Se connecter / S'enregistrer
Votre question

Onlinevirus.scanner.com

Tags :
  • Internet Explorer
  • Sécurité
Dernière réponse : dans Sécurité et virus
28 Décembre 2008 15:57:46

Bonjour,
J'ai besoin d'aide, depuis quelques temps, chaque fois que j'ouvre explorer, j'ai cette fenêtre qui s'ouvre:
onlinevirus.scanner.com/2009/1/fr/freescan.php?id=7705221702 02
De plus,explorer est vraiment lent. J'aimerais avoir de l'aide au plus vite, question de pouvoir arranger le probleme avant qu'il ne s'aggrave!
Merci d'avance

Autres pages sur : onlinevirus scanner com

28 Décembre 2008 15:59:38

Voici ce que donne HijackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:55:56, on 22/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\unsecapp.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\cbXQhFYq.dll,#1
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [usgce] c:\users\kèkè\appdata\local\usgce.exe usgce
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Kèkè\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\KKCD19~1\AppData\Local\Temp\mlJBQKDV.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\KKCD19~1\AppData\Local\Temp\rqRLbyxy.dll,c
O4 - HKCU\..\Run: [b84b9d05] rundll32.exe "C:\Users\KKCD19~1\AppData\Local\Temp\mjnviwgw.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: redflag.exe
O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/curre...
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9723 bytes

a b 8 Sécurité
28 Décembre 2008 19:45:05

Bonjour,

[#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    28 Décembre 2008 23:06:55

    ComboFix 08-12-21.04 - Admin 2008-12-28 22:35:15.1 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6001.1.1252.1.1036.18.1982.1077 [GMT 1:00]
    Lancé depuis: c:\users\Admin\Desktop\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\users\Admin\AppData\Local\Temp\iIBSliIA.dll
    c:\users\Admin\AppData\Local\Temp\todagbve.dll
    c:\users\Kèkè\AppData\Local\usgce.dat
    c:\users\Kèkè\AppData\Local\usgce_nav.dat
    c:\users\Kèkè\AppData\Local\usgce_navps.dat
    c:\windows\system32\cbXQhFYq.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-28 au 2008-12-28 ))))))))))))))))))))))))))))))))))))
    .

    2008-12-28 22:28 . 2008-12-28 22:28 <REP> dr------- c:\users\Admin\Searches
    2008-12-28 22:28 . 2008-12-28 22:28 <REP> d-------- c:\users\Admin\AppData\Roaming\Roxio
    2008-12-28 22:27 . 2008-12-28 22:28 <REP> dr------- c:\users\Admin\Videos
    2008-12-28 22:27 . 2008-12-28 22:28 <REP> dr------- c:\users\Admin\Saved Games
    2008-12-28 22:27 . 2008-12-28 22:28 <REP> dr------- c:\users\Admin\Pictures
    2008-12-28 22:27 . 2008-12-28 22:28 <REP> dr------- c:\users\Admin\Music
    2008-12-28 22:27 . 2008-12-28 22:28 <REP> dr------- c:\users\Admin\Links
    2008-12-28 22:27 . 2008-12-28 22:28 <REP> dr------- c:\users\Admin\Downloads
    2008-12-28 22:27 . 2008-12-28 22:28 <REP> dr------- c:\users\Admin\Documents
    2008-12-28 22:27 . 2008-12-28 22:27 <REP> dr------- c:\users\Admin\Contacts
    2008-12-28 22:27 . 2008-12-28 22:27 <REP> d-------- c:\users\Admin\AppData\Roaming\PC Suite
    2008-12-28 22:27 . 2008-12-28 22:28 <REP> d--h----- c:\users\Admin\AppData
    2008-12-28 22:27 . 2008-12-28 22:28 <REP> d-------- c:\users\Admin
    2008-12-25 17:33 . 2008-12-25 17:34 299,186,620 --a------ c:\windows\MEMORY.DMP
    2008-12-24 17:09 . 2008-12-25 22:38 <REP> d-------- C:\Nintendo DS
    2008-12-22 20:50 . 2008-12-22 20:50 <REP> d-------- c:\program files\Trend Micro
    2008-12-20 17:18 . 2008-12-20 17:18 <REP> d-------- C:\VundoFix Backups
    2008-12-18 20:53 . 2008-12-18 21:21 <REP> d-------- c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
    2008-12-18 06:51 . 2008-12-18 06:49 410,984 --a------ c:\windows\System32\deploytk.dll
    2008-12-16 20:21 . 2008-12-16 20:21 3 --a------ c:\windows\sbacknt.bin
    2008-12-16 20:18 . 2008-12-23 15:43 <REP> d-------- c:\users\Kèkè\AppData\Roaming\vghd
    2008-12-16 20:18 . 2008-12-16 20:18 152,904 --a------ c:\windows\System32\vghd.scr
    2008-12-15 19:25 . 2008-12-18 23:11 <REP> d-------- c:\users\Kèkè\Red Flag
    2008-12-15 19:25 . 2008-12-18 23:11 <REP> d-------- c:\users\Kèkè\Red Flag
    2008-12-10 07:04 . 2008-10-22 02:22 2,048 --a------ c:\windows\System32\tzres.dll
    2008-12-09 21:25 . 2008-11-01 02:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
    2008-12-09 21:25 . 2008-10-21 06:25 296,960 --a------ c:\windows\System32\gdi32.dll
    2008-12-09 21:25 . 2008-11-01 04:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll
    2008-12-09 21:23 . 2008-10-29 07:29 2,927,104 --a------ c:\windows\explorer.exe
    2008-12-09 21:23 . 2008-10-16 05:47 827,392 --a------ c:\windows\System32\wininet.dll
    2008-12-09 21:22 . 2008-06-23 02:59 2,868,736 --a------ c:\windows\System32\mf.dll
    2008-12-09 21:22 . 2008-06-23 02:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll
    2008-12-09 21:22 . 2008-06-23 02:58 94,720 --a------ c:\windows\System32\logagent.exe
    2008-12-06 23:23 . 2008-12-06 23:23 0 --ah----- c:\windows\System32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
    2008-12-06 18:01 . 2008-12-06 23:23 <REP> d-------- c:\users\Kèkè\AppData\Roaming\PC Suite
    2008-12-06 12:33 . 2008-12-06 12:33 <REP> d-------- c:\program files\Common Files\PCSuite
    2008-12-06 12:33 . 2008-12-06 12:33 <REP> d-------- c:\program files\Common Files\Nokia
    2008-12-06 12:31 . 2008-12-06 12:31 54,156 --ah----- c:\windows\QTFont.qfn
    2008-12-06 12:31 . 2008-12-06 12:31 1,409 --a------ c:\windows\QTFont.for
    2008-12-06 12:30 . 2007-09-17 15:53 21,632 --a------ c:\windows\System32\drivers\pccsmcfd.sys
    2008-12-06 12:04 . 2008-12-06 12:30 <REP> d----c--- c:\windows\System32\DRVSTORE
    2008-12-06 12:04 . 2008-12-06 12:04 <REP> d-------- c:\program files\DIFX
    2008-12-06 11:58 . 2008-05-07 07:38 90,624 --a------ c:\windows\System32\nmwcdcls.dll
    2008-12-05 17:00 . 2008-12-06 12:32 <REP> d-------- c:\program files\Nokia
    2008-12-05 16:31 . 2008-12-05 16:31 <REP> d--hs---- c:\windows\ftpcache
    2008-12-04 20:48 . 2008-12-06 12:29 <REP> d-------- c:\program files\PC Connectivity Solution
    2008-12-04 19:47 . 2008-12-06 23:23 <REP> d-------- c:\users\All Users\PC Suite
    2008-12-04 19:47 . 2008-12-06 23:23 <REP> d-------- c:\programdata\PC Suite
    2008-12-04 19:39 . 2008-12-09 22:05 <REP> d-------- c:\users\Kèkè\AppData\Roaming\Nokia
    2008-12-04 17:54 . 2008-12-06 11:52 <REP> d-------- c:\users\All Users\Installations
    2008-12-04 17:54 . 2008-12-06 11:52 <REP> d-------- c:\programdata\Installations

