Se connecter / S'enregistrer
Votre question

Virus alert sur ma barre de taches

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
21 Octobre 2008 09:33:22

Bonjour à tous,

Hier soir je me balladais tranquillement sur Internet quand j'ai eu plein de messages d'alerte de virus qui se sont affichés, me proposant de faire des scan et d'installer des logiciels antivirus, anti spywares etc ...

Dans la panique j'ai donc éteint mon PC, et en voulant le rallumer ce matin, je me suis rendue compte qu'un message "Virus Alert" s'etait incrusté dans ma barre des taches, que plusieurs icones de bureau avec des antispywares etc s'etaient aussi mis, et qu'un programme "total secure 2009" s'etait ajouté dans mon menu démarrer.

Que faire ? Je n'ose plus toucher au Pc de peur d'aggraver les choses.

J'utilise Xp Pro, et j'ai Mc afee comme antivirus (d'ailleurs, je ne sais pas si il est tres efficace ...)

Merci d'avance de votre aide.

Autres pages sur : virus alert barre taches

21 Octobre 2008 20:18:37

voici le rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:13: VIRUS ALERT!, on 21/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20900)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\Explorer.EXE
C:\WINDOWS.0\system32\spoolsv.exe
C:\WINDOWS.0\SOUNDMAN.EXE
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS.0\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\WINDOWS.0\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS.0\system32\nvsvc32.exe
C:\WINDOWS.0\system32\pctspk.exe
C:\WINDOWS.0\system32\svchost.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe
C:\WINDOWS.0\system32\rundll32.exe
C:\WINDOWS.0\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: bkqxdons - {86135D5C-E0AB-4D8B-9205-9A3C7E5765D7} - C:\WINDOWS.0\bkqxdons.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS.0\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS.0\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS.0\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS.0\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [a41e1116] rundll32.exe "C:\WINDOWS.0\system32\pvfdxygv.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
O4 - HKCU\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS.0\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS.0\TEMP\E_SC3.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS.0\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS.0\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://louloutedegralhas.spaces.live.com/PhotoUpload/Ms...
O20 - AppInit_DLLs: tduucy.dll
O21 - SSODL: qnflkotm - {6C82A726-77D6-4CAC-89EF-B55A569DB019} - C:\WINDOWS.0\qnflkotm.dll
O21 - SSODL: vwnskbot - {C7E5036A-AC16-4408-BE78-EC5094498A51} - C:\WINDOWS.0\vwnskbot.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVSync Manager (AvSynMgr) - Networks Associates Technologies, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS.0\system32\pctspk.exe

--
End of file - 9236 bytes


c'est grave docteur ?
Contenus similaires
a b 8 Sécurité
21 Octobre 2008 20:58:44

Re,

[#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    21 Octobre 2008 22:00:35

    ComboFix 08-10-19.04 - Administrateur 2008-10-21 21:35:25.1 - NTFSx86

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Administrateur\Application Data\Adobe\crc.dat
    C:\Documents and Settings\Administrateur\Application Data\Adobe\Player.exe
    C:\Documents and Settings\Administrateur\Application Data\Adobe\Player.exe.bak
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    C:\Program Files\TS-2009
    C:\Program Files\TS-2009\scan.exe
    C:\Program Files\TS-2009\totalsecure.s2
    C:\Program Files\TS-2009\totalsecure.s3
    C:\Program Files\TS-2009\totalsecure.s6
    C:\Program Files\TS-2009\uninstall.exe
    C:\WINDOWS.0\erxt.exe
    C:\WINDOWS.0\k.txt
    C:\WINDOWS.0\system32\hlkhymlb.dll
    C:\WINDOWS.0\system32\jkklLfCR.dll
    C:\WINDOWS.0\system32\Oonmonpo.ini
    C:\WINDOWS.0\system32\Oonmonpo.ini2
    C:\WINDOWS.0\system32\opnomnoO.dll
    C:\WINDOWS.0\system32\pvfdxygv.dll
    C:\WINDOWS.0\system32\sysbase32.dll
    C:\WINDOWS.0\system32\tduucy.dll
    C:\WINDOWS.0\system32\urqRKCrS.dll
    C:\WINDOWS.0\system32\vgyxdfvp.ini

    ----- BITS: Il y a peut-être des sites infectés -----

    hxxp://78.157.143.198
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-21 au 2008-10-21 ))))))))))))))))))))))))))))))))))))
    .

    2008-10-21 19:46 . 2008-10-21 19:46 <REP> d-------- C:\Program Files\Trend Micro
    2008-10-21 07:55 . 2008-10-21 07:55 77,824 --a------ C:\WINDOWS.0\system32\TDSSxfum.dll
    2008-10-21 07:55 . 2008-10-21 07:55 31,232 --a------ C:\WINDOWS.0\system32\TDSSriqp.dll
    2008-10-21 07:55 . 2008-10-21 07:55 29,696 --a------ C:\WINDOWS.0\system32\TDSSbrsr.dll
    2008-10-21 07:55 . 2008-10-21 07:55 12,288 --a------ C:\WINDOWS.0\system32\TDSSrhym.dll
    2008-10-21 07:55 . 2008-10-21 21:17 3,530 --a------ C:\WINDOWS.0\system32\TDSSlxwp.dll
    2008-10-21 07:54 . 2008-10-21 07:55 61,952 --a------ C:\WINDOWS.0\system32\drivers\TDSSmqlt.sys
    2008-10-21 07:54 . 2008-10-21 07:55 36,864 --a------ C:\WINDOWS.0\system32\TDSSoiqh.dll
    2008-10-21 07:54 . 2008-10-21 07:54 164 --a------ C:\WINDOWS.0\system32\TDSSosvd.dat
    2008-10-21 07:52 . 2008-10-21 07:23 344,064 --a------ C:\WINDOWS.0\aetlsrknamo.dll
    2008-10-21 07:52 . 2008-10-21 07:23 303,104 --a------ C:\WINDOWS.0\qnflkotm.dll
    2008-10-21 07:52 . 2008-10-21 07:23 278,528 --a------ C:\WINDOWS.0\vwnskbot.dll
    2008-10-21 07:52 . 2008-10-21 07:23 217,088 --a------ C:\WINDOWS.0\bkqxdons.dll
    2008-10-21 07:52 . 2008-10-21 07:23 131,072 --a------ C:\WINDOWS.0\woprdagt.exe
    2008-10-21 07:51 . 2008-10-21 07:52 <REP> d-------- C:\Extracted
    2008-10-20 20:13 . 2006-08-10 02:02 75,264 --a------ C:\WINDOWS.0\system32\E_FLBBVE.DLL
    2008-10-20 20:13 . 2006-04-19 02:00 62,976 --a------ C:\WINDOWS.0\system32\E_FD4BBVE.DLL
    2008-10-20 20:13 . 2004-09-10 20:12 49,152 --a------ C:\WINDOWS.0\system32\E_DCINST.DLL
    2008-10-20 19:59 . 2008-10-20 19:59 <REP> d-------- C:\Program Files\EPSON
    2008-10-20 19:59 . 2008-10-20 20:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\EPSON
    2008-10-19 19:48 . 2008-10-19 19:49 <REP> d-------- C:\WINDOWS.0\system32\NtmsData
    2008-10-15 11:36 . 2008-09-08 12:41 333,824 --------- C:\WINDOWS.0\system32\dllcache\srv.sys
    2008-10-15 11:35 . 2008-08-14 15:23 2,191,232 --------- C:\WINDOWS.0\system32\dllcache\ntoskrnl.exe
    2008-10-15 11:35 . 2008-08-14 15:23 2,147,328 --------- C:\WINDOWS.0\system32\dllcache\ntkrnlmp.exe
    2008-10-15 11:35 . 2008-08-14 15:23 2,068,096 --------- C:\WINDOWS.0\system32\dllcache\ntkrnlpa.exe
    2008-10-15 11:35 . 2008-08-14 15:23 2,025,984 --------- C:\WINDOWS.0\system32\dllcache\ntkrpamp.exe
    2008-10-15 11:35 . 2008-09-15 17:26 1,846,528 --------- C:\WINDOWS.0\system32\dllcache\win32k.sys
    2008-10-11 20:19 . 2008-10-11 20:19 <REP> d-------- C:\WINDOWS.0\Sun
    2008-10-11 20:13 . 2008-10-11 20:13 <REP> d-------- C:\Program Files\Picasa2
    2008-10-11 20:13 . 2008-10-11 20:13 <REP> d-------- C:\Program Files\Google
    2008-10-11 20:13 . 2006-10-05 04:42 2,560 --------- C:\WINDOWS.0\system32\drivers\cdralw2k.sys
    2008-10-11 20:13 . 2006-10-05 04:42 2,432 --------- C:\WINDOWS.0\system32\drivers\cdr4_xp.sys
    2008-10-10 20:30 . 2008-10-10 20:31 <REP> d-------- C:\PPREMIER
    2008-10-10 20:30 . 1994-08-28 14:33 398,416 --------- C:\WINDOWS.0\VBRUN300.DLL
    2008-10-10 20:30 . 1993-11-19 00:00 54,272 --------- C:\WINDOWS.0\MCIWNDX.VBX
    2008-10-10 20:30 . 1994-07-15 01:10 8,854 --------- C:\WINDOWS.0\VBASM.DLL
    2008-10-05 19:41 . 2008-04-13 20:47 25,856 --a------ C:\WINDOWS.0\system32\drivers\usbprint.sys
    2008-10-05 19:41 . 2008-04-13 20:47 25,856 --a------ C:\WINDOWS.0\system32\dllcache\usbprint.sys
    2008-10-04 18:05 . 2008-10-04 18:06 <REP> d-------- C:\Program Files\iTunes
    2008-10-04 18:05 . 2008-10-04 18:05 <REP> d-------- C:\Program Files\iPod
    2008-10-04 18:05 . 2008-10-04 18:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-10-02 21:30 . 2008-04-13 20:45 32,128 --a------ C:\WINDOWS.0\system32\drivers\usbccgp.sys
    2008-10-02 21:30 . 2008-04-13 20:45 32,128 --a------ C:\WINDOWS.0\system32\dllcache\usbccgp.sys
    2008-09-29 22:13 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS.0\system32\d3dx9_32.dll
    2008-09-29 22:10 . 2008-09-29 22:10 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
    2008-09-29 21:48 . 2008-09-29 21:55 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-09-29 21:47 . 2008-09-29 21:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-09-28 22:25 . 2008-09-28 22:25 <REP> d-------- C:\WINDOWS.0\system32\windows media
    2008-09-28 22:24 . 2008-09-28 22:25 <REP> d--h----- C:\WINDOWS.0\msdownld.tmp
    2008-09-28 22:24 . 2008-09-28 22:24 <REP> d-------- C:\Program Files\Windows Media Components
    2008-09-28 19:48 . 2008-09-28 19:48 268 --ah----- C:\sqmdata00.sqm
    2008-09-28 19:48 . 2008-09-28 19:48 244 --ah----- C:\sqmnoopt00.sqm
    2008-09-25 21:48 . 1996-08-23 20:11 384,512 --a------ C:\WINDOWS.0\system32\MFCO40.DLL
    2008-09-25 21:48 . 1995-05-22 06:37 358,400 --a------ C:\WINDOWS.0\system32\MFC30.DLL
    2008-09-25 21:48 . 1995-05-22 06:37 151,040 --a------ C:\WINDOWS.0\system32\MFCO30.DLL
    2008-09-25 21:48 . 1999-07-14 17:34 36,864 --a------ C:\WINDOWS.0\Photo Express 3.scr
    2008-09-25 21:48 . 2008-09-25 21:56 569 --a------ C:\WINDOWS.0\ULEAD32.INI
    2008-09-25 21:47 . 1998-11-13 13:16 308,224 --a------ C:\WINDOWS.0\IsUn040c.exe
    2008-09-22 21:08 . 2008-09-22 21:08 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Samsung
    2008-09-22 20:59 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS.0\system32\framedyn.dll
    2008-09-22 20:58 . 2008-09-22 20:58 <REP> d-------- C:\WINDOWS.0\system32\Samsung_USB_Drivers
    2008-09-22 20:58 . 2005-08-30 01:49 94,000 --a------ C:\WINDOWS.0\system32\drivers\ssm_mdm.sys
    2008-09-22 20:58 . 2005-08-30 01:47 58,320 --a------ C:\WINDOWS.0\system32\drivers\ssm_bus.sys
    2008-09-22 20:58 . 2005-08-30 01:49 8,336 --a------ C:\WINDOWS.0\system32\drivers\ssm_mdfl.sys
    2008-09-22 20:58 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS.0\system32\drivers\ssm_cmnt.sys
    2008-09-22 20:58 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS.0\system32\drivers\ssm_cm.sys
    2008-09-22 20:58 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS.0\system32\drivers\ssm_whnt.sys
    2008-09-22 20:58 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS.0\system32\drivers\ssm_wh.sys
    2008-09-22 20:57 . 2008-09-22 20:57 <REP> d-------- C:\Program Files\Samsung
    2008-09-22 20:57 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS.0\system32\drivers\StarOpen.sys
    2008-09-22 20:57 . 2005-08-28 20:51 766 --a------ C:\WINDOWS.0\system32\Uninstall.ico
    2008-09-21 20:45 . 2008-09-21 20:45 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Ulead Systems
    2008-09-21 20:01 . 2008-04-14 04:33 159,232 --a------ C:\WINDOWS.0\system32\ptpusd.dll
    2008-09-21 20:01 . 2008-04-13 20:45 15,104 --a------ C:\WINDOWS.0\system32\drivers\usbscan.sys
    2008-09-21 20:01 . 2008-04-13 20:45 15,104 --a------ C:\WINDOWS.0\system32\dllcache\usbscan.sys
    2008-09-21 20:01 . 2001-08-23 17:47 5,632 --a------ C:\WINDOWS.0\system32\ptpusb.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-21 05:52 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-10-20 20:27 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Azureus
    2008-10-15 20:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-10-12 11:22 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\LimeWire
    2008-10-05 08:51 --------- d-----w C:\Program Files\LimeWire
    2008-10-03 16:22 6,068,224 ------w C:\WINDOWS.0\system32\dllcache\ieframe.dll
    2008-09-30 20:35 --------- d-----w C:\Program Files\Windows Live
    2008-09-29 20:04 --------- d-----w C:\Program Files\MSN Messenger
    2008-09-25 19:47 --------- d-----w C:\Program Files\Ulead Systems
    2008-09-22 18:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-09-20 11:26 47,751 ----a-w C:\WINDOWS.0\BricoPackUninst.cmd
    2008-09-20 11:26 2,231 ----a-w C:\WINDOWS.0\BricoPackFoldersDelete.cmd
    2008-09-20 06:56 219,648 ----a-w C:\WINDOWS.0\system32\uxtheme.dll
    2008-09-19 20:44 --------- d-----w C:\Program Files\microsoft frontpage
    2008-09-18 01:15 --------- d-----w C:\Program Files\MSXML 6.0
    2008-09-17 06:03 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Apple Computer
    2008-09-17 06:02 --------- d-----w C:\Program Files\Bonjour
    2008-09-17 06:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-09-17 06:01 --------- d-----w C:\Program Files\QuickTime Alternative
    2008-09-17 06:01 --------- d-----w C:\Program Files\Fichiers communs\Apple
    2008-09-17 06:00 --------- d-----w C:\Program Files\Apple Software Update
    2008-09-17 05:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
    2008-09-16 18:22 --------- d-----w C:\Program Files\Fichiers communs\Ulead Systems
    2008-09-16 18:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
    2008-09-16 05:47 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Jasc
    2008-09-16 05:46 --------- d-----w C:\Program Files\Jasc Software Inc
    2008-09-15 19:26 --------- d-----w C:\Program Files\PhotoFiltre
    2008-09-15 15:26 1,846,528 ----a-w C:\WINDOWS.0\system32\win32k.sys
    2008-09-15 06:21 --------- d-----w C:\Program Files\Unlocker
    2008-09-14 17:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2008-09-14 17:03 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-09-14 11:19 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Media Player Classic
    2008-09-14 10:00 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-09-14 03:14 --------- d-----w C:\Program Files\Azureus
    2008-09-14 03:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
    2008-09-13 19:51 --------- d-----w C:\Program Files\McAfee
    2008-09-13 19:51 --------- d-----w C:\Program Files\Fichiers communs\Network Associates
    2008-09-13 19:37 --------- d-----w C:\Program Files\Microsoft Works
    2008-09-13 19:36 --------- d-----w C:\Program Files\Microsoft.NET
    2008-09-13 19:31 --------- d-----w C:\Program Files\My Company Name
    2008-09-13 19:31 --------- d-----w C:\Program Files\Media Player Classic
    2008-09-13 19:31 --------- d-----w C:\Program Files\FlashFXP
    2008-09-13 19:31 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\FlashFXP
    2008-09-13 19:30 --------- d-----w C:\Program Files\Real Alternative
    2008-09-13 19:30 --------- d-----w C:\Program Files\Combined Community Codec Pack
    2008-09-13 19:28 --------- d-----w C:\Program Files\CyberLink
    2008-09-13 19:26 --------- d-----w C:\Program Files\Java
    2008-09-13 19:26 --------- d-----w C:\Program Files\Fichiers communs\Java
    2008-09-13 19:22 --------- d-----w C:\Program Files\Lavasoft
    2008-09-13 19:22 --------- d-----w C:\Program Files\HashTab Shell Extension
    2008-09-13 19:22 --------- d-----w C:\Program Files\Alwil Software
    2008-09-13 19:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-09-13 19:21 395,744 ----a-w C:\WINDOWS.0\system32\drivers\timntr.sys
    2008-09-13 19:21 39,264 ----a-w C:\WINDOWS.0\system32\drivers\tifsfilt.sys
    2008-09-13 19:21 114,048 ----a-w C:\WINDOWS.0\system32\drivers\snapman.sys
    2008-09-13 19:21 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-09-13 19:21 --------- d-----w C:\Program Files\Fichiers communs\Acronis
    2008-09-13 19:21 --------- d-----w C:\Program Files\Acronis
    2008-09-13 19:18 --------- d-----w C:\Program Files\Nero
    2008-09-13 19:18 --------- d-----w C:\Program Files\Fichiers communs\Ahead
    2008-09-13 19:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
    2008-09-13 19:11 685,816 ----a-w C:\WINDOWS.0\system32\drivers\sptd.sys
    2008-09-13 19:11 --------- d-----w C:\Program Files\MSXML 4.0
    2008-09-13 19:08 --------- d-----w C:\Program Files\Services en ligne
    2008-09-13 19:05 --------- d-----w C:\Program Files\Desktop
    2008-09-13 19:04 --------- d-----w C:\Program Files\Windows Media Connect 2
    2008-09-08 10:41 333,824 ----a-w C:\WINDOWS.0\system32\drivers\srv.sys
    2008-08-29 08:18 87,336 ----a-w C:\WINDOWS.0\system32\dns-sd.exe
    2008-08-29 07:53 61,440 ----a-w C:\WINDOWS.0\system32\dnssd.dll
    2008-08-25 08:43 70,656 ------w C:\WINDOWS.0\system32\dllcache\ie4uinit.exe
    2008-08-25 08:43 13,824 ------w C:\WINDOWS.0\system32\dllcache\ieudinit.exe
    2008-08-23 05:56 635,848 ------w C:\WINDOWS.0\system32\dllcache\iexplore.exe
    2008-08-23 05:54 161,792 ------w C:\WINDOWS.0\system32\dllcache\ieakui.dll
    2008-08-14 13:23 2,191,232 ----a-w C:\WINDOWS.0\system32\ntoskrnl.exe
    2008-08-14 13:23 2,068,096 ----a-w C:\WINDOWS.0\system32\ntkrnlpa.exe
    2008-08-14 10:04 138,496 ------w C:\WINDOWS.0\system32\dllcache\afd.sys
    2008-06-23 08:23 625,664 --sha-w C:\WINDOWS.0\BricoPacks\SysFiles\68_iexplore.exe
    .

    ------- Sigcheck -------

    2008-04-14 04:34 1886208 318626d9d5cc4ecd0ec3ba5f261cbf3d C:\WINDOWS.0\explorer.exe
    2004-08-04 06:54 1227264 e28d16a8d63eca6246921fdf7cbde42a C:\WINDOWS.0\$NtServicePackUninstall$\explorer.exe
    2004-08-04 06:54 1227264 e28d16a8d63eca6246921fdf7cbde42a C:\WINDOWS.0\icon_TMP\explorer.exe
    2008-04-14 04:34 1886208 318626d9d5cc4ecd0ec3ba5f261cbf3d C:\WINDOWS.0\ServicePackFiles\i386\explorer.exe
    2004-08-04 06:54 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa C:\WINDOWS.0\system_backup\explorer.exe
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E727A138-B390-438A-94C3-40B5CDCF1791}]
    2008-10-21 07:23 344064 --a------ C:\WINDOWS.0\aetlsrknamo.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{86135D5C-E0AB-4D8B-9205-9A3C7E5765D7}"= "C:\WINDOWS.0\bkqxdons.dll" [2008-10-21 217088]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS.0\system32\ctfmon.exe" [2008-04-14 15360]
    "McAfee.InstantUpdate.Monitor"="C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" [2002-02-11 102468]
    "EPSON Stylus DX5000 Series"="C:\WINDOWS.0\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE" [2006-09-22 139264]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS.0\system32\NvCpl.dll" [2006-10-22 7700480]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
    "TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-10-18 1185264]
    "AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-10-18 1961576]
    "Acronis Scheduler2 Service"="C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2006-10-17 87584]
    "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-06 69216]
    "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
    "Alogserv"="C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe" [2002-02-13 36898]
    "IMJPMIG8.1"="C:\WINDOWS.0\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
    "MSPY2002"="C:\WINDOWS.0\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
    "PHIME2002ASync"="C:\WINDOWS.0\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "PHIME2002A"="C:\WINDOWS.0\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "Ulead AutoDetector v2"="C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-08-27 90112]
    "QuickTime Task"="C:\Program Files\QuickTime Alternative\QTTask.exe" [2008-09-06 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
    "SoundMan"="SOUNDMAN.EXE" [2007-04-16 C:\WINDOWS.0\SOUNDMAN.EXE]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS.0\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "nltide_2"="shell32" [X]
    "nltide_3"="advpack.dll" [2008-08-26 C:\WINDOWS.0\system32\advpack.dll]

    C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
    Stardock ObjectDock.lnk - C:\WINDOWS.0\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe [2005-02-21 1826885]
    Y'z ToolBar.lnk - C:\WINDOWS.0\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe [2002-09-29 90112]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableTaskMgr"= 1 (0x1)
    "DisableRegistryTools"= 1 (0x1)
    "NoDispCPL"= 1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)
    "ForceStartMenuLogoff"= 0 (0x0)
    "NoResolveTrack"= 1 (0x1)
    "NoResolveSearch"= 1 (0x1)
    "NoInstrumentation"= 1 (0x1)
    "NoStartMenuMFUprogramsList"= 1 (0x1)
    "NoToolbarCustomize"= 1 (0x1)
    "StartMenuLogoff"= 1 (0x1)
    "NoStartMenuMorePrograms"= 1 (0x1)
    "NoSetFolders"= 1 (0x1)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)
    "StartMenuLogoff"= 1 (0x1)
    "ForceStartMenuLogoff"= 0 (0x0)
    "NoResolveTrack"= 1 (0x1)
    "NoResolveSearch"= 1 (0x1)
    "NoInstrumentation"= 1 (0x1)
    "NoStartMenuMFUprogramsList"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "qnflkotm"= {6C82A726-77D6-4CAC-89EF-B55A569DB019} - C:\WINDOWS.0\qnflkotm.dll [2008-10-21 303104]
    "vwnskbot"= {C7E5036A-AC16-4408-BE78-EC5094498A51} - C:\WINDOWS.0\vwnskbot.dll [2008-10-21 278528]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=tduucy.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
    "vidc.wmv3"= C:\PROGRA~1\COMBIN~1\Filters\wmv9vcm.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSmqlt.sys]
    @="driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=

    R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51 13560]
    R2 AvSynMgr;AVSync Manager ;C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe [2002-02-13 172066]
    R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS.0\system32\pctspk.exe [2001-08-23 86016]
    R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS.0\system32\DRIVERS\ptserlp.sys [2001-08-17 112574]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS.0\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS.0\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    .
    Contenu du dossier 'Tâches planifiées'

    2008-10-20 C:\WINDOWS.0\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{3d515fca-e69c-458d-9271-bf1769842618} - C:\WINDOWS.0\system32\tduucy.dll
    BHO-{42AE1DA1-FF60-4435-A81F-9B6538F865A6} - C:\WINDOWS.0\system32\jkklLfCR.dll
    BHO-{6ECB8E85-7A9E-4175-8113-1136D1A325DB} - C:\WINDOWS.0\system32\SYSBAS~1.DLL
    BHO-{E13BEC04-CC12-4962-B55F-827DF7925AFE} - C:\WINDOWS.0\system32\opnomnoO.dll
    HKLM-Run-a41e1116 - C:\WINDOWS.0\system32\pvfdxygv.dll
    ShellExecuteHooks-{42AE1DA1-FF60-4435-A81F-9B6538F865A6} - C:\WINDOWS.0\system32\jkklLfCR.dll


    .
    ------- Examen supplémentaire -------
    .
    FireFox -: Profile - C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-21 21:46:14
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
    "ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    PROCESSUS: C:\WINDOWS.0\explorer.exe
    -> C:\WINDOWS.0\BricoPacks\Vista Inspirat\ObjectDock\DockShellHook.dll
    -> C:\Program Files\Unlocker\UnlockerHook.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS.0\system32\nvsvc32.exe
    C:\Program Files\McAfee\McAfee VirusScan\VSStat.exe
    C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS.0\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-10-21 21:57:35 - La machine a redémarré [Administrateur]
    ComboFix-quarantined-files.txt 2008-10-21 19:57:21

    Avant-CF: 39,500,357,632 octets libres
    Après-CF: 39,594,405,888 octets libres

    344 --- E O F --- 2008-10-15 20:49:39
    22 Octobre 2008 14:14:28

    j'ai l'impression d'avoir moins de messages me disant que j'ai des virus, mais j'ai toujours mon "virus alert" sur la barre des taches sniff...
    Alors qu'est ce que j'ai chopé comme betises ? =S
    a b 8 Sécurité
    22 Octobre 2008 17:34:09

    Il y a encore pas mal d'infections.

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    22 Octobre 2008 17:58:08

    Modération :

  • @louloute2207 : Ne pas écouter les bétises d'idris821, Angeldark va s'occuper de toi

  • suppression des messages d'idris821
    22 Octobre 2008 19:41:12

    ah d'accord ... j'ai quand meme mis avast, quel est le mieux ? avast ou mc afee ?

    Du coup en faisant l'analyse avast, j'ai eu 3 virus de repéré :
    - windows / system32 / taskkills.exe : trojan-gen
    - windows.0 / system32 : taskkills.exe : trojan-gen
    - windows.0 /tdssrhym.dll : win 32 bravix.

    j'installe malwarebyte's et revient vous poster le rapport des que je l'ai.

    merci
    a b 8 Sécurité
    22 Octobre 2008 20:42:01

    McAfee est meilleur.
    22 Octobre 2008 21:03:34

    D'accord.

    Voici le rapport :

    Malwarebytes' Anti-Malware 1.29
    Version de la base de données: 1306
    Windows 5.1.2600 Service Pack 3

    22/10/2008 20:56:35
    mbam-log-2008-10-22 (20-56-35).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 86474
    Temps écoulé: 1 hour(s), 9 minute(s), 44 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 21
    Valeur(s) du Registre infectée(s): 3
    Elément(s) de données du Registre infecté(s): 15
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 34

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\dkampio (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\kaspaz.bho (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{1ce6f264-7803-48bf-9b53-86fc75bebb49} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{95c6f0d7-507c-41e3-9e07-a78e15433e2b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{0ba90515-15e4-47fb-ae55-68a0d402e7c3} (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{6924636b-04a2-42a8-8a95-082c18641e9b} (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{6c82a726-77d6-4cac-89ef-b55a569db019} (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{4abe67b6-ccd8-40be-bc1f-fb107caa7d36} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{9cca4160-a46e-4460-843e-adf63ddd96ec} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{c7e5036a-ac16-4408-be78-ec5094498a51} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{b109b220-8abb-4b7c-ac75-01f6be23e64a} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{22b6c734-baa5-4e90-aac5-d4a84100757b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{86135d5c-e0ab-4d8b-9205-9a3c7e5765d7} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{13cc65c6-35df-4508-8096-d6d6dfd93df8} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{a7bf34c7-771c-4aa9-9d00-430a8163ac79} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{e2a19dbd-52ff-4b4c-807b-e24468d8459d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{e727a138-b390-438a-94c3-40b5cdcf1791} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e727a138-b390-438a-94c3-40b5cdcf1791} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\bkqxdons.bklb (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\bkqxdons.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\qnflkotm (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\vwnskbot (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{86135d5c-e0ab-4d8b-9205-9a3c7e5765d7} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6...) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (55274-640-7229107-23143) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (HH:mm:ss) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\Qoobox\Quarantine\C\WINDOWS.0\erxt.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS.0\system32\hlkhymlb.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS.0\system32\jkklLfCR.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS.0\system32\opnomnoO.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS.0\system32\pvfdxygv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS.0\system32\sysbase32.dll.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS.0\system32\tduucy.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS.0\system32\urqRKCrS.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8080F0EB-4704-4A9B-A082-D45A7B95BAC8}\RP34\A0006705.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8080F0EB-4704-4A9B-A082-D45A7B95BAC8}\RP34\A0006707.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8080F0EB-4704-4A9B-A082-D45A7B95BAC8}\RP34\A0006708.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8080F0EB-4704-4A9B-A082-D45A7B95BAC8}\RP34\A0006709.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8080F0EB-4704-4A9B-A082-D45A7B95BAC8}\RP34\A0006710.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8080F0EB-4704-4A9B-A082-D45A7B95BAC8}\RP34\A0006711.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8080F0EB-4704-4A9B-A082-D45A7B95BAC8}\RP34\A0006712.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8080F0EB-4704-4A9B-A082-D45A7B95BAC8}\RP34\A0006713.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.0\qnflkotm.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrateur\Application Data\TmpRecentIcons\Total Secure 2009.lnk (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrateur\Bureau\Protect Your Privacy.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrateur\Bureau\Malware Defender.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrateur\Bureau\System Error Fixer.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\WINDOWS.0\vwnskbot.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS.0\system32\TDSSlxwp.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS.0\woprdagt.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS.0\bkqxdons.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS.0\aetlsrknamo.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS.0\system32\drivers\etc\services (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
    C:\WINDOWS.0\explorer.backup (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
    C:\WINDOWS.0\system32\TDSSbrsr.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS.0\system32\TDSSnmxh.log (Trojan.TDSS) -> Quarantined and deleted successfully.
    C:\WINDOWS.0\system32\TDSSoiqh.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS.0\system32\TDSSriqp.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS.0\system32\TDSSxfum.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS.0\system32\drivers\TDSSmqlt.sys (Rootkit.Agent) -> Quarantined and deleted successfully.


    Je note que je n'ai plus le "virus alert" sur ma barre de taches, et que je peux de nouveau acceder à mon menu demarrer ... Probleme resolu ?
    a b 8 Sécurité
    23 Octobre 2008 10:52:44

    Supprime ta version de Combofix. Retélécharge-la puis refais un scan.
    23 Octobre 2008 20:16:27

    voici le rapport combfix

    ComboFix 08-10-23.01 - Administrateur 2008-10-23 19:52:31.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.506 [GMT 2:00]
    Lancé depuis: G:\ComboFix.exe
    * Un nouveau point de restauration a été créé

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-23 au 2008-10-23 ))))))))))))))))))))))))))))))))))))
    .

    2008-10-22 22:10 . 2008-10-22 22:10 7,168 --ahs---- C:\WINDOWS.0\Thumbs.db
    2008-10-22 19:41 . 2008-10-22 19:41 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
    2008-10-22 19:41 . 2008-10-16 20:25 15,504 --a------ C:\WINDOWS.0\system32\drivers\mbam.sys
    2008-10-22 19:40 . 2008-10-22 19:41 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-22 19:40 . 2008-10-22 19:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-10-22 19:40 . 2008-10-16 20:25 38,496 --a------ C:\WINDOWS.0\system32\drivers\mbamswissarmy.sys
    2008-10-21 19:46 . 2008-10-21 19:46 <REP> d-------- C:\Program Files\Trend Micro
    2008-10-21 07:54 . 2008-10-21 07:54 164 --a------ C:\WINDOWS.0\system32\TDSSosvd.dat
    2008-10-21 07:51 . 2008-10-21 07:52 <REP> d-------- C:\Extracted
    2008-10-20 20:13 . 2006-08-10 02:02 75,264 --a------ C:\WINDOWS.0\system32\E_FLBBVE.DLL
    2008-10-20 20:13 . 2006-04-19 02:00 62,976 --a------ C:\WINDOWS.0\system32\E_FD4BBVE.DLL
    2008-10-20 20:13 . 2004-09-10 20:12 49,152 --a------ C:\WINDOWS.0\system32\E_DCINST.DLL
    2008-10-20 19:59 . 2008-10-20 19:59 <REP> d-------- C:\Program Files\EPSON
    2008-10-20 19:59 . 2008-10-20 20:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\EPSON
    2008-10-19 19:48 . 2008-10-19 19:49 <REP> d-------- C:\WINDOWS.0\system32\NtmsData
    2008-10-15 11:36 . 2008-09-08 12:41 333,824 --------- C:\WINDOWS.0\system32\dllcache\srv.sys
    2008-10-15 11:35 . 2008-08-14 15:23 2,191,232 --------- C:\WINDOWS.0\system32\dllcache\ntoskrnl.exe
    2008-10-15 11:35 . 2008-08-14 15:23 2,147,328 --------- C:\WINDOWS.0\system32\dllcache\ntkrnlmp.exe
    2008-10-15 11:35 . 2008-08-14 15:23 2,068,096 --------- C:\WINDOWS.0\system32\dllcache\ntkrnlpa.exe
    2008-10-15 11:35 . 2008-08-14 15:23 2,025,984 --------- C:\WINDOWS.0\system32\dllcache\ntkrpamp.exe
    2008-10-15 11:35 . 2008-09-15 17:26 1,846,528 --------- C:\WINDOWS.0\system32\dllcache\win32k.sys
    2008-10-11 20:19 . 2008-10-11 20:19 <REP> d-------- C:\WINDOWS.0\Sun
    2008-10-11 20:13 . 2008-10-11 20:13 <REP> d-------- C:\Program Files\Picasa2
    2008-10-11 20:13 . 2008-10-11 20:13 <REP> d-------- C:\Program Files\Google
    2008-10-11 20:13 . 2006-10-05 04:42 2,560 --------- C:\WINDOWS.0\system32\drivers\cdralw2k.sys
    2008-10-11 20:13 . 2006-10-05 04:42 2,432 --------- C:\WINDOWS.0\system32\drivers\cdr4_xp.sys
    2008-10-10 20:30 . 2008-10-10 20:31 <REP> d-------- C:\PPREMIER
    2008-10-10 20:30 . 1994-08-28 14:33 398,416 --------- C:\WINDOWS.0\VBRUN300.DLL
    2008-10-10 20:30 . 1993-11-19 00:00 54,272 --------- C:\WINDOWS.0\MCIWNDX.VBX
    2008-10-10 20:30 . 1994-07-15 01:10 8,854 --------- C:\WINDOWS.0\VBASM.DLL
    2008-10-05 19:41 . 2008-04-13 20:47 25,856 --a------ C:\WINDOWS.0\system32\drivers\usbprint.sys
    2008-10-05 19:41 . 2008-04-13 20:47 25,856 --a------ C:\WINDOWS.0\system32\dllcache\usbprint.sys
    2008-10-04 18:05 . 2008-10-04 18:06 <REP> d-------- C:\Program Files\iTunes
    2008-10-04 18:05 . 2008-10-04 18:05 <REP> d-------- C:\Program Files\iPod
    2008-10-04 18:05 . 2008-10-04 18:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-10-02 21:30 . 2008-04-13 20:45 32,128 --a------ C:\WINDOWS.0\system32\drivers\usbccgp.sys
    2008-10-02 21:30 . 2008-04-13 20:45 32,128 --a------ C:\WINDOWS.0\system32\dllcache\usbccgp.sys
    2008-09-29 22:13 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS.0\system32\d3dx9_32.dll
    2008-09-29 22:10 . 2008-09-29 22:10 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
    2008-09-29 21:48 . 2008-09-29 21:55 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-09-29 21:47 . 2008-09-29 21:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-09-28 22:25 . 2008-09-28 22:25 <REP> d-------- C:\WINDOWS.0\system32\windows media
    2008-09-28 22:24 . 2008-09-28 22:25 <REP> d--h----- C:\WINDOWS.0\msdownld.tmp
    2008-09-28 22:24 . 2008-09-28 22:24 <REP> d-------- C:\Program Files\Windows Media Components
    2008-09-28 19:48 . 2008-09-28 19:48 268 --ah----- C:\sqmdata00.sqm
    2008-09-28 19:48 . 2008-09-28 19:48 244 --ah----- C:\sqmnoopt00.sqm
    2008-09-25 21:48 . 1996-08-23 20:11 384,512 --a------ C:\WINDOWS.0\system32\MFCO40.DLL
    2008-09-25 21:48 . 1995-05-22 06:37 358,400 --a------ C:\WINDOWS.0\system32\MFC30.DLL
    2008-09-25 21:48 . 1995-05-22 06:37 151,040 --a------ C:\WINDOWS.0\system32\MFCO30.DLL
    2008-09-25 21:48 . 1999-07-14 17:34 36,864 --a------ C:\WINDOWS.0\Photo Express 3.scr
    2008-09-25 21:48 . 2008-09-25 21:56 569 --a------ C:\WINDOWS.0\ULEAD32.INI
    2008-09-25 21:47 . 1998-11-13 13:16 308,224 --a------ C:\WINDOWS.0\IsUn040c.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-23 17:46 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Azureus
    2008-10-22 20:10 --------- d-----w C:\Program Files\Real Alternative
    2008-10-22 20:10 --------- d-----w C:\Program Files\QuickTime Alternative
    2008-10-22 20:10 --------- d-----w C:\Program Files\Media Player Classic
    2008-10-22 20:10 --------- d-----w C:\Program Files\LimeWire
    2008-10-22 20:10 --------- d-----w C:\Program Files\Combined Community Codec Pack
    2008-10-21 05:52 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-10-15 20:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-10-12 11:22 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\LimeWire
    2008-10-03 16:22 6,068,224 ------w C:\WINDOWS.0\system32\dllcache\ieframe.dll
    2008-09-30 20:35 --------- d-----w C:\Program Files\Windows Live
    2008-09-29 20:04 --------- d-----w C:\Program Files\MSN Messenger
    2008-09-25 19:47 --------- d-----w C:\Program Files\Ulead Systems
    2008-09-22 19:08 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Samsung
    2008-09-22 18:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-09-22 18:57 --------- d-----w C:\Program Files\Samsung
    2008-09-21 18:45 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Ulead Systems
    2008-09-20 11:26 47,751 ----a-w C:\WINDOWS.0\BricoPackUninst.cmd
    2008-09-20 11:26 2,231 ----a-w C:\WINDOWS.0\BricoPackFoldersDelete.cmd
    2008-09-20 06:56 219,648 ----a-w C:\WINDOWS.0\system32\uxtheme.dll
    2008-09-19 20:44 --------- d-----w C:\Program Files\microsoft frontpage
    2008-09-18 01:15 --------- d-----w C:\Program Files\MSXML 6.0
    2008-09-17 06:03 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Apple Computer
    2008-09-17 06:02 --------- d-----w C:\Program Files\Bonjour
    2008-09-17 06:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-09-17 06:01 --------- d-----w C:\Program Files\Fichiers communs\Apple
    2008-09-17 06:00 --------- d-----w C:\Program Files\Apple Software Update
    2008-09-17 05:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
    2008-09-16 18:22 --------- d-----w C:\Program Files\Fichiers communs\Ulead Systems
    2008-09-16 18:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
    2008-09-16 05:47 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Jasc
    2008-09-16 05:46 --------- d-----w C:\Program Files\Jasc Software Inc
    2008-09-15 19:26 --------- d-----w C:\Program Files\PhotoFiltre
    2008-09-15 15:26 1,846,528 ----a-w C:\WINDOWS.0\system32\win32k.sys
    2008-09-15 06:21 --------- d-----w C:\Program Files\Unlocker
    2008-09-14 17:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2008-09-14 17:03 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-09-14 11:19 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Media Player Classic
    2008-09-14 10:00 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-09-14 03:14 --------- d-----w C:\Program Files\Azureus
    2008-09-14 03:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
    2008-09-13 19:51 --------- d-----w C:\Program Files\McAfee
    2008-09-13 19:51 --------- d-----w C:\Program Files\Fichiers communs\Network Associates
    2008-09-13 19:37 --------- d-----w C:\Program Files\Microsoft Works
    2008-09-13 19:36 --------- d-----w C:\Program Files\Microsoft.NET
    2008-09-13 19:31 --------- d-----w C:\Program Files\My Company Name
    2008-09-13 19:31 --------- d-----w C:\Program Files\FlashFXP
    2008-09-13 19:31 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\FlashFXP
    2008-09-13 19:28 --------- d-----w C:\Program Files\CyberLink
    2008-09-13 19:26 --------- d-----w C:\Program Files\Java
    2008-09-13 19:26 --------- d-----w C:\Program Files\Fichiers communs\Java
    2008-09-13 19:22 --------- d-----w C:\Program Files\Lavasoft
    2008-09-13 19:22 --------- d-----w C:\Program Files\HashTab Shell Extension
    2008-09-13 19:22 --------- d-----w C:\Program Files\Alwil Software
    2008-09-13 19:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-09-13 19:21 395,744 ----a-w C:\WINDOWS.0\system32\drivers\timntr.sys
    2008-09-13 19:21 39,264 ----a-w C:\WINDOWS.0\system32\drivers\tifsfilt.sys
    2008-09-13 19:21 114,048 ----a-w C:\WINDOWS.0\system32\drivers\snapman.sys
    2008-09-13 19:21 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-09-13 19:21 --------- d-----w C:\Program Files\Fichiers communs\Acronis
    2008-09-13 19:21 --------- d-----w C:\Program Files\Acronis
    2008-09-13 19:18 --------- d-----w C:\Program Files\Nero
    2008-09-13 19:18 --------- d-----w C:\Program Files\Fichiers communs\Ahead
    2008-09-13 19:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
    2008-09-13 19:11 685,816 ----a-w C:\WINDOWS.0\system32\drivers\sptd.sys
    2008-09-13 19:11 --------- d-----w C:\Program Files\MSXML 4.0
    2008-09-13 19:08 --------- d-----w C:\Program Files\Services en ligne
    2008-09-13 19:05 --------- d-----w C:\Program Files\Desktop
    2008-09-13 19:04 --------- d-----w C:\Program Files\Windows Media Connect 2
    2008-09-08 10:41 333,824 ----a-w C:\WINDOWS.0\system32\drivers\srv.sys
    2008-09-05 21:30 952,360 ------w C:\WINDOWS.0\system32\dllcache\WgaTray.exe
    2008-09-05 21:30 267,304 ------w C:\WINDOWS.0\system32\dllcache\wgaLogon.dll
    2008-08-29 08:18 87,336 ----a-w C:\WINDOWS.0\system32\dns-sd.exe
    2008-08-29 07:53 61,440 ----a-w C:\WINDOWS.0\system32\dnssd.dll
    2008-08-25 08:43 70,656 ------w C:\WINDOWS.0\system32\dllcache\ie4uinit.exe
    2008-08-25 08:43 13,824 ------w C:\WINDOWS.0\system32\dllcache\ieudinit.exe
    2008-08-23 05:56 635,848 ------w C:\WINDOWS.0\system32\dllcache\iexplore.exe
    2008-08-23 05:54 161,792 ------w C:\WINDOWS.0\system32\dllcache\ieakui.dll
    2008-08-14 13:23 2,191,232 ----a-w C:\WINDOWS.0\system32\ntoskrnl.exe
    2008-08-14 13:23 2,068,096 ----a-w C:\WINDOWS.0\system32\ntkrnlpa.exe
    2008-08-14 10:04 138,496 ------w C:\WINDOWS.0\system32\dllcache\afd.sys
    2008-06-23 08:23 625,664 --sha-w C:\WINDOWS.0\BricoPacks\SysFiles\68_iexplore.exe
    .

    ------- Sigcheck -------

    2008-04-14 04:34 1886208 318626d9d5cc4ecd0ec3ba5f261cbf3d C:\WINDOWS.0\explorer.exe
    2004-08-04 06:54 1227264 e28d16a8d63eca6246921fdf7cbde42a C:\WINDOWS.0\$NtServicePackUninstall$\explorer.exe
    2004-08-04 06:54 1227264 e28d16a8d63eca6246921fdf7cbde42a C:\WINDOWS.0\icon_TMP\explorer.exe
    2008-04-14 04:34 1886208 318626d9d5cc4ecd0ec3ba5f261cbf3d C:\WINDOWS.0\ServicePackFiles\i386\explorer.exe
    2004-08-04 06:54 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa C:\WINDOWS.0\system_backup\explorer.exe
    .
    ((((((((((((((((((((((((((((( snapshot@2008-10-21_21.56.49.73 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-07-19 14:43:08 1,163,960 ----a-w C:\WINDOWS.0\system32\aswBoot.exe
    + 2008-07-19 14:30:53 94,392 ----a-w C:\WINDOWS.0\system32\AvastSS.scr
    + 2008-07-19 14:32:15 26,944 ----a-w C:\WINDOWS.0\system32\drivers\aavmker4.sys
    + 2008-07-19 14:37:42 20,560 ----a-w C:\WINDOWS.0\system32\drivers\aswFsBlk.sys
    + 2008-01-17 16:34:01 93,264 ----a-w C:\WINDOWS.0\system32\drivers\aswmon.sys
    + 2008-07-19 14:37:21 94,416 ----a-w C:\WINDOWS.0\system32\drivers\aswmon2.sys
    + 2008-07-19 14:33:42 23,152 ----a-w C:\WINDOWS.0\system32\drivers\aswRdr.sys
    + 2008-07-19 14:35:18 78,416 ----a-w C:\WINDOWS.0\system32\drivers\aswSP.sys
    + 2008-07-19 14:32:36 42,912 ----a-w C:\WINDOWS.0\system32\drivers\aswTdi.sys
    - 2007-06-17 20:28:47 1,488,688 ----a-w C:\WINDOWS.0\system32\legitcheckcontrol.dll
    + 2008-09-05 21:30:06 1,480,232 ----a-w C:\WINDOWS.0\system32\LegitCheckControl.dll
    + 2008-09-05 21:30:46 267,304 ------w C:\WINDOWS.0\system32\WgaLogon.dll
    + 2008-09-05 21:30:04 952,360 ------w C:\WINDOWS.0\system32\WgaTray.exe
    + 2008-10-23 17:58:54 16,384 ----atw C:\WINDOWS.0\temp\Perflib_Perfdata_5d4.dat
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS.0\system32\ctfmon.exe" [2008-04-14 15360]
    "McAfee.InstantUpdate.Monitor"="C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" [2002-02-11 102468]
    "EPSON Stylus DX5000 Series"="C:\WINDOWS.0\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE" [2006-09-22 139264]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS.0\system32\NvCpl.dll" [2006-10-22 7700480]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
    "TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-10-18 1185264]
    "AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-10-18 1961576]
    "Acronis Scheduler2 Service"="C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2006-10-17 87584]
    "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-06 69216]
    "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
    "Alogserv"="C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe" [2002-02-13 36898]
    "IMJPMIG8.1"="C:\WINDOWS.0\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
    "MSPY2002"="C:\WINDOWS.0\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
    "PHIME2002ASync"="C:\WINDOWS.0\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "PHIME2002A"="C:\WINDOWS.0\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "Ulead AutoDetector v2"="C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-08-27 90112]
    "QuickTime Task"="C:\Program Files\QuickTime Alternative\QTTask.exe" [2008-09-06 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
    "SoundMan"="SOUNDMAN.EXE" [2007-04-16 C:\WINDOWS.0\SOUNDMAN.EXE]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS.0\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "nltide_2"="shell32" [X]
    "nltide_3"="advpack.dll" [2008-08-26 C:\WINDOWS.0\system32\advpack.dll]

    C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
    Stardock ObjectDock.lnk - C:\WINDOWS.0\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe [2005-02-21 1826885]
    Y'z ToolBar.lnk - C:\WINDOWS.0\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe [2002-09-29 90112]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)
    "ForceStartMenuLogoff"= 0 (0x0)
    "NoResolveTrack"= 1 (0x1)
    "NoResolveSearch"= 1 (0x1)
    "NoInstrumentation"= 1 (0x1)
    "NoStartMenuMFUprogramsList"= 1 (0x1)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)
    "StartMenuLogoff"= 1 (0x1)
    "ForceStartMenuLogoff"= 0 (0x0)
    "NoResolveTrack"= 1 (0x1)
    "NoResolveSearch"= 1 (0x1)
    "NoInstrumentation"= 1 (0x1)
    "NoStartMenuMFUprogramsList"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=tduucy.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
    "vidc.wmv3"= C:\PROGRA~1\COMBIN~1\Filters\wmv9vcm.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Azureus\\Azureus.exe"=

    R1 aswSP;avast! Self Protection;C:\WINDOWS.0\system32\drivers\aswSP.sys [2008-07-19 78416]
    R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51 13560]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS.0\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
    R2 AvSynMgr;AVSync Manager ;C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe [2002-02-13 172066]
    R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS.0\system32\pctspk.exe [2001-08-23 86016]
    R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS.0\system32\DRIVERS\ptserlp.sys [2001-08-17 112574]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS.0\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS.0\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    .
    Contenu du dossier 'Tâches planifiées'

    2008-10-20 C:\WINDOWS.0\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    SafeBoot-TDSSmqlt.sys


    .
    ------- Examen supplémentaire -------
    .
    FireFox -: Profile - C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-23 20:00:04
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
    "ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    PROCESSUS: C:\WINDOWS.0\explorer.exe
    -> C:\WINDOWS.0\BricoPacks\Vista Inspirat\ObjectDock\DockShellHook.dll
    -> C:\Program Files\Unlocker\UnlockerHook.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS.0\system32\nvsvc32.exe
    C:\Program Files\McAfee\McAfee VirusScan\VSStat.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS.0\system32\verclsid.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-10-23 20:12:38 - La machine a redémarré
    ComboFix-quarantined-files.txt 2008-10-23 18:12:25

    Avant-CF: 38 618 136 576 octets libres
    Après-CF: 38,648,459,264 octets libres

    301 --- E O F --- 2008-10-23 05:47:10


    Verdict ?
    a b 8 Sécurité
    23 Octobre 2008 20:20:02

    Re,

    [#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    C:\WINDOWS.0\system32\TDSSosvd.dat


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précédemment copié.
    Sauvegarde ce fichier sous le nom de "CFScript.txt" [#ff0000](les guillemets sont importantes)[/#f].

    Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme dans l'image ci-dessous :


    Cela va relancer ComboFix. Après redémarrage, poste le contenu du rapport (C:\combofix.txt*) accompagné d'un rapport HijackThis.
    [#ff0000]NOTE : S'il n'y a pas de redémarrage, poste quand même les rapports demandés.[/#f]
    * le nom de la partition peut changer
    23 Octobre 2008 21:28:28

    voici le rapport :

    ComboFix 08-10-23.01 - Administrateur 2008-10-23 21:06:25.3 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.495 [GMT 2:00]
    Lancé depuis: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
    Commutateurs utilisés :: C:\Documents and Settings\Administrateur\Bureau\CFScript.txt
    * Un nouveau point de restauration a été créé

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    C:\WINDOWS.0\system32\TDSSosvd.dat
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS.0\system32\TDSSosvd.dat

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-23 au 2008-10-23 ))))))))))))))))))))))))))))))))))))
    .

    2008-10-22 22:10 . 2008-10-22 22:10 7,168 --ahs---- C:\WINDOWS.0\Thumbs.db
    2008-10-22 19:41 . 2008-10-22 19:41 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
    2008-10-22 19:41 . 2008-10-16 20:25 15,504 --a------ C:\WINDOWS.0\system32\drivers\mbam.sys
    2008-10-22 19:40 . 2008-10-22 19:41 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-22 19:40 . 2008-10-22 19:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-10-22 19:40 . 2008-10-16 20:25 38,496 --a------ C:\WINDOWS.0\system32\drivers\mbamswissarmy.sys
    2008-10-21 19:46 . 2008-10-21 19:46 <REP> d-------- C:\Program Files\Trend Micro
    2008-10-21 07:51 . 2008-10-21 07:52 <REP> d-------- C:\Extracted
    2008-10-20 20:13 . 2006-08-10 02:02 75,264 --a------ C:\WINDOWS.0\system32\E_FLBBVE.DLL
    2008-10-20 20:13 . 2006-04-19 02:00 62,976 --a------ C:\WINDOWS.0\system32\E_FD4BBVE.DLL
    2008-10-20 20:13 . 2004-09-10 20:12 49,152 --a------ C:\WINDOWS.0\system32\E_DCINST.DLL
    2008-10-20 19:59 . 2008-10-20 19:59 <REP> d-------- C:\Program Files\EPSON
    2008-10-20 19:59 . 2008-10-20 20:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\EPSON
    2008-10-19 19:48 . 2008-10-19 19:49 <REP> d-------- C:\WINDOWS.0\system32\NtmsData
    2008-10-15 11:36 . 2008-09-08 12:41 333,824 --------- C:\WINDOWS.0\system32\dllcache\srv.sys
    2008-10-15 11:35 . 2008-08-14 15:23 2,191,232 --------- C:\WINDOWS.0\system32\dllcache\ntoskrnl.exe
    2008-10-15 11:35 . 2008-08-14 15:23 2,147,328 --------- C:\WINDOWS.0\system32\dllcache\ntkrnlmp.exe
    2008-10-15 11:35 . 2008-08-14 15:23 2,068,096 --------- C:\WINDOWS.0\system32\dllcache\ntkrnlpa.exe
    2008-10-15 11:35 . 2008-08-14 15:23 2,025,984 --------- C:\WINDOWS.0\system32\dllcache\ntkrpamp.exe
    2008-10-15 11:35 . 2008-09-15 17:26 1,846,528 --------- C:\WINDOWS.0\system32\dllcache\win32k.sys
    2008-10-11 20:19 . 2008-10-11 20:19 <REP> d-------- C:\WINDOWS.0\Sun
    2008-10-11 20:13 . 2008-10-11 20:13 <REP> d-------- C:\Program Files\Picasa2
    2008-10-11 20:13 . 2008-10-11 20:13 <REP> d-------- C:\Program Files\Google
    2008-10-11 20:13 . 2006-10-05 04:42 2,560 --------- C:\WINDOWS.0\system32\drivers\cdralw2k.sys
    2008-10-11 20:13 . 2006-10-05 04:42 2,432 --------- C:\WINDOWS.0\system32\drivers\cdr4_xp.sys
    2008-10-10 20:30 . 2008-10-10 20:31 <REP> d-------- C:\PPREMIER
    2008-10-10 20:30 . 1994-08-28 14:33 398,416 --------- C:\WINDOWS.0\VBRUN300.DLL
    2008-10-10 20:30 . 1993-11-19 00:00 54,272 --------- C:\WINDOWS.0\MCIWNDX.VBX
    2008-10-10 20:30 . 1994-07-15 01:10 8,854 --------- C:\WINDOWS.0\VBASM.DLL
    2008-10-05 19:41 . 2008-04-13 20:47 25,856 --a------ C:\WINDOWS.0\system32\drivers\usbprint.sys
    2008-10-05 19:41 . 2008-04-13 20:47 25,856 --a------ C:\WINDOWS.0\system32\dllcache\usbprint.sys
    2008-10-04 18:05 . 2008-10-04 18:06 <REP> d-------- C:\Program Files\iTunes
    2008-10-04 18:05 . 2008-10-04 18:05 <REP> d-------- C:\Program Files\iPod
    2008-10-04 18:05 . 2008-10-04 18:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-10-02 21:30 . 2008-04-13 20:45 32,128 --a------ C:\WINDOWS.0\system32\drivers\usbccgp.sys
    2008-10-02 21:30 . 2008-04-13 20:45 32,128 --a------ C:\WINDOWS.0\system32\dllcache\usbccgp.sys
    2008-09-29 22:13 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS.0\system32\d3dx9_32.dll
    2008-09-29 22:10 . 2008-09-29 22:10 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
    2008-09-29 21:48 . 2008-09-29 21:55 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-09-29 21:47 . 2008-09-29 21:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-09-28 22:25 . 2008-09-28 22:25 <REP> d-------- C:\WINDOWS.0\system32\windows media
    2008-09-28 22:24 . 2008-09-28 22:25 <REP> d--h----- C:\WINDOWS.0\msdownld.tmp
    2008-09-28 22:24 . 2008-09-28 22:24 <REP> d-------- C:\Program Files\Windows Media Components
    2008-09-28 19:48 . 2008-09-28 19:48 268 --ah----- C:\sqmdata00.sqm
    2008-09-28 19:48 . 2008-09-28 19:48 244 --ah----- C:\sqmnoopt00.sqm
    2008-09-25 21:48 . 1996-08-23 20:11 384,512 --a------ C:\WINDOWS.0\system32\MFCO40.DLL
    2008-09-25 21:48 . 1995-05-22 06:37 358,400 --a------ C:\WINDOWS.0\system32\MFC30.DLL
    2008-09-25 21:48 . 1995-05-22 06:37 151,040 --a------ C:\WINDOWS.0\system32\MFCO30.DLL
    2008-09-25 21:48 . 1999-07-14 17:34 36,864 --a------ C:\WINDOWS.0\Photo Express 3.scr
    2008-09-25 21:48 . 2008-09-25 21:56 569 --a------ C:\WINDOWS.0\ULEAD32.INI
    2008-09-25 21:47 . 1998-11-13 13:16 308,224 --a------ C:\WINDOWS.0\IsUn040c.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-23 17:46 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Azureus
    2008-10-22 20:10 --------- d-----w C:\Program Files\Real Alternative
    2008-10-22 20:10 --------- d-----w C:\Program Files\QuickTime Alternative
    2008-10-22 20:10 --------- d-----w C:\Program Files\Media Player Classic
    2008-10-22 20:10 --------- d-----w C:\Program Files\LimeWire
    2008-10-22 20:10 --------- d-----w C:\Program Files\Combined Community Codec Pack
    2008-10-21 05:52 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-10-15 20:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-10-12 11:22 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\LimeWire
    2008-10-03 16:22 6,068,224 ------w C:\WINDOWS.0\system32\dllcache\ieframe.dll
    2008-09-30 20:35 --------- d-----w C:\Program Files\Windows Live
    2008-09-29 20:04 --------- d-----w C:\Program Files\MSN Messenger
    2008-09-25 19:47 --------- d-----w C:\Program Files\Ulead Systems
    2008-09-22 19:08 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Samsung
    2008-09-22 18:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-09-22 18:57 --------- d-----w C:\Program Files\Samsung
    2008-09-21 18:45 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Ulead Systems
    2008-09-20 11:26 47,751 ----a-w C:\WINDOWS.0\BricoPackUninst.cmd
    2008-09-20 11:26 2,231 ----a-w C:\WINDOWS.0\BricoPackFoldersDelete.cmd
    2008-09-20 06:56 219,648 ----a-w C:\WINDOWS.0\system32\uxtheme.dll
    2008-09-19 20:44 --------- d-----w C:\Program Files\microsoft frontpage
    2008-09-18 01:15 --------- d-----w C:\Program Files\MSXML 6.0
    2008-09-17 06:03 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Apple Computer
    2008-09-17 06:02 --------- d-----w C:\Program Files\Bonjour
    2008-09-17 06:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-09-17 06:01 --------- d-----w C:\Program Files\Fichiers communs\Apple
    2008-09-17 06:00 --------- d-----w C:\Program Files\Apple Software Update
    2008-09-17 05:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
    2008-09-16 18:22 --------- d-----w C:\Program Files\Fichiers communs\Ulead Systems
    2008-09-16 18:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
    2008-09-16 05:47 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Jasc
    2008-09-16 05:46 --------- d-----w C:\Program Files\Jasc Software Inc
    2008-09-15 19:26 --------- d-----w C:\Program Files\PhotoFiltre
    2008-09-15 15:26 1,846,528 ----a-w C:\WINDOWS.0\system32\win32k.sys
    2008-09-15 06:21 --------- d-----w C:\Program Files\Unlocker
    2008-09-14 17:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2008-09-14 17:03 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-09-14 11:19 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Media Player Classic
    2008-09-14 10:00 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-09-14 03:14 --------- d-----w C:\Program Files\Azureus
    2008-09-14 03:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
    2008-09-13 19:51 --------- d-----w C:\Program Files\McAfee
    2008-09-13 19:51 --------- d-----w C:\Program Files\Fichiers communs\Network Associates
    2008-09-13 19:37 --------- d-----w C:\Program Files\Microsoft Works
    2008-09-13 19:36 --------- d-----w C:\Program Files\Microsoft.NET
    2008-09-13 19:31 --------- d-----w C:\Program Files\My Company Name
    2008-09-13 19:31 --------- d-----w C:\Program Files\FlashFXP
    2008-09-13 19:31 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\FlashFXP
    2008-09-13 19:28 --------- d-----w C:\Program Files\CyberLink
    2008-09-13 19:26 --------- d-----w C:\Program Files\Java
    2008-09-13 19:26 --------- d-----w C:\Program Files\Fichiers communs\Java
    2008-09-13 19:22 --------- d-----w C:\Program Files\Lavasoft
    2008-09-13 19:22 --------- d-----w C:\Program Files\HashTab Shell Extension
    2008-09-13 19:22 --------- d-----w C:\Program Files\Alwil Software
    2008-09-13 19:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-09-13 19:21 395,744 ----a-w C:\WINDOWS.0\system32\drivers\timntr.sys
    2008-09-13 19:21 39,264 ----a-w C:\WINDOWS.0\system32\drivers\tifsfilt.sys
    2008-09-13 19:21 114,048 ----a-w C:\WINDOWS.0\system32\drivers\snapman.sys
    2008-09-13 19:21 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-09-13 19:21 --------- d-----w C:\Program Files\Fichiers communs\Acronis
    2008-09-13 19:21 --------- d-----w C:\Program Files\Acronis
    2008-09-13 19:18 --------- d-----w C:\Program Files\Nero
    2008-09-13 19:18 --------- d-----w C:\Program Files\Fichiers communs\Ahead
    2008-09-13 19:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
    2008-09-13 19:11 685,816 ----a-w C:\WINDOWS.0\system32\drivers\sptd.sys
    2008-09-13 19:11 --------- d-----w C:\Program Files\MSXML 4.0
    2008-09-13 19:08 --------- d-----w C:\Program Files\Services en ligne
    2008-09-13 19:05 --------- d-----w C:\Program Files\Desktop
    2008-09-13 19:04 --------- d-----w C:\Program Files\Windows Media Connect 2
    2008-09-08 10:41 333,824 ----a-w C:\WINDOWS.0\system32\drivers\srv.sys
    2008-09-05 21:30 952,360 ------w C:\WINDOWS.0\system32\dllcache\WgaTray.exe
    2008-09-05 21:30 267,304 ------w C:\WINDOWS.0\system32\dllcache\wgaLogon.dll
    2008-08-29 08:18 87,336 ----a-w C:\WINDOWS.0\system32\dns-sd.exe
    2008-08-29 07:53 61,440 ----a-w C:\WINDOWS.0\system32\dnssd.dll
    2008-08-25 08:43 70,656 ------w C:\WINDOWS.0\system32\dllcache\ie4uinit.exe
    2008-08-25 08:43 13,824 ------w C:\WINDOWS.0\system32\dllcache\ieudinit.exe
    2008-08-23 05:56 635,848 ------w C:\WINDOWS.0\system32\dllcache\iexplore.exe
    2008-08-23 05:54 161,792 ------w C:\WINDOWS.0\system32\dllcache\ieakui.dll
    2008-08-14 13:23 2,191,232 ----a-w C:\WINDOWS.0\system32\ntoskrnl.exe
    2008-08-14 13:23 2,068,096 ----a-w C:\WINDOWS.0\system32\ntkrnlpa.exe
    2008-08-14 10:04 138,496 ------w C:\WINDOWS.0\system32\dllcache\afd.sys
    2008-06-23 08:23 625,664 --sha-w C:\WINDOWS.0\BricoPacks\SysFiles\68_iexplore.exe
    .

    ------- Sigcheck -------

    2008-04-14 04:34 1886208 318626d9d5cc4ecd0ec3ba5f261cbf3d C:\WINDOWS.0\explorer.exe
    2004-08-04 06:54 1227264 e28d16a8d63eca6246921fdf7cbde42a C:\WINDOWS.0\$NtServicePackUninstall$\explorer.exe
    2004-08-04 06:54 1227264 e28d16a8d63eca6246921fdf7cbde42a C:\WINDOWS.0\icon_TMP\explorer.exe
    2008-04-14 04:34 1886208 318626d9d5cc4ecd0ec3ba5f261cbf3d C:\WINDOWS.0\ServicePackFiles\i386\explorer.exe
    2004-08-04 06:54 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa C:\WINDOWS.0\system_backup\explorer.exe
    .
    ((((((((((((((((((((((((((((( snapshot@2008-10-21_21.56.49.73 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-07-19 14:43:08 1,163,960 ----a-w C:\WINDOWS.0\system32\aswBoot.exe
    + 2008-07-19 14:30:53 94,392 ----a-w C:\WINDOWS.0\system32\AvastSS.scr
    + 2008-07-19 14:32:15 26,944 ----a-w C:\WINDOWS.0\system32\drivers\aavmker4.sys
    + 2008-07-19 14:37:42 20,560 ----a-w C:\WINDOWS.0\system32\drivers\aswFsBlk.sys
    + 2008-01-17 16:34:01 93,264 ----a-w C:\WINDOWS.0\system32\drivers\aswmon.sys
    + 2008-07-19 14:37:21 94,416 ----a-w C:\WINDOWS.0\system32\drivers\aswmon2.sys
    + 2008-07-19 14:33:42 23,152 ----a-w C:\WINDOWS.0\system32\drivers\aswRdr.sys
    + 2008-07-19 14:35:18 78,416 ----a-w C:\WINDOWS.0\system32\drivers\aswSP.sys
    + 2008-07-19 14:32:36 42,912 ----a-w C:\WINDOWS.0\system32\drivers\aswTdi.sys
    - 2007-06-17 20:28:47 1,488,688 ----a-w C:\WINDOWS.0\system32\legitcheckcontrol.dll
    + 2008-09-05 21:30:06 1,480,232 ----a-w C:\WINDOWS.0\system32\LegitCheckControl.dll
    + 2008-09-05 21:30:46 267,304 ------w C:\WINDOWS.0\system32\WgaLogon.dll
    + 2008-09-05 21:30:04 952,360 ------w C:\WINDOWS.0\system32\WgaTray.exe
    + 2008-10-23 19:11:28 16,384 ----atw C:\WINDOWS.0\temp\Perflib_Perfdata_5e8.dat
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS.0\system32\ctfmon.exe" [2008-04-14 15360]
    "McAfee.InstantUpdate.Monitor"="C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" [2002-02-11 102468]
    "EPSON Stylus DX5000 Series"="C:\WINDOWS.0\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE" [2006-09-22 139264]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS.0\system32\NvCpl.dll" [2006-10-22 7700480]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
    "TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-10-18 1185264]
    "AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-10-18 1961576]
    "Acronis Scheduler2 Service"="C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2006-10-17 87584]
    "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-06 69216]
    "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
    "Alogserv"="C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe" [2002-02-13 36898]
    "IMJPMIG8.1"="C:\WINDOWS.0\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
    "MSPY2002"="C:\WINDOWS.0\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
    "PHIME2002ASync"="C:\WINDOWS.0\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "PHIME2002A"="C:\WINDOWS.0\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "Ulead AutoDetector v2"="C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-08-27 90112]
    "QuickTime Task"="C:\Program Files\QuickTime Alternative\QTTask.exe" [2008-09-06 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
    "SoundMan"="SOUNDMAN.EXE" [2007-04-16 C:\WINDOWS.0\SOUNDMAN.EXE]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS.0\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "nltide_2"="shell32" [X]
    "nltide_3"="advpack.dll" [2008-08-26 C:\WINDOWS.0\system32\advpack.dll]

    C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
    Stardock ObjectDock.lnk - C:\WINDOWS.0\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe [2005-02-21 1826885]
    Y'z ToolBar.lnk - C:\WINDOWS.0\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe [2002-09-29 90112]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)
    "ForceStartMenuLogoff"= 0 (0x0)
    "NoResolveTrack"= 1 (0x1)
    "NoResolveSearch"= 1 (0x1)
    "NoInstrumentation"= 1 (0x1)
    "NoStartMenuMFUprogramsList"= 1 (0x1)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)
    "StartMenuLogoff"= 1 (0x1)
    "ForceStartMenuLogoff"= 0 (0x0)
    "NoResolveTrack"= 1 (0x1)
    "NoResolveSearch"= 1 (0x1)
    "NoInstrumentation"= 1 (0x1)
    "NoStartMenuMFUprogramsList"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=tduucy.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
    "vidc.wmv3"= C:\PROGRA~1\COMBIN~1\Filters\wmv9vcm.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Azureus\\Azureus.exe"=

    R1 aswSP;avast! Self Protection;C:\WINDOWS.0\system32\drivers\aswSP.sys [2008-07-19 78416]
    R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51 13560]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS.0\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
    R2 AvSynMgr;AVSync Manager ;C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe [2002-02-13 172066]
    R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS.0\system32\pctspk.exe [2001-08-23 86016]
    R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS.0\system32\DRIVERS\ptserlp.sys [2001-08-17 112574]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS.0\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS.0\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    .
    Contenu du dossier 'Tâches planifiées'

    2008-10-20 C:\WINDOWS.0\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-23 21:12:46
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
    "ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    PROCESSUS: C:\WINDOWS.0\explorer.exe
    -> C:\WINDOWS.0\BricoPacks\Vista Inspirat\ObjectDock\DockShellHook.dll
    -> C:\Program Files\Unlocker\UnlockerHook.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS.0\system32\nvsvc32.exe
    C:\Program Files\McAfee\McAfee VirusScan\VSStat.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-10-23 21:26:14 - La machine a redémarré [Administrateur]
    ComboFix-quarantined-files.txt 2008-10-23 19:25:49
    ComboFix2.txt 2008-10-23 18:12:39

    Avant-CF: 38 641 815 552 octets libres
    Après-CF: 38,664,482,816 octets libres

    301 --- E O F --- 2008-10-23 05:47:10
    a b 8 Sécurité
    24 Octobre 2008 17:40:07

    Reposte un rapport Hijackthis.
    24 Octobre 2008 18:00:51

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:00:34, on 24/10/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.20900)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS.0\System32\smss.exe
    C:\WINDOWS.0\system32\winlogon.exe
    C:\WINDOWS.0\system32\services.exe
    C:\WINDOWS.0\system32\lsass.exe
    C:\WINDOWS.0\system32\svchost.exe
    C:\WINDOWS.0\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS.0\Explorer.EXE
    C:\WINDOWS.0\SOUNDMAN.EXE
    C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
    C:\WINDOWS.0\system32\spoolsv.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS.0\system32\ctfmon.exe
    C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
    C:\WINDOWS.0\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
    C:\WINDOWS.0\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
    C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS.0\system32\nvsvc32.exe
    C:\WINDOWS.0\system32\pctspk.exe
    C:\WINDOWS.0\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
    C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
    C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Windows Live\Mail\wlmail.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS.0\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS.0\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS.0\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS.0\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\ctfmon.exe
    O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
    O4 - HKCU\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS.0\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS.0\TEMP\E_SC3.tmp" /EF "HKCU"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
    O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS.0\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
    O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS.0\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://louloutedegralhas.spaces.live.com/PhotoUpload/Ms...
    O20 - AppInit_DLLs: tduucy.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVSync Manager (AvSynMgr) - Networks Associates Technologies, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS.0\system32\cisvc.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McShield - Unknown owner - C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe
    O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS.0\system32\pctspk.exe

    --
    End of file - 9265 bytes
    25 Octobre 2008 08:54:13

    voici le rapport



    Avira AntiVir Personal
    Report file date: samedi 25 octobre 2008 01:35

    Scanning for 1707161 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 3) [5.1.2600]
    Boot mode: Normally booted
    Username: SYSTEM
    Computer name: SWEET-90399121B

    Version information:
    BUILD.DAT : 8.2.0.334 16933 Bytes 16/10/2008 14:55:00
    AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
    AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
    LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
    LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
    ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
    ANTIVIR2.VDF : 7.0.7.59 4366336 Bytes 19/10/2008 23:33:25
    ANTIVIR3.VDF : 7.0.7.89 186880 Bytes 24/10/2008 23:33:25
    Engineversion : 8.2.0.9
    AEVDF.DLL : 8.1.0.6 102772 Bytes 24/10/2008 23:33:36
    AESCRIPT.DLL : 8.1.1.9 319867 Bytes 24/10/2008 23:33:35
    AESCN.DLL : 8.1.1.3 123252 Bytes 24/10/2008 23:33:34
    AERDL.DLL : 8.1.1.2 438644 Bytes 24/10/2008 23:33:34
    AEPACK.DLL : 8.1.2.4 369014 Bytes 24/10/2008 23:33:33
    AEOFFICE.DLL : 8.1.0.29 196988 Bytes 24/10/2008 23:33:31
    AEHEUR.DLL : 8.1.0.63 1479032 Bytes 24/10/2008 23:33:31
    AEHELP.DLL : 8.1.1.2 115062 Bytes 24/10/2008 23:33:29
    AEGEN.DLL : 8.1.0.42 319861 Bytes 24/10/2008 23:33:28
    AEEMU.DLL : 8.1.0.9 393588 Bytes 24/10/2008 23:33:27
    AECORE.DLL : 8.1.2.8 172406 Bytes 24/10/2008 23:33:27
    AEBB.DLL : 8.1.0.3 53618 Bytes 24/10/2008 23:33:26
    AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
    AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
    AVREP.DLL : 8.0.0.2 98344 Bytes 24/10/2008 23:33:26
    AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
    RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:, D:,
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: samedi 25 octobre 2008 01:35

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'wlmail.exe' - '1' Module(s) have been scanned
    Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'Avconsol.exe' - '1' Module(s) have been scanned
    Scan process 'iPodService.exe' - '1' Module(s) have been scanned
    Scan process 'VSStat.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'pctspk.exe' - '1' Module(s) have been scanned
    Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
    Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
    Scan process 'Avsynmgr.exe' - '1' Module(s) have been scanned
    Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
    Scan process 'schedul2.exe' - '1' Module(s) have been scanned
    Scan process 'YzToolBar.exe' - '1' Module(s) have been scanned
    Scan process 'ObjectDock.exe' - '1' Module(s) have been scanned
    Scan process 'RuLaunch.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'AlogServ.exe' - '1' Module(s) have been scanned
    Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned
    Scan process 'UnlockerAssistant.exe' - '1' Module(s) have been scanned
    Scan process 'schedhlp.exe' - '1' Module(s) have been scanned
    Scan process 'TimounterMonitor.exe' - '1' Module(s) have been scanned
    Scan process 'TrueImageMonitor.exe' - '1' Module(s) have been scanned
    Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'ashServ.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    43 processes with 43 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '68' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Extracted\MediaXCodec.exe
    [DETECTION] Is the TR/Agent.AFRN.2 Trojan
    [NOTE] The file was deleted!
    C:\Qoobox\Quarantine\C\Documents and Settings\Administrateur\Application Data\Adobe\Player.exe.vir
    [DETECTION] Is the TR/Agent.AFRN.2 Trojan
    [NOTE] The file was moved to '4963be2f.qua'!
    C:\System Volume Information\_restore{8080F0EB-4704-4A9B-A082-D45A7B95BAC8}\RP34\A0006706.exe
    [DETECTION] Is the TR/Agent.AFRN.2 Trojan
    [NOTE] The file was moved to '4932bdff.qua'!
    C:\System Volume Information\_restore{8080F0EB-4704-4A9B-A082-D45A7B95BAC8}\RP34\A0006861.exe
    [DETECTION] Is the TR/Smalltroj.JKS Trojan
    [NOTE] The file was moved to '4932be07.qua'!
    C:\System Volume Information\_restore{8080F0EB-4704-4A9B-A082-D45A7B95BAC8}\RP34\A0006862.exe
    [DETECTION] Is the TR/Smalltroj.JKS Trojan
    [NOTE] The file was moved to '4932be0b.qua'!
    C:\System Volume Information\_restore{8080F0EB-4704-4A9B-A082-D45A7B95BAC8}\RP34\A0006863.dll
    [DETECTION] Is the TR/Dldr.FraudLoad.vbxt Trojan
    [NOTE] The file was moved to '4932be0f.qua'!
    C:\System Volume Information\_restore{8080F0EB-4704-4A9B-A082-D45A7B95BAC8}\RP34\A0006890.dll
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.adb back-door program
    [NOTE] The file was moved to '4932be17.qua'!
    C:\System Volume Information\_restore{8080F0EB-4704-4A9B-A082-D45A7B95BAC8}\RP34\A0006891.dll
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.acx back-door program
    [NOTE] The file was moved to '4932be7d.qua'!
    C:\System Volume Information\_restore{8080F0EB-4704-4A9B-A082-D45A7B95BAC8}\RP34\A0006892.dll
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.acs back-door program
    [NOTE] The file was moved to '4932be80.qua'!
    C:\System Volume Information\_restore{8080F0EB-4704-4A9B-A082-D45A7B95BAC8}\RP34\A0006893.dll
    [DETECTION] Is the TR/FakeAV.1.Gen.67 Trojan
    [NOTE] The file was moved to '4932be84.qua'!
    C:\System Volume Information\_restore{8080F0EB-4704-4A9B-A082-D45A7B95BAC8}\RP34\A0006894.sys
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.aso back-door program
    [NOTE] The file was moved to '4932be87.qua'!
    C:\System Volume Information\_restore{8080F0EB-4704-4A9B-A082-D45A7B95BAC8}\RP40\A0009360.exe
    [DETECTION] Is the TR/Agent.AFRN.2 Trojan
    [NOTE] The file was moved to '4932bea0.qua'!
    C:\WINDOWS.0\system32\drivers\sptd.sys
    [WARNING] The file could not be opened!
    Begin scan in 'D:\'


    End of the scan: samedi 25 octobre 2008 08:51
    Used time: 7:16:03 Hour(s)

    The scan has been done completely.

    4819 Scanning directories
    216850 Files were scanned
    12 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    1 files were deleted
    0 files were repaired
    11 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    216836 Files not concerned
    2293 Archives were scanned
    2 Warnings
    12 Notes

    dans l'ignorance totale,j'ai tout mis en quarantaine ...
    a b 8 Sécurité
    25 Octobre 2008 11:49:00

    C'est ça ;) 
    Reposte un rapport Hijackthis.
    25 Octobre 2008 12:15:29

    le voici :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:15:06, on 25/10/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.20900)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS.0\System32\smss.exe
    C:\WINDOWS.0\system32\winlogon.exe
    C:\WINDOWS.0\system32\services.exe
    C:\WINDOWS.0\system32\lsass.exe
    C:\WINDOWS.0\system32\svchost.exe
    C:\WINDOWS.0\System32\svchost.exe
    C:\WINDOWS.0\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS.0\system32\nvsvc32.exe
    C:\WINDOWS.0\system32\pctspk.exe
    C:\WINDOWS.0\Explorer.EXE
    C:\WINDOWS.0\system32\svchost.exe
    C:\WINDOWS.0\SOUNDMAN.EXE
    C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS.0\system32\ctfmon.exe
    C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
    C:\WINDOWS.0\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
    C:\WINDOWS.0\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
    C:\WINDOWS.0\Explorer.EXE
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Windows Live\Mail\wlmail.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS.0\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS.0\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS.0\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS.0\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\ctfmon.exe
    O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
    O4 - HKCU\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS.0\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS.0\TEMP\E_SC3.tmp" /EF "HKCU"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
    O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS.0\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
    O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS.0\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://louloutedegralhas.spaces.live.com/PhotoUpload/Ms...
    O20 - AppInit_DLLs: tduucy.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVSync Manager (AvSynMgr) - Networks Associates Technologies, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS.0\system32\cisvc.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McShield - Unknown owner - C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe
    O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS.0\system32\pctspk.exe

    --
    End of file - 9079 bytes
    a b 8 Sécurité
    25 Octobre 2008 12:20:16

    Re,

    Fix les lignes dans le cadre ci-dessous avec HijackThis : AIDE EN IMAGES

    O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
    O20 - AppInit_DLLs: tduucy.dll
    25 Octobre 2008 12:30:30

    c'est fait, je reposte un rapport?
    a b 8 Sécurité
    25 Octobre 2008 12:46:08

    Ouaip ;) 
    25 Octobre 2008 12:51:43

    le voici :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:51:25, on 25/10/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.20900)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS.0\System32\smss.exe
    C:\WINDOWS.0\system32\winlogon.exe
    C:\WINDOWS.0\system32\services.exe
    C:\WINDOWS.0\system32\lsass.exe
    C:\WINDOWS.0\system32\svchost.exe
    C:\WINDOWS.0\System32\svchost.exe
    C:\WINDOWS.0\Explorer.EXE
    C:\WINDOWS.0\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS.0\SOUNDMAN.EXE
    C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS.0\system32\ctfmon.exe
    C:\WINDOWS.0\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
    C:\WINDOWS.0\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
    C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS.0\system32\nvsvc32.exe
    C:\WINDOWS.0\system32\pctspk.exe
    C:\WINDOWS.0\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Azureus\Azureus.exe
    C:\Program Files\Windows Live\Mail\wlmail.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS.0\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS.0\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS.0\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS.0\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\ctfmon.exe
    O4 - HKCU\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS.0\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS.0\TEMP\E_SC3.tmp" /EF "HKCU"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
    O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS.0\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
    O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS.0\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://louloutedegralhas.spaces.live.com/PhotoUpload/Ms...
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS.0\system32\cisvc.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe
    O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS.0\system32\pctspk.exe

    --
    End of file - 8235 bytes
    a b 8 Sécurité
    25 Octobre 2008 12:52:57

    Encore des soucis ?
    25 Octobre 2008 12:55:57

    "virus alert" n'est plus là, je peux de nouveau acceder a mon menu demarrer, et ouvrir tous mes programmes. je pense que tout va bien ... ?

    un grand merci pour cette précieuse aide !
    a b 8 Sécurité
    25 Octobre 2008 13:21:06

    Bah bonne continuation :) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS