PSW X-Vir .... help !

Bonjour,

Bien infecté  

Télécharge combofix.exe (par sUBs) sur ton Bureau.

Double clique combofix.exe.

Tape sur la touche 1 (Yes) pour démarrer le scan.

Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Je savais bien que j'en avait partout : /

ComboFix 07-11-08.1 - admin 2007-11-11 16:38:07.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1488 [GMT 1:00]
Running from: C:\Documents and Settings\admin\Bureau\ComboFix.exe
* Created a new restore point
.

Incapable d'obtenir les privilèges Système

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\a.exe
C:\Documents and Settings\admin\Bureau\Live Safety Center.lnk
C:\Documents and Settings\admin\Bureau\Online Security Guide.lnk
C:\Documents and Settings\admin\Favoris\Online Security Guide.lnk
C:\Documents and Settings\All Users\Application Data.\salesmonitor
C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk
C:\Program Files\Insider
C:\Program Files\WinAble
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\b122.exe
C:\WINDOWS\b147.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\system32\__c0031431.dat
C:\WINDOWS\system32\__c00E75E9.dat
C:\WINDOWS\system32\c3
C:\WINDOWS\system32\cowwrecl.dll
C:\WINDOWS\system32\eogbpqvj.dllbox
C:\WINDOWS\system32\hfupkxtv.dll
C:\WINDOWS\system32\k1
C:\WINDOWS\system32\k1\jumper83122.exe
C:\WINDOWS\system32\ldcore.dll
C:\WINDOWS\system32\ldinfo.ldr
C:\WINDOWS\system32\nnnmp.bak1
C:\WINDOWS\system32\nnnmp.bak2
C:\WINDOWS\system32\nnnmp.ini
C:\WINDOWS\system32\nuhbqafn.dll
C:\WINDOWS\system32\o4
C:\WINDOWS\system32\o4\revdrive33b.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pmnnn.dll
C:\WINDOWS\system32\service.exe
C:\WINDOWS\system32\winnb58.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-11 to 2007-11-11 ))))))))))))))))))))))))))))))))))))
.

2007-11-11 16:36 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-11 15:17 35,840 --a------ C:\WINDOWS\mrofinu1000106.exe
2007-11-11 15:16 <REP> d-------- C:\WINDOWS\system32\rMa06yy
2007-11-11 15:16 <REP> d-------- C:\Temp\abW9
2007-11-11 15:16 <REP> d-------- C:\Temp
2007-11-11 15:16 225,290 --a------ C:\Temp\e002A477.exe
2007-11-11 13:56 <REP> d-------- C:\WINDOWS\AU_Temp
2007-11-11 03:07 <REP> d-------- C:\WINDOWS\report
2007-11-11 03:06 <REP> d-------- C:\WINDOWS\AU_Backup
2007-11-11 03:06 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2007-11-11 03:06 267,845 --a------ C:\WINDOWS\tsc.exe
2007-11-11 03:06 86,094 --a------ C:\WINDOWS\BPMNT.dll
2007-11-11 03:06 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2007-11-11 03:01 <REP> d-------- C:\WINDOWS\AU_Log
2007-11-11 03:01 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2007-11-11 03:01 286,720 --a------ C:\WINDOWS\PATCH.EXE
2007-11-11 03:01 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2007-11-11 02:42 81,472 --a------ C:\WINDOWS\system32\pxlaotpc.dll
2007-11-11 02:38 85,056 --a------ C:\WINDOWS\system32\lhaxdlpt.dll
2007-11-11 00:05 36,352 --a------ C:\WINDOWS\system32\cbxxyvu.dll
2007-11-10 22:35 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-11-10 22:30 145,984 --a------ C:\WINDOWS\system32\eogbpqvj.dll
2007-11-10 22:30 81,472 --a------ C:\WINDOWS\system32\kacyinsc.dll
2007-11-10 22:29 145,984 --a------ C:\WINDOWS\system32\jsspetix.dll
2007-11-10 10:28 36,352 --a------ C:\WINDOWS\system32\awtqomn.dll
2007-11-09 15:46 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-09 15:43 134 --a------ C:\n.bat
2007-11-09 15:42 35,328 --a------ C:\WINDOWS\system32\nnnonkh.dll
2007-11-09 15:42 262 --a------ C:\Documents and Settings\admin\z.dat
2007-11-09 15:42 0 --a------ C:\Documents and Settings\admin\x.dat
2007-11-09 15:39 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-07 12:02 <REP> d-------- C:\WINDOWS\Sun
2007-11-02 11:49 <REP> d-------- C:\Documents and Settings\admin\Application Data\sansendommagement
2007-11-02 11:44 <REP> d-------- C:\Program Files\Fichiers communs\SansenDommagement
2007-11-02 11:44 <REP> dr------- C:\Documents and Settings\All Users\Application Data\sansendommagement
2007-10-28 13:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-11 15:44 --------- d-----w C:\Program Files\Steam
2007-11-11 15:09 --------- d-----w C:\Documents and Settings\admin\Application Data\LimeWire
2007-11-11 15:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-10 21:45 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-11-10 10:23 --------- d-----w C:\Program Files\Warcraft III
2007-11-01 11:05 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-11-01 11:05 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-10-28 13:27 --------- d-----w C:\Program Files\Winamp
2007-10-24 18:01 --------- d-----w C:\Program Files\mIRC
2007-10-13 09:33 --------- d-----w C:\Program Files\World of Warcraft
2007-10-10 10:57 --------- d-----w C:\Program Files\Java
2007-10-09 15:45 --------- d-----w C:\Program Files\Fichiers communs\Java
2007-10-01 11:15 839,690 ----a-w C:\WINDOWS\Fonts\Crack.exe
2007-10-01 11:15 839,689 --sh--w C:\WINDOWS\Fonts\svchost.exe
2007-09-23 14:25 --------- d-----w C:\Documents and Settings\admin\Application Data\teamspeak2
2007-09-14 11:11 --------- d-----w C:\Program Files\Alwil Software
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}]
C:\Program Files\ContextTool\ContextTool-1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34C29F9E-2833-435A-AD35-B5D1F06BFD4F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{430CEFA0-6918-4E48-92CE-8A2CC2BC8270}]
C:\Program Files\Messenger\hoqezikC:\WINDOWS\system32\k1\jumper83122.exe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5b3f3836-1d56-44c1-9a80-28de8eabc1e2}]
2007-11-11 02:42 81472 --a------ C:\WINDOWS\system32\pxlaotpc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-11-10 22:30 145984 --a------ C:\WINDOWS\system32\eogbpqvj.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\eogbpqvj.dll [2007-11-10 22:30 145984]

[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-18 09:00]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-07-26 08:54]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-20 05:05]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-20 05:05]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 18:58]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"Host Process"="C:\WINDOWS\Fonts\svchost.exe" [2007-10-01 12:15]
"d83453f0"="C:\WINDOWS\system32\lhaxdlpt.dll" [2007-11-11 02:38]
"QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" [2007-04-27 08:41]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55]
"Steam"="c:\program files\steam\steam.exe" [2007-10-05 15:34]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-07-06 18:59]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\eogbpqvj]
eogbpqvj.dll 2007-11-10 22:30 145984 C:\WINDOWS\system32\eogbpqvj.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmnnn.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe -k netsvcs
R3 AEAudioService;AEAudio Service;C:\WINDOWS\system32\drivers\AEAudio.sys
R3 TNET1130;IEEE 802.11g Wireless Cardbus/PCI Adapter;C:\WINDOWS\system32\DRIVERS\tnet1130.sys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-09 16:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.

Hum une petite réponse svp ?

Mais ou sont les gens   ?

je suis en pleine "réparation" avec la date déréglé et y'a plus personne ~~?

Bon je ferai sans c'est pas grave, merci quand même

Tu sais quel jour on est ? Tu n'as pas une vie toi ?
Reposte un rapport Hijackthis.

Logfile of HijackThis v1.99.1
Scan saved at 19:16, on 2007-11-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\program files\steam\steam.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\admin\Mes documents\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\eogbpqvj.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [d83453f0] rundll32.exe "C:\WINDOWS\system32\lhaxdlpt.dll",b
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/windows/AutoD...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O18 - Protocol: bw+0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

Encore des infections.

Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir

Fais un scan complet puis poste le rapport en fin d'analyse.

AntiVir PersonalEdition Classic
Report file date: 2007-11-11 19:27

Scanning for 835736 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: admin
Computer name: PC2

Version information:
BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 14:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 2007-09-13 14:26:55
ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 2007-09-13 14:27:04
ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 2007-09-13 14:27:13
AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 2007-09-17 17:43:56
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 2007-08-03 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 09:37:21

Configuration settings for the scan:
Jobname..........................: Windows System Directory
Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\setupprf.dat
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 2007-11-11 19:27

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'SSScsiSV.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'KHALMNPR.EXE' - '1' Module(s) have been scanned
Scan process 'SetPoint.exe' - '1' Module(s) have been scanned
Scan process 'LogitechDesktopMessenger.exe' - '1' Module(s) have been scanned
Scan process 'steam.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mrofinu1188.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\WINDOWS\mrofinu1188.exe'
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'SSAAD.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'SMax4.exe' - '1' Module(s) have been scanned
Scan process 'smax4pnp.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
Process 'mrofinu1188.exe' has been terminated
C:\WINDOWS\mrofinu1188.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!

40 processes with 39 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.

The registry was scanned ( '37' files ).


Starting the file scan:

Begin scan in 'C:\WINDOWS\system32'


End of the scan: 2007-11-11 19:29
Used time: 01:56 min

The scan has been done completely.

219 Scanning directories
6741 Files were scanned
2 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
1 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
0 Files cannot be scanned
6739 Files not concerned
3 Archives were scanned
0 Warnings
0 Notes

Antivir me trouve un trojan dans mais aucun choix ne marche, delete quarantaine etc, je dosi faire quoi   ? j'ai "ignore"
j'ai fais un scan et il en a trouver partout en faite je repost un report sous peu

(il est préférable de delete ou mettre en quarantaine ?)

Tu as bien fais le scan en sans échec ?

SVP on peut enlever le BIP quand il trouve un virus ou pas ? omg j'en suis a 500 + la ... merci :x

Ça va se calmer  
Tu peux répondre à ma question ?

Euh je pense que oui la 1er fois je l'ai fais mais sans les mise a jour en fait, la je les bien mis a jour avec les versions et j'en suis a 900 et des brouetes de detections

et sp, est ce qu'on peut modifié le choix qu'on a fait pour les prochain virus trouvés ? j'ai mis "delete" mais en fait je pense que la quarantaine aurait été mieu ..

Refais un scan Combofix.

On peut modifié le choix ? et ok mais je n'est pas finis encore, 1500...

Tu ne peux plus changer, mais ce n'est pas très grave.

Ah nom de dieu ca va beaucoup mieu plus de spam etc etc !

Par contre j'ai le message suivant qui s'affiche au démarrage du pc :

Erreur du chargement de C: /WINDOWS/system32/lhxdlpt.dll

voila le rapport

ComboFix 07-11-08.1 - admin 2007-11-11 20:39:11.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1547 [GMT 1:00]
Running from: C:\Documents and Settings\admin\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\admin\Bureau\Live Safety Center.lnk
C:\Documents and Settings\admin\Bureau\Online Security Guide.lnk
C:\Documents and Settings\admin\Favoris\Online Security Guide.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk
C:\Program Files\Temporary
C:\Program Files\Temporary\wininstall.exe
C:\Program Files\WinAble
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\eogbpqvj.dllbox
.
---- Previous Run -------
.
C:\a.exe
C:\Documents and Settings\admin\Bureau\Live Safety Center.lnk
C:\Documents and Settings\admin\Bureau\Online Security Guide.lnk
C:\Documents and Settings\admin\Favoris\Online Security Guide.lnk
C:\Documents and Settings\All Users\Application Data.\salesmonitor
C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk
C:\Program Files\Insider
C:\Program Files\WinAble
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\b122.exe
C:\WINDOWS\b147.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\system32\__c0031431.dat
C:\WINDOWS\system32\__c00E75E9.dat
C:\WINDOWS\system32\c3
C:\WINDOWS\system32\cowwrecl.dll
C:\WINDOWS\system32\eogbpqvj.dllbox
C:\WINDOWS\system32\hfupkxtv.dll
C:\WINDOWS\system32\k1
C:\WINDOWS\system32\k1\jumper83122.exe
C:\WINDOWS\system32\ldcore.dll
C:\WINDOWS\system32\ldinfo.ldr
C:\WINDOWS\system32\nnnmp.bak1
C:\WINDOWS\system32\nnnmp.bak2
C:\WINDOWS\system32\nnnmp.ini
C:\WINDOWS\system32\nuhbqafn.dll
C:\WINDOWS\system32\o4
C:\WINDOWS\system32\o4\revdrive33b.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pmnnn.dll
C:\WINDOWS\system32\service.exe
C:\WINDOWS\system32\winnb58.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService




((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-11 to 2007-11-11 ))))))))))))))))))))))))))))))))))))
.

2007-11-11 19:26 <REP> d-------- C:\Program Files\Avira
2007-11-11 19:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-11-11 16:51 6,465 ---hs---- C:\WINDOWS\system32\ihkmp.bak1
2007-11-11 16:46 36,352 --a------ C:\WINDOWS\system32\iifdaxy.dll
2007-11-11 16:36 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-11 15:16 <REP> d-------- C:\WINDOWS\system32\rMa06yy
2007-11-11 15:16 <REP> d-------- C:\Temp\abW9
2007-11-11 15:16 <REP> d-------- C:\Temp
2007-11-11 15:16 225,290 --a------ C:\Temp\e002A477.exe
2007-11-11 13:56 <REP> d-------- C:\WINDOWS\AU_Temp
2007-11-11 03:07 <REP> d-------- C:\WINDOWS\report
2007-11-11 03:06 <REP> d-------- C:\WINDOWS\AU_Backup
2007-11-11 03:06 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2007-11-11 03:06 267,845 --a------ C:\WINDOWS\tsc.exe
2007-11-11 03:06 86,094 --a------ C:\WINDOWS\BPMNT.dll
2007-11-11 03:06 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2007-11-11 03:01 <REP> d-------- C:\WINDOWS\AU_Log
2007-11-11 03:01 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2007-11-11 03:01 286,720 --a------ C:\WINDOWS\PATCH.EXE
2007-11-11 03:01 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2007-11-11 00:05 36,352 --a------ C:\WINDOWS\system32\cbxxyvu.dll
2007-11-10 22:35 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-11-10 10:28 36,352 --a------ C:\WINDOWS\system32\awtqomn.dll
2007-11-09 15:46 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-09 15:43 134 --a------ C:\n.bat
2007-11-09 15:42 35,328 --a------ C:\WINDOWS\system32\nnnonkh.dll
2007-11-09 15:42 262 --a------ C:\Documents and Settings\admin\z.dat
2007-11-09 15:42 0 --a------ C:\Documents and Settings\admin\x.dat
2007-11-09 15:39 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-07 12:02 <REP> d-------- C:\WINDOWS\Sun
2007-11-02 11:49 <REP> d-------- C:\Documents and Settings\admin\Application Data\sansendommagement
2007-11-02 11:44 <REP> d-------- C:\Program Files\Fichiers communs\SansenDommagement
2007-11-02 11:44 <REP> dr------- C:\Documents and Settings\All Users\Application Data\sansendommagement
2007-10-28 13:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-11 19:43 --------- d-----w C:\Program Files\Steam
2007-11-11 18:26 --------- d-----w C:\Documents and Settings\admin\Application Data\LimeWire
2007-11-11 15:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-10 21:45 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-11-10 10:23 --------- d-----w C:\Program Files\Warcraft III
2007-11-01 11:05 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-11-01 11:05 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-10-28 13:27 --------- d-----w C:\Program Files\Winamp
2007-10-24 18:01 --------- d-----w C:\Program Files\mIRC
2007-10-13 09:33 --------- d-----w C:\Program Files\World of Warcraft
2007-10-10 10:57 --------- d-----w C:\Program Files\Java
2007-10-09 15:45 --------- d-----w C:\Program Files\Fichiers communs\Java
2007-09-23 14:25 --------- d-----w C:\Documents and Settings\admin\Application Data\teamspeak2
2007-09-21 12:34 47,104 ----a-w C:\WINDOWS\system32\KMVIDC32.DLL
2007-09-14 11:11 --------- d-----w C:\Program Files\Alwil Software
2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
.

((((((((((((((((((((((((((((( snapshot@2007-11-11_16.45.03.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-11 18:19:43 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\NtUser.dat
+ 2007-08-09 12:04:11 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2007-07-18 13:22:19 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2007-11-11 18:38:39 61,632 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 09:34:36 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01CD0B31-9154-45F2-9414-F5D64B74EAF6}]
2007-11-11 16:46 36352 --a------ C:\WINDOWS\system32\iifdaxy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}]
C:\Program Files\ContextTool\ContextTool-1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34C29F9E-2833-435A-AD35-B5D1F06BFD4F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{430CEFA0-6918-4E48-92CE-8A2CC2BC8270}]
C:\Program Files\Messenger\hoqezikC:\WINDOWS\system32\k1\jumper83122.exe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5b3f3836-1d56-44c1-9a80-28de8eabc1e2}]
C:\WINDOWS\system32\pxlaotpc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FE0D3C52-0C72-491C-B915-C491FE184DD3}]
C:\WINDOWS\system32\pmkhi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-18 09:00]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-07-26 08:54]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-20 05:05]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-20 05:05]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 18:58]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"Host Process"="C:\WINDOWS\Fonts\svchost.exe" []
"d83453f0"="C:\WINDOWS\system32\lhaxdlpt.dll" []
"QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" [2007-04-27 08:41]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-11-11 19:38]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55]
"Steam"="c:\program files\steam\steam.exe" [2007-10-05 15:34]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-07-06 18:59]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{01CD0B31-9154-45F2-9414-F5D64B74EAF6}"= C:\WINDOWS\system32\iifdaxy.dll [2007-11-11 16:46 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\eogbpqvj]
eogbpqvj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifdaxy]
iifdaxy.dll 2007-11-11 16:46 36352 C:\WINDOWS\system32\iifdaxy.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe -k netsvcs
R3 AEAudioService;AEAudio Service;C:\WINDOWS\system32\drivers\AEAudio.sys
R3 TNET1130;IEEE 802.11g Wireless Cardbus/PCI Adapter;C:\WINDOWS\system32\DRIVERS\tnet1130.sys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-09 16:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-11 20:43:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-11 20:45:00 - machine was rebooted
.
--- E O F ---

Re,

On supprime  

Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :



Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]

alors voila le rapport combo

ComboFix 07-11-08.1 - admin 2007-11-12 18:18:59.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1597 [GMT 1:00]
Running from: C:\Documents and Settings\admin\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\admin\Bureau\CFScript.txt.txt
* Created a new restore point
.

((((((((((((((((((((((((((((( Fichiers créés 2007-10-12 to 2007-11-12 ))))))))))))))))))))))))))))))))))))
.

2007-11-11 19:26 <REP> d-------- C:\Program Files\Avira
2007-11-11 19:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-11-11 16:51 6,465 ---hs---- C:\WINDOWS\system32\ihkmp.bak1
2007-11-11 16:46 36,352 --a------ C:\WINDOWS\system32\iifdaxy.dll
2007-11-11 16:36 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-11 15:16 <REP> d-------- C:\WINDOWS\system32\rMa06yy
2007-11-11 15:16 <REP> d-------- C:\Temp\abW9
2007-11-11 15:16 <REP> d-------- C:\Temp
2007-11-11 15:16 225,290 --a------ C:\Temp\e002A477.exe
2007-11-11 13:56 <REP> d-------- C:\WINDOWS\AU_Temp
2007-11-11 03:07 <REP> d-------- C:\WINDOWS\report
2007-11-11 03:06 <REP> d-------- C:\WINDOWS\AU_Backup
2007-11-11 03:06 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2007-11-11 03:06 267,845 --a------ C:\WINDOWS\tsc.exe
2007-11-11 03:06 86,094 --a------ C:\WINDOWS\BPMNT.dll
2007-11-11 03:06 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2007-11-11 03:01 <REP> d-------- C:\WINDOWS\AU_Log
2007-11-11 03:01 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2007-11-11 03:01 286,720 --a------ C:\WINDOWS\PATCH.EXE
2007-11-11 03:01 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2007-11-11 00:05 36,352 --a------ C:\WINDOWS\system32\cbxxyvu.dll
2007-11-10 22:35 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-11-10 10:28 36,352 --a------ C:\WINDOWS\system32\awtqomn.dll
2007-11-09 15:46 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-09 15:43 134 --a------ C:\n.bat
2007-11-09 15:42 35,328 --a------ C:\WINDOWS\system32\nnnonkh.dll
2007-11-09 15:42 262 --a------ C:\Documents and Settings\admin\z.dat
2007-11-09 15:42 0 --a------ C:\Documents and Settings\admin\x.dat
2007-11-09 15:39 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-07 12:02 <REP> d-------- C:\WINDOWS\Sun
2007-11-02 11:49 <REP> d-------- C:\Documents and Settings\admin\Application Data\sansendommagement
2007-11-02 11:44 <REP> d-------- C:\Program Files\Fichiers communs\SansenDommagement
2007-11-02 11:44 <REP> dr------- C:\Documents and Settings\All Users\Application Data\sansendommagement
2007-10-28 13:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-12 17:20 313,440 ----a-w C:\WINDOWS\system32\vtutu.dll
2007-11-12 17:15 --------- d-----w C:\Program Files\Steam
2007-11-11 18:26 --------- d-----w C:\Documents and Settings\admin\Application Data\LimeWire
2007-11-11 15:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-10 21:45 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-11-10 10:23 --------- d-----w C:\Program Files\Warcraft III
2007-11-01 11:05 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-11-01 11:05 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-10-28 13:27 --------- d-----w C:\Program Files\Winamp
2007-10-24 18:01 --------- d-----w C:\Program Files\mIRC
2007-10-13 09:33 --------- d-----w C:\Program Files\World of Warcraft
2007-10-10 10:57 --------- d-----w C:\Program Files\Java
2007-10-09 15:45 --------- d-----w C:\Program Files\Fichiers communs\Java
2007-09-23 14:25 --------- d-----w C:\Documents and Settings\admin\Application Data\teamspeak2
2007-09-21 12:34 47,104 ----a-w C:\WINDOWS\system32\KMVIDC32.DLL
2007-09-14 11:11 --------- d-----w C:\Program Files\Alwil Software
2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
.

((((((((((((((((((((((((((((( snapshot@2007-11-11_16.45.03.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-11 18:19:43 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\NtUser.dat
+ 2007-08-09 12:04:11 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2007-07-18 13:22:19 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2007-11-11 18:38:39 61,632 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 09:34:36 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01CD0B31-9154-45F2-9414-F5D64B74EAF6}]
2007-11-11 16:46 36352 --a------ C:\WINDOWS\system32\iifdaxy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}]
C:\Program Files\ContextTool\ContextTool-1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34C29F9E-2833-435A-AD35-B5D1F06BFD4F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{430CEFA0-6918-4E48-92CE-8A2CC2BC8270}]
C:\Program Files\Messenger\hoqezikC:\WINDOWS\system32\k1\jumper83122.exe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5b3f3836-1d56-44c1-9a80-28de8eabc1e2}]
C:\WINDOWS\system32\pxlaotpc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FE0D3C52-0C72-491C-B915-C491FE184DD3}]
C:\WINDOWS\system32\pmkhi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-18 09:00]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-07-26 08:54]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-20 05:05]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-20 05:05]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 18:58]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"Host Process"="C:\WINDOWS\Fonts\svchost.exe" []
"d83453f0"="C:\WINDOWS\system32\lhaxdlpt.dll" []
"QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" [2007-04-27 08:41]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-11-11 19:38]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55]
"Steam"="c:\program files\steam\steam.exe" [2007-10-05 15:34]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-07-06 18:59]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-07-06 18:59:25]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-07-06 18:58:26]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{01CD0B31-9154-45F2-9414-F5D64B74EAF6}"= C:\WINDOWS\system32\iifdaxy.dll [2007-11-11 16:46 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\eogbpqvj]
eogbpqvj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifdaxy]
iifdaxy.dll 2007-11-11 16:46 36352 C:\WINDOWS\system32\iifdaxy.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe -k netsvcs
R3 AEAudioService;AEAudio Service;C:\WINDOWS\system32\drivers\AEAudio.sys
R3 TNET1130;IEEE 802.11g Wireless Cardbus/PCI Adapter;C:\WINDOWS\system32\DRIVERS\tnet1130.sys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-11-09 16:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-12 18:21:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-12 18:22:15
C:\ComboFix2.txt ... 2007-11-11 20:45
.
--- E O F ---



et hijackthis


Logfile of HijackThis v1.99.1
Scan saved at 18:23:34, on 12/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\admin\Mes documents\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {01CD0B31-9154-45F2-9414-F5D64B74EAF6} - C:\WINDOWS\system32\iifdaxy.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-1.dll (file missing)
O2 - BHO: (no name) - {34C29F9E-2833-435A-AD35-B5D1F06BFD4F} - (no file)
O2 - BHO: (no name) - {430CEFA0-6918-4E48-92CE-8A2CC2BC8270} - C:\Program Files\Messenger\hoqezikC:\WINDOWS\system32\k1\jumper83122.exe.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {2e1cbae8-ed82-08a9-1c44-65d16383f3b5} - {5b3f3836-1d56-44c1-9a80-28de8eabc1e2} - C:\WINDOWS\system32\pxlaotpc.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {FE0D3C52-0C72-491C-B915-C491FE184DD3} - C:\WINDOWS\system32\pmkhi.dll (file missing)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [d83453f0] rundll32.exe "C:\WINDOWS\system32\lhaxdlpt.dll",b
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/windows/AutoD...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O18 - Protocol: bw+0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: eogbpqvj - eogbpqvj.dll (file missing)
O20 - Winlogon Notify: iifdaxy - C:\WINDOWS\SYSTEM32\iifdaxy.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

Enlève un .txt à la fin du nom  

je refait un scan combfix avec le txt en moins ?

Oui  

voila le re scan sans la faute de frappe

ComboFix 07-11-08.1 - admin 2007-11-12 19:39:37.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1571 [GMT 1:00]
Running from: C:\Documents and Settings\admin\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\admin\Bureau\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((( Fichiers créés 2007-10-12 to 2007-11-12 ))))))))))))))))))))))))))))))))))))
.

2007-11-11 19:26 <REP> d-------- C:\Program Files\Avira
2007-11-11 19:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-11-11 16:51 6,465 ---hs---- C:\WINDOWS\system32\ihkmp.bak1
2007-11-11 16:46 36,352 --a------ C:\WINDOWS\system32\iifdaxy.dll
2007-11-11 16:36 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-11 15:16 <REP> d-------- C:\WINDOWS\system32\rMa06yy
2007-11-11 15:16 <REP> d-------- C:\Temp\abW9
2007-11-11 15:16 <REP> d-------- C:\Temp
2007-11-11 15:16 225,290 --a------ C:\Temp\e002A477.exe
2007-11-11 13:56 <REP> d-------- C:\WINDOWS\AU_Temp
2007-11-11 03:07 <REP> d-------- C:\WINDOWS\report
2007-11-11 03:06 <REP> d-------- C:\WINDOWS\AU_Backup
2007-11-11 03:06 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2007-11-11 03:06 267,845 --a------ C:\WINDOWS\tsc.exe
2007-11-11 03:06 86,094 --a------ C:\WINDOWS\BPMNT.dll
2007-11-11 03:06 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2007-11-11 03:01 <REP> d-------- C:\WINDOWS\AU_Log
2007-11-11 03:01 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2007-11-11 03:01 286,720 --a------ C:\WINDOWS\PATCH.EXE
2007-11-11 03:01 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2007-11-11 00:05 36,352 --a------ C:\WINDOWS\system32\cbxxyvu.dll
2007-11-10 22:35 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-11-10 10:28 36,352 --a------ C:\WINDOWS\system32\awtqomn.dll
2007-11-09 15:46 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-09 15:43 134 --a------ C:\n.bat
2007-11-09 15:42 35,328 --a------ C:\WINDOWS\system32\nnnonkh.dll
2007-11-09 15:42 262 --a------ C:\Documents and Settings\admin\z.dat
2007-11-09 15:42 0 --a------ C:\Documents and Settings\admin\x.dat
2007-11-09 15:39 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-07 12:02 <REP> d-------- C:\WINDOWS\Sun
2007-11-02 11:49 <REP> d-------- C:\Documents and Settings\admin\Application Data\sansendommagement
2007-11-02 11:44 <REP> d-------- C:\Program Files\Fichiers communs\SansenDommagement
2007-11-02 11:44 <REP> dr------- C:\Documents and Settings\All Users\Application Data\sansendommagement
2007-10-28 13:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-12 17:15 --------- d-----w C:\Program Files\Steam
2007-11-11 18:26 --------- d-----w C:\Documents and Settings\admin\Application Data\LimeWire
2007-11-11 15:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-10 21:45 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-11-10 10:23 --------- d-----w C:\Program Files\Warcraft III
2007-11-01 11:05 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-11-01 11:05 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-10-28 13:27 --------- d-----w C:\Program Files\Winamp
2007-10-24 18:01 --------- d-----w C:\Program Files\mIRC
2007-10-13 09:33 --------- d-----w C:\Program Files\World of Warcraft
2007-10-10 10:57 --------- d-----w C:\Program Files\Java
2007-10-09 15:45 --------- d-----w C:\Program Files\Fichiers communs\Java
2007-09-23 14:25 --------- d-----w C:\Documents and Settings\admin\Application Data\teamspeak2
2007-09-21 12:34 47,104 ----a-w C:\WINDOWS\system32\KMVIDC32.DLL
2007-09-14 11:11 --------- d-----w C:\Program Files\Alwil Software
2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
.

((((((((((((((((((((((((((((( snapshot@2007-11-11_16.45.03.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-11 18:19:43 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\NtUser.dat
+ 2007-08-09 12:04:11 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2007-07-18 13:22:19 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2007-11-11 18:38:39 61,632 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 09:34:36 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01CD0B31-9154-45F2-9414-F5D64B74EAF6}]
2007-11-11 16:46 36352 --a------ C:\WINDOWS\system32\iifdaxy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}]
C:\Program Files\ContextTool\ContextTool-1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34C29F9E-2833-435A-AD35-B5D1F06BFD4F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{430CEFA0-6918-4E48-92CE-8A2CC2BC8270}]
C:\Program Files\Messenger\hoqezikC:\WINDOWS\system32\k1\jumper83122.exe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5b3f3836-1d56-44c1-9a80-28de8eabc1e2}]
C:\WINDOWS\system32\pxlaotpc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FE0D3C52-0C72-491C-B915-C491FE184DD3}]
C:\WINDOWS\system32\pmkhi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-18 09:00]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-07-26 08:54]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-20 05:05]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-20 05:05]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 18:58]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"Host Process"="C:\WINDOWS\Fonts\svchost.exe" []
"d83453f0"="C:\WINDOWS\system32\lhaxdlpt.dll" []
"QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" [2007-04-27 08:41]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-11-11 19:38]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55]
"Steam"="c:\program files\steam\steam.exe" [2007-10-05 15:34]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-07-06 18:59]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-07-06 18:59:25]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-07-06 18:58:26]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{01CD0B31-9154-45F2-9414-F5D64B74EAF6}"= C:\WINDOWS\system32\iifdaxy.dll [2007-11-11 16:46 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\eogbpqvj]
eogbpqvj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifdaxy]
iifdaxy.dll 2007-11-11 16:46 36352 C:\WINDOWS\system32\iifdaxy.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe -k netsvcs
R3 AEAudioService;AEAudio Service;C:\WINDOWS\system32\drivers\AEAudio.sys
R3 TNET1130;IEEE 802.11g Wireless Cardbus/PCI Adapter;C:\WINDOWS\system32\DRIVERS\tnet1130.sys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-11-09 16:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-12 19:41:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-12 19:41:40
C:\ComboFix2.txt ... 2007-11-12 18:22
C:\ComboFix3.txt ... 2007-11-11 20:45
.
--- E O F ---

Peut-on me guider pour la suite svp ?

Tu as mis quoi dans le fichier CFScript ?

ce que tu m'a dis de mettre

File::
C:\WINDOWS\system32\ihkmp.bak1
C:\WINDOWS\system32\iifdaxy.dll
C:\Temp\e002A477.exe
C:\WINDOWS\system32\cbxxyvu.dll
C:\WINDOWS\system32\nnnonkh.dll
C:\WINDOWS\system32\pxlaotpc.dll
C:\WINDOWS\system32\pmkhi.dll
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\system32\lhaxdlpt.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01CD0B31-9154-45F2-9414-F5D64B74EAF6}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34C29F9E-2833-435A-AD35-B5D1F06BFD4F}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5b3f3836-1d56-44c1-9a80-28de8eabc1e2}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FE0D3C52-0C72-491C-B915-C491FE184DD3}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Host Process"=-
"d83453f0"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{01CD0B31-9154-45F2-9414-F5D64B74EAF6}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\eogbpqvj]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifdaxy]

Tu l'as bien mis dans Combofix par un glisser-déposer ? Ton antivirus était bien désactivé ?

oui je l'ai bien glisser et mon antivirus c'est antivir je pense donc non il était activé

Recommence avec AntiVir désactivé.

Ok je ferai ca demain dans l'aprémidi !

Voila le rapport avec antivir en inatif

ComboFix 07-11-08.1 - admin 2007-11-14 11:55:36.5 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1515 [GMT 1:00]
Running from: C:\Documents and Settings\admin\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\admin\Bureau\CFScript.txt
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\ihkmp.bak1
C:\WINDOWS\system32\ihkmp.ini
C:\WINDOWS\system32\jjllm.ini
C:\WINDOWS\system32\jjllm.ini2
C:\WINDOWS\system32\mlljj.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-14 to 2007-11-14 ))))))))))))))))))))))))))))))))))))
.

2007-11-11 19:26 <REP> d-------- C:\Program Files\Avira
2007-11-11 19:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-11-11 16:46 36,352 --a------ C:\WINDOWS\system32\iifdaxy.dll
2007-11-11 16:36 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-11 15:16 <REP> d-------- C:\WINDOWS\system32\rMa06yy
2007-11-11 15:16 <REP> d-------- C:\Temp\abW9
2007-11-11 15:16 <REP> d-------- C:\Temp
2007-11-11 15:16 225,290 --a------ C:\Temp\e002A477.exe
2007-11-11 13:56 <REP> d-------- C:\WINDOWS\AU_Temp
2007-11-11 03:07 <REP> d-------- C:\WINDOWS\report
2007-11-11 03:06 <REP> d-------- C:\WINDOWS\AU_Backup
2007-11-11 03:06 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2007-11-11 03:06 267,845 --a------ C:\WINDOWS\tsc.exe
2007-11-11 03:06 86,094 --a------ C:\WINDOWS\BPMNT.dll
2007-11-11 03:06 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2007-11-11 03:01 <REP> d-------- C:\WINDOWS\AU_Log
2007-11-11 03:01 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2007-11-11 03:01 286,720 --a------ C:\WINDOWS\PATCH.EXE
2007-11-11 03:01 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2007-11-11 00:05 36,352 --a------ C:\WINDOWS\system32\cbxxyvu.dll
2007-11-10 22:35 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-11-10 10:28 36,352 --a------ C:\WINDOWS\system32\awtqomn.dll
2007-11-09 15:46 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-09 15:43 134 --a------ C:\n.bat
2007-11-09 15:42 35,328 --a------ C:\WINDOWS\system32\nnnonkh.dll
2007-11-09 15:42 262 --a------ C:\Documents and Settings\admin\z.dat
2007-11-09 15:42 0 --a------ C:\Documents and Settings\admin\x.dat
2007-11-09 15:39 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-07 12:02 <REP> d-------- C:\WINDOWS\Sun
2007-11-02 11:49 <REP> d-------- C:\Documents and Settings\admin\Application Data\sansendommagement
2007-11-02 11:44 <REP> d-------- C:\Program Files\Fichiers communs\SansenDommagement
2007-11-02 11:44 <REP> dr------- C:\Documents and Settings\All Users\Application Data\sansendommagement
2007-10-28 13:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-14 11:01 --------- d-----w C:\Program Files\Steam
2007-11-14 10:56 --------- d-----w C:\Program Files\World of Warcraft
2007-11-11 18:26 --------- d-----w C:\Documents and Settings\admin\Application Data\LimeWire
2007-11-11 15:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-10 21:45 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-11-10 10:23 --------- d-----w C:\Program Files\Warcraft III
2007-11-01 11:05 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-11-01 11:05 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-10-28 13:27 --------- d-----w C:\Program Files\Winamp
2007-10-24 18:01 --------- d-----w C:\Program Files\mIRC
2007-10-10 10:57 --------- d-----w C:\Program Files\Java
2007-10-09 15:45 --------- d-----w C:\Program Files\Fichiers communs\Java
2007-09-23 14:25 --------- d-----w C:\Documents and Settings\admin\Application Data\teamspeak2
2007-09-21 12:34 47,104 ----a-w C:\WINDOWS\system32\KMVIDC32.DLL
2007-09-14 11:11 --------- d-----w C:\Program Files\Alwil Software
2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
.

((((((((((((((((((((((((((((( snapshot@2007-11-11_16.45.03.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-11 18:19:43 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\NtUser.dat
+ 2007-08-09 12:04:11 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2007-07-18 13:22:19 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2007-11-11 18:38:39 61,632 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 09:34:36 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01CD0B31-9154-45F2-9414-F5D64B74EAF6}]
2007-11-11 16:46 36352 --a------ C:\WINDOWS\system32\iifdaxy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}]
C:\Program Files\ContextTool\ContextTool-1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34C29F9E-2833-435A-AD35-B5D1F06BFD4F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{430CEFA0-6918-4E48-92CE-8A2CC2BC8270}]
C:\Program Files\Messenger\hoqezikC:\WINDOWS\system32\k1\jumper83122.exe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5b3f3836-1d56-44c1-9a80-28de8eabc1e2}]
C:\WINDOWS\system32\pxlaotpc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FE0D3C52-0C72-491C-B915-C491FE184DD3}]
C:\WINDOWS\system32\pmkhi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-18 09:00]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-07-26 08:54]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-20 05:05]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-20 05:05]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 18:58]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"Host Process"="C:\WINDOWS\Fonts\svchost.exe" []
"d83453f0"="C:\WINDOWS\system32\lhaxdlpt.dll" []
"QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" [2007-04-27 08:41]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-11-11 19:38]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55]
"Steam"="c:\program files\steam\steam.exe" [2007-10-05 15:34]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-07-06 18:59]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{01CD0B31-9154-45F2-9414-F5D64B74EAF6}"= C:\WINDOWS\system32\iifdaxy.dll [2007-11-11 16:46 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\eogbpqvj]
eogbpqvj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifdaxy]
iifdaxy.dll 2007-11-11 16:46 36352 C:\WINDOWS\system32\iifdaxy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\mlljj.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-09 16:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-14 12:01:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-14 12:03:03 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-12 19:41
C:\ComboFix3.txt ... 2007-11-12 18:22
.
--- E O F ---

Re,

Bizarre...
On sort la grosse artillerie.

1/ Télécharge The Avenger (par Swandog46) sur ton Bureau.
Dézippe-le ensuite sur ton Bureau.

2/ Copie tout le texte en rouge[/#f] ci-dessous :

Citation :

[#ff1c00]Files to delete:
C:\WINDOWS\system32\ihkmp.bak1
C:\WINDOWS\system32\iifdaxy.dll
C:\Temp\e002A477.exe
C:\WINDOWS\system32\cbxxyvu.dll
C:\WINDOWS\system32\nnnonkh.dll
C:\WINDOWS\system32\pxlaotpc.dll
C:\WINDOWS\system32\pmkhi.dll
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\system32\lhaxdlpt.dll

Registry keys to delete:
HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01CD0B31-9154-45F2-9414-F5D64B74EAF6}
HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34C29F9E-2833-435A-AD35-B5D1F06BFD4F}
HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5b3f3836-1d56-44c1-9a80-28de8eabc1e2}
HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FE0D3C52-0C72-491C-B915-C491FE184DD3}
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\eogbpqvj
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifdaxy

---> Clique-droit puis Copier

Note: Le code ci-dessus a été intentionnellement rédigé pour CET utilisateur.
si vous n'êtes pas CET utilisateur, NE PAS appliquer ces directives : elles pourraient endommager votre système.

3/ Maintenant, lance The Avenger en cliquant sur l'icône présente sur le Bureau.
Sous "Script file to execute" choisis "Input Script Manually".
Puis clique sur l'icône en forme de loupe qui va ouvrir une nouvelle fenêtre "View/edit script"
Dans cette fenêtre, colle le texte précedemment copié sur le bureau.
Clique sur "Done"
Ensuite clique sur l'icône en forme de Feu Vert pour démarrer l'exécution du script.
Réponds par "Yes" deux fois quand cela te sera demandé.

4/ The Avenger va automatiquement faire ce qui suit :
Il va redémarrer le système. ( Dans les cas où le script contient un/des "Drivers to Unload", The Avenger redémarrera votre système 2 fois)
Pendant le redémarrage, il apparaitra brièvement une fenêtre de commande de Windows noire sur votre bureau, ceci est NORMAL.
Après le redémarrage, il crée un fichier log qui s'ouvrira, faisant apparaitre les actions exécutées par The Avenger. Ce fichier log se trouve ici : C:\avenger.txt
The Avenger aura également sauvegardé tous les fichiers, etc., que vous lui avez demandé de supprimer, les aura compactés (zipped) et tranféré l'archive zip ici : C:\avenger\backup.zip.

5/ Pour finir copie/colle le contenu du ficher c:\avenger.txt dans votre réponse avec un nouveau rapport HijackThis.

Il n'y a rien dans C:/avenger.txt ...

et hijackthis donne ca

Logfile of HijackThis v1.99.1
Scan saved at 18:09:07, on 14/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\admin\Mes documents\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {01CD0B31-9154-45F2-9414-F5D64B74EAF6} - C:\WINDOWS\system32\iifdaxy.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-1.dll (file missing)
O2 - BHO: (no name) - {34C29F9E-2833-435A-AD35-B5D1F06BFD4F} - (no file)
O2 - BHO: (no name) - {430CEFA0-6918-4E48-92CE-8A2CC2BC8270} - C:\Program Files\Messenger\hoqezikC:\WINDOWS\system32\k1\jumper83122.exe.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {2e1cbae8-ed82-08a9-1c44-65d16383f3b5} - {5b3f3836-1d56-44c1-9a80-28de8eabc1e2} - C:\WINDOWS\system32\pxlaotpc.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {FE0D3C52-0C72-491C-B915-C491FE184DD3} - C:\WINDOWS\system32\pmkhi.dll (file missing)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [d83453f0] rundll32.exe "C:\WINDOWS\system32\lhaxdlpt.dll",b
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/windows/AutoD...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O18 - Protocol: bw+0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {467C4ECA-7B23-42A5-80F2-43533FC381C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: eogbpqvj - eogbpqvj.dll (file missing)
O20 - Winlogon Notify: iifdaxy - C:\WINDOWS\SYSTEM32\iifdaxy.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

Tu peux refaire un scan Combofix ?

Oui, avec les txt plus haut ou sans rien ?

Voilà combofix

ComboFix 07-11-08.1 - admin 2007-11-15 19:33:51.6 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1573 [GMT 1:00]
Running from: C:\Documents and Settings\admin\Bureau\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2007-10-15 to 2007-11-15 ))))))))))))))))))))))))))))))))))))
.

2007-11-11 19:26 <REP> d-------- C:\Program Files\Avira
2007-11-11 19:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-11-11 16:46 36,352 --a------ C:\WINDOWS\system32\iifdaxy.dll
2007-11-11 16:36 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-11 15:16 <REP> d-------- C:\WINDOWS\system32\rMa06yy
2007-11-11 15:16 <REP> d-------- C:\Temp\abW9
2007-11-11 15:16 <REP> d-------- C:\Temp
2007-11-11 15:16 225,290 --a------ C:\Temp\e002A477.exe
2007-11-11 13:56 <REP> d-------- C:\WINDOWS\AU_Temp
2007-11-11 03:07 <REP> d-------- C:\WINDOWS\report
2007-11-11 03:06 <REP> d-------- C:\WINDOWS\AU_Backup
2007-11-11 03:06 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2007-11-11 03:06 267,845 --a------ C:\WINDOWS\tsc.exe
2007-11-11 03:06 86,094 --a------ C:\WINDOWS\BPMNT.dll
2007-11-11 03:06 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2007-11-11 03:01 <REP> d-------- C:\WINDOWS\AU_Log
2007-11-11 03:01 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2007-11-11 03:01 286,720 --a------ C:\WINDOWS\PATCH.EXE
2007-11-11 03:01 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2007-11-11 00:05 36,352 --a------ C:\WINDOWS\system32\cbxxyvu.dll
2007-11-10 22:35 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-11-10 10:28 36,352 --a------ C:\WINDOWS\system32\awtqomn.dll
2007-11-09 15:46 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-09 15:43 134 --a------ C:\n.bat
2007-11-09 15:42 35,328 --a------ C:\WINDOWS\system32\nnnonkh.dll
2007-11-09 15:42 262 --a------ C:\Documents and Settings\admin\z.dat
2007-11-09 15:42 0 --a------ C:\Documents and Settings\admin\x.dat
2007-11-09 15:39 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-07 12:02 <REP> d-------- C:\WINDOWS\Sun
2007-11-02 11:49 <REP> d-------- C:\Documents and Settings\admin\Application Data\sansendommagement
2007-11-02 11:44 <REP> d-------- C:\Program Files\Fichiers communs\SansenDommagement
2007-11-02 11:44 <REP> dr------- C:\Documents and Settings\All Users\Application Data\sansendommagement
2007-10-28 13:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-15 18:12 --------- d-----w C:\Program Files\Steam
2007-11-14 11:08 --------- d-----w C:\Program Files\World of Warcraft
2007-11-11 18:26 --------- d-----w C:\Documents and Settings\admin\Application Data\LimeWire
2007-11-11 15:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-10 21:45 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-11-10 10:23 --------- d-----w C:\Program Files\Warcraft III
2007-11-01 11:05 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-11-01 11:05 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-10-28 13:27 --------- d-----w C:\Program Files\Winamp
2007-10-24 18:01 --------- d-----w C:\Program Files\mIRC
2007-10-10 10:57 --------- d-----w C:\Program Files\Java
2007-10-09 15:45 --------- d-----w C:\Program Files\Fichiers communs\Java
2007-09-23 14:25 --------- d-----w C:\Documents and Settings\admin\Application Data\teamspeak2
2007-09-21 12:34 47,104 ----a-w C:\WINDOWS\system32\KMVIDC32.DLL
2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
.

((((((((((((((((((((((((((((( snapshot@2007-11-11_16.45.03.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-11 18:19:43 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\NtUser.dat
- 2006-12-19 21:49:47 8,509,952 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll
+ 2007-10-25 16:43:25 8,516,608 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll
+ 2007-08-09 12:04:11 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2007-07-18 13:22:19 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2007-11-11 18:38:39 61,632 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 09:34:36 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
- 2007-09-28 05:19:39 18,089,592 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2007-11-02 07:12:57 18,238,072 ----a-w C:\WINDOWS\system32\MRT.exe
- 2006-12-19 21:49:47 8,509,952 ----a-w C:\WINDOWS\system32\shell32.dll
+ 2007-10-25 16:43:25 8,516,608 ----a-w C:\WINDOWS\system32\shell32.dll
- 2007-06-18 22:24:36 369,152 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-10-29 15:07:16 369,152 ----a-w C:\WINDOWS\system32\xpsp3res.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01CD0B31-9154-45F2-9414-F5D64B74EAF6}]
2007-11-11 16:46 36352 --a------ C:\WINDOWS\system32\iifdaxy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}]
C:\Program Files\ContextTool\ContextTool-1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34C29F9E-2833-435A-AD35-B5D1F06BFD4F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{430CEFA0-6918-4E48-92CE-8A2CC2BC8270}]
C:\Program Files\Messenger\hoqezikC:\WINDOWS\system32\k1\jumper83122.exe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5b3f3836-1d56-44c1-9a80-28de8eabc1e2}]
C:\WINDOWS\system32\pxlaotpc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FE0D3C52-0C72-491C-B915-C491FE184DD3}]
C:\WINDOWS\system32\pmkhi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-18 09:00]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-07-26 08:54]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-20 05:05]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-20 05:05]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 18:58]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"Host Process"="C:\WINDOWS\Fonts\svchost.exe" []
"d83453f0"="C:\WINDOWS\system32\lhaxdlpt.dll" []
"QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" [2007-04-27 08:41]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-11-11 19:38]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55]
"Steam"="c:\program files\steam\steam.exe" [2007-11-15 19:12]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-07-06 18:59]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-07-06 18:59:25]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-07-06 18:58:26]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{01CD0B31-9154-45F2-9414-F5D64B74EAF6}"= C:\WINDOWS\system32\iifdaxy.dll [2007-11-11 16:46 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\eogbpqvj]
eogbpqvj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifdaxy]
iifdaxy.dll 2007-11-11 16:46 36352 C:\WINDOWS\system32\iifdaxy.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe -k netsvcs
R3 AEAudioService;AEAudio Service;C:\WINDOWS\system32\drivers\AEAudio.sys
R3 TNET1130;IEEE 802.11g Wireless Cardbus/PCI Adapter;C:\WINDOWS\system32\DRIVERS\tnet1130.sys
S0 yqpwyiaq;yqpwyiaq;C:\WINDOWS\system32\drivers\wowtymcy.sys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-11-09 16:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-15 19:35:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-15 19:36:42
C:\ComboFix2.txt ... 2007-11-14 12:03
C:\ComboFix3.txt ... 2007-11-12 19:41
.
--- E O F ---

Analyse le fichier ci-dessous chez VirusTotal puis poste le rapport :
C:\WINDOWS\system32\drivers\wowtymcy.sys

C:\WINDOWS\system32\drivers\wowtymcy.sys est introuvable

Tu as accès aux fichiers cachés ?