[Résolu] cheval de troie et alertes spyware/windows security etc...

Bonjour,

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.

• Double-clique VundoFix.exe afin de le lancer
• Clique sur le bouton Scan for Vundo
• Lorsque le scan est complété, clique sur le bouton Remove Vundo
• Une invite te demandera si tu veux supprimer les fichiers, clique YES
• Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
• Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
• Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse

Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

Re,

Désactive tes protections résidentes (antivirus, Spybot...) !

• Télécharge Combofix (sUBs) sur ton Bureau.
• Double clique sur combofix.exe afin de le lancer.
• Tape sur la touche 1 (Yes) pour démarrer le scan.
• Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

ah, tiens, j'ai redemmaré Avast et les alertes de fichiers infectés n'apparaissent plus...
les windows alerts et spyware sont toujours là par contre...
c'est encourageant ^^ merci !

C:\Documents and Settings\Propriétaire\Bureau\MSNFix\MSNFix
Fix exécuté le 28/01/2008 - 20:14:55,54 By Propriétaire
mode normal

************************ Recherche les fichiers présents

... C:\Program Files\Dot1XCfg\Dot1XCfg.exe
... C:\WINDOWS\mrofinu*.exe.tmp

************************ Recherche les dossiers présents

... C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft\Network\Downloader\
... C:\Program Files\Dot1XCfg\
... C:\Temp\




************************ Suppression des fichiers

.. OK ... C:\Program Files\Dot1XCfg\Dot1XCfg.exe
.. OK ... C:\WINDOWS\mrofinu*.exe.tmp


************************ Suppression des dossiers

/!\ ... C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft\Network\Downloader\
.. OK ... C:\Program Files\Dot1XCfg\
/!\ ... C:\Temp\


************************ Nettoyage du registre



************************ Fichiers suspects

Aucun Fichier trouvé


Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 28012008_20154296.zip


------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

voilà:

ComboFix 08-01-23.1C - Propriétaire 2008-01-28 20:38:38.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.635 [GMT 1:00]
Endroit: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2007-12-28 to 2008-01-28 ))))))))))))))))))))))))))))))))))))
.

2008-01-27 20:40 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-26 19:56 . 2008-01-26 20:09 <REP> d-------- C:\VundoFix Backups
2008-01-26 13:25 . 2008-01-26 13:25 <REP> d-------- C:\Program Files\Trend Micro
2008-01-25 22:07 . 2008-01-25 22:07 15,619 --a------ C:\WINDOWS\g2078000.exe
2008-01-25 21:48 . 2008-01-25 21:48 <REP> d-------- C:\Program Files\MSXML 4.0
2008-01-25 21:30 . 2008-01-25 21:30 <REP> d--h----- C:\WINDOWS\msdownld.tmp
2008-01-25 21:29 . 2008-01-26 20:18 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-01-25 21:24 . 2008-01-25 21:24 18,944 --a------ C:\WINDOWS\system32\drvwon.dll
2008-01-25 21:19 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-01-25 21:18 . 2008-01-25 21:19 <REP> d-------- C:\Program Files\Fichiers communs\AntivirusFiable
2008-01-25 21:18 . 2008-01-25 21:19 <REP> d-------- C:\Program Files\AntivirusFiable
2008-01-25 21:18 . 2004-10-07 13:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-01-25 21:18 . 2008-01-25 21:18 36,864 --a------ C:\WINDOWS\17PHolmes572.exe
2008-01-25 21:15 . 2008-01-25 21:15 <REP> d-------- C:\WINDOWS\system32\uwcee9
2008-01-25 21:14 . 2008-01-25 21:14 <REP> d-------- C:\WINDOWS\system32\nGpxx01
2008-01-25 21:14 . 2008-01-25 21:15 <REP> d-------- C:\WINDOWS\system32\aee1
2008-01-25 21:14 . 2008-01-25 21:14 <REP> d-------- C:\Temp\gTiis19
2008-01-25 21:14 . 2008-01-25 21:14 <REP> d-------- C:\Temp\cXzz9
2008-01-25 21:14 . 2008-01-27 20:42 <REP> d-------- C:\Temp
2008-01-25 21:14 . 2008-01-25 21:14 224,758 --a------ C:\Temp\hKKsb1910.exe
2008-01-25 20:32 . 2008-01-25 21:33 <REP> d-------- C:\WINDOWS\system32\AlertModule
2008-01-25 20:32 . 2003-08-04 14:22 94,208 --a------ C:\WINDOWS\system32\W32n50.dll
2008-01-25 20:32 . 2004-08-23 14:49 40,960 --a------ C:\WINDOWS\system32\FTRTSVC.exe
2008-01-25 20:32 . 2005-10-06 14:55 36,864 --a------ C:\WINDOWS\system32\IfHelper.dll
2008-01-25 20:32 . 2004-08-23 14:50 32,768 --a------ C:\WINDOWS\system32\WooDial2000.dll
2008-01-25 20:32 . 2003-08-04 14:22 16,128 --------- C:\WINDOWS\system32\PCANDIS5.SYS
2008-01-25 20:31 . 2008-01-28 20:11 <REP> d-------- C:\Program Files\Wanadoo
2008-01-25 20:26 . 2008-01-25 20:26 <REP> d-------- C:\Program Files\Securitoo
2008-01-25 20:26 . 2008-01-25 20:26 <REP> d-------- C:\Program Files\Inventel
2008-01-25 20:13 . 2004-08-19 16:09 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-01-25 20:13 . 2004-08-19 16:09 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-01-25 20:13 . 2004-08-19 16:00 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-01-25 20:13 . 2004-08-19 16:00 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-01-25 20:13 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-01-25 20:13 . 2001-08-23 17:04 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-01-25 20:12 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-01-25 20:12 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-01-25 20:12 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-01-25 20:12 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-01-18 21:20 . 2008-01-18 21:20 <REP> d-------- C:\Program Files\Nero
2008-01-18 21:20 . 2008-01-18 21:23 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
2008-01-18 15:02 . 2008-01-28 11:16 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-01-18 14:57 . 2008-01-18 14:57 <REP> d-------- C:\Program Files\Alwil Software
2008-01-18 14:57 . 2003-03-18 21:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-01-18 14:57 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-18 14:57 . 2003-03-18 20:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2008-01-18 14:57 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-18 14:57 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-01-18 14:57 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-18 14:57 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-18 14:57 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-18 14:57 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-18 14:57 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-18 14:51 . 2008-01-18 14:51 <REP> d-------- C:\Program Files\Lavasoft
2008-01-18 14:51 . 2008-01-18 14:51 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-18 14:43 . 2008-01-18 14:43 <REP> d-------- C:\WINDOWS\system32\Lang
2008-01-18 14:43 . 2008-01-18 14:43 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-01-18 14:43 . 2008-01-18 14:43 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-01-18 14:43 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-01-18 14:35 . 2008-01-18 14:35 <REP> d-------- C:\WINDOWS\system32\RTCOM
2008-01-18 14:34 . 2008-01-18 14:34 <REP> d-------- C:\Program Files\Realtek
2008-01-18 14:33 . 2007-01-16 09:54 520,192 -r------- C:\WINDOWS\RtlExUpd.dll
2008-01-18 14:33 . 2008-01-18 14:33 315,392 --a------ C:\WINDOWS\HideWin.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-28 10:20 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin
2008-01-18 17:51 --------- d-----w C:\Program Files\My Company Name
2008-01-18 17:45 --------- d-----w C:\Program Files\ASUS
2008-01-18 17:44 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
2008-01-18 17:44 --------- d-----w C:\Program Files\Fichiers communs\ODBC
2008-01-18 17:11 --------- d-----w C:\Program Files\S3
2008-01-18 17:11 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-01-18 17:09 --------- d-----w C:\Program Files\VIA
2008-01-18 17:07 --------- d-----w C:\Program Files\DIFX
2008-01-18 17:04 --------- d--h--w C:\Program Files\Uninstall Information
2008-01-18 17:00 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-18 16:58 --------- d-----w C:\Program Files\Services en ligne
2008-01-18 16:58 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
2008-01-18 13:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
.

((((((((((((((((((((((((((((( snapshot@2008-01-27_20.44.28.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-28 18:28:38 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_538.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6750EF42-09E0-4238-B283-20F4E1697A85}]
C:\Program Files\Windows NT\hokenowC:\WINDOWS\system32\uwcee9\renamd83122.exe.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 10:21 153136]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 06:26 7700480]
"nwiz"="nwiz.exe" []
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-19 06:26 86016]
"GamerOSD"="C:\Program Files\ASUS\GamerOSD\GamerOSD.exe" [2007-02-14 09:42 380928]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-03 11:54 16116224 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-20 11:04 2879488 C:\WINDOWS\SkyTel.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
"MSDisp32"="C:\WINDOWS\system32\drvwon.dll" [2008-01-25 21:24 18944]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-22 13:22]
R1 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb32.sys [2005-10-20 16:25]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-04-17 04:58]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2006-09-29 10:06]
S3 s3chipid;s3chipid;C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\s3chipid.sys []

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-28 20:39:29
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...c

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-01-28 20:40:03
ComboFix-quarantined-files.txt 2008-01-28 19:39:42
ComboFix2.txt 2008-01-27 19:45:19
.
2008-01-26 19:19:01 --- E O F ---

voilà c'est fait, le rapport combofix :

ComboFix 08-01-23.1C - Propriétaire 2008-01-29 13:14:49.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.642 [GMT 1:00]
Endroit: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Propriétaire\Mes documents\CFScript.txt
* Création d'un nouveau point de restauration

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]

FILE
C:\Temp\hKKsb1910.exe
C:\WINDOWS\17PHolmes572.exe
C:\WINDOWS\g2078000.exe
C:\WINDOWS\system32\drvwon.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\AntivirusFiable
C:\Program Files\AntivirusFiable\Activate.exe
C:\Program Files\AntivirusFiable\al.dat
C:\Program Files\AntivirusFiable\Config\pgs.xml
C:\Program Files\AntivirusFiable\Dat\BkSites.dat
C:\Program Files\AntivirusFiable\Dat\cd.dat
C:\Program Files\AntivirusFiable\Dat\incmp.dat
C:\Program Files\AntivirusFiable\Dat\index.dat
C:\Program Files\AntivirusFiable\dhlp.dll
C:\Program Files\AntivirusFiable\Engines\plugins\BORLNDMM.DLL
C:\Program Files\AntivirusFiable\Engines\plugins\SCANADWR.DLL
C:\Program Files\AntivirusFiable\Engines\plugins\SCANBCDR.DLL
C:\Program Files\AntivirusFiable\Engines\plugins\SCANDLDR.DLL
C:\Program Files\AntivirusFiable\Engines\plugins\SCANDOS1.DLL
C:\Program Files\AntivirusFiable\Engines\plugins\SCANEMUL.DLL
C:\Program Files\AntivirusFiable\Engines\plugins\SCANFUNC.DLL
C:\Program Files\AntivirusFiable\Graphics\cross.gif
C:\Program Files\AntivirusFiable\Graphics\ga6p.gif
C:\Program Files\AntivirusFiable\Graphics\main.ico
C:\Program Files\AntivirusFiable\Graphics\mini.ico
C:\Program Files\AntivirusFiable\Graphics\support.ico
C:\Program Files\AntivirusFiable\Graphics\uninstall.ico
C:\Program Files\AntivirusFiable\LA\License.rtf
C:\Program Files\AntivirusFiable\pgs.exe
C:\Program Files\AntivirusFiable\ptask.exe
C:\Program Files\AntivirusFiable\reload.exe
C:\Program Files\AntivirusFiable\scnkrnl.dll
C:\Program Files\AntivirusFiable\sqlite3.dll
C:\Program Files\AntivirusFiable\Tools\pblock.dll
C:\Program Files\AntivirusFiable\Tools\sbiebho.dll
C:\Program Files\AntivirusFiable\unins000.dat
C:\Program Files\AntivirusFiable\unins000.exe
C:\Program Files\AntivirusFiable\Up\gup.exe
C:\Temp\cXzz9
C:\Temp\gTiis19
C:\Temp\gTiis19\lTig.log
C:\Temp\hKKsb1910.exe
C:\WINDOWS\17PHolmes572.exe
C:\WINDOWS\g2078000.exe
C:\WINDOWS\system32\aee1
C:\WINDOWS\system32\drvwon.dll
C:\WINDOWS\system32\nGpxx01
C:\WINDOWS\system32\nGpxx01\nGpxx011065.exe
C:\WINDOWS\system32\uwcee9
C:\WINDOWS\system32\uwcee9\renamd83122.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-28 to 2008-01-29 ))))))))))))))))))))))))))))))))))))
.

2008-01-27 20:40 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-26 19:56 . 2008-01-26 20:09 <REP> d-------- C:\VundoFix Backups
2008-01-26 13:25 . 2008-01-26 13:25 <REP> d-------- C:\Program Files\Trend Micro
2008-01-25 21:48 . 2008-01-25 21:48 <REP> d-------- C:\Program Files\MSXML 4.0
2008-01-25 21:30 . 2008-01-25 21:30 <REP> d--h----- C:\WINDOWS\msdownld.tmp
2008-01-25 21:29 . 2008-01-26 20:18 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-01-25 21:19 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-01-25 21:18 . 2008-01-25 21:19 <REP> d-------- C:\Program Files\Fichiers communs\AntivirusFiable
2008-01-25 21:18 . 2004-10-07 13:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-01-25 21:14 . 2008-01-29 13:15 <REP> d-------- C:\Temp
2008-01-25 20:32 . 2008-01-25 21:33 <REP> d-------- C:\WINDOWS\system32\AlertModule
2008-01-25 20:32 . 2003-08-04 14:22 94,208 --a------ C:\WINDOWS\system32\W32n50.dll
2008-01-25 20:32 . 2004-08-23 14:49 40,960 --a------ C:\WINDOWS\system32\FTRTSVC.exe
2008-01-25 20:32 . 2005-10-06 14:55 36,864 --a------ C:\WINDOWS\system32\IfHelper.dll
2008-01-25 20:32 . 2004-08-23 14:50 32,768 --a------ C:\WINDOWS\system32\WooDial2000.dll
2008-01-25 20:32 . 2003-08-04 14:22 16,128 --------- C:\WINDOWS\system32\PCANDIS5.SYS
2008-01-25 20:31 . 2008-01-29 13:10 <REP> d-------- C:\Program Files\Wanadoo
2008-01-25 20:26 . 2008-01-25 20:26 <REP> d-------- C:\Program Files\Securitoo
2008-01-25 20:26 . 2008-01-25 20:26 <REP> d-------- C:\Program Files\Inventel
2008-01-25 20:13 . 2004-08-19 16:09 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-01-25 20:13 . 2004-08-19 16:09 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-01-25 20:13 . 2004-08-19 16:00 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-01-25 20:13 . 2004-08-19 16:00 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-01-25 20:13 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-01-25 20:13 . 2001-08-23 17:04 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-01-25 20:12 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-01-25 20:12 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-01-25 20:12 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-01-25 20:12 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-01-18 21:20 . 2008-01-18 21:20 <REP> d-------- C:\Program Files\Nero
2008-01-18 21:20 . 2008-01-18 21:23 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
2008-01-18 15:02 . 2008-01-28 11:16 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-01-18 14:57 . 2008-01-18 14:57 <REP> d-------- C:\Program Files\Alwil Software
2008-01-18 14:57 . 2003-03-18 21:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-01-18 14:57 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-18 14:57 . 2003-03-18 20:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2008-01-18 14:57 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-18 14:57 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-01-18 14:57 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-18 14:57 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-18 14:57 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-18 14:57 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-18 14:57 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-18 14:51 . 2008-01-18 14:51 <REP> d-------- C:\Program Files\Lavasoft
2008-01-18 14:51 . 2008-01-18 14:51 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-18 14:43 . 2008-01-18 14:43 <REP> d-------- C:\WINDOWS\system32\Lang
2008-01-18 14:43 . 2008-01-18 14:43 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-01-18 14:43 . 2008-01-18 14:43 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-01-18 14:43 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-01-18 14:35 . 2008-01-18 14:35 <REP> d-------- C:\WINDOWS\system32\RTCOM
2008-01-18 14:34 . 2008-01-18 14:34 <REP> d-------- C:\Program Files\Realtek
2008-01-18 14:33 . 2007-01-16 09:54 520,192 -r------- C:\WINDOWS\RtlExUpd.dll
2008-01-18 14:33 . 2008-01-18 14:33 315,392 --a------ C:\WINDOWS\HideWin.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-28 10:20 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin
2008-01-18 17:51 --------- d-----w C:\Program Files\My Company Name
2008-01-18 17:45 --------- d-----w C:\Program Files\ASUS
2008-01-18 17:44 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
2008-01-18 17:44 --------- d-----w C:\Program Files\Fichiers communs\ODBC
2008-01-18 17:11 --------- d-----w C:\Program Files\S3
2008-01-18 17:11 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-01-18 17:09 --------- d-----w C:\Program Files\VIA
2008-01-18 17:07 --------- d-----w C:\Program Files\DIFX
2008-01-18 17:04 --------- d--h--w C:\Program Files\Uninstall Information
2008-01-18 17:00 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-18 16:58 --------- d-----w C:\Program Files\Services en ligne
2008-01-18 16:58 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
2008-01-18 13:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
.

((((((((((((((((((((((((((((( snapshot@2008-01-27_20.44.28.03 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-27 19:41:11 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-29 12:14:37 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-27 19:41:11 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-29 12:14:37 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-27 19:41:11 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-29 12:14:37 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-27 19:41:11 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-29 12:14:38 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-27 19:41:11 1,286,144 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-29 12:14:38 1,359,872 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-27 19:41:11 24,576 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-29 12:14:38 24,576 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-29 12:08:48 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5a0.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 10:21 153136]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 06:26 7700480]
"nwiz"="nwiz.exe" []
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-19 06:26 86016]
"GamerOSD"="C:\Program Files\ASUS\GamerOSD\GamerOSD.exe" [2007-02-14 09:42 380928]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-03 11:54 16116224 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-20 11:04 2879488 C:\WINDOWS\SkyTel.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-22 13:22]
R1 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb32.sys [2005-10-20 16:25]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-04-17 04:58]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2006-09-29 10:06]
S3 s3chipid;s3chipid;C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\s3chipid.sys []

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-29 13:15:59
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-01-29 13:16:30
ComboFix-quarantined-files.txt 2008-01-29 12:16:11
ComboFix2.txt 2008-01-28 19:40:03
ComboFix3.txt 2008-01-27 19:45:19
.
2008-01-26 19:19:01 --- E O F ---

et voilà le Hijackthis :

ComboFix 08-01-23.1C - Propriétaire 2008-01-29 13:14:49.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.642 [GMT 1:00]
Endroit: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Propriétaire\Mes documents\CFScript.txt
* Création d'un nouveau point de restauration

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]

FILE
C:\Temp\hKKsb1910.exe
C:\WINDOWS\17PHolmes572.exe
C:\WINDOWS\g2078000.exe
C:\WINDOWS\system32\drvwon.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\AntivirusFiable
C:\Program Files\AntivirusFiable\Activate.exe
C:\Program Files\AntivirusFiable\al.dat
C:\Program Files\AntivirusFiable\Config\pgs.xml
C:\Program Files\AntivirusFiable\Dat\BkSites.dat
C:\Program Files\AntivirusFiable\Dat\cd.dat
C:\Program Files\AntivirusFiable\Dat\incmp.dat
C:\Program Files\AntivirusFiable\Dat\index.dat
C:\Program Files\AntivirusFiable\dhlp.dll
C:\Program Files\AntivirusFiable\Engines\plugins\BORLNDMM.DLL
C:\Program Files\AntivirusFiable\Engines\plugins\SCANADWR.DLL
C:\Program Files\AntivirusFiable\Engines\plugins\SCANBCDR.DLL
C:\Program Files\AntivirusFiable\Engines\plugins\SCANDLDR.DLL
C:\Program Files\AntivirusFiable\Engines\plugins\SCANDOS1.DLL
C:\Program Files\AntivirusFiable\Engines\plugins\SCANEMUL.DLL
C:\Program Files\AntivirusFiable\Engines\plugins\SCANFUNC.DLL
C:\Program Files\AntivirusFiable\Graphics\cross.gif
C:\Program Files\AntivirusFiable\Graphics\ga6p.gif
C:\Program Files\AntivirusFiable\Graphics\main.ico
C:\Program Files\AntivirusFiable\Graphics\mini.ico
C:\Program Files\AntivirusFiable\Graphics\support.ico
C:\Program Files\AntivirusFiable\Graphics\uninstall.ico
C:\Program Files\AntivirusFiable\LA\License.rtf
C:\Program Files\AntivirusFiable\pgs.exe
C:\Program Files\AntivirusFiable\ptask.exe
C:\Program Files\AntivirusFiable\reload.exe
C:\Program Files\AntivirusFiable\scnkrnl.dll
C:\Program Files\AntivirusFiable\sqlite3.dll
C:\Program Files\AntivirusFiable\Tools\pblock.dll
C:\Program Files\AntivirusFiable\Tools\sbiebho.dll
C:\Program Files\AntivirusFiable\unins000.dat
C:\Program Files\AntivirusFiable\unins000.exe
C:\Program Files\AntivirusFiable\Up\gup.exe
C:\Temp\cXzz9
C:\Temp\gTiis19
C:\Temp\gTiis19\lTig.log
C:\Temp\hKKsb1910.exe
C:\WINDOWS\17PHolmes572.exe
C:\WINDOWS\g2078000.exe
C:\WINDOWS\system32\aee1
C:\WINDOWS\system32\drvwon.dll
C:\WINDOWS\system32\nGpxx01
C:\WINDOWS\system32\nGpxx01\nGpxx011065.exe
C:\WINDOWS\system32\uwcee9
C:\WINDOWS\system32\uwcee9\renamd83122.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-28 to 2008-01-29 ))))))))))))))))))))))))))))))))))))
.

2008-01-27 20:40 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-26 19:56 . 2008-01-26 20:09 <REP> d-------- C:\VundoFix Backups
2008-01-26 13:25 . 2008-01-26 13:25 <REP> d-------- C:\Program Files\Trend Micro
2008-01-25 21:48 . 2008-01-25 21:48 <REP> d-------- C:\Program Files\MSXML 4.0
2008-01-25 21:30 . 2008-01-25 21:30 <REP> d--h----- C:\WINDOWS\msdownld.tmp
2008-01-25 21:29 . 2008-01-26 20:18 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-01-25 21:19 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-01-25 21:18 . 2008-01-25 21:19 <REP> d-------- C:\Program Files\Fichiers communs\AntivirusFiable
2008-01-25 21:18 . 2004-10-07 13:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-01-25 21:14 . 2008-01-29 13:15 <REP> d-------- C:\Temp
2008-01-25 20:32 . 2008-01-25 21:33 <REP> d-------- C:\WINDOWS\system32\AlertModule
2008-01-25 20:32 . 2003-08-04 14:22 94,208 --a------ C:\WINDOWS\system32\W32n50.dll
2008-01-25 20:32 . 2004-08-23 14:49 40,960 --a------ C:\WINDOWS\system32\FTRTSVC.exe
2008-01-25 20:32 . 2005-10-06 14:55 36,864 --a------ C:\WINDOWS\system32\IfHelper.dll
2008-01-25 20:32 . 2004-08-23 14:50 32,768 --a------ C:\WINDOWS\system32\WooDial2000.dll
2008-01-25 20:32 . 2003-08-04 14:22 16,128 --------- C:\WINDOWS\system32\PCANDIS5.SYS
2008-01-25 20:31 . 2008-01-29 13:10 <REP> d-------- C:\Program Files\Wanadoo
2008-01-25 20:26 . 2008-01-25 20:26 <REP> d-------- C:\Program Files\Securitoo
2008-01-25 20:26 . 2008-01-25 20:26 <REP> d-------- C:\Program Files\Inventel
2008-01-25 20:13 . 2004-08-19 16:09 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-01-25 20:13 . 2004-08-19 16:09 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-01-25 20:13 . 2004-08-19 16:00 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-01-25 20:13 . 2004-08-19 16:00 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-01-25 20:13 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-01-25 20:13 . 2001-08-23 17:04 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-01-25 20:12 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-01-25 20:12 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-01-25 20:12 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-01-25 20:12 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-01-18 21:20 . 2008-01-18 21:20 <REP> d-------- C:\Program Files\Nero
2008-01-18 21:20 . 2008-01-18 21:23 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
2008-01-18 15:02 . 2008-01-28 11:16 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-01-18 14:57 . 2008-01-18 14:57 <REP> d-------- C:\Program Files\Alwil Software
2008-01-18 14:57 . 2003-03-18 21:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-01-18 14:57 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-18 14:57 . 2003-03-18 20:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2008-01-18 14:57 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-18 14:57 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-01-18 14:57 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-18 14:57 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-18 14:57 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-18 14:57 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-18 14:57 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-18 14:51 . 2008-01-18 14:51 <REP> d-------- C:\Program Files\Lavasoft
2008-01-18 14:51 . 2008-01-18 14:51 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-18 14:43 . 2008-01-18 14:43 <REP> d-------- C:\WINDOWS\system32\Lang
2008-01-18 14:43 . 2008-01-18 14:43 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-01-18 14:43 . 2008-01-18 14:43 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-01-18 14:43 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-01-18 14:35 . 2008-01-18 14:35 <REP> d-------- C:\WINDOWS\system32\RTCOM
2008-01-18 14:34 . 2008-01-18 14:34 <REP> d-------- C:\Program Files\Realtek
2008-01-18 14:33 . 2007-01-16 09:54 520,192 -r------- C:\WINDOWS\RtlExUpd.dll
2008-01-18 14:33 . 2008-01-18 14:33 315,392 --a------ C:\WINDOWS\HideWin.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-28 10:20 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin
2008-01-18 17:51 --------- d-----w C:\Program Files\My Company Name
2008-01-18 17:45 --------- d-----w C:\Program Files\ASUS
2008-01-18 17:44 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
2008-01-18 17:44 --------- d-----w C:\Program Files\Fichiers communs\ODBC
2008-01-18 17:11 --------- d-----w C:\Program Files\S3
2008-01-18 17:11 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-01-18 17:09 --------- d-----w C:\Program Files\VIA
2008-01-18 17:07 --------- d-----w C:\Program Files\DIFX
2008-01-18 17:04 --------- d--h--w C:\Program Files\Uninstall Information
2008-01-18 17:00 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-18 16:58 --------- d-----w C:\Program Files\Services en ligne
2008-01-18 16:58 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
2008-01-18 13:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
.

((((((((((((((((((((((((((((( snapshot@2008-01-27_20.44.28.03 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-27 19:41:11 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-29 12:14:37 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-27 19:41:11 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-29 12:14:37 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-27 19:41:11 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-29 12:14:37 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-27 19:41:11 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-29 12:14:38 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-27 19:41:11 1,286,144 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-29 12:14:38 1,359,872 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-27 19:41:11 24,576 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-29 12:14:38 24,576 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-29 12:08:48 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5a0.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 10:21 153136]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 06:26 7700480]
"nwiz"="nwiz.exe" []
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-19 06:26 86016]
"GamerOSD"="C:\Program Files\ASUS\GamerOSD\GamerOSD.exe" [2007-02-14 09:42 380928]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-03 11:54 16116224 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-20 11:04 2879488 C:\WINDOWS\SkyTel.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-22 13:22]
R1 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb32.sys [2005-10-20 16:25]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-04-17 04:58]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2006-09-29 10:06]
S3 s3chipid;s3chipid;C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\s3chipid.sys []

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-29 13:15:59
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-01-29 13:16:30
ComboFix-quarantined-files.txt 2008-01-29 12:16:11
ComboFix2.txt 2008-01-28 19:40:03
ComboFix3.txt 2008-01-27 19:45:19
.
2008-01-26 19:19:01 --- E O F ---

analyse finie ! voilà le rapport d'Antivir



AntiVir PersonalEdition Classic
Report file date: mardi 29 janvier 2008 20:38

Scanning for 1084249 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: UTILISAT-5836A4

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 19:37:07
ANTIVIR2.VDF : 7.0.2.49 1339904 Bytes 25/01/2008 19:37:07
ANTIVIR3.VDF : 7.0.2.68 189440 Bytes 29/01/2008 19:37:07
AVEWIN32.DLL : 7.6.0.57 3215872 Bytes 29/01/2008 19:37:07
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 29/01/2008 19:37:07
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mardi 29 janvier 2008 20:38

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexStoreSvr.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexingService.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned
Scan process 'ATKKBService.exe' - '1' Module(s) have been scanned
Scan process 'PollingModule.exe' - '1' Module(s) have been scanned
Scan process 'ComComp.exe' - '1' Module(s) have been scanned
Scan process 'GestionnaireInternet.exe' - '1' Module(s) have been scanned
Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned
Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'GamerOSD.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
35 processes with 35 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '29' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Propriétaire\Bureau\MSNFix\MSNFix\28012008_20154296.zip
[0] Archive type: ZIP
--> backup/mrofinu572.exe.tmp
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47cf80ff.qua'!
C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\1010[1].exe
[DETECTION] Is the Trojan horse TR/Delf.KH.12
[INFO] The file was moved to '47d0811b.qua'!
C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\CA6TTVZO
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47d5813b.qua'!
C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\css4[1]
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48128170.qua'!
C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\css4[2]
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48128172.qua'!
C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\spoolsv[1].exe
[DETECTION] Is the Trojan horse TR/Downloader.Gen
[INFO] The file was moved to '480e817b.qua'!
C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\css4[1]
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '481281d1.qua'!
C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\css4[2]
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '481281d3.qua'!
C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\VDAJ856R\css4[1]
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48128200.qua'!
C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\VDAJ856R\css4[2]
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48128201.qua'!
C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\VDAJ856R\smss[1].exe
[DETECTION] Is the Trojan horse TR/Downloader.Gen
[INFO] The file was moved to '48128203.qua'!
C:\Program Files\Fichiers communs\AntivirusFiable\ugac.exe
[DETECTION] Is the Trojan horse TR/Spy.Agent.271360
[INFO] The file was moved to '4800820e.qua'!
C:\QooBox\Quarantine\C\Program Files\lsass.exe.vir
[DETECTION] Is the Trojan horse TR/Delf.KH.12
[INFO] The file was moved to '4800825a.qua'!
C:\QooBox\Quarantine\C\Program Files\smss.exe.vir
[DETECTION] Is the Trojan horse TR/Downloader.Gen
[INFO] The file was moved to '48128256.qua'!
C:\QooBox\Quarantine\C\Program Files\spoolsv.exe.vir
[DETECTION] Is the Trojan horse TR/Downloader.Gen
[INFO] The file was moved to '480e825b.qua'!
C:\QooBox\Quarantine\C\Program Files\Helper\Helper10.dll.vir
[DETECTION] Is the Trojan horse TR/Downloader.Gen
[INFO] The file was moved to '480b8252.qua'!
C:\QooBox\Quarantine\C\Program Files\Outerinfo\OiUninstaller.exe.vir
[DETECTION] Contains detection pattern of the dropper DR/PurityScan.GN.2
[INFO] The file was moved to '47f48258.qua'!
C:\QooBox\Quarantine\C\Program Files\Temporary\kernInst.exe.vir
[DETECTION] Is the Trojan horse TR/Agent.edq
[INFO] The file was moved to '48118256.qua'!
C:\QooBox\Quarantine\C\Temp\hKKsb1910.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.buy.47
[INFO] The file was moved to '47ea823d.qua'!
C:\QooBox\Quarantine\C\WINDOWS\17PHolmes572.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47ef822b.qua'!
C:\QooBox\Quarantine\C\WINDOWS\b122.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agent.hvj.1
[INFO] The file was moved to '47d18226.qua'!
C:\QooBox\Quarantine\C\WINDOWS\g2078000.exe.vir
[DETECTION] Is the Trojan horse TR/Dialer.ZZ
[INFO] The file was moved to '47cf8229.qua'!
C:\QooBox\Quarantine\C\WINDOWS\lsass.exe.vir
[DETECTION] Is the Trojan horse TR/Delf.KH.12
[INFO] The file was moved to '4800826b.qua'!
C:\QooBox\Quarantine\C\WINDOWS\mgrs.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.Alphabet.11264.53
[INFO] The file was moved to '48118261.qua'!
C:\QooBox\Quarantine\C\WINDOWS\mrofinu1000106.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '480e826d.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drvwon.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.PEC2X.Gen
[INFO] The file was moved to '4815826f.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\nGpxx01\nGpxx011065.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.VB.cge
[INFO] The file was moved to '480f8246.qua'!
C:\System Volume Information\_restore{596FF071-05B0-4A0B-A5AF-AE86D1F40DF5}\RP12\A0001552.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47cf8237.qua'!
C:\System Volume Information\_restore{596FF071-05B0-4A0B-A5AF-AE86D1F40DF5}\RP13\A0001907.exe
[DETECTION] Is the Trojan horse TR/Dldr.Purity.BV.7
[INFO] The file was moved to '47cf8243.qua'!
C:\System Volume Information\_restore{596FF071-05B0-4A0B-A5AF-AE86D1F40DF5}\RP13\A0001916.exe
[DETECTION] Is the Trojan horse TR/Crypt.PEC2X.Gen
[INFO] The file was moved to '47cf8244.qua'!
C:\System Volume Information\_restore{596FF071-05B0-4A0B-A5AF-AE86D1F40DF5}\RP13\A0001922.exe
[DETECTION] Contains detection pattern of the dropper DR/PurityScan.GN.2
[INFO] The file was moved to '47cf8246.qua'!
C:\System Volume Information\_restore{596FF071-05B0-4A0B-A5AF-AE86D1F40DF5}\RP14\A0002268.dll
[DETECTION] Is the Trojan horse TR/Drop.Vundo.dvo
[INFO] The file was moved to '47cf8253.qua'!
C:\System Volume Information\_restore{596FF071-05B0-4A0B-A5AF-AE86D1F40DF5}\RP14\A0002269.dll
[DETECTION] Is the Trojan horse TR/Drop.Vundo.dvo
[INFO] The file was moved to '47cf8254.qua'!
C:\System Volume Information\_restore{596FF071-05B0-4A0B-A5AF-AE86D1F40DF5}\RP14\A0002271.dll
[DETECTION] Is the Trojan horse TR/Crypt.PEC2X.Gen
[INFO] The file was moved to '47cf8256.qua'!
C:\System Volume Information\_restore{596FF071-05B0-4A0B-A5AF-AE86D1F40DF5}\RP14\A0002272.dll
[DETECTION] Is the Trojan horse TR/Crypt.PEC2X.Gen
[INFO] The file was moved to '47cf8258.qua'!
C:\System Volume Information\_restore{596FF071-05B0-4A0B-A5AF-AE86D1F40DF5}\RP14\A0002273.dll
[DETECTION] Is the Trojan horse TR/Crypt.PEC2X.Gen
[INFO] The file was moved to '47cf825a.qua'!
C:\System Volume Information\_restore{596FF071-05B0-4A0B-A5AF-AE86D1F40DF5}\RP16\A0002384.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47cf825f.qua'!
C:\System Volume Information\_restore{596FF071-05B0-4A0B-A5AF-AE86D1F40DF5}\RP16\A0002385.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.hvj.1
[INFO] The file was moved to '47cf8264.qua'!
C:\System Volume Information\_restore{596FF071-05B0-4A0B-A5AF-AE86D1F40DF5}\RP16\A0002387.dll
[DETECTION] Is the Trojan horse TR/Downloader.Gen
[INFO] The file was moved to '47cf8265.qua'!
C:\System Volume Information\_restore{596FF071-05B0-4A0B-A5AF-AE86D1F40DF5}\RP16\A0002388.exe
[DETECTION] Contains detection pattern of the dropper DR/PurityScan.GN.2
[INFO] The file was moved to '47cf826e.qua'!
C:\System Volume Information\_restore{596FF071-05B0-4A0B-A5AF-AE86D1F40DF5}\RP16\A0002390.exe
[DETECTION] Is the Trojan horse TR/Agent.edq
[INFO] The file was moved to '47cf8270.qua'!
C:\System Volume Information\_restore{596FF071-05B0-4A0B-A5AF-AE86D1F40DF5}\RP16\A0002391.exe
[DETECTION] Is the Trojan horse TR/Downloader.Gen
[INFO] The file was moved to '47cf8272.qua'!
C:\System Volume Information\_restore{596FF071-05B0-4A0B-A5AF-AE86D1F40DF5}\RP16\A0002392.exe
[DETECTION] Is the Trojan horse TR/Downloader.Gen
[INFO] The file was moved to '47cf8274.qua'!
C:\System Volume Information\_restore{596FF071-05B0-4A0B-A5AF-AE86D1F40DF5}\RP16\A0002395.exe
[DETECTION] Is the Trojan horse TR/Delf.KH.12
[INFO] The file was moved to '47cf8276.qua'!
C:\System Volume Information\_restore{596FF071-05B0-4A0B-A5AF-AE86D1F40DF5}\RP16\A0002396.exe
[DETECTION] Is the Trojan horse TR/Dldr.Alphabet.11264.53
[INFO] The file was moved to '47cf8277.qua'!
C:\System Volume Information\_restore{596FF071-05B0-4A0B-A5AF-AE86D1F40DF5}\RP16\A0002398.exe
[DETECTION] Is the Trojan horse TR/Delf.KH.12
[INFO] The file was moved to '47cf8278.qua'!
C:\System Volume Information\_restore{596FF071-05B0-4A0B-A5AF-AE86D1F40DF5}\RP16\A0002404.exe
[DETECTION] Is the Trojan horse TR/Dldr.Alphabet.11264.53
[INFO] The file was moved to '47cf827a.qua'!
C:\System Volume Information\_restore{596FF071-05B0-4A0B-A5AF-AE86D1F40DF5}\RP16\A0002467.exe
[DETECTION] Is the Trojan horse TR/Dldr.Adload.PR.2
[INFO] The file was moved to '47cf827d.qua'!
C:\System Volume Information\_restore{596FF071-05B0-4A0B-A5AF-AE86D1F40DF5}\RP17\A0002508.exe
[DETECTION] Is the Trojan horse TR/Dldr.VB.cge
[INFO] The file was moved to '47cf8281.qua'!
C:\System Volume Information\_restore{596FF071-05B0-4A0B-A5AF-AE86D1F40DF5}\RP17\A0002510.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47cf8282.qua'!
C:\System Volume Information\_restore{596FF071-05B0-4A0B-A5AF-AE86D1F40DF5}\RP17\A0002511.exe
[DETECTION] Is the Trojan horse TR/Dialer.ZZ
[INFO] The file was moved to '47cf8284.qua'!
C:\System Volume Information\_restore{596FF071-05B0-4A0B-A5AF-AE86D1F40DF5}\RP17\A0002512.dll
[DETECTION] Is the Trojan horse TR/Crypt.PEC2X.Gen
[INFO] The file was moved to '47cf8285.qua'!
C:\System Volume Information\_restore{596FF071-05B0-4A0B-A5AF-AE86D1F40DF5}\RP18\A0002659.exe
[DETECTION] Is the Trojan horse TR/Spy.Agent.271360
[INFO] The file was moved to '47cf828b.qua'!
C:\System Volume Information\_restore{596FF071-05B0-4A0B-A5AF-AE86D1F40DF5}\RP7\A0000383.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47cf8295.qua'!
C:\VundoFix Backups\khfffdd.dll.bad
[DETECTION] Is the Trojan horse TR/Drop.Vundo.dvo
[INFO] The file was moved to '480582d1.qua'!
C:\VundoFix Backups\qomnnmj.dll.bad
[DETECTION] Is the Trojan horse TR/Drop.Vundo.dvo
[INFO] The file was moved to '480c82d9.qua'!
C:\VundoFix Backups\winjjq32.dll.bad
[DETECTION] Is the Trojan horse TR/Crypt.PEC2X.Gen
[INFO] The file was moved to '480d82d5.qua'!
C:\VundoFix Backups\winjks32.dll.bad
[DETECTION] Is the Trojan horse TR/Crypt.PEC2X.Gen
[INFO] The file was moved to '480d82d6.qua'!
C:\VundoFix Backups\winopn32.dll.bad
[DETECTION] Is the Trojan horse TR/Crypt.PEC2X.Gen
[INFO] The file was moved to '480d82d7.qua'!


End of the scan: mardi 29 janvier 2008 20:50
Used time: 11:42 min

The scan has been done completely.

2223 Scanning directories
60298 Files were scanned
59 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
59 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
60239 Files not concerned
800 Archives were scanned
1 Warnings
0 Notes

le rapport hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:12:40, on 29/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4978 bytes

oui !! j'ai attendu un peu, pour voir si il n'y avait pas d'autres soucis qui se présentaient, ça a pas l'air... tous les problèmes ont disparu, ça marche impec ! Antivir fonctionne bien, tout va bien quoi ^^
merci pour tout

voilà le rapport TCleaner :

-->- Recherche:

C:\Combofix: trouvé !
C:\Vundofix backups: trouvé !
C:\Qoobox: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\Propriétaire\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\Propriétaire\Bureau\Msnfix.zip: trouvé !
C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\Propriétaire\Bureau\MsnFix: trouvé !
C:\Documents and Settings\Propriétaire\Bureau\MSNFix\MsnFix: trouvé !
C:\Documents and Settings\Propriétaire\Mes documents\vundoFix.exe: trouvé !
C:\Documents and Settings\Propriétaire\Mes documents\HJTInstall.exe: trouvé !
C:\Documents and Settings\Propriétaire\Recent\MSNFix.lnk: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\QooBox\Quarantine\C\Combofix: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\Propriétaire\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\Propriétaire\Bureau\Msnfix.zip: supprimé !
C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe: supprimé !
C:\Documents and Settings\Propriétaire\Mes documents\vundoFix.exe: supprimé !
C:\Documents and Settings\Propriétaire\Mes documents\HJTInstall.exe: supprimé !
C:\Documents and Settings\Propriétaire\Recent\MSNFix.lnk: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Combofix: supprimé !
C:\Vundofix backups: supprimé !
C:\Qoobox: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\Propriétaire\Bureau\MsnFix: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !