Virus TR/Trash.Gen trouvé par antivir [Résolu]

salut,
fais un scan avec bitdefender:http://www.bitdefender.fr/scan_fr/scan8/ie.html

ca va pas suffir...

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

ok merci de me repondre c'est gentil.
je te post le rapport dans une 15aine de minute.

ca va pas suffir=====>AH bON????

re, ecoute sur bitdefender n'a rien trouvé.
ensuite combofix voila le rapport

ComboFix 07-12-07.3 - maison 2007-12-07 21:18:42.8 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.211 [GMT 1:00]
Running from: C:\Documents and Settings\maison\Bureau\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2007-11-07 to 2007-12-07 ))))))))))))))))))))))))))))))))))))
.

2007-12-07 11:58 . 2007-12-07 11:58 <REP> d-------- C:\WINDOWS\AU_Temp
2007-12-07 11:57 . 2007-12-07 11:57 <REP> d-------- C:\WINDOWS\report
2007-12-07 11:57 . 2007-12-07 11:56 39,917,509 --a------ C:\WINDOWS\LPT$VPN.869
2007-12-07 11:11 . 2007-12-07 11:33 <REP> d-------- C:\Program Files\a-squared Free
2007-12-07 01:22 . 2007-12-07 01:22 <REP> d--h----- C:\WINDOWS\PIF
2007-12-07 00:48 . 2007-12-07 00:48 <REP> d-------- C:\WINDOWS\ERUNT
2007-12-06 23:17 . 2007-12-06 23:17 1,678 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-06 22:15 . 2007-12-06 22:18 325 --a------ C:\WINDOWS\KillProcess.INI
2007-12-06 18:30 . 2007-12-02 18:48 1,500 --a------ C:\WINDOWS\system32\Copie de tmp.reg
2007-12-06 17:39 . 2007-12-06 18:06 <REP> d-------- C:\Program Files\a-squared Anti-Malware
2007-12-06 16:50 . 2007-12-07 20:59 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-12-06 16:14 . 2007-12-06 16:14 <REP> d-------- C:\Program Files\CCleaner
2007-12-06 11:16 . 2007-12-06 11:16 <REP> d-------- C:\Program Files\Lavasoft
2007-12-06 11:16 . 2007-12-06 11:16 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-12-06 11:16 . 2007-12-06 11:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-02 23:07 . 2007-12-02 23:07 <REP> d-------- C:\VundoFix Backups
2007-12-02 21:15 . 2007-12-02 21:15 <REP> d-------- C:\Program Files\Avira
2007-12-02 21:15 . 2007-12-02 21:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-12-02 20:04 . 2007-12-02 20:04 <REP> d-------- C:\Documents and Settings\maison\Application Data\Grisoft
2007-12-02 20:04 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-02 20:01 . 2007-12-02 20:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-02 19:22 . 2007-12-02 19:25 <REP> d-------- C:\Program Files\RogueRemover FREE
2007-12-01 11:17 . 2007-12-01 11:17 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-11-30 14:40 . 2007-11-30 14:40 144 --ahs---- C:\WINDOWS\system32\1549314879.dat

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-07 19:24 --------- d-----w C:\Program Files\Wanadoo
2007-12-07 13:44 --------- d-----w C:\Program Files\Shareaza
2007-12-07 10:58 86,094 ----a-w C:\WINDOWS\BPMNT.dll
2007-12-07 10:58 1,163,344 ----a-w C:\WINDOWS\vsapi32.dll
2007-12-07 10:56 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
2007-12-07 10:56 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
2007-12-07 10:56 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
2007-12-07 10:56 286,720 ----a-w C:\WINDOWS\PATCH.EXE
2007-12-07 10:56 267,845 ----a-w C:\WINDOWS\tsc.exe
2007-12-06 20:59 3,310 ----a-w C:\Documents and Settings\maison\Application Data\wklnhst.dat
2007-12-06 17:05 --------- d-----w C:\Program Files\Navilog1
2007-12-02 18:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2007-10-25 09:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-10-17 04:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-10-16 20:55 81,408 ----a-w C:\WINDOWS\system32\aadcaad.dll
2007-10-14 18:16 --------- d-----w C:\Program Files\Trend Micro
2007-10-14 17:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-14 06:41 17,792 ----a-w C:\WINDOWS\system32\drivers\miqvzwcl.dat
2007-10-12 17:07 --------- d-----w C:\Program Files\Fichiers communs\G DATA
2007-10-12 16:50 --------- d-----w C:\Documents and Settings\maison\Application Data\Lavasoft
2007-10-05 23:24 52,602 ----a-w C:\WINDOWS\system32\interceptor.sys
2007-10-03 22:36 25,600 ----a-w C:\WINDOWS\system32\WS2Fix.exe
.

((((((((((((((((((((((((((((( snapshot_2007-12-07_11.36.49,75 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-11-09 19:05:12 86,094 ----a-w C:\WINDOWS\AU_Temp\2\4\BPMNT.dll
+ 2007-06-12 17:49:28 1,163,344 ----a-w C:\WINDOWS\AU_Temp\2\4\vsapi32.dll
+ 1999-07-23 09:53:20 129,536 ----a-w C:\WINDOWS\AuHCcup1.dll
- 2007-10-25 09:26:48 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2007-12-07 10:38:49 77,824 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2002-10-15 13:29:40 77,824 ----a-w C:\WINDOWS\loadhttp.dll
+ 2001-12-14 12:34:46 164,864 ----a-w C:\WINDOWS\patchw32.dll
+ 2005-11-02 17:07:12 99,328 ----a-w C:\WINDOWS\runtsckl.exe
+ 2007-10-11 13:12:48 1,468,968 ------w C:\WINDOWS\system32\LegitCheckControl.dll
- 2005-10-12 23:15:25 15,072 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-10-08 13:46:18 14,640 ------w C:\WINDOWS\system32\spmsg.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91AD9DC2-523A-47E2-A598-6C277F16CC50}]
2007-10-16 21:55 81408 --a------ c:\windows\system32\aadcaad.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-11 15:33]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55]
"UpdateWin"="C:\WINDOWS\System32\1033v.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"UpdateWin"="C:\WINDOWS\System32\1033v.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-03 21:16]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-02 11:25]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 16:07 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-07-13 03:37 C:\WINDOWS\RTHDCPL.EXE]
"EasyTuneV"="C:\Program Files\Gigabyte\ET5\GUI.exe" [2004-06-14 10:54]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 15:55]
"M1000Mnt"="M1000Rmv.exe" []
"UpdateWin"="C:\WINDOWS\System32\1033v.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"UpdateWin"="C:\WINDOWS\System32\1033v.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-29 10:45]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoWindowsUpdate"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
UpdateWin REG_SZ C:\WINDOWS\System32\1033v.exe

R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys
R0 nvrfhgrt;Microsoft RPC API Helper;C:\WINDOWS\System32\drivers\miqvzwcl.dat
R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys
R3 MarkFun_NT;MarkFun_NT;\??\C:\Program Files\Gigabyte\ET5\markfun.w32
S3 gdrv;gdrv;\??\C:\WINDOWS\gdrv.sys
S3 M1000Srv;M5603C USB2.0 Camera Driver;C:\WINDOWS\System32\Drivers\M1000KNT.sys

.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-07 21:19:34
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-07 21:20:01
C:\ComboFix2.txt ... 2007-12-07 12:27
C:\ComboFix3.txt ... 2007-12-07 11:37
.
--- E O F ---

alors c'est grave docteur ?

re,

Copie le texte ci-dessous :

File::
C:\WINDOWS\AU_Temp
C:\WINDOWS\report
C:\WINDOWS\KillProcess.INI
C:\WINDOWS\system32\tmp.reg
C:\windows\system32\aadcaad.dll
C:\WINDOWS\System32\1033v.exe
C:\WINDOWS\PIF

Folder::
C:\Program Files\RogueRemover FREE


Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91AD9DC2-523A-47E2-A598-6C277F16CC50}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
UpdateWin"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"UpdateWin"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"UpdateWin"=-
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoWindowsUpdate"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

@+

faut demander ca a girly====>c'est elle qui a demandé un combofix

jfk a toi je te demande aussi si tu peux m'aider je souhaite pas mieux.

re,

j´ai repondu au post 7

en matiere d´infection tout est grave...

@+

re g!rly,
voila le rapport de combofix apres manip precedente

ComboFix 07-12-07.3 - maison 2007-12-07 21:44:08.9 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.210 [GMT 1:00]
Running from: C:\Documents and Settings\maison\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\maison\Bureau\CFScript.txt..txt
* Created a new restore point
.

((((((((((((((((((((((((((((( Fichiers créés 2007-11-07 to 2007-12-07 ))))))))))))))))))))))))))))))))))))
.

2007-12-07 11:58 . 2007-12-07 11:58 <REP> d-------- C:\WINDOWS\AU_Temp
2007-12-07 11:57 . 2007-12-07 11:57 <REP> d-------- C:\WINDOWS\report
2007-12-07 11:57 . 2007-12-07 11:56 39,917,509 --a------ C:\WINDOWS\LPT$VPN.869
2007-12-07 11:11 . 2007-12-07 11:33 <REP> d-------- C:\Program Files\a-squared Free
2007-12-07 01:22 . 2007-12-07 01:22 <REP> d--h----- C:\WINDOWS\PIF
2007-12-07 00:48 . 2007-12-07 00:48 <REP> d-------- C:\WINDOWS\ERUNT
2007-12-06 23:17 . 2007-12-06 23:17 1,678 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-06 22:15 . 2007-12-06 22:18 325 --a------ C:\WINDOWS\KillProcess.INI
2007-12-06 18:30 . 2007-12-02 18:48 1,500 --a------ C:\WINDOWS\system32\Copie de tmp.reg
2007-12-06 17:39 . 2007-12-06 18:06 <REP> d-------- C:\Program Files\a-squared Anti-Malware
2007-12-06 16:50 . 2007-12-07 20:59 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-12-06 16:14 . 2007-12-06 16:14 <REP> d-------- C:\Program Files\CCleaner
2007-12-06 11:16 . 2007-12-06 11:16 <REP> d-------- C:\Program Files\Lavasoft
2007-12-06 11:16 . 2007-12-06 11:16 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-12-06 11:16 . 2007-12-06 11:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-02 23:07 . 2007-12-02 23:07 <REP> d-------- C:\VundoFix Backups
2007-12-02 21:15 . 2007-12-02 21:15 <REP> d-------- C:\Program Files\Avira
2007-12-02 21:15 . 2007-12-02 21:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-12-02 20:04 . 2007-12-02 20:04 <REP> d-------- C:\Documents and Settings\maison\Application Data\Grisoft
2007-12-02 20:04 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-02 20:01 . 2007-12-02 20:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-02 19:22 . 2007-12-02 19:25 <REP> d-------- C:\Program Files\RogueRemover FREE
2007-12-01 11:17 . 2007-12-01 11:17 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-11-30 14:40 . 2007-11-30 14:40 144 --ahs---- C:\WINDOWS\system32\1549314879.dat

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-07 19:24 --------- d-----w C:\Program Files\Wanadoo
2007-12-07 13:44 --------- d-----w C:\Program Files\Shareaza
2007-12-07 10:58 86,094 ----a-w C:\WINDOWS\BPMNT.dll
2007-12-07 10:58 1,163,344 ----a-w C:\WINDOWS\vsapi32.dll
2007-12-07 10:56 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
2007-12-07 10:56 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
2007-12-07 10:56 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
2007-12-07 10:56 286,720 ----a-w C:\WINDOWS\PATCH.EXE
2007-12-07 10:56 267,845 ----a-w C:\WINDOWS\tsc.exe
2007-12-06 20:59 3,310 ----a-w C:\Documents and Settings\maison\Application Data\wklnhst.dat
2007-12-06 17:05 --------- d-----w C:\Program Files\Navilog1
2007-12-02 18:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2007-10-25 09:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-10-17 04:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-10-16 20:55 81,408 ----a-w C:\WINDOWS\system32\aadcaad.dll
2007-10-14 18:16 --------- d-----w C:\Program Files\Trend Micro
2007-10-14 17:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-14 06:41 17,792 ----a-w C:\WINDOWS\system32\drivers\miqvzwcl.dat
2007-10-12 17:07 --------- d-----w C:\Program Files\Fichiers communs\G DATA
2007-10-12 16:50 --------- d-----w C:\Documents and Settings\maison\Application Data\Lavasoft
2007-10-05 23:24 52,602 ----a-w C:\WINDOWS\system32\interceptor.sys
2007-10-03 22:36 25,600 ----a-w C:\WINDOWS\system32\WS2Fix.exe
.

((((((((((((((((((((((((((((( snapshot_2007-12-07_11.36.49,75 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-11-09 19:05:12 86,094 ----a-w C:\WINDOWS\AU_Temp\2\4\BPMNT.dll
+ 2007-06-12 17:49:28 1,163,344 ----a-w C:\WINDOWS\AU_Temp\2\4\vsapi32.dll
+ 1999-07-23 09:53:20 129,536 ----a-w C:\WINDOWS\AuHCcup1.dll
- 2007-10-25 09:26:48 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2007-12-07 10:38:49 77,824 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2002-10-15 13:29:40 77,824 ----a-w C:\WINDOWS\loadhttp.dll
+ 2001-12-14 12:34:46 164,864 ----a-w C:\WINDOWS\patchw32.dll
+ 2005-11-02 17:07:12 99,328 ----a-w C:\WINDOWS\runtsckl.exe
+ 2007-10-11 13:12:48 1,468,968 ------w C:\WINDOWS\system32\LegitCheckControl.dll
- 2005-10-12 23:15:25 15,072 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-10-08 13:46:18 14,640 ------w C:\WINDOWS\system32\spmsg.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91AD9DC2-523A-47E2-A598-6C277F16CC50}]
2007-10-16 21:55 81408 --a------ c:\windows\system32\aadcaad.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-11 15:33]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55]
"UpdateWin"="C:\WINDOWS\System32\1033v.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"UpdateWin"="C:\WINDOWS\System32\1033v.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-03 21:16]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-02 11:25]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 16:07 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-07-13 03:37 C:\WINDOWS\RTHDCPL.EXE]
"EasyTuneV"="C:\Program Files\Gigabyte\ET5\GUI.exe" [2004-06-14 10:54]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 15:55]
"M1000Mnt"="M1000Rmv.exe" []
"UpdateWin"="C:\WINDOWS\System32\1033v.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"UpdateWin"="C:\WINDOWS\System32\1033v.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-29 10:45]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoWindowsUpdate"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
UpdateWin REG_SZ C:\WINDOWS\System32\1033v.exe

R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys
R0 nvrfhgrt;Microsoft RPC API Helper;C:\WINDOWS\System32\drivers\miqvzwcl.dat
R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys
R3 MarkFun_NT;MarkFun_NT;\??\C:\Program Files\Gigabyte\ET5\markfun.w32
S3 gdrv;gdrv;\??\C:\WINDOWS\gdrv.sys
S3 M1000Srv;M5603C USB2.0 Camera Driver;C:\WINDOWS\System32\Drivers\M1000KNT.sys

.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-07 21:44:41
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-07 21:45:05
C:\ComboFix2.txt ... 2007-12-07 21:20
C:\ComboFix3.txt ... 2007-12-07 12:27
.
--- E O F ---
et voila le rapport de hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:46:59, on 07/12/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Gigabyte\ET5\GUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {91AD9DC2-523A-47E2-A598-6C277F16CC50} - c:\windows\system32\aadcaad.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\GUI.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [M1000Mnt] M1000Rmv.exe /StartStillMnt
O4 - HKLM\..\Run: [UpdateWin] C:\WINDOWS\System32\1033v.exe
O4 - HKLM\..\RunServices: [UpdateWin] C:\WINDOWS\System32\1033v.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [UpdateWin] C:\WINDOWS\System32\1033v.exe
O4 - HKCU\..\RunServices: [UpdateWin] C:\WINDOWS\System32\1033v.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/02084dfa22d225efae05/netzip/RdxIE601_fr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/...
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

fais ce que te dit girly elle est mieux placé que moi
je suivrai le post quand meme

ok merci a vous deux

re,

post le combofix2.txt

dsl je n'ai pas compris ?

tu as posté le meme rapport de combofix qu´au debut
alors regarde dans le dossier il doit avoir un autre rapport combofix2.txt

j'ai regardé il n'ya que celui la c'est le meme les deux que j'ai.

supprrime tout les rapports qu´il y a dans le fichier combofix et recommence

Copie le texte ci-dessous :

File::
C:\WINDOWS\AU_Temp
C:\WINDOWS\report
C:\WINDOWS\KillProcess.INI
C:\WINDOWS\system32\tmp.reg
C:\windows\system32\aadcaad.dll
C:\WINDOWS\System32\1033v.exe
C:\WINDOWS\PIF

Folder::
C:\Program Files\RogueRemover FREE


Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91AD9DC2-523A-47E2-A598-6C277F16CC50}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
UpdateWin"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"UpdateWin"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"UpdateWin"=-
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoWindowsUpdate"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

@+

ComboFix 07-12-07.3 - maison 2007-12-07 22:31:51.10 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.137 [GMT 1:00]
Running from: C:\Documents and Settings\maison\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\maison\Bureau\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((( Fichiers créés 2007-11-07 to 2007-12-07 ))))))))))))))))))))))))))))))))))))
.

2007-12-07 22:24 . 2007-12-07 22:24 <REP> d-------- C:\WINDOWS\AU_Temp
2007-12-07 22:11 . 2007-12-07 22:11 <REP> d-------- C:\Program Files\Panda Security
2007-12-07 11:57 . 2007-12-07 11:57 <REP> d-------- C:\WINDOWS\report
2007-12-07 11:57 . 2007-12-07 11:56 39,917,509 --a------ C:\WINDOWS\LPT$VPN.869
2007-12-07 11:11 . 2007-12-07 11:33 <REP> d-------- C:\Program Files\a-squared Free
2007-12-07 01:22 . 2007-12-07 01:22 <REP> d--h----- C:\WINDOWS\PIF
2007-12-07 00:48 . 2007-12-07 00:48 <REP> d-------- C:\WINDOWS\ERUNT
2007-12-06 23:17 . 2007-12-06 23:17 1,678 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-06 22:15 . 2007-12-06 22:18 325 --a------ C:\WINDOWS\KillProcess.INI
2007-12-06 18:30 . 2007-12-02 18:48 1,500 --a------ C:\WINDOWS\system32\Copie de tmp.reg
2007-12-06 17:39 . 2007-12-06 18:06 <REP> d-------- C:\Program Files\a-squared Anti-Malware
2007-12-06 16:50 . 2007-12-07 20:59 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-12-06 16:14 . 2007-12-06 16:14 <REP> d-------- C:\Program Files\CCleaner
2007-12-06 11:16 . 2007-12-06 11:16 <REP> d-------- C:\Program Files\Lavasoft
2007-12-06 11:16 . 2007-12-06 11:16 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-12-06 11:16 . 2007-12-06 11:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-02 23:07 . 2007-12-02 23:07 <REP> d-------- C:\VundoFix Backups
2007-12-02 21:15 . 2007-12-02 21:15 <REP> d-------- C:\Program Files\Avira
2007-12-02 21:15 . 2007-12-02 21:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-12-02 20:04 . 2007-12-02 20:04 <REP> d-------- C:\Documents and Settings\maison\Application Data\Grisoft
2007-12-02 20:04 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-02 20:01 . 2007-12-02 20:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-02 19:22 . 2007-12-02 19:25 <REP> d-------- C:\Program Files\RogueRemover FREE
2007-12-01 11:17 . 2007-12-01 11:17 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-11-30 14:40 . 2007-11-30 14:40 144 --ahs---- C:\WINDOWS\system32\1549314879.dat

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-07 21:24 86,094 ----a-w C:\WINDOWS\BPMNT.dll
2007-12-07 21:24 1,163,344 ----a-w C:\WINDOWS\vsapi32.dll
2007-12-07 19:24 --------- d-----w C:\Program Files\Wanadoo
2007-12-07 13:44 --------- d-----w C:\Program Files\Shareaza
2007-12-07 10:56 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
2007-12-07 10:56 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
2007-12-07 10:56 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
2007-12-07 10:56 286,720 ----a-w C:\WINDOWS\PATCH.EXE
2007-12-07 10:56 267,845 ----a-w C:\WINDOWS\tsc.exe
2007-12-06 20:59 3,310 ----a-w C:\Documents and Settings\maison\Application Data\wklnhst.dat
2007-12-06 17:05 --------- d-----w C:\Program Files\Navilog1
2007-12-02 18:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2007-10-25 09:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-10-17 04:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-10-16 20:55 81,408 ----a-w C:\WINDOWS\system32\aadcaad.dll
2007-10-14 18:16 --------- d-----w C:\Program Files\Trend Micro
2007-10-14 17:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-14 06:41 17,792 ----a-w C:\WINDOWS\system32\drivers\miqvzwcl.dat
2007-10-12 17:07 --------- d-----w C:\Program Files\Fichiers communs\G DATA
2007-10-12 16:50 --------- d-----w C:\Documents and Settings\maison\Application Data\Lavasoft
2007-10-05 23:24 52,602 ----a-w C:\WINDOWS\system32\interceptor.sys
2007-10-03 22:36 25,600 ----a-w C:\WINDOWS\system32\WS2Fix.exe
.

((((((((((((((((((((((((((((( snapshot_2007-12-07_11.36.49,75 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-11-09 19:05:12 86,094 ----a-w C:\WINDOWS\AU_Temp\2\4\BPMNT.dll
+ 2007-06-12 17:49:28 1,163,344 ----a-w C:\WINDOWS\AU_Temp\2\4\vsapi32.dll
+ 1999-07-23 09:53:20 129,536 ----a-w C:\WINDOWS\AuHCcup1.dll
- 2007-10-25 09:26:48 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2007-12-07 10:38:49 77,824 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2007-09-11 12:49:24 12,592 ----a-w C:\WINDOWS\Downloaded Program Files\LibComm.dll
+ 2007-09-11 12:49:28 38,280 ----a-w C:\WINDOWS\Downloaded Program Files\NanoInst.dll
+ 2007-09-11 12:49:30 43,824 ----a-w C:\WINDOWS\Downloaded Program Files\PSComm.dll
+ 2007-09-11 12:49:34 100,656 ----a-w C:\WINDOWS\Downloaded Program Files\PSNAdbrk.dll
+ 2002-10-15 13:29:40 77,824 ----a-w C:\WINDOWS\loadhttp.dll
+ 2001-12-14 12:34:46 164,864 ----a-w C:\WINDOWS\patchw32.dll
+ 2005-11-02 17:07:12 99,328 ----a-w C:\WINDOWS\runtsckl.exe
+ 2007-10-11 13:12:48 1,468,968 ------w C:\WINDOWS\system32\LegitCheckControl.dll
- 2005-10-12 23:15:25 15,072 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-10-08 13:46:18 14,640 ------w C:\WINDOWS\system32\spmsg.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91AD9DC2-523A-47E2-A598-6C277F16CC50}]
2007-10-16 21:55 81408 --a------ c:\windows\system32\aadcaad.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-11 15:33]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55]
"UpdateWin"="C:\WINDOWS\System32\1033v.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"UpdateWin"="C:\WINDOWS\System32\1033v.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-03 21:16]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-02 11:25]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 16:07 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-07-13 03:37 C:\WINDOWS\RTHDCPL.EXE]
"EasyTuneV"="C:\Program Files\Gigabyte\ET5\GUI.exe" [2004-06-14 10:54]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 15:55]
"M1000Mnt"="M1000Rmv.exe" []
"UpdateWin"="C:\WINDOWS\System32\1033v.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"UpdateWin"="C:\WINDOWS\System32\1033v.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-29 10:45]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoWindowsUpdate"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
UpdateWin REG_SZ C:\WINDOWS\System32\1033v.exe

R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys
R0 nvrfhgrt;Microsoft RPC API Helper;C:\WINDOWS\System32\drivers\miqvzwcl.dat
R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys
R3 MarkFun_NT;MarkFun_NT;\??\C:\Program Files\Gigabyte\ET5\markfun.w32
S3 gdrv;gdrv;\??\C:\WINDOWS\gdrv.sys
S3 M1000Srv;M5603C USB2.0 Camera Driver;C:\WINDOWS\System32\Drivers\M1000KNT.sys

.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-07 22:33:15
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-07 22:34:10
.
--- E O F ---

et hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:36:08, on 07/12/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Gigabyte\ET5\GUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {91AD9DC2-523A-47E2-A598-6C277F16CC50} - c:\windows\system32\aadcaad.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\GUI.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [M1000Mnt] M1000Rmv.exe /StartStillMnt
O4 - HKLM\..\Run: [UpdateWin] C:\WINDOWS\System32\1033v.exe
O4 - HKLM\..\RunServices: [UpdateWin] C:\WINDOWS\System32\1033v.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [UpdateWin] C:\WINDOWS\System32\1033v.exe
O4 - HKCU\..\RunServices: [UpdateWin] C:\WINDOWS\System32\1033v.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/02084dfa22d225efae05/netzip/RdxIE601_fr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/...
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

re,

une question tu es julien 06 qui est sur l´autre topik avec jlpjlp?