d-------- C:\Program Files\Canon
    2008-01-06 22:29 . 2008-01-06 22:29 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Samsung
    2008-01-06 21:59 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
    2008-01-06 21:58 . 2005-08-30 01:49 94,000 --a------ C:\WINDOWS\system32\drivers\ssm_mdm.sys
    2008-01-06 21:58 . 2005-08-30 01:47 58,320 --a------ C:\WINDOWS\system32\drivers\ssm_bus.sys
    2008-01-06 21:58 . 2005-08-30 01:49 8,336 --a------ C:\WINDOWS\system32\drivers\ssm_mdfl.sys
    2008-01-06 21:58 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cmnt.sys
    2008-01-06 21:58 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cm.sys
    2008-01-06 21:58 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_whnt.sys
    2008-01-06 21:58 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_wh.sys
    2008-01-06 21:57 . 2008-01-06 21:58 <REP> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
    2008-01-06 21:57 . 2005-08-30 17:59 94,000 --a------ C:\WINDOWS\system32\drivers\ss_mdm.sys
    2008-01-06 21:57 . 2005-08-30 17:57 58,320 --a------ C:\WINDOWS\system32\drivers\ss_bus.sys
    2008-01-06 21:57 . 2005-08-30 17:58 8,304 --a------ C:\WINDOWS\system32\drivers\ss_mdfl.sys
    2008-01-06 21:57 . 2005-08-30 17:58 6,144 --a------ C:\WINDOWS\system32\drivers\ss_cmnt.sys
    2008-01-06 21:57 . 2005-08-30 17:58 6,144 --a------ C:\WINDOWS\system32\drivers\ss_cm.sys
    2008-01-06 21:57 . 2005-08-30 17:57 5,808 --a------ C:\WINDOWS\system32\drivers\ss_whnt.sys
    2008-01-06 21:57 . 2005-08-30 17:57 5,808 --a------ C:\WINDOWS\system32\drivers\ss_wh.sys
    2008-01-06 21:56 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
    2008-01-06 21:56 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico
    2008-01-06 21:55 . 2008-01-06 21:55 <REP> d-------- C:\Program Files\Samsung
    2008-01-06 20:45 . 2008-01-16 11:33 230,424 --a------ C:\img2-001.raw
    2008-01-02 18:56 . 2008-01-17 22:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-01-02 18:40 . 2008-01-02 18:40 <REP> d-------- C:\WINDOWS\system32\fr-fr
    2008-01-02 12:40 . 2008-01-02 12:40 268 --ah----- C:\sqmdata17.sqm
    2008-01-02 12:40 . 2008-01-02 12:40 244 --ah----- C:\sqmnoopt17.sqm
    2008-01-02 11:36 . 2008-01-02 11:36 280 --ah----- C:\sqmdata16.sqm
    2008-01-02 11:36 . 2008-01-02 11:36 244 --ah----- C:\sqmnoopt16.sqm
    2008-01-02 11:32 . 2008-01-02 11:32 280 --ah----- C:\sqmdata15.sqm
    2008-01-02 11:32 . 2008-01-02 11:32 244 --ah----- C:\sqmnoopt15.sqm
    2008-01-01 21:02 . 2006-03-01 18:37 217,088 -ra------ C:\WINDOWS\system32\drivers\sis163u.sys
    2008-01-01 21:02 . 2005-01-06 21:14 49,152 -ra------ C:\WINDOWS\system32\unwlsdrv.exe
    2008-01-01 20:59 . 2008-01-01 20:59 278,528 --a------ C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    2008-01-01 20:59 . 2008-01-01 20:59 81,920 --a------ C:\WINDOWS\system32\W32N50.DLL
    2008-01-01 20:59 . 2008-01-01 20:59 17,134 --a------ C:\WINDOWS\system32\PCANDIS5.SYS
    2008-01-01 20:58 . 2008-01-01 20:59 <REP> d-------- C:\Program Files\Inventel
    2008-01-01 20:58 . 2005-02-03 10:51 225,280 --a------ C:\WINDOWS\OptChecker.exe
    2008-01-01 20:58 . 2005-02-03 10:51 159,744 --a------ C:\WINDOWS\OptRemove.exe
    2008-01-01 16:36 . 2008-01-01 16:36 244 --ah----- C:\sqmnoopt14.sqm
    2008-01-01 16:36 . 2008-01-01 16:36 232 --ah----- C:\sqmdata14.sqm
    2008-01-01 15:27 . 2008-01-01 15:27 244 --ah----- C:\sqmnoopt13.sqm
    2008-01-01 15:27 . 2008-01-01 15:27 244 --ah----- C:\sqmnoopt12.sqm
    2008-01-01 15:27 . 2008-01-01 15:27 232 --ah----- C:\sqmdata13.sqm
    2008-01-01 15:27 . 2008-01-01 15:27 232 --ah----- C:\sqmdata12.sqm
    2007-12-26 20:29 . 2007-12-26 20:29 <REP> d-------- C:\Program Files\IVCsoft
    2007-12-26 20:04 . 2007-03-04 13:55 1,936,528 --a------ C:\WINDOWS\system32\ltmm15.dll
    2007-12-26 20:04 . 2007-03-04 13:55 135,168 --a------ C:\WINDOWS\system32\DSKernel2.dll
    2007-12-26 20:03 . 2007-12-26 20:01 737,280 --a------ C:\WINDOWS\iun6002.exe
    2007-12-26 20:01 . 2007-12-26 20:07 <REP> d-------- C:\Program Files\Replay Converter
    2007-12-26 19:57 . 2007-12-26 20:01 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\GetRightToGo
    2007-12-26 19:49 . 2007-12-26 19:49 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2007-12-26 19:49 . 2007-12-26 19:49 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Eltima Software
    2007-12-26 19:48 . 2007-12-26 19:48 <REP> d-------- C:\Program Files\Fichiers communs\Eltima Shared
    2007-12-26 19:48 . 2007-12-26 19:48 <REP> d-------- C:\Program Files\Eltima Software
    2007-12-26 19:48 . 2007-12-02 14:14 3,345,408 --a------ C:\WINDOWS\system32\avcodec-51.dll
    2007-12-26 19:48 . 2007-12-02 14:14 448,512 --a------ C:\WINDOWS\system32\avformat-50.dll
    2007-12-26 19:48 . 2007-12-02 14:13 40,960 --a------ C:\WINDOWS\wavdest.ax
    2007-12-26 19:48 . 2007-12-02 14:14 19,968 --a------ C:\WINDOWS\system32\avutil-49.dll
    2007-12-26 19:35 . 2007-12-26 19:35 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\vlc
    2007-12-26 19:34 . 2007-12-26 19:34 <REP> d-------- C:\Program Files\VideoLAN
    2007-12-22 14:17 . 2007-12-22 14:17 <REP> d-------- C:\Program Files\VirtualDJ
    2007-12-18 08:28 . 2007-12-18 08:28 268 --ah----- C:\sqmdata11.sqm
    2007-12-18 08:28 . 2007-12-18 08:28 244 --ah----- C:\sqmnoopt11.sqm

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-18 16:53 --------- d-----w C:\Program Files\Symantec AntiVirus
    2008-01-18 11:26 46,080 ----a-w C:\WINDOWS\system32\ftp.exe
    2008-01-18 11:26 17,920 ----a-w C:\WINDOWS\system32\tftp.exe
    2008-01-17 17:42 359,040 ------w C:\WINDOWS\system32\drivers\tcpip.sys
    2008-01-07 23:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-01-02 17:56 --------- d-----w C:\Program Files\Google
    2007-12-14 23:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Age of Empires 3
    2007-12-13 16:18 --------- d-----w C:\Program Files\Microsoft Games
    2007-12-13 16:17 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2007-12-08 17:21 --------- d-----w C:\Program Files\blaxxun Contact
    2007-12-08 16:51 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\blaxxun interactive
    2007-12-08 16:50 --------- d-----w C:\Program Files\Simcity 3D 2.0
    2007-11-20 15:18 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\PowerChallenge
    2007-03-09 08:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-01-17_19.54.17,34 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-01-17 18:48:07 1,228,800 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
    + 2008-01-18 16:54:59 1,228,800 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
    - 2008-01-17 18:48:07 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
    + 2008-01-18 16:55:00 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
    - 2008-01-17 18:48:07 1,228,800 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
    + 2008-01-18 16:55:00 1,228,800 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
    - 2008-01-17 18:48:07 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
    + 2008-01-18 16:55:00 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
    - 2008-01-17 18:48:08 5,136,384 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
    + 2008-01-18 16:55:00 5,144,576 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
    - 2008-01-17 18:48:08 147,456 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
    + 2008-01-18 16:55:00 147,456 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
    - 2008-01-17 17:42:45 46,080 -c--a-w C:\WINDOWS\system32\dllcache\ftp.exe
    + 2008-01-18 11:26:26 46,080 -c--a-w C:\WINDOWS\system32\dllcache\ftp.exe
    - 2008-01-17 17:42:45 17,920 -c--a-w C:\WINDOWS\system32\dllcache\tftp.exe
    + 2008-01-18 11:26:26 17,920 -c--a-w C:\WINDOWS\system32\dllcache\tftp.exe
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-19 15:22 1667584]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-02 18:56 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
    "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2004-03-31 14:38 66656]
    "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-03-31 14:46 124128]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-02-10 10:55 155648]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-02-10 10:51 118784]
    "SNPSTD2"="C:\WINDOWS\vsnpstd2.exe" [2004-06-10 10:54 286720]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00 49152]
    "OPSE reminder"="C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" [2003-07-07 10:30 729088]
    "servicestub.exe"="C:\WINDOWS\servicestub.exe" [2008-01-17 21:39 42941]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 16:09 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 08:01:04]
    Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-01-02 18:56:12]

    S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2006-03-01 18:37]
    S3 snpstd2;VideoCAM Look;C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-07-28 10:49]
    S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
    S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
    S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab4532fc-7294-11dc-a020-000d561641f7}]
    \Shell\AutoRun\command - G:\start.exe
    \Shell\iledefrance\command - G:\start.exe

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-18 17:57:51
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-01-18 17:59:59
    ComboFix-quarantined-files.txt 2008-01-18 16:59:54
    ComboFix2.txt 2008-01-18 15:27:32
    ComboFix3.txt 2008-01-17 19:45:03
    ComboFix4.txt 2008-01-17 18:54:40




    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:54:01, on 18/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0013)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\vsnpstd2.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\WINDOWS\servicestub.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini"
    O4 - HKLM\..\Run: [servicestub.exe] C:\WINDOWS\servicestub.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

    --
    End of file - 7295 bytes
    a b 8 Sécurité
    18 Janvier 2008 18:57:49

    D:\CFScript.txt..txt
    Tu as mis deux fois .txt et en plus, ils sont séparés par deux points
    Tu peux lancer le script depuis le disque C: ?
    18 Janvier 2008 21:29:26

    Je ne suis pas ffort en informatique et je n'ai rien compris à ce que tu m'as demandé...

    DE quel script, tu parles ?
    a b 8 Sécurité
    18 Janvier 2008 22:08:37

    CFScript.txt
    18 Janvier 2008 22:28:38

    Oui, tu veux que je fasse quoi avec ? je l'enregistre sur le disque C: ?
    a b 8 Sécurité
    19 Janvier 2008 12:21:06

    Oui.
    19 Janvier 2008 13:57:04

    Et ensuite, je l'envoie sur Combofix, c'est bien sa ?
    a b 8 Sécurité
    19 Janvier 2008 18:36:28

    Oui.
    19 Janvier 2008 19:24:14

    Dit moi c'est normal quand je donne au script le nom de CFScript.txt. il me le renomme en CFScript.txt..txt du coup je suis obligé de le rerenommer et enfin ils me disent que ce fichier risque de ne pas être utilisé !
    19 Janvier 2008 19:24:56

    ComboFix 08-01-09.2 - Administrateur 2008-01-19 19:09:31.5 - NTFSx86
    Running from: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
    Command switches used :: C:\CFScript.txt
    * Created a new restore point

    FILE
    C:\Documents and Settings\Administrateur\dpbdcw.exe
    C:\Documents and Settings\Administrateur\fiaiwa.exe
    C:\Documents and Settings\Administrateur\kchixe.exe
    C:\Documents and Settings\Administrateur\kcsibv.exe
    C:\Documents and Settings\Administrateur\kprfee.exe
    C:\Documents and Settings\Administrateur\kvvgvq.exe
    C:\Documents and Settings\Administrateur\labrzo.exe
    C:\Documents and Settings\Administrateur\mplmqv.exe
    C:\Documents and Settings\Administrateur\regtom.exe
    C:\Documents and Settings\Administrateur\svcicd.exe
    C:\Documents and Settings\Administrateur\tqckjt.exe
    C:\Documents and Settings\Administrateur\tzllsc.exe
    C:\Documents and Settings\Administrateur\vdhimg.exe
    C:\Documents and Settings\Administrateur\wubsfw.exe
    C:\WINDOWS\servicestub.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Administrateur\dpbdcw.exe
    C:\Documents and Settings\Administrateur\fiaiwa.exe
    C:\Documents and Settings\Administrateur\kchixe.exe
    C:\Documents and Settings\Administrateur\kcsibv.exe
    C:\Documents and Settings\Administrateur\kprfee.exe
    C:\Documents and Settings\Administrateur\kvvgvq.exe
    C:\Documents and Settings\Administrateur\labrzo.exe
    C:\Documents and Settings\Administrateur\mplmqv.exe
    C:\Documents and Settings\Administrateur\regtom.exe
    C:\Documents and Settings\Administrateur\svcicd.exe
    C:\Documents and Settings\Administrateur\tqckjt.exe
    C:\Documents and Settings\Administrateur\tzllsc.exe
    C:\Documents and Settings\Administrateur\vdhimg.exe
    C:\Documents and Settings\Administrateur\wubsfw.exe
    C:\WINDOWS\servicestub.exe
    C:\WINDOWS\W0034_jpg.zip

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2007-12-19 to 2008-01-19 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-18 18:13 . 2008-01-18 18:13 <REP> d--h----- C:\Program Files\Fichiers communs\Carlson
    2008-01-17 19:47 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2008-01-17 19:05 . 2008-01-17 19:05 <REP> d-------- C:\Program Files\Trend Micro
    2008-01-17 18:24 . 2008-01-18 22:39 8,192 --ahs---- C:\WINDOWS\Thumbs.db
    2008-01-17 09:49 . 2008-01-17 09:49 268 --ah----- C:\sqmdata19.sqm
    2008-01-17 09:49 . 2008-01-17 09:49 244 --ah----- C:\sqmnoopt19.sqm
    2008-01-16 22:37 . 2008-01-16 22:37 268 --ah----- C:\sqmdata18.sqm
    2008-01-16 22:37 . 2008-01-16 22:37 244 --ah----- C:\sqmnoopt18.sqm
    2008-01-08 00:36 . 2004-08-16 21:00 116,736 --a------ C:\WINDOWS\system32\CNMLM6f.DLL
    2008-01-08 00:36 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
    2008-01-08 00:36 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
    2008-01-08 00:36 . 2004-08-16 21:00 7,680 --a------ C:\WINDOWS\system32\CNMVS6f.DLL
    2008-01-08 00:35 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
    2008-01-08 00:35 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
    2008-01-08 00:06 . 2008-01-08 00:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SSScanWizard
    2008-01-08 00:06 . 2008-01-08 00:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
    2008-01-08 00:06 . 2008-01-08 00:06 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ScanSoft
    2008-01-08 00:06 . 2008-01-08 00:06 532 --a------ C:\WINDOWS\MAXLINK.INI
    2008-01-08 00:03 . 2008-01-08 00:03 <REP> d-------- C:\Program Files\ScanSoft
    2008-01-08 00:03 . 2008-01-08 00:06 <REP> d-------- C:\Program Files\Fichiers communs\ScanSoft Shared
    2008-01-07 23:59 . 2008-01-07 23:59 <REP> d-------- C:\Program Files\ArcSoft
    2008-01-07 23:59 . 1995-08-01 04:44 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
    2008-01-07 23:50 . 2008-01-08 00:32 <REP> d-------- C:\Program Files\Canon
    2008-01-06 22:29 . 2008-01-06 22:29 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Samsung
    2008-01-06 21:59 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
    2008-01-06 21:58 . 2005-08-30 01:49 94,000 --a------ C:\WINDOWS\system32\drivers\ssm_mdm.sys
    2008-01-06 21:58 . 2005-08-30 01:47 58,320 --a------ C:\WINDOWS\system32\drivers\ssm_bus.sys
    2008-01-06 21:58 . 2005-08-30 01:49 8,336 --a------ C:\WINDOWS\system32\drivers\ssm_mdfl.sys
    2008-01-06 21:58 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cmnt.sys
    2008-01-06 21:58 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cm.sys
    2008-01-06 21:58 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_whnt.sys
    2008-01-06 21:58 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_wh.sys
    2008-01-06 21:57 . 2008-01-06 21:58 <REP> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
    2008-01-06 21:57 . 2005-08-30 17:59 94,000 --a------ C:\WINDOWS\system32\drivers\ss_mdm.sys
    2008-01-06 21:57 . 2005-08-30 17:57 58,320 --a------ C:\WINDOWS\system32\drivers\ss_bus.sys
    2008-01-06 21:57 . 2005-08-30 17:58 8,304 --a------ C:\WINDOWS\system32\drivers\ss_mdfl.sys
    2008-01-06 21:57 . 2005-08-30 17:58 6,144 --a------ C:\WINDOWS\system32\drivers\ss_cmnt.sys
    2008-01-06 21:57 . 2005-08-30 17:58 6,144 --a------ C:\WINDOWS\system32\drivers\ss_cm.sys
    2008-01-06 21:57 . 2005-08-30 17:57 5,808 --a------ C:\WINDOWS\system32\drivers\ss_whnt.sys
    2008-01-06 21:57 . 2005-08-30 17:57 5,808 --a------ C:\WINDOWS\system32\drivers\ss_wh.sys
    2008-01-06 21:56 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
    2008-01-06 21:56 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico
    2008-01-06 21:55 . 2008-01-06 21:55 <REP> d-------- C:\Program Files\Samsung
    2008-01-06 20:45 . 2008-01-16 11:33 230,424 --a------ C:\img2-001.raw
    2008-01-02 18:56 . 2008-01-18 23:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-01-02 18:40 . 2008-01-02 18:40 <REP> d-------- C:\WINDOWS\system32\fr-fr
    2008-01-02 12:40 . 2008-01-02 12:40 268 --ah----- C:\sqmdata17.sqm
    2008-01-02 12:40 . 2008-01-02 12:40 244 --ah----- C:\sqmnoopt17.sqm
    2008-01-02 11:36 . 2008-01-02 11:36 280 --ah----- C:\sqmdata16.sqm
    2008-01-02 11:36 . 2008-01-02 11:36 244 --ah----- C:\sqmnoopt16.sqm
    2008-01-02 11:32 . 2008-01-02 11:32 280 --ah----- C:\sqmdata15.sqm
    2008-01-02 11:32 . 2008-01-02 11:32 244 --ah----- C:\sqmnoopt15.sqm
    2008-01-01 21:02 . 2006-03-01 18:37 217,088 -ra------ C:\WINDOWS\system32\drivers\sis163u.sys
    2008-01-01 21:02 . 2005-01-06 21:14 49,152 -ra------ C:\WINDOWS\system32\unwlsdrv.exe
    2008-01-01 20:59 . 2008-01-01 20:59 278,528 --a------ C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    2008-01-01 20:59 . 2008-01-01 20:59 81,920 --a------ C:\WINDOWS\system32\W32N50.DLL
    2008-01-01 20:59 . 2008-01-01 20:59 17,134 --a------ C:\WINDOWS\system32\PCANDIS5.SYS
    2008-01-01 20:58 . 2008-01-01 20:59 <REP> d-------- C:\Program Files\Inventel
    2008-01-01 20:58 . 2005-02-03 10:51 225,280 --a------ C:\WINDOWS\OptChecker.exe
    2008-01-01 20:58 . 2005-02-03 10:51 159,744 --a------ C:\WINDOWS\OptRemove.exe
    2008-01-01 16:36 . 2008-01-01 16:36 244 --ah----- C:\sqmnoopt14.sqm
    2008-01-01 16:36 . 2008-01-01 16:36 232 --ah----- C:\sqmdata14.sqm
    2008-01-01 15:27 . 2008-01-01 15:27 244 --ah----- C:\sqmnoopt13.sqm
    2008-01-01 15:27 . 2008-01-01 15:27 244 --ah----- C:\sqmnoopt12.sqm
    2008-01-01 15:27 . 2008-01-01 15:27 232 --ah----- C:\sqmdata13.sqm
    2008-01-01 15:27 . 2008-01-01 15:27 232 --ah----- C:\sqmdata12.sqm
    2007-12-26 20:29 . 2007-12-26 20:29 <REP> d-------- C:\Program Files\IVCsoft
    2007-12-26 20:04 . 2007-03-04 13:55 1,936,528 --a------ C:\WINDOWS\system32\ltmm15.dll
    2007-12-26 20:04 . 2007-03-04 13:55 135,168 --a------ C:\WINDOWS\system32\DSKernel2.dll
    2007-12-26 20:03 . 2007-12-26 20:01 737,280 --a------ C:\WINDOWS\iun6002.exe
    2007-12-26 20:01 . 2007-12-26 20:07 <REP> d-------- C:\Program Files\Replay Converter
    2007-12-26 19:57 . 2007-12-26 20:01 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\GetRightToGo
    2007-12-26 19:49 . 2007-12-26 19:49 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2007-12-26 19:49 . 2007-12-26 19:49 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Eltima Software
    2007-12-26 19:48 . 2007-12-26 19:48 <REP> d-------- C:\Program Files\Fichiers communs\Eltima Shared
    2007-12-26 19:48 . 2007-12-26 19:48 <REP> d-------- C:\Program Files\Eltima Software
    2007-12-26 19:48 . 2007-12-02 14:14 3,345,408 --a------ C:\WINDOWS\system32\avcodec-51.dll
    2007-12-26 19:48 . 2007-12-02 14:14 448,512 --a------ C:\WINDOWS\system32\avformat-50.dll
    2007-12-26 19:48 . 2007-12-02 14:13 40,960 --a------ C:\WINDOWS\wavdest.ax
    2007-12-26 19:48 . 2007-12-02 14:14 19,968 --a------ C:\WINDOWS\system32\avutil-49.dll
    2007-12-26 19:35 . 2007-12-26 19:35 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\vlc
    2007-12-26 19:34 . 2007-12-26 19:34 <REP> d-------- C:\Program Files\VideoLAN
    2007-12-22 14:17 . 2007-12-22 14:17 <REP> d-------- C:\Program Files\VirtualDJ

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-19 18:08 --------- d-----w C:\Program Files\Symantec AntiVirus
    2008-01-19 11:16 46,080 ----a-w C:\WINDOWS\system32\ftp.exe
    2008-01-19 11:16 17,920 ----a-w C:\WINDOWS\system32\tftp.exe
    2008-01-17 17:42 359,040 ------w C:\WINDOWS\system32\drivers\tcpip.sys
    2008-01-07 23:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-01-02 17:56 --------- d-----w C:\Program Files\Google
    2007-12-14 23:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Age of Empires 3
    2007-12-13 16:18 --------- d-----w C:\Program Files\Microsoft Games
    2007-12-13 16:17 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2007-12-08 17:21 --------- d-----w C:\Program Files\blaxxun Contact
    2007-12-08 16:51 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\blaxxun interactive
    2007-12-08 16:50 --------- d-----w C:\Program Files\Simcity 3D 2.0
    2007-11-20 15:18 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\PowerChallenge
    2007-03-09 08:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-01-17_19.54.17,34 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-01-17 18:48:07 1,228,800 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
    + 2008-01-19 18:08:52 1,228,800 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
    - 2008-01-17 18:48:07 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
    + 2008-01-19 18:08:52 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
    - 2008-01-17 18:48:07 1,228,800 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
    + 2008-01-19 18:08:52 1,228,800 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
    - 2008-01-17 18:48:07 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
    + 2008-01-19 18:08:52 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
    - 2008-01-17 18:48:08 5,136,384 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
    + 2008-01-19 18:08:54 5,152,768 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
    - 2008-01-17 18:48:08 147,456 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
    + 2008-01-19 18:08:54 147,456 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
    - 2008-01-17 17:42:45 46,080 -c--a-w C:\WINDOWS\system32\dllcache\ftp.exe
    + 2008-01-19 11:16:42 46,080 -c--a-w C:\WINDOWS\system32\dllcache\ftp.exe
    - 2008-01-17 17:42:45 17,920 -c--a-w C:\WINDOWS\system32\dllcache\tftp.exe
    + 2008-01-19 11:16:42 17,920 -c--a-w C:\WINDOWS\system32\dllcache\tftp.exe
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-19 15:22 1667584]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-02 18:56 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
    "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2004-03-31 14:38 66656]
    "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-03-31 14:46 124128]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-02-10 10:55 155648]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-02-10 10:51 118784]
    "SNPSTD2"="C:\WINDOWS\vsnpstd2.exe" [2004-06-10 10:54 286720]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00 49152]
    "OPSE reminder"="C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" [2003-07-07 10:30 729088]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 16:09 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 08:01:04]
    Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-01-02 18:56:12]

    S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2006-03-01 18:37]
    S3 snpstd2;VideoCAM Look;C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-07-28 10:49]
    S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
    S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
    S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab4532fc-7294-11dc-a020-000d561641f7}]
    \Shell\AutoRun\command - G:\start.exe
    \Shell\iledefrance\command - G:\start.exe

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-19 19:13:58
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-01-19 19:15:22
    ComboFix-quarantined-files.txt 2008-01-19 18:15:18
    ComboFix2.txt 2008-01-18 17:00:00
    ComboFix3.txt 2008-01-18 15:27:32
    ComboFix4.txt 2008-01-17 19:45:03
    ComboFix5.txt 2008-01-17 18:54:40
    a b 8 Sécurité
    19 Janvier 2008 19:29:37

    Tu as encore des soucis ?
    19 Janvier 2008 19:46:12

    Sa marche parfaitement bien pour l'instant =)
    a b 8 Sécurité
    19 Janvier 2008 19:56:53

    Reposte quand même un rapport Hijackthis.
    19 Janvier 2008 19:59:52

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:59:36, on 19/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0013)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\vsnpstd2.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

    --
    End of file - 7213 bytes

    a b 8 Sécurité
    20 Janvier 2008 13:10:13

    Des questions ?
    20 Janvier 2008 15:36:42

    Jusqu'à là non.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS