bonsoir,
mon ordinateur est infecté a la suite d'un téléchargement douteux le bureau affiche un message me disant que je suis infecté.
voici le rapport hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:43: VIRUS ALERT!, on 06/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\Msmsgs.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\vista_sp1.exe
C:\WINDOWS\explorer.exe
C:\Program Files\rhcav4j0epdn\rhcav4j0epdn.exe
C:\WINDOWS\system32\pphcev4j0epdn.exe
C:\WINDOWS\system32\cmd.exe
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\atmadm2.exe
C:\Documents and Settings\Compaq_Propriétaire\Mes documents\Tom\Logiciel\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.p [...] Ojg5&lid=2
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: QXK Olive - {8663655C-F6D4-4520-859E-67008902A889} - C:\WINDOWS\kgqfweltmrg.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: DbarBHO - {CC11617C-259E-429c-9063-7D70B8355EBD} - C:\Program Files\Deskbar\Deskbar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: nqgpedlr - {80123684-A222-4009-8220-A867294D6DE8} - C:\WINDOWS\nqgpedlr.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lphcev4j0epdn] C:\WINDOWS\system32\lphcev4j0epdn.exe
O4 - HKLM\..\Run: [SMrhcav4j0epdn] C:\Program Files\rhcav4j0epdn\rhcav4j0epdn.exe
O4 - HKLM\..\Run: [DelayLoad] C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\atmadm2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x092f -f video -m logitech -d 10.5.1.2023 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x092f -f video -m logitech -d 10.5.1.2023 (User 'Default user')
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Games [...] meHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O20 - Winlogon Notify: mlJBSkhI - C:\WINDOWS\SYSTEM32\mlJBSkhI.dll
O21 - SSODL: axrfgvek - {6FC6F998-1B5C-4436-9E5C-75931602AF5E} - C:\WINDOWS\axrfgvek.dll
O21 - SSODL: okmdepgb - {2F04EF81-1D4B-4AE5-88BC-ABE3B65618D1} - C:\WINDOWS\okmdepgb.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe (file missing)
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
O24 - Desktop Component 0: (no name) - http://static.v41.skyrock.com/js/blog.js?20080411

--
End of file - 10361 bytes

merci de votre aide

Bonjour,

Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) !

• Télécharge ComboFix (sUBs) sur ton Bureau.
• Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
• Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer

merci, voici le rapport Combofix :

ComboFix 08-07-05.1 - Compaq_Propriétaire 2008-07-07 10:09:35.5 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.73 [GMT 2:00]
Endroit: K:\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malware Protector 2008
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malware Protector 2008\How to Register Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malware Protector 2008\License Agreement.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malware Protector 2008\Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malware Protector 2008\Register Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malware Protector 2008\Uninstall.lnk
C:\Documents and Settings\Compaq_Propriétaire\Application Data\rhcav4j0epdn
C:\Documents and Settings\Compaq_Propriétaire\Application Data\shc9v4j0epdn
C:\Program Files\antiviirus.exe
C:\Program Files\GamesBar\oberontb.dll
C:\Program Files\rhcav4j0epdn
C:\Program Files\shc9v4j0epdn
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\esrp.exe
C:\WINDOWS\resources\MonStd.dll
C:\WINDOWS\system32\778670
C:\WINDOWS\system32\778670\778670.dll
C:\WINDOWS\system32\blphcev4j0epdn.scr
C:\WINDOWS\system32\IiPVCfhk.ini
C:\WINDOWS\system32\IiPVCfhk.ini2
C:\WINDOWS\system32\khfCVPiI.dll
C:\WINDOWS\system32\lphcev4j0epdn.exe
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
C:\WINDOWS\system32\phcev4j0epdn.bmp
C:\WINDOWS\system32\pphcev4j0epdn.exe
C:\WINDOWS\system32\rllgdllx.ini
C:\WINDOWS\system32\superiorads-uninst.exe

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-07 to 2008-07-07 ))))))))))))))))))))))))))))))))))))
.

2008-07-07 09:27 . 2008-07-07 09:27 10,240 --a------ C:\Program Files\tmp2.exe
2008-07-07 09:27 . 2008-07-07 09:27 10,240 --a------ C:\Program Files\tmp1.exe
2008-07-07 09:27 . 2008-07-07 09:27 10,240 --a------ C:\Program Files\tmp0.exe
2008-07-06 18:46 . 2008-07-06 18:46 89,088 --a------ C:\WINDOWS\system32\xlldgllr.dll
2008-07-06 18:39 . 2008-07-06 03:48 380,928 --a------ C:\WINDOWS\kgqfweltmrg.dll
2008-07-06 18:39 . 2008-07-06 03:48 331,776 --a------ C:\WINDOWS\axrfgvek.dll
2008-07-06 18:39 . 2008-07-06 03:48 303,104 --a------ C:\WINDOWS\okmdepgb.dll
2008-07-06 18:39 . 2008-07-06 03:48 188,416 --a------ C:\WINDOWS\nqgpedlr.dll
2008-07-06 18:39 . 2008-07-07 09:57 94,208 --a------ C:\WINDOWS\system32\D.tmp
2008-07-06 18:39 . 2008-07-06 03:48 90,112 --a------ C:\WINDOWS\mrvtdpqe.exe
2008-07-06 18:39 . 2008-07-06 18:39 28,800 --a------ C:\WINDOWS\system32\mlJBSkhI.dll
2008-07-04 23:15 . 2008-07-04 23:15 <REP> d-------- C:\Program Files\LETMIN
2008-07-04 23:15 . 2008-07-04 23:15 <REP> d-------- C:\Program Files\Icone
2008-06-30 16:23 . 2008-06-30 16:24 <REP> d-------- C:\Program Files\Kyodai Mahjongg 2006
2008-06-29 22:28 . 2008-07-05 14:38 <REP> d-------- C:\Program Files\PokerRoom.com
2008-06-29 21:19 . 2008-07-05 14:39 <REP> d-------- C:\Program Files\M6 Jeux
2008-06-21 16:01 . 2008-07-04 17:50 <REP> d-------- C:\WINDOWS\system32\Adobe
2008-06-17 10:14 . 2008-06-17 10:14 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-06-14 23:54 . 2004-01-08 11:38 208,896 --a------ C:\WINDOWS\system32\lame_enc.dll
2008-06-14 23:28 . 2008-06-14 23:33 <REP> d-------- C:\WINDOWS\system32\XPSViewer
2008-06-14 23:28 . 2008-06-14 23:28 <REP> d-------- C:\Program Files\Reference Assemblies
2008-06-14 23:28 . 2008-06-14 23:28 <REP> d-------- C:\Program Files\MSBuild
2008-06-14 23:26 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-06-14 23:21 . 2008-06-14 23:21 <REP> d-------- C:\Program Files\MSXML 6.0
2008-06-14 23:04 . 2008-06-14 23:45 <REP> d-------- C:\Program Files\Free Music Zilla
2008-06-14 22:47 . <REP> C:\Documents and Settings\Compaq_Propriétaire\dwhelper
2008-06-14 15:59 . 2008-06-15 10:41 <REP> d-------- C:\Program Files\BitComet
2008-06-12 07:58 . 2008-06-12 07:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-06-11 18:44 . 2008-06-12 08:28 <REP> d-------- C:\Program Files\ItsLabel
2008-06-11 18:39 . 2008-06-12 12:22 <REP> d-------- C:\Program Files\EoRezo
2008-06-11 18:33 . 2008-06-11 18:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Software rule flag owns

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-07 08:43 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-07-07 08:10 --------- d-----w C:\Program Files\GamesBar
2008-07-05 12:35 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-30 16:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-06-29 10:31 --------- d-----w C:\Program Files\Replay Converter
2008-06-27 20:16 --------- d-----w C:\Program Files\Odebit Multimédia
2008-06-26 12:25 --------- d-----w C:\Program Files\Guitar Pro 5
2008-06-18 15:12 --------- d-----w C:\Program Files\World of Warcraft
2008-06-14 17:59 272,768 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 17:59 272,768 ----a-w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 17:24 --------- d-----w C:\Program Files\Windows Live
2008-06-11 17:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-25 14:25 --------- d-----w C:\Program Files\PhotoFiltre Studio
2008-05-25 10:34 --------- d-----w C:\Program Files\TurnTool
2008-05-24 13:08 --------- d-----w C:\Program Files\Picture Pyramid
2008-05-24 13:03 --------- d-----w C:\Program Files\Zylom Games
2008-05-24 08:51 --------- d-----w C:\Program Files\Azureus
2008-05-17 17:57 --------- d-----w C:\Program Files\Logitech
2008-05-17 17:57 --------- d-----w C:\Program Files\Fichiers communs\logishrd
2008-05-17 17:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd
2008-05-17 15:56 --------- d-----w C:\Program Files\Orbz
2008-05-11 09:53 --------- d-----w C:\Program Files\Golf Adventure Galaxy
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-08 10:23 192,512 ----a-w C:\WINDOWS\off-road-uninst.exe
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-23 20:16 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:41 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:41 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-03-03 17:42 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2008-01-26 11:49 357 ----a-w C:\Documents and Settings\Compaq_Propriétaire\.cb_layout.bin
2007-03-09 07:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3BA3028F-FD37-46BF-AD27-733734684F06}]
2008-07-06 18:39 28800 --a------ C:\WINDOWS\system32\mlJBSkhI.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8663655C-F6D4-4520-859E-67008902A889}]
2008-07-06 03:48 380928 --a------ C:\WINDOWS\kgqfweltmrg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B065849C-4727-4A1A-9057-B8AE93878493}]
2008-07-07 10:52 318208 --a------ C:\WINDOWS\system32\pmnnOHXP.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{80123684-A222-4009-8220-A867294D6DE8}"= "C:\WINDOWS\nqgpedlr.dll" [2008-07-06 03:48 188416]

[HKEY_CLASSES_ROOT\clsid\{80123684-a222-4009-8220-a867294d6de8}]
[HKEY_CLASSES_ROOT\nqgpedlr.1]
[HKEY_CLASSES_ROOT\TypeLib\{7F62B052-BBD3-476F-A8D5-AEA51D86367A}]
[HKEY_CLASSES_ROOT\nqgpedlr]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
"NoDispCPL"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarCustomize"= 1 (0x1)
"StartMenuLogoff"= 1 (0x1)
"NoStartMenuMorePrograms"= 1 (0x1)
"NoSetFolders"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 15:39 294400]
"{3BA3028F-FD37-46BF-AD27-733734684F06}"= "C:\WINDOWS\system32\mlJBSkhI.dll" [2008-07-06 18:39 28800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"axrfgvek"= {6FC6F998-1B5C-4436-9E5C-75931602AF5E} - C:\WINDOWS\axrfgvek.dll [2008-07-06 03:48 331776]
"okmdepgb"= {2F04EF81-1D4B-4AE5-88BC-ABE3B65618D1} - C:\WINDOWS\okmdepgb.dll [2008-07-06 03:48 303104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJBSkhI]
2008-07-06 18:39 28800 C:\WINDOWS\system32\mlJBSkhI.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.iac2"= C:\PROGRA~1\REPLAY~1\iac25_32.ax

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\pmnnOHXP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\World of Warcraft\\Repair.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\Messenger\\Msmsgs.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\^^^^^.exe"=
"C:\\Program Files\\ABC\\abc.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP"= 9420:TCP:Red Swoosh
"5000:UDP"= 5000:UDP:Red Swoosh
"6112:TCP"= 6112:TCP:Blizzard Downloader
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"16434:TCP"= 16434:TCP:BitComet 16434 TCP
"16434:UDP"= 16434:UDP:BitComet 16434 UDP

R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 DIGIRPS;Pilote PortServer Digi;C:\WINDOWS\system32\DRIVERS\digirlpt.sys [2001-08-23 18:10]
S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76a949a4-07d4-11dd-8f6d-0013d35267ca}]
\Shell\AutoRun\command - H:\memorybar.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-07-07 09:00:02 C:\WINDOWS\Tasks\AB89773F919AEC97.job"
- c:\docume~1\compaq~1\applic~1\lovemo~1\RoadMfcdDog.exe
.
- - - - ORPHANS REMOVED - - - -

BHO-{CC11617C-259E-429c-9063-7D70B8355EBD} - C:\Program Files\Deskbar\Deskbar.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-07 10:48:41
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...


C:\Documents and Settings\Compaq_Propriétaire\Application Data\TmpRecentIcons
C:\Documents and Settings\Compaq_Propriétaire\Application Data\TmpRecentIcons\Aide et support.lnk 2946 bytes
C:\Documents and Settings\Compaq_Propriétaire\Application Data\TmpRecentIcons\AnmanieSMP.lnk 636 bytes
C:\Documents and Settings\Compaq_Propriétaire\Application Data\TmpRecentIcons\DivX Movies.lnk 1483 bytes
C:\Documents and Settings\Compaq_Propriétaire\Application Data\TmpRecentIcons\Guitar Pro 5.lnk 627 bytes
C:\Documents and Settings\Compaq_Propriétaire\Application Data\TmpRecentIcons\Microsoft Excel.lnk 2531 bytes
C:\Documents and Settings\Compaq_Propriétaire\Application Data\TmpRecentIcons\Microsoft Word.lnk 2551 bytes
C:\Documents and Settings\Compaq_Propriétaire\Application Data\TmpRecentIcons\Nettoyage de disque.lnk 1522 bytes
C:\Documents and Settings\Compaq_Propriétaire\Application Data\TmpRecentIcons\Spybot - Search & Destroy.lnk 941 bytes
C:\Documents and Settings\Compaq_Propriétaire\Application Data\TmpRecentIcons\Windows Live Messenger.lnk 739 bytes
C:\Documents and Settings\Compaq_Propriétaire\Application Data\TmpRecentIcons\Windows Media Player.lnk 796 bytes
C:\Documents and Settings\Compaq_Propriétaire\Application Data\TmpRecentIcons\Wow.lnk 644 bytes

Scan termin‚ avec succŠs
Les fichiers cach‚s: 12

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\mlJBSkhI.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\searchindexer.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\searchprotocolhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\upgrepl.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\searchfilterhost.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-07 11:45:52 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-07 09:44:38

Pre-Run: 86,679,216,128 octets libres
Post-Run: 86,697,295,872 octets libres

248 --- E O F --- 2008-06-20 21:19:09

Re,

Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.

voila le rapport de combofix mais a aucun moment il ne m'as demandé de taper 1 ou autre, est-ce normal?

ComboFix 08-07-05.1 - Compaq_Propriétaire 2008-07-07 14:51:45.6 - NTFSx86
Endroit: K:\ComboFix.exe
Command switches used :: K:\CFScript.txt
* Création d'un nouveau point de restauration

FILE ::
C:\Program Files\tmp0.exe
C:\Program Files\tmp1.exe
C:\Program Files\tmp2.exe
C:\WINDOWS\axrfgvek.dll
C:\WINDOWS\kgqfweltmrg.dll
C:\WINDOWS\mrvtdpqe.exe
C:\WINDOWS\nqgpedlr.dll
C:\WINDOWS\okmdepgb.dll
C:\WINDOWS\system32\mlJBSkhI.dll
C:\WINDOWS\system32\pmnnOHXP.dll
C:\WINDOWS\system32\xlldgllr.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Software rule flag owns
C:\Documents and Settings\All Users\Application Data\Software rule flag owns\bib second.exe
C:\Program Files\GamesBar
C:\Program Files\GamesBar\Localization-French.ini
C:\Program Files\tmp0.exe
C:\Program Files\tmp1.exe
C:\Program Files\tmp2.exe
C:\WINDOWS\axrfgvek.dll
C:\WINDOWS\kgqfweltmrg.dll
C:\WINDOWS\mrvtdpqe.exe
C:\WINDOWS\nqgpedlr.dll
C:\WINDOWS\okmdepgb.dll
C:\WINDOWS\system32\D.tmp
C:\WINDOWS\system32\mlJBSkhI.dll
C:\WINDOWS\system32\pmnnOHXP.dll
C:\WINDOWS\system32\PXHOnnmp.ini
C:\WINDOWS\system32\PXHOnnmp.ini2
C:\WINDOWS\system32\xlldgllr.dll
C:\WINDOWS\system32\ysibknfh.ini

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-07 to 2008-07-07 ))))))))))))))))))))))))))))))))))))
.

2008-07-07 15:04 . 2008-07-07 15:04 294 ---hs---- C:\WINDOWS\system32\ysibknfh.ini
2008-07-07 14:39 . 2008-07-07 14:40 <REP> d-------- C:\327882R2FWJFW
2008-07-07 10:58 . 2008-07-07 10:58 88,576 --a------ C:\WINDOWS\system32\hfnkbisy.dll
2008-07-04 23:15 . 2008-07-04 23:15 <REP> d-------- C:\Program Files\LETMIN
2008-07-04 23:15 . 2008-07-04 23:15 <REP> d-------- C:\Program Files\Icone
2008-06-30 16:23 . 2008-07-07 13:20 <REP> d-------- C:\Program Files\Kyodai Mahjongg 2006
2008-06-29 22:28 . 2008-07-05 14:38 <REP> d-------- C:\Program Files\PokerRoom.com
2008-06-29 21:19 . 2008-07-05 14:39 <REP> d-------- C:\Program Files\M6 Jeux
2008-06-21 16:01 . 2008-07-04 17:50 <REP> d-------- C:\WINDOWS\system32\Adobe
2008-06-17 10:14 . 2008-06-17 10:14 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-06-14 23:54 . 2004-01-08 11:38 208,896 --a------ C:\WINDOWS\system32\lame_enc.dll
2008-06-14 23:28 . 2008-06-14 23:33 <REP> d-------- C:\WINDOWS\system32\XPSViewer
2008-06-14 23:28 . 2008-06-14 23:28 <REP> d-------- C:\Program Files\Reference Assemblies
2008-06-14 23:28 . 2008-06-14 23:28 <REP> d-------- C:\Program Files\MSBuild
2008-06-14 23:26 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-06-14 23:21 . 2008-06-14 23:21 <REP> d-------- C:\Program Files\MSXML 6.0
2008-06-14 23:04 . 2008-06-14 23:45 <REP> d-------- C:\Program Files\Free Music Zilla
2008-06-14 22:47 . <REP> C:\Documents and Settings\Compaq_Propriétaire\dwhelper
2008-06-14 15:59 . 2008-06-15 10:41 <REP> d-------- C:\Program Files\BitComet
2008-06-12 07:58 . 2008-06-12 07:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-06-11 18:44 . 2008-06-12 08:28 <REP> d-------- C:\Program Files\ItsLabel
2008-06-11 18:39 . 2008-06-12 12:22 <REP> d-------- C:\Program Files\EoRezo

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-07 13:01 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-07-05 12:35 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-30 16:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-06-29 10:31 --------- d-----w C:\Program Files\Replay Converter
2008-06-27 20:16 --------- d-----w C:\Program Files\Odebit Multimédia
2008-06-26 12:25 --------- d-----w C:\Program Files\Guitar Pro 5
2008-06-18 15:12 --------- d-----w C:\Program Files\World of Warcraft
2008-06-14 17:59 272,768 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 17:59 272,768 ----a-w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 17:24 --------- d-----w C:\Program Files\Windows Live
2008-06-11 17:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-25 14:25 --------- d-----w C:\Program Files\PhotoFiltre Studio
2008-05-25 10:34 --------- d-----w C:\Program Files\TurnTool
2008-05-24 13:08 --------- d-----w C:\Program Files\Picture Pyramid
2008-05-24 13:03 --------- d-----w C:\Program Files\Zylom Games
2008-05-24 08:51 --------- d-----w C:\Program Files\Azureus
2008-05-17 17:57 --------- d-----w C:\Program Files\Logitech
2008-05-17 17:57 --------- d-----w C:\Program Files\Fichiers communs\logishrd
2008-05-17 17:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd
2008-05-17 15:56 --------- d-----w C:\Program Files\Orbz
2008-05-11 09:53 --------- d-----w C:\Program Files\Golf Adventure Galaxy
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-08 10:23 192,512 ----a-w C:\WINDOWS\off-road-uninst.exe
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-23 20:16 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:41 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:41 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-03-03 17:42 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2008-01-26 11:49 357 ----a-w C:\Documents and Settings\Compaq_Propriétaire\.cb_layout.bin
2007-03-09 07:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
.

((((((((((((((((((((((((((((( snapshot@2008-07-07_11.06.26.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-07 08:45:59 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-07 13:03:36 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 20:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-17 20:11 155648]
"ecdc0749"="C:\WINDOWS\system32\hfnkbisy.dll" [2008-07-07 10:58 88576]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 11:17 1241088]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="C:\Program Files\Fichiers communs\logishrd\WUApp32.exe" [2007-10-12 04:03 439568]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 15:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.iac2"= C:\PROGRA~1\REPLAY~1\iac25_32.ax

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\World of Warcraft\\Repair.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\Messenger\\Msmsgs.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\^^^^^.exe"=
"C:\\Program Files\\ABC\\abc.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP"= 9420:TCP:Red Swoosh
"5000:UDP"= 5000:UDP:Red Swoosh
"6112:TCP"= 6112:TCP:Blizzard Downloader
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"16434:TCP"= 16434:TCP:BitComet 16434 TCP
"16434:UDP"= 16434:UDP:BitComet 16434 UDP

R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 DIGIRPS;Pilote PortServer Digi;C:\WINDOWS\system32\DRIVERS\digirlpt.sys [2001-08-23 18:10]
S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys []
S4 Boonty Games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76a949a4-07d4-11dd-8f6d-0013d35267ca}]
\Shell\AutoRun\command - H:\memorybar.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-07-07 13:00:03 C:\WINDOWS\Tasks\AB89773F919AEC97.job"
- c:\docume~1\compaq~1\applic~1\lovemo~1\RoadMfcdDog.exe
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-lphcev4j0epdn - C:\WINDOWS\system32\lphcev4j0epdn.exe
HKLM-Run-SMrhcav4j0epdn - C:\Program Files\rhcav4j0epdn\rhcav4j0epdn.exe
HKLM-Run-SMshc9v4j0epdn - C:\Program Files\shc9v4j0epdn\shc9v4j0epdn.exe
HKLM-Run-EoEngine - (no file)
HKU-Default-Run-Picasa Media Detector - C:\Program Files\Picasa2\PicasaMediaDetector.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-07 15:04:13
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\hfnkbisy.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\searchindexer.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\searchprotocolhost.exe
C:\WINDOWS\system32\searchfilterhost.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-07 15:19:13 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-07 13:18:57
ComboFix2.txt 2008-07-07 09:46:08

Pre-Run: 86,661,730,304 octets libres
Post-Run: 86,637,596,672 octets libres

210 --- E O F --- 2008-06-20 21:19:09


merci

Recommence avec ce script :

voila le rapport :

ComboFix 08-07-05.1 - Compaq_Propriétaire 2008-07-07 10:09:35.5 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.73 [GMT 2:00]
Endroit: K:\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malware Protector 2008
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malware Protector 2008\How to Register Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malware Protector 2008\License Agreement.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malware Protector 2008\Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malware Protector 2008\Register Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malware Protector 2008\Uninstall.lnk
C:\Documents and Settings\Compaq_Propriétaire\Application Data\rhcav4j0epdn
C:\Documents and Settings\Compaq_Propriétaire\Application Data\shc9v4j0epdn
C:\Program Files\antiviirus.exe
C:\Program Files\GamesBar\oberontb.dll
C:\Program Files\rhcav4j0epdn
C:\Program Files\shc9v4j0epdn
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\esrp.exe
C:\WINDOWS\resources\MonStd.dll
C:\WINDOWS\system32\778670
C:\WINDOWS\system32\778670\778670.dll
C:\WINDOWS\system32\blphcev4j0epdn.scr
C:\WINDOWS\system32\IiPVCfhk.ini
C:\WINDOWS\system32\IiPVCfhk.ini2
C:\WINDOWS\system32\khfCVPiI.dll
C:\WINDOWS\system32\lphcev4j0epdn.exe
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
C:\WINDOWS\system32\phcev4j0epdn.bmp
C:\WINDOWS\system32\pphcev4j0epdn.exe
C:\WINDOWS\system32\rllgdllx.ini
C:\WINDOWS\system32\superiorads-uninst.exe

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-07 to 2008-07-07 ))))))))))))))))))))))))))))))))))))
.

2008-07-07 09:27 . 2008-07-07 09:27 10,240 --a------ C:\Program Files\tmp2.exe
2008-07-07 09:27 . 2008-07-07 09:27 10,240 --a------ C:\Program Files\tmp1.exe
2008-07-07 09:27 . 2008-07-07 09:27 10,240 --a------ C:\Program Files\tmp0.exe
2008-07-06 18:46 . 2008-07-06 18:46 89,088 --a------ C:\WINDOWS\system32\xlldgllr.dll
2008-07-06 18:39 . 2008-07-06 03:48 380,928 --a------ C:\WINDOWS\kgqfweltmrg.dll
2008-07-06 18:39 . 2008-07-06 03:48 331,776 --a------ C:\WINDOWS\axrfgvek.dll
2008-07-06 18:39 . 2008-07-06 03:48 303,104 --a------ C:\WINDOWS\okmdepgb.dll
2008-07-06 18:39 . 2008-07-06 03:48 188,416 --a------ C:\WINDOWS\nqgpedlr.dll
2008-07-06