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-12-28 21:45 587,896,096 ----a-w c:\windows\system32\drivers\fidbox.dat
    2008-12-28 21:34 4,194,304 --sha-w c:\users\Kèkè\ntuser.dat
    2008-12-28 21:34 4,194,304 --sha-w c:\users\Kèkè\ntuser.dat
    2008-12-28 21:34 1,048,576 --sha-w c:\users\Invité\ntuser.dat
    2008-12-28 21:34 1,048,576 --sha-w c:\users\Invité\ntuser.dat
    2008-12-28 21:28 --------- d-----w c:\programdata\Kaspersky Lab
    2008-12-28 21:16 7,864,964 --sha-w c:\windows\system32\drivers\fidbox.idx
    2008-12-23 14:43 --------- d-----w c:\users\Kèkè\AppData\Roaming\vghd
    2008-12-20 18:14 --------- d-----w c:\programdata\Microsoft Help
    2008-12-18 08:00 27,744 ----a-w c:\users\Kèkè\AppData\Roaming\nvModes.dat
    2008-12-18 05:49 --------- d-----w c:\program files\Java
    2008-12-10 06:13 --------- d-----w c:\program files\Windows Mail
    2008-12-09 21:05 --------- d-----w c:\users\Kèkè\AppData\Roaming\Nokia
    2008-12-06 22:23 --------- d-----w c:\users\Kèkè\AppData\Roaming\PC Suite
    2008-12-03 21:20 508,621,600 ----a-w c:\windows\system32\drivers\fidbox(157).dat
    2008-12-02 22:25 6,787,700 --sha-w c:\windows\system32\drivers\fidbox(158).idx
    2008-11-10 13:52 --------- d-----w c:\program files\Dictionnaire
    2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
    2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
    2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
    2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
    2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
    2008-10-22 03:57 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll
    2008-10-21 05:25 1,645,568 ----a-w c:\windows\System32\connect.dll
    2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll
    2008-10-16 21:12 561,688 ----a-w c:\windows\System32\wuapi.dll
    2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe
    2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll
    2008-10-16 21:08 34,328 ----a-w c:\windows\System32\wups.dll
    2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll
    2008-10-16 20:55 83,456 ----a-w c:\windows\System32\wudriver.dll
    2008-10-16 13:08 162,064 ----a-w c:\windows\System32\wuwebv.dll
    2008-10-16 12:56 31,232 ----a-w c:\windows\System32\wuapp.exe
    2008-10-01 06:11 174 --sha-w c:\program files\desktop.ini
    2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
    2008-09-30 14:16 82,432 ----a-w c:\windows\System32\axaltocm.dll
    2008-09-30 14:16 101,888 ----a-w c:\windows\System32\ifxcardm.dll
    2008-03-18 17:28 350,208 ----a-w c:\users\Kèkè\d3drm.dll
    2008-03-18 17:28 350,208 ----a-w c:\users\Kèkè\d3drm.dll
    2008-03-11 07:33 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    2008-03-11 07:33 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    2008-03-11 07:33 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    2008-09-13 09:34 152,861,216 --sha-w c:\windows\System32\drivers\fidbox(105).dat
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
    "WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 c:\windows\System32\oobefldr.dll]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-04-23 176128]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
    "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
    "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-14 102400]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-23 282624]
    "EverioService"="c:\program files\CyberLink\PCM4Everio\EverioService.exe" [2006-11-22 151552]
    "hpqSRMon"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-18 136600]
    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2007-08-24 240112]
    "DMXLauncher"="c:\program files\Roxio\CinePlayer\DMXLauncher.exe" [2007-08-14 113136]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
    "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-07 86016]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-07 8534560]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-07 81920]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

    c:\users\KŠkŠ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    redflag.exe [2002-08-16 73728]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    PDFCreator.lnk - c:\program files\PDFCreator\PDFCreator.exe [2008-06-22 2641920]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1.0\r3hook.dll,c:\progra~1\KASPER~1\KASPER~1.0\adialhk.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{E4551E85-73A1-4EBB-87B8-A2906EC7B62E}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
    "{F592DB98-E819-477D-B3B3-F233AC4D45D0}"= Profile=Public|c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
    "{8BD97A30-ACA7-4000-B0EA-C54232997CB6}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{65741EF7-71DA-4A9E-A355-A90E0D74C21F}c:\\program files\\windows sidebar\\sidebar.exe"= UDP:c:\program files\windows sidebar\sidebar.exe:Volet Windows
    "UDP Query User{D4753DCD-0342-4F13-853A-108F35E505A2}c:\\program files\\windows sidebar\\sidebar.exe"= TCP:c:\program files\windows sidebar\sidebar.exe:Volet Windows
    "{99F4D3EE-121E-4FCF-9019-B2AC93D4D36F}"= Disabled:TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{2949A396-AC48-48F8-9319-98B8CD8A20DF}"= Profile=Public|c:\program files\CyberLink\PowerDirector\PDR.EXE:CyberLink PowerDirector
    "{63ABB6A0-B214-4507-ADAC-944E770C2324}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{EB9BF92F-9DAE-40AE-A521-8CD9C6F2BFB0}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{FEDD41E3-1696-4285-B6E8-698CE18E81DA}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{BCD1C88F-B350-4BC4-AEA9-E7ABB411E013}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{84BA526F-9D9B-45F0-ACD5-AFDEB4B4AABC}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{B5116CB3-407A-4D8C-9C65-250A2A496924}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{A609B24A-4E9A-4941-8AF5-4C5B59EBAAE3}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{202FB1EE-255A-4EEB-AF6D-593E5DA6BD22}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{E30AFFC4-7FFC-4F3B-9A20-AE613C40BB01}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{DA1682EE-1DD1-4D11-BC57-694B8C876466}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{0E00851D-8E95-4B05-8C6E-0EE8488072BB}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{1EBFF7BD-E911-4BF2-8C46-5E44F3882F64}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{5B4EDE28-158A-44DD-9EE8-44A6ACFB469D}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{4E151972-10D2-4CEE-B0C6-5BBC2EDA49AD}c:\\program files\\internet explorer\\iexplore.exe"= Disabled:UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{FD09EFE7-79D2-4C6C-BB56-9F54CAA110C7}c:\\program files\\internet explorer\\iexplore.exe"= Disabled:TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
    "{A9653096-7089-4AC9-B38E-DC6D2D3AAFA2}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{92F6CDE7-84DD-4963-8D14-71BA724C656C}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{6276FEE5-C91C-4A95-9793-887AA3C106CF}"= Disabled:c:\program files\CyberLink\PowerDirector\PDR.EXE:CyberLink PowerDirector
    "{1B6D8491-E390-4B8D-ADB0-377CAB2CA74E}"= Disabled:c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
    "TCP Query User{5D213020-0A1F-4CC7-B425-048F8D581C1B}d:\\setup.exe"= UDP:D :\setup.exe:p rogramme d'installation de Kaspersky Internet Security 7.0
    "UDP Query User{F6715B9C-546E-452B-8CC4-FDC967A37CAE}d:\\setup.exe"= TCP:D :\setup.exe:p rogramme d'installation de Kaspersky Internet Security 7.0
    "TCP Query User{33C0EAB7-8C63-400D-B9AD-642E532CB2B2}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule Plus
    "UDP Query User{916829AA-ED77-4157-B190-5C0546AE90F0}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule Plus

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2007-10-16 20496]
    R2 BBDemon;Backbone Service;"c:\program files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe" -service [2006-04-29 49152]
    R2 RoxWatch10;Roxio Hard Drive Watcher 10;"c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe" [2007-08-24 166384]
    R3 RoxMediaDB10;RoxMediaDB10;"c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe" [2007-08-24 1083888]
    S2 Roxio Upnp Server 10;Roxio Upnp Server 10;"c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe" [2007-08-24 362992]
    S2 RoxLiveShare10;LiveShare P2P Server 10;"c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" [2007-08-24 309744]
    S3 LUMDriver;LUMDriver;\??\c:\windows\system32\drivers\LUMDriver.sys [2003-07-11 14912]
    S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;"c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe" [2007-08-24 72176]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    bthsvcs REG_MULTI_SZ BthServ

    *Newly Created Service* - PROCEXP90

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "c:\program files\Common Files\LightScribe\LSRunOnce.exe"
    .
    Contenu du dossier 'Tâches planifiées'

    2008-12-28 c:\windows\Tasks\GoogleUpdateTaskUser.job
    - c:\users\K []

    2008-12-28 c:\windows\Tasks\pemvxwtn.job
    - c:\windows\system32\rundll32.exe [2006-11-02 10:45]

    2008-12-28 c:\windows\Tasks\User_Feed_Synchronization-{728C3EFA-4DB7-468C-A7FE-0B1C2E4CAA11}.job
    - c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]

    2007-12-22 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
    - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKLM-Run-Bluetooth Connection Assistant - LBTWIZ.EXE



    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-28 22:47:17
    Windows 6.0.6001 Service Pack 1 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(3764)
    c:\progra~1\KASPER~1\KASPER~1.0\r3hook.dll
    c:\progra~1\KASPER~1\KASPER~1.0\adialhk.dll
    c:\windows\system32\NSI.dll

    - - - - - - - > 'lsass.exe'(688)
    c:\progra~1\KASPER~1\KASPER~1.0\r3hook.dll
    c:\progra~1\KASPER~1\KASPER~1.0\adialhk.dll
    c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll
    .
    Heure de fin: 2008-12-28 23:00:34
    ComboFix-quarantined-files.txt 2008-12-28 22:00:28

    Avant-CF: 41 440 083 968 octets libres
    Après-CF: 41,026,105,344 octets libres

    236 --- E O F --- 2008-12-20 18:17:13


    Merci
    a b 8 Sécurité
    29 Décembre 2008 14:43:46

    Re,

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    30 Décembre 2008 00:39:40

    Bonsoir,
    j'ai bien utilisé MalwareByte's et après redémarrage, à l'ouverture de session j'ai un message d'erreur de RunDLL :
    Erreur de chargement de
    C:\Users\KKCD19~1\AppData\Local\Temp\IJAsqolMD.dll
    Le module spécifié est introuvable.



    Malwarebytes' Anti-Malware 1.31
    Version de la base de données: 1456
    Windows 6.0.6001 Service Pack 1

    30/12/2008 00:26:46
    mbam-log-2008-12-30 (00-26-25).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 235188
    Temps écoulé: 58 minute(s), 5 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 13
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 30

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\Qoobox\Quarantine\C\Windows\System32\cbXQhFYq.dll.vir (Trojan.Vundo) -> No action taken.
    C:\Users\Kèkè\AppData\Local\Temp\awttqppM.dll (Trojan.Vundo) -> No action taken.
    C:\Users\Kèkè\AppData\Local\Temp\efcYSjjk.dll (Trojan.Vundo) -> No action taken.
    C:\Users\Kèkè\AppData\Local\Temp\fccbXnMf.dll (Trojan.Vundo) -> No action taken.
    C:\Users\Kèkè\AppData\Local\Temp\iifcBssp.dll (Trojan.Vundo) -> No action taken.
    C:\Users\Kèkè\AppData\Local\Temp\khfCuVll.dll (Trojan.Vundo) -> No action taken.
    C:\Users\Kèkè\AppData\Local\Temp\lJAsqoMD.dll (Trojan.Vundo) -> No action taken.
    C:\Users\Kèkè\AppData\Local\Temp\ljJARhEw.dll (Trojan.Vundo) -> No action taken.
    C:\Users\Kèkè\AppData\Local\Temp\opnnmJdd.dll (Trojan.Vundo) -> No action taken.
    C:\Users\Kèkè\AppData\Local\Temp\pmnoPiJy.dll (Trojan.Vundo) -> No action taken.
    C:\Users\Kèkè\AppData\Local\Temp\rqRIbxus.dll (Trojan.Vundo) -> No action taken.
    C:\Users\Kèkè\AppData\Local\Temp\tmp0000ca6f (Trojan.Vundo) -> No action taken.
    C:\Users\Kèkè\AppData\Local\Temp\tmp0000df17 (Trojan.Vundo) -> No action taken.
    C:\Users\Kèkè\AppData\Local\Temp\tmp0000e86a (Trojan.Vundo) -> No action taken.
    C:\Users\Kèkè\AppData\Local\Temp\tmp00010d77 (Trojan.Vundo) -> No action taken.
    C:\Users\Kèkè\AppData\Local\Temp\tmp00010f2c (Trojan.Vundo) -> No action taken.
    C:\Users\Kèkè\AppData\Local\Temp\tmp00011e97 (Trojan.Vundo) -> No action taken.
    C:\Users\Kèkè\AppData\Local\Temp\tmp00017953 (Trojan.Vundo) -> No action taken.
    C:\Users\Kèkè\AppData\Local\Temp\tmp00017c8e (Trojan.Vundo) -> No action taken.
    C:\Users\Kèkè\AppData\Local\Temp\tmp00020924 (Trojan.Vundo) -> No action taken.
    C:\Users\Kèkè\AppData\Local\Temp\tmp00026e7b (Trojan.Vundo) -> No action taken.
    C:\Users\Kèkè\AppData\Local\Temp\tmp00028323 (Trojan.Vundo) -> No action taken.
    C:\Users\Kèkè\AppData\Local\Temp\tmp00038bda (Trojan.Vundo) -> No action taken.
    C:\Users\Kèkè\AppData\Local\Temp\tmp00046cf5 (Trojan.Vundo) -> No action taken.
    C:\Users\Kèkè\AppData\Local\Temp\tmp000491b3 (Trojan.Vundo) -> No action taken.
    C:\Users\Kèkè\AppData\Local\Temp\tmp000b9d28 (Trojan.Vundo) -> No action taken.
    C:\Users\Kèkè\AppData\Local\Temp\tmp00780475 (Trojan.Vundo) -> No action taken.
    C:\Users\Kèkè\AppData\Local\Temp\tULCvULf.dll (Trojan.Vundo) -> No action taken.
    C:\Users\Kèkè\AppData\Local\Temp\tuvWpOEv.dll (Trojan.Vundo) -> No action taken.
    C:\Users\Kèkè\AppData\Local\Temp\urqNGxWN.dll (Trojan.Vundo) -> No action taken.

    Merci
    a b 8 Sécurité
    30 Décembre 2008 13:08:07

    Tu as bien supprimé les infections avec MBAM ? Reposte un rapport Hijackthis.
    30 Décembre 2008 14:16:31

    Hier j'ai installer Firefox
    Et juste après le scan avec MBAM j'ai eu un popup pour un antivirus en ligne
    il doit rester une infection je pense, même si aujourd'hui je n'ai plus rien eu si ce n'est le message d'erreur à l'ouverture de windows.

    Merci

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:55:56, on 22/12/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Safe mode

    Running processes:
    C:\Windows\Explorer.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\wbem\unsecapp.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
    O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\cbXQhFYq.dll,#1
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKCU\..\Run: [usgce] c:\users\kèkè\appdata\local\usgce.exe usgce
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Kèkè\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
    O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
    O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\KKCD19~1\AppData\Local\Temp\mlJBQKDV.dll,#1
    O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\KKCD19~1\AppData\Local\Temp\rqRLbyxy.dll,c
    O4 - HKCU\..\Run: [b84b9d05] rundll32.exe "C:\Users\KKCD19~1\AppData\Local\Temp\mjnviwgw.dll",b
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
    O4 - Startup: redflag.exe
    O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/curre...
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
    O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
    O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
    O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
    O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 9723 bytes
    a b 8 Sécurité
    30 Décembre 2008 19:09:05

    Refais un scan MBAM, pas certain que tu ais supprimées les infections.
    30 Décembre 2008 20:22:40

    J'ai fait une mise à jour de MBAM et un scan je pense que ça doit être bon maintenant.

    Malwarebytes' Anti-Malware 1.31
    Version de la base de données: 1578
    Windows 6.0.6001 Service Pack 1

    30/12/2008 20:20:00
    mbam-log-2008-12-30 (20-20-00).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 237840
    Temps écoulé: 56 minute(s), 26 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 12

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\Qoobox\Quarantine\C\Users\Admin\AppData\Local\Temp\iIBSliIA.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\Users\Admin\AppData\Local\Temp\todagbve.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Kèkè\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UV8YD3TR\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Kèkè\AppData\Local\Temp\gtqlmmyt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Kèkè\AppData\Local\Temp\iifgDWPf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Kèkè\AppData\Local\Temp\meaksrkh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Kèkè\AppData\Local\Temp\nnnkIcya.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Kèkè\AppData\Local\Temp\nnnLBqPF.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Kèkè\AppData\Local\Temp\rqRLbyxy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Kèkè\AppData\Local\Temp\tuVpQGxY.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Kèkè\AppData\Local\Temp\viqjaowd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Kèkè\AppData\Local\Temp\wnsrelcv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    30 Décembre 2008 20:24:27

    voici le dernier rapport Hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:23:26, on 30/12/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Safe mode with network support

    Running processes:
    C:\Windows\Explorer.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
    O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
    O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/curre...
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
    O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
    O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
    O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
    O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 7587 bytes
    a b 8 Sécurité
    31 Décembre 2008 16:27:37

    Refais un scan Combofix, on termine.
    31 Décembre 2008 18:08:41

    Passe un bon réveillon.

    ComboFix 08-12-21.04 - Admin 2008-12-31 17:44:09.2 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6001.1.1252.1.1036.18.1982.1147 [GMT 1:00]
    Lancé depuis: c:\users\Admin\Desktop\ComboFix.exe
    .
    - Mode FONCTIONNALITES REDUITES -
    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-28 au 2008-12-31 ))))))))))))))))))))))))))))))))))))
    .

    2008-12-29 23:27 . 2008-12-29 23:27 <REP> d-------- c:\users\All Users\Malwarebytes
    2008-12-29 23:27 . 2008-12-29 23:27 <REP> d-------- c:\users\Admin\AppData\Roaming\Malwarebytes
    2008-12-29 23:27 . 2008-12-29 23:27 <REP> d-------- c:\programdata\Malwarebytes
    2008-12-29 23:27 . 2008-12-29 23:27 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2008-12-29 23:27 . 2008-12-03 19:52 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
    2008-12-29 23:27 . 2008-12-03 19:52 15,504 --a------ c:\windows\System32\drivers\mbam.sys
    2008-12-29 12:39 . 2008-12-29 12:39 <REP> d-------- c:\users\Kèkè\AppData\Roaming\Mozilla
    2008-12-29 12:38 . 2008-12-29 12:38 0 --a------ c:\windows\nsreg.dat
    2008-12-28 22:28 . 2008-12-28 22:28 <REP> dr------- c:\users\Admin\Searches
    2008-12-28 22:28 . 2008-12-28 22:28 <REP> d-------- c:\users\Admin\AppData\Roaming\Roxio
    2008-12-28 22:27 . 2008-12-28 22:28 <REP> dr------- c:\users\Admin\Videos
    2008-12-28 22:27 . 2008-12-28 22:28 <REP> dr------- c:\users\Admin\Saved Games
    2008-12-28 22:27 . 2008-12-28 22:28 <REP> dr------- c:\users\Admin\Pictures
    2008-12-28 22:27 . 2008-12-28 22:28 <REP> dr------- c:\users\Admin\Music
    2008-12-28 22:27 . 2008-12-28 22:28 <REP> dr------- c:\users\Admin\Links
    2008-12-28 22:27 . 2008-12-28 22:28 <REP> dr------- c:\users\Admin\Downloads
    2008-12-28 22:27 . 2008-12-28 22:28 <REP> dr------- c:\users\Admin\Documents
    2008-12-28 22:27 . 2008-12-28 22:27 <REP> dr------- c:\users\Admin\Contacts
    2008-12-28 22:27 . 2008-12-28 22:27 <REP> d-------- c:\users\Admin\AppData\Roaming\PC Suite
    2008-12-28 22:27 . 2008-12-28 22:28 <REP> d--h----- c:\users\Admin\AppData
    2008-12-28 22:27 . 2008-12-28 22:28 <REP> d-------- c:\users\Admin
    2008-12-24 17:09 . 2008-12-30 22:32 <REP> d-------- C:\Nintendo DS
    2008-12-22 20:50 . 2008-12-22 20:50 <REP> d-------- c:\program files\Trend Micro
    2008-12-20 17:18 . 2008-12-20 17:18 <REP> d-------- C:\VundoFix Backups
    2008-12-18 20:53 . 2008-12-18 21:21 <REP> d-------- c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
    2008-12-18 06:51 . 2008-12-18 06:49 410,984 --a------ c:\windows\System32\deploytk.dll
    2008-12-16 20:21 . 2008-12-16 20:21 3 --a------ c:\windows\sbacknt.bin
    2008-12-16 20:18 . 2008-12-23 15:43 <REP> d-------- c:\users\Kèkè\AppData\Roaming\vghd
    2008-12-16 20:18 . 2008-12-16 20:18 152,904 --a------ c:\windows\System32\vghd.scr
    2008-12-15 19:25 . 2008-12-18 23:11 <REP> d-------- c:\users\Kèkè\Red Flag
    2008-12-15 19:25 . 2008-12-18 23:11 <REP> d-------- c:\users\Kèkè\Red Flag
    2008-12-10 07:04 . 2008-10-22 02:22 2,048 --a------ c:\windows\System32\tzres.dll
    2008-12-09 21:25 . 2008-11-01 02:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
    2008-12-09 21:25 . 2008-10-21 06:25 296,960 --a------ c:\windows\System32\gdi32.dll
    2008-12-09 21:25 . 2008-11-01 04:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll
    2008-12-09 21:23 . 2008-10-29 07:29 2,927,104 --a------ c:\windows\explorer.exe
    2008-12-09 21:23 . 2008-10-16 05:47 827,392 --a------ c:\windows\System32\wininet.dll
    2008-12-09 21:22 . 2008-06-23 02:59 2,868,736 --a------ c:\windows\System32\mf.dll
    2008-12-09 21:22 . 2008-06-23 02:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll
    2008-12-09 21:22 . 2008-06-23 02:58 94,720 --a------ c:\windows\System32\logagent.exe
    2008-12-06 23:23 . 2008-12-06 23:23 0 --ah----- c:\windows\System32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
    2008-12-06 18:01 . 2008-12-06 23:23 <REP> d-------- c:\users\Kèkè\AppData\Roaming\PC Suite
    2008-12-06 12:33 . 2008-12-06 12:33 <REP> d-------- c:\program files\Common Files\PCSuite
    2008-12-06 12:33 . 2008-12-06 12:33 <REP> d-------- c:\program files\Common Files\Nokia
    2008-12-06 12:31 . 2008-12-06 12:31 54,156 --ah----- c:\windows\QTFont.qfn
    2008-12-06 12:31 . 2008-12-06 12:31 1,409 --a------ c:\windows\QTFont.for
    2008-12-06 12:30 . 2007-09-17 15:53 21,632 --a------ c:\windows\System32\drivers\pccsmcfd.sys
    2008-12-06 12:04 . 2008-12-06 12:30 <REP> d----c--- c:\windows\System32\DRVSTORE
    2008-12-06 12:04 . 2008-12-06 12:04 <REP> d-------- c:\program files\DIFX
    2008-12-06 11:58 . 2008-05-07 07:38 90,624 --a------ c:\windows\System32\nmwcdcls.dll
    2008-12-05 17:00 . 2008-12-06 12:32 <REP> d-------- c:\program files\Nokia
    2008-12-05 16:31 . 2008-12-05 16:31 <REP> d--hs---- c:\windows\ftpcache
    2008-12-04 20:48 . 2008-12-06 12:29 <REP> d-------- c:\program files\PC Connectivity Solution
    2008-12-04 19:47 . 2008-12-06 23:23 <REP> d-------- c:\users\All Users\PC Suite
    2008-12-04 19:47 . 2008-12-06 23:23 <REP> d-------- c:\programdata\PC Suite
    2008-12-04 19:39 . 2008-12-09 22:05 <REP> d-------- c:\users\Kèkè\AppData\Roaming\Nokia
    2008-12-04 17:54 . 2008-12-06 11:52 <REP> d-------- c:\users\All Users\Installations
    2008-12-04 17:54 . 2008-12-06 11:52 <REP> d-------- c:\programdata\Installations
    2008-11-25 21:40 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll
    2008-11-25 21:40 . 2008-08-28 04:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
    2008-11-25 21:40 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
    2008-11-25 21:40 . 2008-08-28 04:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
    2008-11-25 21:40 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
    2008-11-22 10:57 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
    2008-11-22 10:57 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
    2008-11-22 10:57 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
    2008-11-22 10:57 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
    2008-11-22 10:53 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
    2008-11-22 10:53 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
    2008-11-22 10:53 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
    2008-11-22 10:49 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
    2008-11-22 10:49 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
    2008-11-12 18:05 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
    2008-11-12 18:05 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
    2008-11-12 18:05 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
    2008-11-10 14:52 . 2008-11-10 14:52 <REP> d-------- c:\program files\Dictionnaire

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-12-31 16:47 594,703,904 ----a-w c:\windows\system32\drivers\fidbox.dat
    2008-12-31 16:40 4,194,304 --sha-w c:\users\Kèkè\ntuser.dat
    2008-12-31 16:40 4,194,304 --sha-w c:\users\Kèkè\ntuser.dat
    2008-12-31 09:13 --------- d-----w c:\programdata\Kaspersky Lab
    2008-12-30 21:41 7,925,540 --sha-w c:\windows\system32\drivers\fidbox.idx
    2008-12-29 21:44 27,744 ----a-w c:\users\Kèkè\AppData\Roaming\nvModes.dat
    2008-12-29 11:39 --------- d-----w c:\users\Kèkè\AppData\Roaming\Mozilla
    2008-12-28 21:34 1,048,576 --sha-w c:\users\Invité\ntuser.dat
    2008-12-28 21:34 1,048,576 --sha-w c:\users\Invité\ntuser.dat
    2008-12-23 14:43 --------- d-----w c:\users\Kèkè\AppData\Roaming\vghd
    2008-12-20 18:14 --------- d-----w c:\programdata\Microsoft Help
    2008-12-18 05:49 --------- d-----w c:\program files\Java
    2008-12-10 06:13 --------- d-----w c:\program files\Windows Mail
    2008-12-09 21:05 --------- d-----w c:\users\Kèkè\AppData\Roaming\Nokia
    2008-12-06 22:23 --------- d-----w c:\users\Kèkè\AppData\Roaming\PC Suite
    2008-12-03 21:20 508,621,600 ----a-w c:\windows\system32\drivers\fidbox(157).dat
    2008-12-02 22:25 6,787,700 --sha-w c:\windows\system32\drivers\fidbox(158).idx
    2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
    2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
    2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
    2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
    2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
    2008-10-01 06:11 174 --sha-w c:\program files\desktop.ini
    2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
    2008-09-30 14:16 82,432 ----a-w c:\windows\System32\axaltocm.dll
    2008-09-30 14:16 101,888 ----a-w c:\windows\System32\ifxcardm.dll
    2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
    2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
    2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
    2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
    2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
    2008-03-18 17:28 350,208 ----a-w c:\users\Kèkè\d3drm.dll
    2008-03-18 17:28 350,208 ----a-w c:\users\Kèkè\d3drm.dll
    2008-03-11 07:33 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    2008-03-11 07:33 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    2008-03-11 07:33 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    2008-09-13 09:34 152,861,216 --sha-w c:\windows\System32\drivers\fidbox(105).dat
    .

    ((((((((((((((((((((((((((((( snapshot@2008-12-28_22.49.09,79 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-12-28 21:17:53 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2008-12-31 09:12:27 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2008-12-28 21:17:53 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2008-12-31 09:12:27 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2008-12-28 21:47:30 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2008-12-31 09:15:19 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2008-12-31 09:15:19 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
    - 2008-12-28 21:47:23 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2008-12-31 09:15:14 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
    - 2008-12-28 21:40:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-12-31 09:14:40 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-12-28 21:40:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-12-31 09:14:40 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-12-28 21:40:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-12-31 09:14:40 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-12-25 21:45:21 104,940 ----a-w c:\windows\System32\perfc009.dat
    + 2008-12-31 15:26:33 104,940 ----a-w c:\windows\System32\perfc009.dat
    - 2008-12-25 21:45:21 128,004 ----a-w c:\windows\System32\perfc00C.dat
    + 2008-12-31 15:26:33 128,004 ----a-w c:\windows\System32\perfc00C.dat
    - 2008-12-25 21:45:21 595,506 ----a-w c:\windows\System32\perfh009.dat
    + 2008-12-31 15:26:33 595,506 ----a-w c:\windows\System32\perfh009.dat
    - 2008-12-25 21:45:21 678,956 ----a-w c:\windows\System32\perfh00C.dat
    + 2008-12-31 15:26:33 678,956 ----a-w c:\windows\System32\perfh00C.dat
    - 2008-12-28 21:22:39 12,312 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4250912448-1376035076-1652516170-1000_UserData.bin
    + 2008-12-31 09:16:10 12,520 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4250912448-1376035076-1652516170-1000_UserData.bin
    - 2008-12-28 21:22:39 63,972 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2008-12-31 09:16:09 63,972 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2008-12-26 21:11:54 5,236 ----a-w c:\windows\System32\WDI\ERCQueuedResolutions.dat
    + 2008-12-30 18:11:57 5,236 ----a-w c:\windows\System32\WDI\ERCQueuedResolutions.dat
    - 2008-12-28 21:22:27 54,596 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2008-12-31 09:16:05 54,784 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    - 2008-12-27 16:22:36 278,624 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
    + 2008-12-30 18:11:27 280,040 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
    .
    -- Instantané actualisé --
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-04-23 176128]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
    "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
    "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-14 102400]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-23 282624]
    "EverioService"="c:\program files\CyberLink\PCM4Everio\EverioService.exe" [2006-11-22 151552]
    "hpqSRMon"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-18 136600]
    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2007-08-24 240112]
    "DMXLauncher"="c:\program files\Roxio\CinePlayer\DMXLauncher.exe" [2007-08-14 113136]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
    "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-07 86016]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-07 8534560]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-07 81920]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

    c:\users\KŠkŠ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    redflag.exe [2002-08-16 73728]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    PDFCreator.lnk - c:\program files\PDFCreator\PDFCreator.exe [2008-06-22 2641920]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1.0\r3hook.dll,c:\progra~1\KASPER~1\KASPER~1.0\adialhk.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{E4551E85-73A1-4EBB-87B8-A2906EC7B62E}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
    "{F592DB98-E819-477D-B3B3-F233AC4D45D0}"= Profile=Public|c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
    "{8BD97A30-ACA7-4000-B0EA-C54232997CB6}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{65741EF7-71DA-4A9E-A355-A90E0D74C21F}c:\\program files\\windows sidebar\\sidebar.exe"= UDP:c:\program files\windows sidebar\sidebar.exe:Volet Windows
    "UDP Query User{D4753DCD-0342-4F13-853A-108F35E505A2}c:\\program files\\windows sidebar\\sidebar.exe"= TCP:c:\program files\windows sidebar\sidebar.exe:Volet Windows
    "{99F4D3EE-121E-4FCF-9019-B2AC93D4D36F}"= Disabled:TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{2949A396-AC48-48F8-9319-98B8CD8A20DF}"= Profile=Public|c:\program files\CyberLink\PowerDirector\PDR.EXE:CyberLink PowerDirector
    "{63ABB6A0-B214-4507-ADAC-944E770C2324}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{EB9BF92F-9DAE-40AE-A521-8CD9C6F2BFB0}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{FEDD41E3-1696-4285-B6E8-698CE18E81DA}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{BCD1C88F-B350-4BC4-AEA9-E7ABB411E013}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{84BA526F-9D9B-45F0-ACD5-AFDEB4B4AABC}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{B5116CB3-407A-4D8C-9C65-250A2A496924}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{A609B24A-4E9A-4941-8AF5-4C5B59EBAAE3}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{202FB1EE-255A-4EEB-AF6D-593E5DA6BD22}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{E30AFFC4-7FFC-4F3B-9A20-AE613C40BB01}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{DA1682EE-1DD1-4D11-BC57-694B8C876466}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{0E00851D-8E95-4B05-8C6E-0EE8488072BB}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{1EBFF7BD-E911-4BF2-8C46-5E44F3882F64}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{5B4EDE28-158A-44DD-9EE8-44A6ACFB469D}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{4E151972-10D2-4CEE-B0C6-5BBC2EDA49AD}c:\\program files\\internet explorer\\iexplore.exe"= Disabled:UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{FD09EFE7-79D2-4C6C-BB56-9F54CAA110C7}c:\\program files\\internet explorer\\iexplore.exe"= Disabled:TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
    "{A9653096-7089-4AC9-B38E-DC6D2D3AAFA2}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{92F6CDE7-84DD-4963-8D14-71BA724C656C}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{6276FEE5-C91C-4A95-9793-887AA3C106CF}"= Disabled:c:\program files\CyberLink\PowerDirector\PDR.EXE:CyberLink PowerDirector
    "{1B6D8491-E390-4B8D-ADB0-377CAB2CA74E}"= Disabled:c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
    "TCP Query User{5D213020-0A1F-4CC7-B425-048F8D581C1B}d:\\setup.exe"= UDP:D :\setup.exe:p rogramme d'installation de Kaspersky Internet Security 7.0
    "UDP Query User{F6715B9C-546E-452B-8CC4-FDC967A37CAE}d:\\setup.exe"= TCP:D :\setup.exe:p rogramme d'installation de Kaspersky Internet Security 7.0
    "TCP Query User{33C0EAB7-8C63-400D-B9AD-642E532CB2B2}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule Plus
    "UDP Query User{916829AA-ED77-4157-B190-5C0546AE90F0}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule Plus

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2007-10-16 20496]
    R2 BBDemon;Backbone Service;"c:\program files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe" -service [2006-04-29 49152]
    R2 RoxWatch10;Roxio Hard Drive Watcher 10;"c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe" [2007-08-24 166384]
    R3 RoxMediaDB10;RoxMediaDB10;"c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe" [2007-08-24 1083888]
    S2 Roxio Upnp Server 10;Roxio Upnp Server 10;"c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe" [2007-08-24 362992]
    S2 RoxLiveShare10;LiveShare P2P Server 10;"c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" [2007-08-24 309744]
    S3 LUMDriver;LUMDriver;\??\c:\windows\system32\drivers\LUMDriver.sys [2003-07-11 14912]
    S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;"c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe" [2007-08-24 72176]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    bthsvcs REG_MULTI_SZ BthServ

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "c:\program files\Common Files\LightScribe\LSRunOnce.exe"
    .
    Contenu du dossier 'Tâches planifiées'

    2008-12-28 c:\windows\Tasks\pemvxwtn.job
    - c:\windows\system32\rundll32.exe [2006-11-02 10:45]

    2008-12-30 c:\windows\Tasks\User_Feed_Synchronization-{728C3EFA-4DB7-468C-A7FE-0B1C2E4CAA11}.job
    - c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]

    2007-12-22 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
    - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-31 17:46:44
    Windows 6.0.6001 Service Pack 1 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    Heure de fin: 2008-12-31 18:02:37
    ComboFix-quarantined-files.txt 2008-12-31 17:02:00
    ComboFix2.txt 2008-12-28 22:00:36

    Avant-CF: 35 588 653 056 octets libres
    Après-CF: 35,562,573,824 octets libres

    271 --- E O F --- 2008-12-20 18:17:13
    a b 8 Sécurité
    1 Janvier 2009 19:22:32

    Bah cay clean, tu as d'autres soucis ?
    1 Janvier 2009 22:24:02

    Non, maintenant la vitesse est redevenue normale. Il y a juste les messages d'erreurs des dll manquants.

    Merci

    Meilleurs voeux pour 2009
    a b 8 Sécurité
    2 Janvier 2009 18:08:23

    A toi aussi.
    La même dll toujours ?
    2 Janvier 2009 18:45:47

    Merci

    Non plus de problème j'ai nettoyé mon pc avec Glary Utilities.Maintenant tout est ok. Merci pour tout
    a b 8 Sécurité
    3 Janvier 2009 18:16:00

    Bon surf.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS