Bonjour, tout comme laura68, j'ai récemment remarqué que j'avais été infecté par un virus...
C'est depuis que je suis passé à Avast que je le détecte en fait. Avant j'utilisais Nod32 et il ne m'avait rien indiqué...

Est-ce quelqu'un saurait m'aider à m'en débarrasser??

Voici le log de Hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 21:31:44, on 11/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Documents and Settings\admin\Bureau\divers\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {CBFA0E8E-7489-4A16-8D6E-0D58BFFB6134} - C:\WINDOWS\system32\qomkjji.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: (no name) - {D0994E82-0703-4794-A981-16880A5AF300} - (no file)
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/t [...] nstall.cab
O16 - DPF: {3D15E6EB-2050-4800-B012-AA9E06A21D05} (Pearson Finance Player Control) - http://asp.mathxl.com/books/_Players/FinancePlayer.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Playe [...] lAsst2.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: qomkjji - C:\WINDOWS\SYSTEM32\qomkjji.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Personne pour m'aider ?

Bonjour ,

effectivement tu es infecté

Télécharge VundoFix < ici

Double-clique VundoFix.exe pour le lancer
lorsque il se lance à nouveau , clique sur [Scan for Vundo]
à la fin du scan , clique sur [Remove Vundo]
il te demandera si tu veux supprimer les fichiers , clique sur [YES]
ton Bureau va disparaitre lors de la suppression des fichiers
ensuite , il va t'annoncer que ton PC va s'éteindre , clique [OK]
Redémarre ton PC

Copie/colle le rapport ( C:\vundofix.txt )

Il est possible que VundoFix ne puisse pas supprimer un fichier ,
dans ce cas, il se relancera au prochain redémarrage ,
il suffit de recommencer à partir de clique sur [Scan for Vundo]

-------------------------------------------------------------------

Télécharge ComboFix < ici

Enregistre le sur ton Bureau et pas ailleurs !
Double clique combofix.exe ( le .exe peut ne pas apparaitre )
Pour démarrer , tape [1] puis valide , attend la fin du scan
il peut y avoir un Redémarrage du PC !

Copie / Colle le rapport généré ( C:\Combofix.txt )

Salut,

Merci pour ta réponse et désolé pour le retard de la mienne...

Voici, respectivement, mes logs de vundoFix et de ComboFix:


VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 18:49:29 12/01/2008

Listing files found while scanning....

C:\windows\system32\mllml.dll
C:\WINDOWS\system32\qomkjji.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\qomkjji.dll
C:\WINDOWS\system32\qomkjji.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\qomkjji.dll
C:\WINDOWS\system32\qomkjji.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 20:00:48 12/01/2008

Listing files found while scanning....

C:\WINDOWS\system32\qomkjji.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\qomkjji.dll
C:\WINDOWS\system32\qomkjji.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\qomkjji.dll
C:\WINDOWS\system32\qomkjji.dll Could not be deleted.

Performing Repairs to the registry.
Done!


______________________________________________________

ComboFix 08-01-11.3 - admin 2008-01-12 20:30:07.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.94 [GMT 1:00]
Running from: C:\Documents and Settings\admin\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\ihkmp.ini
C:\WINDOWS\system32\ihkmp.ini2
C:\WINDOWS\system32\lsprst7.dll
C:\WINDOWS\system32\ssprs.dll
C:\WINDOWS\system32\vturo.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-12 to 2008-01-12 ))))))))))))))))))))))))))))))))))))
.

2008-01-12 20:29 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-12 18:49 . 2008-01-12 20:22 <REP> d-------- C:\VundoFix Backups
2008-01-12 10:13 . 2008-01-12 10:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-08 21:45 . 2008-01-08 21:45 0 --a------ C:\WINDOWS\TPTray.INI
2008-01-08 21:42 . 2008-01-08 21:42 <REP> d-------- C:\Program Files\Alwil Software
2008-01-08 21:42 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-08 21:42 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-08 21:42 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-01-08 21:42 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-08 21:42 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-08 21:42 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-08 21:42 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-08 21:42 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-08 21:29 . 2008-01-08 21:29 37,888 --------- C:\WINDOWS\system32\qomkjji.dll
2008-01-08 21:21 . 2008-01-08 21:21 9,216 --a------ C:\WINDOWS\system32\avgwlntf.dll
2008-01-08 20:56 . 2008-01-08 20:56 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-08 20:51 . 2008-01-08 20:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-08 20:51 . 2008-01-08 21:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-01-08 20:51 . 2008-01-08 21:29 <REP> d-------- C:\Documents and Settings\admin\Application Data\AVG7
2008-01-08 09:37 . 2008-01-08 09:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-30 23:30 . 2007-12-30 23:30 <REP> d-------- C:\Documents and Settings\admin\Application Data\DivX
2007-12-30 23:13 . 2007-12-30 23:13 <REP> d-------- C:\Program Files\iTunes
2007-12-30 23:13 . 2007-12-30 23:13 <REP> d-------- C:\Program Files\iPod
2007-12-30 23:02 . 2007-11-29 23:30 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-12-30 23:02 . 2007-11-29 23:30 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-12-30 23:02 . 2007-11-29 23:30 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-12-29 13:30 . 2007-12-29 13:30 48,928 --a------ C:\WINDOWS\system32\drivers\Tetris.sys
2007-12-29 13:00 . 2007-12-29 13:00 162,432 --a------ C:\WINDOWS\system32\drivers\ithsgt.sys
2007-12-29 13:00 . 2007-12-29 13:00 12,032 --a------ C:\WINDOWS\system32\drivers\lilsgt.sys
2007-12-29 12:15 . 2007-12-29 12:15 268 --ah----- C:\sqmdata19.sqm
2007-12-29 12:15 . 2007-12-29 12:15 244 --ah----- C:\sqmnoopt19.sqm
2007-12-27 23:15 . 2007-12-27 23:15 268 --ah----- C:\sqmdata18.sqm
2007-12-27 23:15 . 2007-12-27 23:15 244 --ah----- C:\sqmnoopt18.sqm
2007-12-27 08:26 . 2007-12-27 08:26 268 --ah----- C:\sqmdata17.sqm
2007-12-27 08:26 . 2007-12-27 08:26 244 --ah----- C:\sqmnoopt17.sqm
2007-12-16 12:12 . 2007-12-16 12:12 <REP> d-------- C:\Program Files\Fichiers communs\DirectX
2007-12-16 12:12 . 2007-12-16 12:12 <REP> d-------- C:\Documents and Settings\admin\Application Data\THQ
2007-12-15 20:23 . 2007-12-15 20:23 <REP> d-------- C:\Program Files\Rapidshare Unlimited
2007-12-13 21:18 . 2008-01-03 18:05 <REP> d-------- C:\Documents and Settings\admin\Application Data\La Bataille pour la Terre du Milieu
2007-12-13 18:20 . 2007-12-13 18:20 <REP> d-------- C:\Program Files\EA GAMES

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-12 13:31 --------- d-----w C:\Documents and Settings\admin\Application Data\Free Download Manager
2008-01-12 09:38 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-01-12 09:11 --------- d-----w C:\Documents and Settings\admin\Application Data\Azureus
2008-01-11 14:12 --------- d-----w C:\Documents and Settings\admin\Application Data\Microgaming
2008-01-08 08:37 --------- d-----w C:\Program Files\Lavasoft
2008-01-08 08:36 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-06 13:18 --------- d-----w C:\Program Files\eMule
2008-01-05 18:38 --------- d-----w C:\Documents and Settings\admin\Application Data\LimeWire
2008-01-01 10:35 --------- d-----w C:\Program Files\Azureus
2007-12-30 22:20 --------- d-----w C:\Program Files\QuickTime
2007-12-30 22:03 --------- d-----w C:\Program Files\DivX
2007-12-22 17:58 --------- d-----w C:\Program Files\SPSS Student
2007-12-20 17:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-20 17:51 --------- d-----w C:\Program Files\Rapidown
2007-12-15 14:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-07 20:04 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-12-04 17:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-11-29 22:30 43,528 -c----w C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-11-25 17:26 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-24 19:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2007-11-13 16:04 --------- d-----w C:\Program Files\Élysée
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CBFA0E8E-7489-4A16-8D6E-0D58BFFB6134}]
2008-01-08 21:29 37888 --------- C:\WINDOWS\system32\qomkjji.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 11:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"Pando"="C:\Program Files\Pando Networks\Pando\Pando.exe" [2007-11-02 16:36 5223752]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-02-07 16:39 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-02-07 16:36 77824]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 23:34 16143872 C:\WINDOWS\RTHDCPL.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-03-24 06:40 196608]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-22 12:19 1077329]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2006-04-12 15:31 638976]
"HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 12:45 28672]
"SVPWUTIL"="C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 12:45 65536]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2006-04-04 13:57 53248]
"SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-05-17 08:24 118784]
"Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 12:11 73728]
"DDWMon"="C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2006-04-28 10:38 262144]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 11:37 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 10:41 602182]
"AGRSMMSG"="AGRSMMSG.exe" [2006-03-18 16:22 89541 C:\WINDOWS\agrsmmsg.exe]
"CFSServ.exe"="CFSServ.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 11:00 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{CBFA0E8E-7489-4A16-8D6E-0D58BFFB6134}"= C:\WINDOWS\system32\qomkjji.dll [2008-01-08 21:29 37888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2008-01-08 21:21 9216 C:\WINDOWS\system32\avgwlntf.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Pando"="C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
"Free Download Manager"=C:\Program Files\Free Download Manager\fdm.exe -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

R1 TPwSav;Common Driver;C:\WINDOWS\system32\Drivers\TPwSav.sys [2006-01-05 15:31]
R2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys [2007-12-29 13:00]
R2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys [2007-12-29 13:00]
R2 tdudf;TOSHIBA UDF File System Driver;C:\WINDOWS\system32\DRIVERS\tdudf.sys [2006-04-18 14:12]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-05 11:00]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver;C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys [2006-03-02 17:49]
R3 Tetris;Tetris driver;C:\WINDOWS\system32\Drivers\Tetris.sys [2007-12-29 13:30]
S1 bdftdif;bdftdif;C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys []
S3 bdfsfltr;bdfsfltr;C:\WINDOWS\system32\DRIVERS\bdfsfltr.sys []
S3 BDSelfPr;BDSelfPr;C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys []
S3 el575nd5;Pilote de carte réseau PC Card 3Com Megahertz 10/100 CardBus;C:\WINDOWS\system32\DRIVERS\el575nd5.sys [2001-08-17 20:10]
S3 scan;BitDefender Threat Scanner;C:\WINDOWS\System32\svchost.exe [2004-08-05 11:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\X]
\Shell\AutoRun\command - X:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33964153-7579-11dc-b754-0016d48a306e}]
\Shell\AutoRun\command - ie.exe
\Shell\explore\Command - ie.exe
\Shell\open\Command - ie.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ff63df3-8199-11dc-b771-0016d48a306e}]
\Shell\Auto\command - qeyxuht.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL qeyxuht.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9888968-fbfc-11db-b69b-0016d48a306e}]
\Shell\AutoRun\command - setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0571815-f955-11db-b696-0016d48a306e}]
\Shell\Auto\command - F:\setup.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6b1f412-6b50-11dc-b73f-0016d48a306e}]
\Shell\Auto\command - F:\qeyxuht.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL qeyxuht.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6b1f415-6b50-11dc-b73f-0016d48a306e}]
\Shell\Auto\command - F:\qeyxuht.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL qeyxuht.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e923f413-1e65-11dc-b6f0-0016d48a306e}]
\Shell\Auto\command - F:\bittorrent.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-07 18:24:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-11 16:16:51 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-12 20:37:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\qomkjji.dll
.
Completion time: 2008-01-12 20:40:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-12 19:40:08
.
2008-01-09 05:54:43 --- E O F ---

Re ,

Séléctionne l'encadré ci dessous en entier , puis clique droit , choisis Copier

Colle le dans le Bloc-Notes
Enregistre le sur ton Bureau et nomme le CFScript ( type fichier texte )
Fait glisser le fichier CFScript sur le fichier ComboFix.exe comme ceci :



Un menu va apparaitre , tape 1 puis valide
Laisse faire le scan et poste le rapport généré ( C:\ComboFix.txt )

Ok, voilà le scan:

ComboFix 08-01-11.3 - admin 2008-01-12 21:54:41.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.117 [GMT 1:00]
Running from: C:\Documents and Settings\admin\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\admin\Bureau\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\qomkjji.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\qomkjji.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-12 to 2008-01-12 ))))))))))))))))))))))))))))))))))))
.

2008-01-12 20:29 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-12 18:49 . 2008-01-12 20:22 <REP> d-------- C:\VundoFix Backups
2008-01-12 10:13 . 2008-01-12 10:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-08 21:45 . 2008-01-08 21:45 0 --a------ C:\WINDOWS\TPTray.INI
2008-01-08 21:42 . 2008-01-08 21:42 <REP> d-------- C:\Program Files\Alwil Software
2008-01-08 21:42 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-08 21:42 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-08 21:42 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-01-08 21:42 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-08 21:42 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-08 21:42 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-08 21:42 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-08 21:42 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-08 21:21 . 2008-01-08 21:21 9,216 --a------ C:\WINDOWS\system32\avgwlntf.dll
2008-01-08 20:56 . 2008-01-08 20:56 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-08 20:51 . 2008-01-08 20:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-08 20:51 . 2008-01-08 21:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-01-08 20:51 . 2008-01-08 21:29 <REP> d-------- C:\Documents and Settings\admin\Application Data\AVG7
2008-01-08 09:37 . 2008-01-08 09:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-30 23:30 . 2007-12-30 23:30 <REP> d-------- C:\Documents and Settings\admin\Application Data\DivX
2007-12-30 23:13 . 2007-12-30 23:13 <REP> d-------- C:\Program Files\iTunes
2007-12-30 23:13 . 2007-12-30 23:13 <REP> d-------- C:\Program Files\iPod
2007-12-30 23:02 . 2007-11-29 23:30 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-12-30 23:02 . 2007-11-29 23:30 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-12-30 23:02 . 2007-11-29 23:30 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-12-29 13:30 . 2007-12-29 13:30 48,928 --a------ C:\WINDOWS\system32\drivers\Tetris.sys
2007-12-29 13:00 . 2007-12-29 13:00 162,432 --a------ C:\WINDOWS\system32\drivers\ithsgt.sys
2007-12-29 13:00 . 2007-12-29 13:00 12,032 --a------ C:\WINDOWS\system32\drivers\lilsgt.sys
2007-12-29 12:15 . 2007-12-29 12:15 268 --ah----- C:\sqmdata19.sqm
2007-12-29 12:15 . 2007-12-29 12:15 244 --ah----- C:\sqmnoopt19.sqm
2007-12-27 23:15 . 2007-12-27 23:15 268 --ah----- C:\sqmdata18.sqm
2007-12-27 23:15 . 2007-12-27 23:15 244 --ah----- C:\sqmnoopt18.sqm
2007-12-27 08:26 . 2007-12-27 08:26 268 --ah----- C:\sqmdata17.sqm
2007-12-27 08:26 . 2007-12-27 08:26 244 --ah----- C:\sqmnoopt17.sqm
2007-12-16 12:12 . 2007-12-16 12:12 <REP> d-------- C:\Program Files\Fichiers communs\DirectX
2007-12-16 12:12 . 2007-12-16 12:12 <REP> d-------- C:\Documents and Settings\admin\Application Data\THQ
2007-12-15 20:23 . 2007-12-15 20:23 <REP> d-------- C:\Program Files\Rapidshare Unlimited
2007-12-13 21:18 . 2008-01-03 18:05 <REP> d-------- C:\Documents and Settings\admin\Application Data\La Bataille pour la Terre du Milieu
2007-12-13 18:20 . 2007-12-13 18:20 <REP> d-------- C:\Program Files\EA GAMES

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-12 13:31 --------- d-----w C:\Documents and Settings\admin\Application Data\Free Download Manager
2008-01-12 09:38 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-01-12 09:11 --------- d-----w C:\Documents and Settings\admin\Application Data\Azureus
2008-01-11 14:12 --------- d-----w C:\Documents and Settings\admin\Application Data\Microgaming
2008-01-08 08:37 --------- d-----w C:\Program Files\Lavasoft
2008-01-08 08:36 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-06 13:18 --------- d-----w C:\Program Files\eMule
2008-01-05 18:38 --------- d-----w C:\Documents and Settings\admin\Application Data\LimeWire
2008-01-01 10:35 --------- d-----w C:\Program Files\Azureus
2007-12-30 22:20 --------- d-----w C:\Program Files\QuickTime
2007-12-30 22:03 --------- d-----w C:\Program Files\DivX
2007-12-22 17:58 --------- d-----w C:\Program Files\SPSS Student
2007-12-20 17:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-20 17:51 --------- d-----w C:\Program Files\Rapidown
2007-12-15 14:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-07 20:04 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-12-04 17:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-12-04 17:12 81,984 -c--a-w C:\WINDOWS\system32\bdod.bin
2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-12-04 01:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-12-04 01:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2007-11-29 22:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-11-29 22:30 43,528 -c----w C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-11-29 22:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 120,056 -c----w C:\WINDOWS\system32\pxcpyi64.exe
2007-11-29 22:30 118,520 -c----w C:\WINDOWS\system32\pxinsi64.exe
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-11-29 22:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-11-29 22:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-11-28 21:55 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-11-28 21:53 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-11-28 21:53 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-11-28 21:53 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-11-28 21:53 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-11-28 21:52 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-11-25 17:26 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-24 19:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2007-11-13 16:04 --------- d-----w C:\Program Files\Élysée
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,293,824 -c--a-w C:\WINDOWS\system32\quartz.dll
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
.

((((((((((((((((((((((((((((( snapshot@2008-01-12_20.39.55.54 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-12 19:29:48 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-12 20:54:33 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-12 19:29:48 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-12 20:54:33 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-12 19:29:48 8,040,448 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat
+ 2008-01-12 20:54:34 8,040,448 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat
- 2008-01-12 19:29:49 147,456 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-12 20:54:34 147,456 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-12 19:29:49 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-12 20:54:34 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-12 19:29:49 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-12 20:54:34 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 11:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"Pando"="C:\Program Files\Pando Networks\Pando\Pando.exe" [2007-11-02 16:36 5223752]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-02-07 16:39 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-02-07 16:36 77824]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 23:34 16143872 C:\WINDOWS\RTHDCPL.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-03-24 06:40 196608]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-22 12:19 1077329]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2006-04-12 15:31 638976]
"HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 12:45 28672]
"SVPWUTIL"="C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 12:45 65536]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2006-04-04 13:57 53248]
"SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-05-17 08:24 118784]
"Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 12:11 73728]
"DDWMon"="C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2006-04-28 10:38 262144]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 11:37 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 10:41 602182]
"AGRSMMSG"="AGRSMMSG.exe" [2006-03-18 16:22 89541 C:\WINDOWS\agrsmmsg.exe]
"CFSServ.exe"="CFSServ.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 11:00 15360]

C:\Documents and Settings\admin\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide de Microsoft Office OneNote 2003.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-03-17 13:06:14]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2008-01-08 21:21 9216 C:\WINDOWS\system32\avgwlntf.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Pando"="C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
"Free Download Manager"=C:\Program Files\Free Download Manager\fdm.exe -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

R1 TPwSav;Common Driver;C:\WINDOWS\system32\Drivers\TPwSav.sys [2006-01-05 15:31]
R2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys [2007-12-29 13:00]
R2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys [2007-12-29 13:00]
R2 tdudf;TOSHIBA UDF File System Driver;C:\WINDOWS\system32\DRIVERS\tdudf.sys [2006-04-18 14:12]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-05 11:00]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver;C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys [2006-03-02 17:49]
R3 Tetris;Tetris driver;C:\WINDOWS\system32\Drivers\Tetris.sys [2007-12-29 13:30]
S1 bdftdif;bdftdif;C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys []
S3 bdfsfltr;bdfsfltr;C:\WINDOWS\system32\DRIVERS\bdfsfltr.sys []
S3 BDSelfPr;BDSelfPr;C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys []
S3 el575nd5;Pilote de carte réseau PC Card 3Com Megahertz 10/100 CardBus;C:\WINDOWS\system32\DRIVERS\el575nd5.sys [2001-08-17 20:10]
S3 scan;BitDefender Threat Scanner;C:\WINDOWS\System32\svchost.exe [2004-08-05 11:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\X]
\Shell\AutoRun\command - X:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33964153-7579-11dc-b754-0016d48a306e}]
\Shell\AutoRun\command - ie.exe
\Shell\explore\Command - ie.exe
\Shell\open\Command - ie.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ff63df3-8199-11dc-b771-0016d48a306e}]
\Shell\Auto\command - qeyxuht.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL qeyxuht.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9888968-fbfc-11db-b69b-0016d48a306e}]
\Shell\AutoRun\command - setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0571815-f955-11db-b696-0016d48a306e}]
\Shell\Auto\command - F:\setup.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6b1f412-6b50-11dc-b73f-0016d48a306e}]
\Shell\Auto\command - F:\qeyxuht.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL qeyxuht.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6b1f415-6b50-11dc-b73f-0016d48a306e}]
\Shell\Auto\command - F:\qeyxuht.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL qeyxuht.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e923f413-1e65-11dc-b6f0-0016d48a306e}]
\Shell\Auto\command - F:\bittorrent.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-07 18:24:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-11 16:16:51 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-12 21:57:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
Completion time: 2008-01-12 21:58:02
ComboFix-quarantined-files.txt 2008-01-12 20:57:48
ComboFix2.txt 2008-01-12 19:40:12
.
2008-01-09 05:54:43 --- E O F ---