Se connecter / S'enregistrer
Votre question

[Resolu] Virtumonde et spybot

Tags :
  • Spybot
  • Sécurité
Dernière réponse : dans Sécurité et virus
17 Mai 2008 09:18:02

Bonjour à tous,

Voila j'ai fais une c...rie et j'ai eu droit a virtumonde et Malwarecore qui ont bien été detecté par Spybot.

J'ai fait un nettoyage, mais au boot du PC spybot s'affole.

J'ai donc lancé HijackThis dont voici le rapport:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:03:19, on 17/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\windows\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Eset\nod32krn.exe
C:\windows\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\windows\system32\PnkBstrA.exe
C:\windows\System32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\windows\system32\wscntfy.exe
C:\windows\system32\rundll32.exe
C:\Program Files\ULI5289\ULi5289.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\windows\CTHELPER.EXE
C:\windows\system32\CTXFIHLP.EXE
C:\Program Files\Eset\nod32kui.exe
C:\windows\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\windows\system32\rundll32.exe
C:\windows\explorer.exe
C:\Documents and Settings\Fred\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.diskeeper.com/updates/updates.aspx?RID=&APID...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {3CCA2B40-4543-4038-BF9A-C8A8ED19789E} - C:\windows\system32\hgGvursQ.dll (file missing)
O2 - BHO: (no name) - {4EA844E3-F761-4B05-9FD2-ED8CCFB25C83} - C:\windows\system32\geBrrQih.dll (file missing)
O2 - BHO: (no name) - {522E0112-EDD9-413D-A99E-C311A54B6676} - C:\windows\system32\hgGaXOGa.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [ULiRaid5289] C:\Program Files\ULI5289\ULi5289.exe
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [3cb391f8] rundll32.exe "C:\windows\system32\sqrktonf.dll",b
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA1079] command /c del "C:\WINDOWS\system32\geBrrQih.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4097] cmd /c del "C:\WINDOWS\system32\geBrrQih.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6660] command /c del "C:\WINDOWS\system32\hgGvursQ.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7367] cmd /c del "C:\WINDOWS\system32\hgGvursQ.dll_old"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab
O18 - Protocol: bw+0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: awvvs - C:\WINDOWS\system32\awvvs.dll (file missing)
O20 - Winlogon Notify: hgGaXOGa - C:\windows\SYSTEM32\hgGaXOGa.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (file missing)

--
End of file - 24196 bytes


Merci de m'aider d'avance à finir de nettoyer mon PC

Autres pages sur : resolu virtumonde spybot

17 Mai 2008 12:19:56

Salut,

Télécharge ComboFix (de sUBs) sur ton Bureau.

  • Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
  • Double clique sur ComboFix.exe.
  • Accepte la licence en cliquant sur Oui.
  • Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

    Le rapport se trouve ici : %systemdrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)

    Aide : Comment utiliser ComboFix.
    17 Mai 2008 13:28:08

    Merci de m'aider

    Voici le rapport de combo fix

    ComboFix 08-05-15.3 - Fred 2008-05-17 13:09:11.2 - NTFSx86 MINIMAL
    Endroit: C:\Documents and Settings\Fred\Bureau\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\windows\pskt.ini
    C:\windows\system32\cvshvven.ini
    C:\WINDOWS\system32\IhggOXyb.ini
    C:\WINDOWS\system32\IhggOXyb.ini2
    C:\windows\system32\nopVCcdd.ini
    C:\WINDOWS\system32\nopVCcdd.ini2
    C:\windows\system32\slmuseke.ini

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-17 to 2008-05-17 ))))))))))))))))))))))))))))))))))))
    .

    2008-05-17 13:03 . 2008-05-17 13:03 134,144 --a------ C:\WINDOWS\system32\iwlwmrns.dll
    2008-05-17 13:00 . 2008-05-17 13:00 116,224 --a------ C:\WINDOWS\system32\ekesumls.dll
    2008-05-17 12:55 . 2008-05-17 12:55 125,952 --a------ C:\WINDOWS\system32\ipejfejr.dll
    2008-05-17 11:19 . 2008-05-17 11:19 134,144 --a------ C:\WINDOWS\system32\feubjauh.dll
    2008-05-17 11:07 . 2008-05-17 11:07 125,952 --a------ C:\WINDOWS\system32\nicaikoc.dll
    2008-05-17 10:12 . 2008-05-17 10:12 <REP> d-------- C:\VundoFix Backups
    2008-05-17 10:02 . 2008-05-17 10:02 116,736 --a------ C:\WINDOWS\system32\tttwadlm.dll
    2008-05-17 09:59 . 2008-05-17 09:59 135,680 --a------ C:\WINDOWS\system32\ehmclstl.dll
    2008-05-17 09:57 . 2008-05-17 09:57 125,952 --a------ C:\WINDOWS\system32\uksaprdn.dll
    2008-05-17 09:24 . 2008-05-17 11:30 <REP> d-------- C:\Program Files\Enigma Software Group
    2008-05-17 08:48 . 2008-05-17 08:48 135,680 --a------ C:\WINDOWS\system32\qlebnpgw.dll
    2008-05-17 08:45 . 2008-05-17 08:45 125,952 --a------ C:\WINDOWS\system32\pupheghq.dll
    2008-05-17 08:12 . 2008-05-17 08:12 115,712 --a------ C:\WINDOWS\system32\gfedkauk.dll
    2008-05-17 08:03 . 2008-05-17 08:03 133,632 --a------ C:\WINDOWS\system32\fupmbnxf.dll
    2008-05-17 08:00 . 2008-05-17 08:00 125,440 --a------ C:\WINDOWS\system32\edbkpmij.dll
    2008-05-17 08:00 . 2008-05-17 13:16 109,807 --a------ C:\WINDOWS\BM3f80a264.xml
    2008-05-16 19:58 . 2008-05-16 19:58 115,712 --a------ C:\WINDOWS\system32\kncqgdlf.dll
    2008-05-16 19:46 . 2008-05-16 19:46 93,696 --------- C:\WINDOWS\version.exe
    2008-05-16 19:46 . 2008-05-16 19:46 58,880 --a------ C:\WINDOWS\system32\hgGaXOGa.dll
    2008-05-11 13:51 . 2008-05-12 13:50 <REP> d-------- C:\Temp\Driving speed 2
    2008-05-08 18:00 . 2008-05-08 18:00 <REP> d-------- C:\WINDOWS\Club PoM
    2008-05-08 18:00 . 2008-05-08 18:00 290,816 --------- C:\WINDOWS\Setup1.exe
    2008-05-08 17:59 . 2008-05-08 17:59 74,752 --a------ C:\WINDOWS\ST6UNST.EXE
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\templates
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Setup
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\rpplugins
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\producer
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\plugins
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Netscape6
    2008-05-05 19:09 . 2008-05-05 19:31 <REP> d-------- C:\Program Files\library
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Fichiers communs\Real
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Devices
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\DataCache
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\CDBurning
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\browserrecord
    2008-05-05 19:09 . 2008-05-05 19:09 719,360 --a------ C:\Program Files\dbghelp.dll
    2008-05-05 19:09 . 2008-05-05 19:09 692,224 --a------ C:\Program Files\dtdr3260.dll
    2008-05-05 19:09 . 2008-05-05 19:09 659,456 --a------ C:\Program Files\rjbres.dll
    2008-05-05 19:09 . 2008-05-05 19:09 339,968 --a------ C:\Program Files\rjdlg.dll
    2008-05-05 19:09 . 2008-05-05 19:09 308,856 --a------ C:\Program Files\rpbrowserrecordplugin.dll
    2008-05-05 19:09 . 2008-05-05 19:09 214,560 --a------ C:\Program Files\realplay.exe
    2008-05-05 19:09 . 2008-05-05 19:09 153,176 --a------ C:\Program Files\RecordingManager.exe
    2008-05-05 19:09 . 2008-05-05 19:09 139,264 --a------ C:\Program Files\DUNZIP32.dll
    2008-05-05 19:09 . 2008-05-05 19:09 102,400 --a------ C:\Program Files\HXAudioDeviceHook.dll
    2008-05-05 19:09 . 2008-05-05 19:09 98,304 --a------ C:\Program Files\rpshellextension.dll
    2008-05-05 19:09 . 2008-05-05 19:09 95,816 --a------ C:\Program Files\rdsf3260.dll
    2008-05-05 19:09 . 2008-05-05 19:09 86,016 --a------ C:\Program Files\rpplugprot.dll
    2008-05-05 19:09 . 2008-05-05 19:09 81,920 --a------ C:\Program Files\tsasdk.dll
    2008-05-05 19:09 . 2008-05-05 19:09 65,536 --a------ C:\Program Files\rjwmapln.dll
    2008-05-05 19:09 . 2008-05-05 19:09 63,040 --a------ C:\Program Files\rpshell.dll
    2008-05-05 19:09 . 2008-05-05 19:09 57,344 --a------ C:\Program Files\tpasdk.dll
    2008-05-05 19:09 . 2008-05-05 19:09 53,248 --a------ C:\Program Files\rpau3260.dll
    2008-05-05 19:09 . 2008-05-05 19:09 43,088 --a------ C:\Program Files\rpshellsearch.dll
    2008-05-05 19:09 . 2008-05-05 19:09 41,472 --a------ C:\Program Files\mmcdda32.dll
    2008-05-05 19:09 . 2008-05-05 19:09 36,352 --a------ C:\Program Files\ierjplug.dll
    2008-05-05 19:09 . 2008-05-05 19:09 32,768 --a------ C:\Program Files\rpwa3260.dll
    2008-05-05 19:09 . 2008-05-05 19:09 19,456 --a------ C:\Program Files\tnetdtct.dll
    2008-05-05 19:09 . 2008-05-05 19:09 19,456 --a------ C:\Program Files\rjprog.dll
    2008-05-05 19:09 . 2008-05-05 19:09 14,336 --a------ C:\Program Files\wmdmhelper.dll
    2008-05-05 19:09 . 2008-05-05 19:09 9,216 --a------ C:\Program Files\rphelperapp.exe
    2008-05-05 19:09 . 2008-05-05 19:09 7,168 --a------ C:\Program Files\realjbox.exe
    2008-05-05 19:09 . 2008-05-05 19:09 6,656 --a------ C:\Program Files\fixrjb.exe
    2008-05-05 19:09 . 2008-05-05 19:09 1,001 --a------ C:\Program Files\autoplaylist.dat
    2008-05-05 19:09 . 2008-05-05 19:09 685 --a------ C:\Program Files\RecordingManager.exe.manifest
    2008-05-05 19:09 . 2008-05-05 19:09 682 --a------ C:\Program Files\realplay.exe.manifest
    2008-05-05 19:09 . 2008-05-05 19:09 480 --a------ C:\Program Files\keys.dat
    2008-05-05 19:09 . 2008-05-05 19:09 221 --a------ C:\Program Files\subscription.rnx
    2008-05-05 19:09 . 2008-05-05 19:09 71 --a------ C:\Program Files\strs23.dat
    2008-05-05 19:09 . 2008-05-05 19:09 15 --a------ C:\Program Files\strs26.dat
    2008-05-05 19:07 . 2008-05-05 19:07 333,360 --a------ C:\Temp\RealPlayer11GOLD_fr.exe
    2008-04-30 20:23 . 2008-04-30 21:07 <REP> d-------- C:\Temp\Windows XP Corporate SP3
    2008-04-26 21:33 . 2008-04-26 21:33 305,664 --a------ C:\Temp\Xtremsplit.exe
    2008-04-26 13:35 . 2008-04-26 14:39 <REP> d-------- C:\Temp\F1 challenge
    2008-04-26 09:32 . 2008-04-26 10:14 <REP> d-------- C:\Temp\Carte FRANCE v6.75.1409 pour TOMTOM + keygen
    2008-04-21 20:34 . 2008-04-21 20:49 <REP> d-------- C:\Temp\Lexus Race
    2008-04-20 13:44 . 2008-04-20 13:44 <REP> d-------- C:\Documents and Settings\Fred\Application Data\Unigraphics Solutions
    2008-04-20 13:30 . 2008-04-20 13:35 <REP> d-------- C:\Program Files\Solid Edge V12
    2008-04-19 14:40 . 2008-05-01 15:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TrackMania
    2008-04-19 13:13 . 2008-04-19 14:24 <REP> d-------- C:\Temp\Trackmania Forever Addon

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-16 17:32 --------- d-----w C:\Documents and Settings\Fred\Application Data\XnView
    2008-05-15 20:17 --------- d-----w C:\Program Files\FlashFXP
    2008-05-14 19:31 --------- d-----w C:\Program Files\FlashGet
    2008-05-04 18:17 --------- d-----w C:\Program Files\Mozilla Thunderbird
    2008-05-01 13:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-28 17:33 --------- d-----w C:\Documents and Settings\Fred\Application Data\Vso
    2008-04-20 10:20 --------- d-----w C:\Program Files\Google SketchUp 6
    2008-03-29 19:27 --------- d-----w C:\Program Files\Microsoft ActiveSync
    2008-03-25 04:51 621,344 ----a-w C:\windows\system32\mswstr10.dll
    2008-03-25 04:51 194,144 ----a-w C:\windows\system32\msjint40.dll
    2008-03-24 12:46 --------- d-----w C:\Program Files\MP3toringtone
    2008-03-20 08:09 1,845,376 ----a-w C:\windows\system32\win32k.sys
    2008-03-01 12:58 826,368 ----a-w C:\windows\system32\wininet.dll
    2008-02-20 06:51 282,624 ----a-w C:\windows\system32\gdi32.dll
    2008-02-20 05:35 45,568 ----a-w C:\windows\system32\dnsrslvr.dll
    2007-09-09 09:03 87,608 ----a-w C:\Documents and Settings\Fred\Application Data\inst.exe
    2007-09-09 09:03 47,360 ----a-w C:\Documents and Settings\Fred\Application Data\pcouffin.sys
    2007-04-16 15:53 192 --sh--r C:\windows\inf\sdatabl.sav.bin
    .

    ((((((((((((((((((((((((((((( snapshot@2008-05-17_11.07.39.93 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-05-17 09:00:58 2,048 --s-a-w C:\windows\bootstat.dat
    + 2008-05-17 11:13:55 2,048 --s-a-w C:\windows\bootstat.dat
    - 2008-05-17 07:55:55 78,228 ----a-w C:\windows\system32\perfc009.dat
    + 2008-05-17 09:53:55 78,228 ----a-w C:\windows\system32\perfc009.dat
    - 2008-05-17 07:55:55 95,800 ----a-w C:\windows\system32\perfc00C.dat
    + 2008-05-17 09:53:55 95,800 ----a-w C:\windows\system32\perfc00C.dat
    - 2008-05-17 07:55:55 439,224 ----a-w C:\windows\system32\perfh009.dat
    + 2008-05-17 09:53:55 439,224 ----a-w C:\windows\system32\perfh009.dat
    - 2008-05-17 07:55:55 511,964 ----a-w C:\windows\system32\perfh00C.dat
    + 2008-05-17 09:53:55 511,964 ----a-w C:\windows\system32\perfh00C.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{522E0112-EDD9-413D-A99E-C311A54B6676}]
    2008-05-16 19:46 58880 --a------ C:\windows\system32\hgGaXOGa.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{984F2F13-D8B7-4A73-99AA-DA5BB0B443D7}]
    C:\windows\system32\ddcCVpon.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-12-13 18:49 1185120]

    [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
    [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-12-13 18:49 1185120]

    [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
    [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
    "ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-19 16:09 15360]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 15:07 1289000]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "SpybotDeletingB7671"="command /c del C:\WINDOWS\system32\ddcCVpon.dll_old" [ ]
    "SpybotDeletingD1450"="cmd /c del C:\WINDOWS\system32\ddcCVpon.dll_old" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ULiRaid5289"="C:\Program Files\ULI5289\ULi5289.exe" [2005-06-07 15:16 409600]
    "RCSystem"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25 49152]
    "AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25 49152]
    "VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 11:34 122880]
    "CTHelper"="CTHELPER.EXE" [2006-08-17 11:32 17920 C:\WINDOWS\CTHELPER.EXE]
    "CTxfiHlp"="CTXFIHLP.EXE" [2006-08-17 11:32 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
    "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
    "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2006-09-12 17:35 921600]
    "SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" [2008-01-28 12:43 5146448]
    "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 10:33 892928]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]
    "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53 153136]
    "NvCplDaemon"="C:\windows\system32\NvCpl.dll" [2007-06-29 00:43 8466432]
    "nwiz"="nwiz.exe" [2007-06-29 00:43 1626112 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\windows\system32\NvMcTray.dll" [2007-06-29 00:43 81920]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-12-20 17:16 37376]
    "ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-08-11 15:30 249856]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-05-05 19:09 185896]
    "3cb391f8"="C:\windows\system32\ekesumls.dll" [2008-05-17 13:00 116224]
    "BM3f80a264"="C:\windows\system32\ipejfejr.dll" [2008-05-17 12:55 125952]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{522E0112-EDD9-413D-A99E-C311A54B6676}"= C:\windows\system32\hgGaXOGa.dll [2008-05-16 19:46 58880]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgGaXOGa]
    hgGaXOGa.dll 2008-05-16 19:46 58880 C:\WINDOWS\system32\hgGaXOGa.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
    C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 22:34 24576 C:\Program Files\AlienGUIse\fastload.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=wbsys.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.ACDV"= ACDV.dll
    "vidc.yv12"= yv12vfw.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage d'Office.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage d'Office.lnk
    backup=C:\windows\pss\Démarrage d'Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Recherche accélérée.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Recherche accélérée.lnk
    backup=C:\windows\pss\Microsoft Recherche accélérée.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    C:\Program Files\MSN Messenger\msnmsgr.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "EVEREST AutoStart"=C:\Program Files\Everest Ultimate Edition v.3.0\everest.exe
    "ctfmon.exe"=C:\windows\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Device Detector"=DevDetect.exe -autorun
    "CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
    "ISUSPM Startup"=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "C:\\Program Files\\FlashGet\\FlashGet.exe"=
    "C:\\Program Files\\FileZilla\\FileZilla.exe"=
    "C:\\Jeux\\Unreal Tournament 3\\Binaries\\UT3.exe"=
    "C:\\Jeux\\Hellgate London\\Launcher.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Jeux\\Battlefield 2142\\BF2142.exe"=
    "C:\\ijji\\ENGLISH\\u_skid.exe"=
    "C:\\Jeux\\DriftCity\\DriftCity.exe"=
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "C:\\Program Files\\Sprite Software\\Sprite Backup\\spriteservice.exe"=
    "C:\\Jeux\\TmUnitedForever\\TmForever.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "8352:TCP"= 8352:TCP:BitComet 8352 TCP
    "8352:UDP"= 8352:UDP:BitComet 8352 UDP
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R0 m5289;m5289;C:\windows\system32\drivers\m5289.sys [2005-07-04 14:21]
    R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\windows\system32\drivers\sfsync03.sys [2005-12-06 17:11]
    R0 uliagpkx;ULi AGP Bus Filter Driver;C:\windows\system32\DRIVERS\agpkx.sys [2005-05-03 17:31]
    R1 oreans32;oreans32;C:\windows\system32\drivers\oreans32.sys [2007-07-21 08:50]
    R2 UxTuneUp;Extension de conception TuneUp;C:\windows\System32\svchost.exe [2004-08-19 16:10]
    R3 ha20x2k;Creative 20X HAL Driver;C:\windows\system32\drivers\ha20x2k.sys [2006-08-17 11:16]
    R3 LCcfltr;Logitech USB Filter Driver;C:\windows\system32\drivers\lccfltr.sys [2004-03-03 10:50]
    R3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\windows\system32\DRIVERS\ULILAN51.SYS [2005-03-22 20:36]
    S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-09-22 11:49]
    S3 hamachi_oem;PlayLinc Adapter;C:\windows\system32\DRIVERS\gan_adapter.sys [2006-10-19 13:11]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-04-11 15:16:03 C:\windows\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-17 13:15:49
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    --------------------- DLLs a charg‚ sous des processus courants ---------------------

    PROCESS: C:\windows\system32\winlogon.exe
    -> C:\windows\system32\hgGaXOGa.dll

    PROCESS: C:\windows\system32\lsass.exe
    -> C:\Program Files\Eset\pr_imon.dll

    PROCESS: C:\windows\explorer.exe
    -> C:\windows\system32\ekesumls.dll
    -> C:\windows\system32\ipejfejr.dll
    -> C:\Program Files\Eset\pr_imon.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\AlienGUIse\wbload.exe
    C:\WINDOWS\system32\CTSVCCDA.EXE
    C:\Program Files\ESET\nod32krn.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\RAXCO\PerfectDisk\PDAgent.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\RAXCO\PerfectDisk\PDEngine.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\CTXFISPI.EXE
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.exe
    C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-05-17 13:22:22 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-05-17 11:22:10
    ComboFix2.txt 2008-05-17 09:09:52

    Pre-Run: 16,353,153,024 octets libres
    Post-Run: 16,338,010,112 octets libres

    302 --- E O F --- 2008-05-14 19:32:26

    avant de le faire, j'ai laisser spybot travailler.

    Il scanne bien detecte bien Virtumonde et virtumonde.dll, les detruit, mais cet enfoiré revient a chaque fois :cry: 

    Merci de m'aider à l'eradiquer definitivement.
    Contenus similaires
    17 Mai 2008 13:47:28

    Oups je n'avais pas completement desactiver spybot et l'antivirus:

    Voila le nouveau rapport:

    ComboFix 08-05-15.3 - Fred 2008-05-17 13:38:14.3 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.611 [GMT 2:00]
    Endroit: C:\Documents and Settings\Fred\Bureau\ComboFix.exe
    * Resident AV is active


    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\windows\pskt.ini

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-04-17 to 2008-05-17 ))))))))))))))))))))))))))))))))))))
    .

    2008-05-17 13:22 . 2008-05-17 13:22 294 ---hs---- C:\WINDOWS\system32\slmuseke.ini
    2008-05-17 13:03 . 2008-05-17 13:03 134,144 --a------ C:\WINDOWS\system32\iwlwmrns.dll
    2008-05-17 13:00 . 2008-05-17 13:00 116,224 --a------ C:\WINDOWS\system32\ekesumls.dll
    2008-05-17 12:55 . 2008-05-17 12:55 125,952 --a------ C:\WINDOWS\system32\ipejfejr.dll
    2008-05-17 11:19 . 2008-05-17 11:19 134,144 --a------ C:\WINDOWS\system32\feubjauh.dll
    2008-05-17 11:07 . 2008-05-17 11:07 125,952 --a------ C:\WINDOWS\system32\nicaikoc.dll
    2008-05-17 10:12 . 2008-05-17 10:12 <REP> d-------- C:\VundoFix Backups
    2008-05-17 10:02 . 2008-05-17 10:02 116,736 --a------ C:\WINDOWS\system32\tttwadlm.dll
    2008-05-17 09:59 . 2008-05-17 09:59 135,680 --a------ C:\WINDOWS\system32\ehmclstl.dll
    2008-05-17 09:57 . 2008-05-17 09:57 125,952 --a------ C:\WINDOWS\system32\uksaprdn.dll
    2008-05-17 09:24 . 2008-05-17 11:30 <REP> d-------- C:\Program Files\Enigma Software Group
    2008-05-17 08:48 . 2008-05-17 08:48 135,680 --a------ C:\WINDOWS\system32\qlebnpgw.dll
    2008-05-17 08:45 . 2008-05-17 08:45 125,952 --a------ C:\WINDOWS\system32\pupheghq.dll
    2008-05-17 08:12 . 2008-05-17 08:12 115,712 --a------ C:\WINDOWS\system32\gfedkauk.dll
    2008-05-17 08:03 . 2008-05-17 08:03 133,632 --a------ C:\WINDOWS\system32\fupmbnxf.dll
    2008-05-17 08:00 . 2008-05-17 08:00 125,440 --a------ C:\WINDOWS\system32\edbkpmij.dll
    2008-05-17 08:00 . 2008-05-17 13:28 109,825 --a------ C:\WINDOWS\BM3f80a264.xml
    2008-05-16 19:58 . 2008-05-16 19:58 115,712 --a------ C:\WINDOWS\system32\kncqgdlf.dll
    2008-05-16 19:46 . 2008-05-16 19:46 93,696 --------- C:\WINDOWS\version.exe
    2008-05-16 19:46 . 2008-05-16 19:46 58,880 --a------ C:\WINDOWS\system32\hgGaXOGa.dll
    2008-05-11 13:51 . 2008-05-12 13:50 <REP> d-------- C:\Temp\Driving speed 2
    2008-05-08 18:00 . 2008-05-08 18:00 <REP> d-------- C:\WINDOWS\Club PoM
    2008-05-08 18:00 . 2008-05-08 18:00 290,816 --------- C:\WINDOWS\Setup1.exe
    2008-05-08 17:59 . 2008-05-08 17:59 74,752 --a------ C:\WINDOWS\ST6UNST.EXE
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\templates
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Setup
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\rpplugins
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\producer
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\plugins
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Netscape6
    2008-05-05 19:09 . 2008-05-05 19:31 <REP> d-------- C:\Program Files\library
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Fichiers communs\Real
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Devices
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\DataCache
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\CDBurning
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\browserrecord
    2008-05-05 19:09 . 2008-05-05 19:09 719,360 --a------ C:\Program Files\dbghelp.dll
    2008-05-05 19:09 . 2008-05-05 19:09 692,224 --a------ C:\Program Files\dtdr3260.dll
    2008-05-05 19:09 . 2008-05-05 19:09 659,456 --a------ C:\Program Files\rjbres.dll
    2008-05-05 19:09 . 2008-05-05 19:09 339,968 --a------ C:\Program Files\rjdlg.dll
    2008-05-05 19:09 . 2008-05-05 19:09 308,856 --a------ C:\Program Files\rpbrowserrecordplugin.dll
    2008-05-05 19:09 . 2008-05-05 19:09 214,560 --a------ C:\Program Files\realplay.exe
    2008-05-05 19:09 . 2008-05-05 19:09 153,176 --a------ C:\Program Files\RecordingManager.exe
    2008-05-05 19:09 . 2008-05-05 19:09 139,264 --a------ C:\Program Files\DUNZIP32.dll
    2008-05-05 19:09 . 2008-05-05 19:09 102,400 --a------ C:\Program Files\HXAudioDeviceHook.dll
    2008-05-05 19:09 . 2008-05-05 19:09 98,304 --a------ C:\Program Files\rpshellextension.dll
    2008-05-05 19:09 . 2008-05-05 19:09 95,816 --a------ C:\Program Files\rdsf3260.dll
    2008-05-05 19:09 . 2008-05-05 19:09 86,016 --a------ C:\Program Files\rpplugprot.dll
    2008-05-05 19:09 . 2008-05-05 19:09 81,920 --a------ C:\Program Files\tsasdk.dll
    2008-05-05 19:09 . 2008-05-05 19:09 65,536 --a------ C:\Program Files\rjwmapln.dll
    2008-05-05 19:09 . 2008-05-05 19:09 63,040 --a------ C:\Program Files\rpshell.dll
    2008-05-05 19:09 . 2008-05-05 19:09 57,344 --a------ C:\Program Files\tpasdk.dll
    2008-05-05 19:09 . 2008-05-05 19:09 53,248 --a------ C:\Program Files\rpau3260.dll
    2008-05-05 19:09 . 2008-05-05 19:09 43,088 --a------ C:\Program Files\rpshellsearch.dll
    2008-05-05 19:09 . 2008-05-05 19:09 41,472 --a------ C:\Program Files\mmcdda32.dll
    2008-05-05 19:09 . 2008-05-05 19:09 36,352 --a------ C:\Program Files\ierjplug.dll
    2008-05-05 19:09 . 2008-05-05 19:09 32,768 --a------ C:\Program Files\rpwa3260.dll
    2008-05-05 19:09 . 2008-05-05 19:09 19,456 --a------ C:\Program Files\tnetdtct.dll
    2008-05-05 19:09 . 2008-05-05 19:09 19,456 --a------ C:\Program Files\rjprog.dll
    2008-05-05 19:09 . 2008-05-05 19:09 14,336 --a------ C:\Program Files\wmdmhelper.dll
    2008-05-05 19:09 . 2008-05-05 19:09 9,216 --a------ C:\Program Files\rphelperapp.exe
    2008-05-05 19:09 . 2008-05-05 19:09 7,168 --a------ C:\Program Files\realjbox.exe
    2008-05-05 19:09 . 2008-05-05 19:09 6,656 --a------ C:\Program Files\fixrjb.exe
    2008-05-05 19:09 . 2008-05-05 19:09 1,001 --a------ C:\Program Files\autoplaylist.dat
    2008-05-05 19:09 . 2008-05-05 19:09 685 --a------ C:\Program Files\RecordingManager.exe.manifest
    2008-05-05 19:09 . 2008-05-05 19:09 682 --a------ C:\Program Files\realplay.exe.manifest
    2008-05-05 19:09 . 2008-05-05 19:09 480 --a------ C:\Program Files\keys.dat
    2008-05-05 19:09 . 2008-05-05 19:09 221 --a------ C:\Program Files\subscription.rnx
    2008-05-05 19:09 . 2008-05-05 19:09 71 --a------ C:\Program Files\strs23.dat
    2008-05-05 19:09 . 2008-05-05 19:09 15 --a------ C:\Program Files\strs26.dat
    2008-05-05 19:07 . 2008-05-05 19:07 333,360 --a------ C:\Temp\RealPlayer11GOLD_fr.exe
    2008-04-30 20:23 . 2008-04-30 21:07 <REP> d-------- C:\Temp\Windows XP Corporate SP3
    2008-04-26 21:33 . 2008-04-26 21:33 305,664 --a------ C:\Temp\Xtremsplit.exe
    2008-04-26 13:35 . 2008-04-26 14:39 <REP> d-------- C:\Temp\F1 challenge
    2008-04-26 09:32 . 2008-04-26 10:14 <REP> d-------- C:\Temp\Carte FRANCE v6.75.1409 pour TOMTOM + keygen
    2008-04-21 20:34 . 2008-04-21 20:49 <REP> d-------- C:\Temp\Lexus Race
    2008-04-20 13:44 . 2008-04-20 13:44 <REP> d-------- C:\Documents and Settings\Fred\Application Data\Unigraphics Solutions
    2008-04-20 13:30 . 2008-04-20 13:35 <REP> d-------- C:\Program Files\Solid Edge V12
    2008-04-19 14:40 . 2008-05-01 15:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TrackMania
    2008-04-19 13:13 . 2008-04-19 14:24 <REP> d-------- C:\Temp\Trackmania Forever Addon

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-16 17:32 --------- d-----w C:\Documents and Settings\Fred\Application Data\XnView
    2008-05-15 20:17 --------- d-----w C:\Program Files\FlashFXP
    2008-05-14 19:31 --------- d-----w C:\Program Files\FlashGet
    2008-05-04 18:17 --------- d-----w C:\Program Files\Mozilla Thunderbird
    2008-05-01 13:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-28 17:33 --------- d-----w C:\Documents and Settings\Fred\Application Data\Vso
    2008-04-20 10:20 --------- d-----w C:\Program Files\Google SketchUp 6
    2008-03-29 19:27 --------- d-----w C:\Program Files\Microsoft ActiveSync
    2008-03-25 04:51 621,344 ----a-w C:\windows\system32\mswstr10.dll
    2008-03-25 04:51 194,144 ----a-w C:\windows\system32\msjint40.dll
    2008-03-24 12:46 --------- d-----w C:\Program Files\MP3toringtone
    2008-03-20 08:09 1,845,376 ----a-w C:\windows\system32\win32k.sys
    2008-03-01 12:58 826,368 ----a-w C:\windows\system32\wininet.dll
    2008-02-20 06:51 282,624 ----a-w C:\windows\system32\gdi32.dll
    2008-02-20 05:35 45,568 ----a-w C:\windows\system32\dnsrslvr.dll
    2007-09-09 09:03 87,608 ----a-w C:\Documents and Settings\Fred\Application Data\inst.exe
    2007-09-09 09:03 47,360 ----a-w C:\Documents and Settings\Fred\Application Data\pcouffin.sys
    2007-04-16 15:53 192 --sh--r C:\windows\inf\sdatabl.sav.bin
    .

    ((((((((((((((((((((((((((((( snapshot@2008-05-17_11.07.39.93 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-05-17 09:00:58 2,048 --s-a-w C:\windows\bootstat.dat
    + 2008-05-17 11:35:11 2,048 --s-a-w C:\windows\bootstat.dat
    - 2008-05-17 07:55:55 78,228 ----a-w C:\windows\system32\perfc009.dat
    + 2008-05-17 09:53:55 78,228 ----a-w C:\windows\system32\perfc009.dat
    - 2008-05-17 07:55:55 95,800 ----a-w C:\windows\system32\perfc00C.dat
    + 2008-05-17 09:53:55 95,800 ----a-w C:\windows\system32\perfc00C.dat
    - 2008-05-17 07:55:55 439,224 ----a-w C:\windows\system32\perfh009.dat
    + 2008-05-17 09:53:55 439,224 ----a-w C:\windows\system32\perfh009.dat
    - 2008-05-17 07:55:55 511,964 ----a-w C:\windows\system32\perfh00C.dat
    + 2008-05-17 09:53:55 511,964 ----a-w C:\windows\system32\perfh00C.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{522E0112-EDD9-413D-A99E-C311A54B6676}]
    2008-05-16 19:46 58880 --a------ C:\windows\system32\hgGaXOGa.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{984F2F13-D8B7-4A73-99AA-DA5BB0B443D7}]
    C:\windows\system32\ddcCVpon.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-12-13 18:49 1185120]

    [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
    [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-12-13 18:49 1185120]

    [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
    [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-19 16:09 15360]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 15:07 1289000]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ULiRaid5289"="C:\Program Files\ULI5289\ULi5289.exe" [2005-06-07 15:16 409600]
    "RCSystem"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25 49152]
    "AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25 49152]
    "VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 11:34 122880]
    "CTHelper"="CTHELPER.EXE" [2006-08-17 11:32 17920 C:\WINDOWS\CTHELPER.EXE]
    "CTxfiHlp"="CTXFIHLP.EXE" [2006-08-17 11:32 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
    "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
    "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 10:33 892928]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]
    "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53 153136]
    "NvCplDaemon"="C:\windows\system32\NvCpl.dll" [2007-06-29 00:43 8466432]
    "nwiz"="nwiz.exe" [2007-06-29 00:43 1626112 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\windows\system32\NvMcTray.dll" [2007-06-29 00:43 81920]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-12-20 17:16 37376]
    "ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-08-11 15:30 249856]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-05-05 19:09 185896]
    "BM3f80a264"="C:\windows\system32\ipejfejr.dll" [2008-05-17 12:55 125952]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-05-06 08:29:21 688128]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{522E0112-EDD9-413D-A99E-C311A54B6676}"= C:\windows\system32\hgGaXOGa.dll [2008-05-16 19:46 58880]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgGaXOGa]
    hgGaXOGa.dll 2008-05-16 19:46 58880 C:\WINDOWS\system32\hgGaXOGa.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
    C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 22:34 24576 C:\Program Files\AlienGUIse\fastload.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=wbsys.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.ACDV"= ACDV.dll
    "vidc.yv12"= yv12vfw.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage d'Office.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage d'Office.lnk
    backup=C:\windows\pss\Démarrage d'Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Recherche accélérée.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Recherche accélérée.lnk
    backup=C:\windows\pss\Microsoft Recherche accélérée.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    C:\Program Files\MSN Messenger\msnmsgr.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "EVEREST AutoStart"=C:\Program Files\Everest Ultimate Edition v.3.0\everest.exe
    "ctfmon.exe"=C:\windows\system32\ctfmon.exe
    "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Device Detector"=DevDetect.exe -autorun
    "CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
    "ISUSPM Startup"=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    "3cb391f8"=rundll32.exe "C:\windows\system32\ekesumls.dll",b
    "BM3f80a264"=Rundll32.exe "C:\windows\system32\ipejfejr.dll",s
    "nod32kui"="C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    "SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "C:\\Program Files\\FlashGet\\FlashGet.exe"=
    "C:\\Program Files\\FileZilla\\FileZilla.exe"=
    "C:\\Jeux\\Unreal Tournament 3\\Binaries\\UT3.exe"=
    "C:\\Jeux\\Hellgate London\\Launcher.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Jeux\\Battlefield 2142\\BF2142.exe"=
    "C:\\ijji\\ENGLISH\\u_skid.exe"=
    "C:\\Jeux\\DriftCity\\DriftCity.exe"=
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "C:\\Program Files\\Sprite Software\\Sprite Backup\\spriteservice.exe"=
    "C:\\Jeux\\TmUnitedForever\\TmForever.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "8352:TCP"= 8352:TCP:BitComet 8352 TCP
    "8352:UDP"= 8352:UDP:BitComet 8352 UDP
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R0 m5289;m5289;C:\windows\system32\drivers\m5289.sys [2005-07-04 14:21]
    R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\windows\system32\drivers\sfsync03.sys [2005-12-06 17:11]
    R0 uliagpkx;ULi AGP Bus Filter Driver;C:\windows\system32\DRIVERS\agpkx.sys [2005-05-03 17:31]
    R1 oreans32;oreans32;C:\windows\system32\drivers\oreans32.sys [2007-07-21 08:50]
    R2 UxTuneUp;Extension de conception TuneUp;C:\windows\System32\svchost.exe [2004-08-19 16:10]
    R3 ha20x2k;Creative 20X HAL Driver;C:\windows\system32\drivers\ha20x2k.sys [2006-08-17 11:16]
    R3 LCcfltr;Logitech USB Filter Driver;C:\windows\system32\drivers\lccfltr.sys [2004-03-03 10:50]
    R3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\windows\system32\DRIVERS\ULILAN51.SYS [2005-03-22 20:36]
    S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-09-22 11:49]
    S3 hamachi_oem;PlayLinc Adapter;C:\windows\system32\DRIVERS\gan_adapter.sys [2006-10-19 13:11]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    *Newly Created Service* - CATCHME
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-04-11 15:16:03 C:\windows\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-17 13:41:35
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs a chargé sous des processus courants ---------------------

    PROCESS: C:\windows\system32\winlogon.exe
    -> C:\windows\system32\hgGaXOGa.dll

    PROCESS: C:\windows\system32\lsass.exe
    -> C:\Program Files\Eset\pr_imon.dll
    .
    Temps d'accomplissement: 2008-05-17 13:44:27
    ComboFix-quarantined-files.txt 2008-05-17 11:44:25
    ComboFix2.txt 2008-05-17 11:22:25
    ComboFix3.txt 2008-05-17 09:09:52

    Pre-Run: 16,347,693,056 octets libres
    Post-Run: 16,334,929,920 octets libres

    277 --- E O F --- 2008-05-14 19:32:26

    17 Mai 2008 14:14:11

    Re,

    C'est toi qui a créé C:\Temp ?

    *******

    Sélectionne l'intégralité du cadre ci-dessous :

    Driver::
    Boonty Games

    File::
    C:\WINDOWS\system32\slmuseke.ini
    C:\WINDOWS\system32\iwlwmrns.dll
    C:\WINDOWS\system32\ekesumls.dll
    C:\WINDOWS\system32\feubjauh.dll
    C:\WINDOWS\system32\nicaikoc.dll
    C:\WINDOWS\system32\tttwadlm.dll
    C:\WINDOWS\system32\ehmclstl.dll
    C:\WINDOWS\system32\uksaprdn.dll
    C:\WINDOWS\system32\qlebnpgw.dll
    C:\WINDOWS\system32\pupheghq.dll
    C:\WINDOWS\system32\gfedkauk.dll
    C:\WINDOWS\system32\fupmbnxf.dll
    C:\WINDOWS\system32\edbkpmij.dll
    C:\WINDOWS\BM3f80a264.xml
    C:\WINDOWS\system32\kncqgdlf.dll
    C:\windows\system32\hgGaXOGa.dll
    C:\windows\system32\ekesumls.dll
    C:\windows\system32\ipejfejr.dll
    C:\windows\system32\ddcCVpon.dll
    C:\WINDOWS\version.exe

    Folder::
    C:\VundoFix Backups
    C:\Program Files\Fichiers communs\BOONTY Shared
    C:\Program Files\BOONTY
    C:\Program Files\BOONTYGames

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{522E0112-EDD9-413D-A99E-C311A54B6676}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{984F2F13-D8B7-4A73-99AA-DA5BB0B443D7}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NeroFilterCheck"=-
    "Adobe Reader Speed Launcher"=-
    "WinampAgent"=-
    "ISUSPM Startup"=-
    "TkBellExe"=-
    "BM3f80a264"=-
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{522E0112-EDD9-413D-A99E-C311A54B6676}"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgGaXOGa]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "3cb391f8"=-
    "BM3f80a264"=-


    Cela va relancer Combofix. Après redémarrage, poste le contenu du rapport ComboFix.txt.
    S'il n'y a pas de rédémarrage, poste quand même le rapport.

  • Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
  • Enregistre le sous sur ton bureau sous le nom de CFScript.txt
  • Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :

  • Cela va relancer Combofix. Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.
    17 Mai 2008 14:17:55

    Oui c'est moi qui ai créé ce c:/Temp

    Merci je fais la manoeuvre et te redonne le rapport
    17 Mai 2008 14:35:29

    Voici le rapport de Combofix

    ComboFix 08-05-15.3 - Fred 2008-05-17 14:21:30.4 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.589 [GMT 2:00]
    Endroit: C:\Documents and Settings\Fred\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Fred\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration
    * Resident AV is active


    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    C:\WINDOWS\BM3f80a264.xml
    C:\windows\system32\ddcCVpon.dll
    C:\WINDOWS\system32\edbkpmij.dll
    C:\WINDOWS\system32\ehmclstl.dll
    C:\windows\system32\ekesumls.dll
    C:\WINDOWS\system32\ekesumls.dll
    C:\WINDOWS\system32\feubjauh.dll
    C:\WINDOWS\system32\fupmbnxf.dll
    C:\WINDOWS\system32\gfedkauk.dll
    C:\windows\system32\hgGaXOGa.dll
    C:\windows\system32\ipejfejr.dll
    C:\WINDOWS\system32\iwlwmrns.dll
    C:\WINDOWS\system32\kncqgdlf.dll
    C:\WINDOWS\system32\nicaikoc.dll
    C:\WINDOWS\system32\pupheghq.dll
    C:\WINDOWS\system32\qlebnpgw.dll
    C:\WINDOWS\system32\slmuseke.ini
    C:\WINDOWS\system32\tttwadlm.dll
    C:\WINDOWS\system32\uksaprdn.dll
    C:\WINDOWS\version.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Fred\Application Data\inst.exe
    C:\Documents and Settings\Fred\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
    C:\Program Files\BOONTYGames
    C:\Program Files\BOONTYGames\Components\bureau.url
    C:\Program Files\BOONTYGames\Components\Joystick.ico
    C:\Program Files\BOONTYGames\Components\start.url
    C:\Program Files\Fichiers communs\BOONTY Shared
    C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    C:\VundoFix Backups
    C:\WINDOWS\BM3f80a264.xml
    C:\windows\pskt.ini
    C:\WINDOWS\system32\edbkpmij.dll
    C:\WINDOWS\system32\ehmclstl.dll
    C:\WINDOWS\system32\ekesumls.dll
    C:\windows\system32\ekudxkmk.ini
    C:\WINDOWS\system32\feubjauh.dll
    C:\WINDOWS\system32\fupmbnxf.dll
    C:\WINDOWS\system32\gfedkauk.dll
    C:\windows\system32\hgGaXOGa.dll
    C:\windows\system32\ipejfejr.dll
    C:\WINDOWS\system32\iwlwmrns.dll
    C:\WINDOWS\system32\kncqgdlf.dll
    C:\WINDOWS\system32\nicaikoc.dll
    C:\WINDOWS\system32\pupheghq.dll
    C:\WINDOWS\system32\qlebnpgw.dll
    C:\WINDOWS\system32\slmuseke.ini
    C:\windows\system32\t.txt
    C:\WINDOWS\system32\tttwadlm.dll
    C:\WINDOWS\system32\uksaprdn.dll
    C:\windows\system32\uvCKRXbc.ini
    C:\WINDOWS\system32\uvCKRXbc.ini2
    C:\WINDOWS\version.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_BOONTY_GAMES
    -------\Service_Boonty Games


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-17 to 2008-05-17 ))))))))))))))))))))))))))))))))))))
    .

    2008-05-17 14:00 . 2008-05-17 14:00 134,144 --a------ C:\WINDOWS\system32\olxnshug.dll
    2008-05-17 13:57 . 2008-05-17 13:57 116,224 --a------ C:\WINDOWS\system32\kmkxduke.dll
    2008-05-17 13:52 . 2008-05-17 13:52 125,952 --a------ C:\WINDOWS\system32\hggqymhj.dll
    2008-05-17 13:51 . 2008-05-17 13:51 371,712 --a------ C:\WINDOWS\system32\cbXRKCvu.dll
    2008-05-17 09:24 . 2008-05-17 11:30 <REP> d-------- C:\Program Files\Enigma Software Group
    2008-05-11 13:51 . 2008-05-12 13:50 <REP> d-------- C:\Temp\Driving speed 2
    2008-05-08 18:00 . 2008-05-08 18:00 <REP> d-------- C:\WINDOWS\Club PoM
    2008-05-08 18:00 . 2008-05-08 18:00 290,816 --------- C:\WINDOWS\Setup1.exe
    2008-05-08 17:59 . 2008-05-08 17:59 74,752 --a------ C:\WINDOWS\ST6UNST.EXE
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\templates
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Setup
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\rpplugins
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\producer
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\plugins
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Netscape6
    2008-05-05 19:09 . 2008-05-05 19:31 <REP> d-------- C:\Program Files\library
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Fichiers communs\Real
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Devices
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\DataCache
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\CDBurning
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\browserrecord
    2008-05-05 19:09 . 2008-05-05 19:09 719,360 --a------ C:\Program Files\dbghelp.dll
    2008-05-05 19:09 . 2008-05-05 19:09 692,224 --a------ C:\Program Files\dtdr3260.dll
    2008-05-05 19:09 . 2008-05-05 19:09 659,456 --a------ C:\Program Files\rjbres.dll
    2008-05-05 19:09 . 2008-05-05 19:09 339,968 --a------ C:\Program Files\rjdlg.dll
    2008-05-05 19:09 . 2008-05-05 19:09 308,856 --a------ C:\Program Files\rpbrowserrecordplugin.dll
    2008-05-05 19:09 . 2008-05-05 19:09 214,560 --a------ C:\Program Files\realplay.exe
    2008-05-05 19:09 . 2008-05-05 19:09 153,176 --a------ C:\Program Files\RecordingManager.exe
    2008-05-05 19:09 . 2008-05-05 19:09 139,264 --a------ C:\Program Files\DUNZIP32.dll
    2008-05-05 19:09 . 2008-05-05 19:09 102,400 --a------ C:\Program Files\HXAudioDeviceHook.dll
    2008-05-05 19:09 . 2008-05-05 19:09 98,304 --a------ C:\Program Files\rpshellextension.dll
    2008-05-05 19:09 . 2008-05-05 19:09 95,816 --a------ C:\Program Files\rdsf3260.dll
    2008-05-05 19:09 . 2008-05-05 19:09 86,016 --a------ C:\Program Files\rpplugprot.dll
    2008-05-05 19:09 . 2008-05-05 19:09 81,920 --a------ C:\Program Files\tsasdk.dll
    2008-05-05 19:09 . 2008-05-05 19:09 65,536 --a------ C:\Program Files\rjwmapln.dll
    2008-05-05 19:09 . 2008-05-05 19:09 63,040 --a------ C:\Program Files\rpshell.dll
    2008-05-05 19:09 . 2008-05-05 19:09 57,344 --a------ C:\Program Files\tpasdk.dll
    2008-05-05 19:09 . 2008-05-05 19:09 53,248 --a------ C:\Program Files\rpau3260.dll
    2008-05-05 19:09 . 2008-05-05 19:09 43,088 --a------ C:\Program Files\rpshellsearch.dll
    2008-05-05 19:09 . 2008-05-05 19:09 41,472 --a------ C:\Program Files\mmcdda32.dll
    2008-05-05 19:09 . 2008-05-05 19:09 36,352 --a------ C:\Program Files\ierjplug.dll
    2008-05-05 19:09 . 2008-05-05 19:09 32,768 --a------ C:\Program Files\rpwa3260.dll
    2008-05-05 19:09 . 2008-05-05 19:09 19,456 --a------ C:\Program Files\tnetdtct.dll
    2008-05-05 19:09 . 2008-05-05 19:09 19,456 --a------ C:\Program Files\rjprog.dll
    2008-05-05 19:09 . 2008-05-05 19:09 14,336 --a------ C:\Program Files\wmdmhelper.dll
    2008-05-05 19:09 . 2008-05-05 19:09 9,216 --a------ C:\Program Files\rphelperapp.exe
    2008-05-05 19:09 . 2008-05-05 19:09 7,168 --a------ C:\Program Files\realjbox.exe
    2008-05-05 19:09 . 2008-05-05 19:09 6,656 --a------ C:\Program Files\fixrjb.exe
    2008-05-05 19:09 . 2008-05-05 19:09 1,001 --a------ C:\Program Files\autoplaylist.dat
    2008-05-05 19:09 . 2008-05-05 19:09 685 --a------ C:\Program Files\RecordingManager.exe.manifest
    2008-05-05 19:09 . 2008-05-05 19:09 682 --a------ C:\Program Files\realplay.exe.manifest
    2008-05-05 19:09 . 2008-05-05 19:09 480 --a------ C:\Program Files\keys.dat
    2008-05-05 19:09 . 2008-05-05 19:09 221 --a------ C:\Program Files\subscription.rnx
    2008-05-05 19:09 . 2008-05-05 19:09 71 --a------ C:\Program Files\strs23.dat
    2008-05-05 19:09 . 2008-05-05 19:09 15 --a------ C:\Program Files\strs26.dat
    2008-05-05 19:07 . 2008-05-05 19:07 333,360 --a------ C:\Temp\RealPlayer11GOLD_fr.exe
    2008-04-30 20:23 . 2008-04-30 21:07 <REP> d-------- C:\Temp\Windows XP Corporate SP3
    2008-04-26 21:33 . 2008-04-26 21:33 305,664 --a------ C:\Temp\Xtremsplit.exe
    2008-04-26 13:35 . 2008-04-26 14:39 <REP> d-------- C:\Temp\F1 challenge
    2008-04-26 09:32 . 2008-04-26 10:14 <REP> d-------- C:\Temp\Carte FRANCE v6.75.1409 pour TOMTOM + keygen
    2008-04-21 20:34 . 2008-04-21 20:49 <REP> d-------- C:\Temp\Lexus Race
    2008-04-20 13:44 . 2008-04-20 13:44 <REP> d-------- C:\Documents and Settings\Fred\Application Data\Unigraphics Solutions
    2008-04-20 13:30 . 2008-04-20 13:35 <REP> d-------- C:\Program Files\Solid Edge V12
    2008-04-19 14:40 . 2008-05-01 15:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TrackMania
    2008-04-19 13:13 . 2008-04-19 14:24 <REP> d-------- C:\Temp\Trackmania Forever Addon

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-16 17:32 --------- d-----w C:\Documents and Settings\Fred\Application Data\XnView
    2008-05-15 20:17 --------- d-----w C:\Program Files\FlashFXP
    2008-05-14 19:31 --------- d-----w C:\Program Files\FlashGet
    2008-05-04 18:17 --------- d-----w C:\Program Files\Mozilla Thunderbird
    2008-05-01 13:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-28 17:33 --------- d-----w C:\Documents and Settings\Fred\Application Data\Vso
    2008-04-20 10:20 --------- d-----w C:\Program Files\Google SketchUp 6
    2008-03-29 19:27 --------- d-----w C:\Program Files\Microsoft ActiveSync
    2008-03-25 04:51 621,344 ----a-w C:\windows\system32\mswstr10.dll
    2008-03-25 04:51 194,144 ----a-w C:\windows\system32\msjint40.dll
    2008-03-24 12:46 --------- d-----w C:\Program Files\MP3toringtone
    2008-03-20 08:09 1,845,376 ----a-w C:\windows\system32\win32k.sys
    2008-03-01 12:58 826,368 ----a-w C:\windows\system32\wininet.dll
    2008-02-20 06:51 282,624 ----a-w C:\windows\system32\gdi32.dll
    2008-02-20 05:35 45,568 ----a-w C:\windows\system32\dnsrslvr.dll
    2007-09-09 09:03 47,360 ----a-w C:\Documents and Settings\Fred\Application Data\pcouffin.sys
    2007-04-16 15:53 192 --sh--r C:\windows\inf\sdatabl.sav.bin
    .

    ((((((((((((((((((((((((((((( snapshot@2008-05-17_11.07.39.93 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-05-17 09:00:58 2,048 --s-a-w C:\windows\bootstat.dat
    + 2008-05-17 12:27:00 2,048 --s-a-w C:\windows\bootstat.dat
    - 2008-05-17 07:55:55 78,228 ----a-w C:\windows\system32\perfc009.dat
    + 2008-05-17 09:53:55 78,228 ----a-w C:\windows\system32\perfc009.dat
    - 2008-05-17 07:55:55 95,800 ----a-w C:\windows\system32\perfc00C.dat
    + 2008-05-17 09:53:55 95,800 ----a-w C:\windows\system32\perfc00C.dat
    - 2008-05-17 07:55:55 439,224 ----a-w C:\windows\system32\perfh009.dat
    + 2008-05-17 09:53:55 439,224 ----a-w C:\windows\system32\perfh009.dat
    - 2008-05-17 07:55:55 511,964 ----a-w C:\windows\system32\perfh00C.dat
    + 2008-05-17 09:53:55 511,964 ----a-w C:\windows\system32\perfh00C.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1A4CFBF2-89B6-4579-8C21-096C9902E8A4}]
    2008-05-17 13:51 371712 --a------ C:\windows\system32\cbXRKCvu.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fecd6c14-d53f-4973-8dc5-77984c35d055}]
    2008-05-17 14:00 134144 --a------ C:\windows\system32\olxnshug.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-12-13 18:49 1185120]

    [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
    [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-12-13 18:49 1185120]

    [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
    [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-19 16:09 15360]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 15:07 1289000]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ULiRaid5289"="C:\Program Files\ULI5289\ULi5289.exe" [2005-06-07 15:16 409600]
    "RCSystem"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25 49152]
    "AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25 49152]
    "VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 11:34 122880]
    "CTHelper"="CTHELPER.EXE" [2006-08-17 11:32 17920 C:\WINDOWS\CTHELPER.EXE]
    "CTxfiHlp"="CTXFIHLP.EXE" [2006-08-17 11:32 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
    "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
    "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 10:33 892928]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]
    "NvCplDaemon"="C:\windows\system32\NvCpl.dll" [2007-06-29 00:43 8466432]
    "nwiz"="nwiz.exe" [2007-06-29 00:43 1626112 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\windows\system32\NvMcTray.dll" [2007-06-29 00:43 81920]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
    C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 22:34 24576 C:\Program Files\AlienGUIse\fastload.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=wbsys.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.ACDV"= ACDV.dll
    "vidc.yv12"= yv12vfw.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage d'Office.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage d'Office.lnk
    backup=C:\windows\pss\Démarrage d'Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Recherche accélérée.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Recherche accélérée.lnk
    backup=C:\windows\pss\Microsoft Recherche accélérée.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    C:\Program Files\MSN Messenger\msnmsgr.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "EVEREST AutoStart"=C:\Program Files\Everest Ultimate Edition v.3.0\everest.exe
    "ctfmon.exe"=C:\windows\system32\ctfmon.exe
    "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Device Detector"=DevDetect.exe -autorun
    "CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
    "ISUSPM Startup"=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    "nod32kui"="C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    "SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "C:\\Program Files\\FlashGet\\FlashGet.exe"=
    "C:\\Program Files\\FileZilla\\FileZilla.exe"=
    "C:\\Jeux\\Unreal Tournament 3\\Binaries\\UT3.exe"=
    "C:\\Jeux\\Hellgate London\\Launcher.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Jeux\\Battlefield 2142\\BF2142.exe"=
    "C:\\ijji\\ENGLISH\\u_skid.exe"=
    "C:\\Jeux\\DriftCity\\DriftCity.exe"=
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "C:\\Program Files\\Sprite Software\\Sprite Backup\\spriteservice.exe"=
    "C:\\Jeux\\TmUnitedForever\\TmForever.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "8352:TCP"= 8352:TCP:BitComet 8352 TCP
    "8352:UDP"= 8352:UDP:BitComet 8352 UDP
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R0 m5289;m5289;C:\windows\system32\drivers\m5289.sys [2005-07-04 14:21]
    R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\windows\system32\drivers\sfsync03.sys [2005-12-06 17:11]
    R0 uliagpkx;ULi AGP Bus Filter Driver;C:\windows\system32\DRIVERS\agpkx.sys [2005-05-03 17:31]
    R1 oreans32;oreans32;C:\windows\system32\drivers\oreans32.sys [2007-07-21 08:50]
    R2 UxTuneUp;Extension de conception TuneUp;C:\windows\System32\svchost.exe [2004-08-19 16:10]
    R3 ha20x2k;Creative 20X HAL Driver;C:\windows\system32\drivers\ha20x2k.sys [2006-08-17 11:16]
    R3 LCcfltr;Logitech USB Filter Driver;C:\windows\system32\drivers\lccfltr.sys [2004-03-03 10:50]
    R3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\windows\system32\DRIVERS\ULILAN51.SYS [2005-03-22 20:36]
    S3 hamachi_oem;PlayLinc Adapter;C:\windows\system32\DRIVERS\gan_adapter.sys [2006-10-19 13:11]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-04-11 15:16:03 C:\windows\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-17 14:27:32
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    --------------------- DLLs a charg‚ sous des processus courants ---------------------

    PROCESS: C:\windows\system32\lsass.exe
    -> C:\Program Files\Eset\pr_imon.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\AlienGUIse\wbload.exe
    C:\WINDOWS\system32\CTSVCCDA.EXE
    C:\Program Files\ESET\nod32krn.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\RAXCO\PerfectDisk\PDAgent.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\CTXFISPI.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.exe
    C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
    C:\WINDOWS\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-05-17 14:32:31 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-05-17 12:32:28
    ComboFix2.txt 2008-05-17 11:44:28
    ComboFix3.txt 2008-05-17 11:22:25
    ComboFix4.txt 2008-05-17 09:09:52

    Pre-Run: 17,556,213,760 octets libres
    Post-Run: 17,540,603,904 octets libres

    322 --- E O F --- 2008-05-14 19:32:26
    17 Mai 2008 14:53:46

    Re,

    Je te conseille fortement de vider ce dossier C:\temp !

    Sélectionne l'intégralité du cadre ci-dessous :

    File::
    C:\windows\system32\cbXRKCvu.dll
    C:\windows\system32\olxnshug.dll
    C:\WINDOWS\system32\kmkxduke.dll
    C:\WINDOWS\system32\hggqymhj.dll

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1A4CFBF2-89B6-4579-8C21-096C9902E8A4}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fecd6c14-d53f-4973-8dc5-77984c35d055}]


    Cela va relancer Combofix. Après redémarrage, poste le contenu du rapport ComboFix.txt.
    S'il n'y a pas de rédémarrage, poste quand même le rapport.

  • Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
  • Enregistre le sous sur ton bureau sous le nom de CFScript.txt
  • Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :

  • Cela va relancer Combofix. Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.
    17 Mai 2008 15:32:31

    J'ai supprimé le fichier Temp (il n'y avait pas grand chose d'important dedans)

    Voici le nouveau rapport:

    ComboFix 08-05-15.3 - Fred 2008-05-17 15:17:02.5 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.585 [GMT 2:00]
    Endroit: C:\Documents and Settings\Fred\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Fred\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration
    * Resident AV is active


    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    C:\windows\system32\cbXRKCvu.dll
    C:\WINDOWS\system32\hggqymhj.dll
    C:\WINDOWS\system32\kmkxduke.dll
    C:\windows\system32\olxnshug.dll
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\windows\pskt.ini
    C:\windows\system32\cbXRKCvu.dll
    C:\WINDOWS\system32\hggqymhj.dll
    C:\WINDOWS\system32\kmkxduke.dll
    C:\windows\system32\olxnshug.dll
    C:\windows\system32\uvCKRXbc.ini
    C:\WINDOWS\system32\uvCKRXbc.ini2
    C:\windows\system32\xiiloqcr.ini

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-17 to 2008-05-17 ))))))))))))))))))))))))))))))))))))
    .

    2008-05-17 15:02 . 2008-05-17 15:02 134,144 --a------ C:\WINDOWS\system32\uutpbtba.dll
    2008-05-17 15:02 . 2008-05-17 15:02 116,224 --a------ C:\WINDOWS\system32\rcqoliix.dll
    2008-05-17 14:57 . 2008-05-17 14:57 125,952 --a------ C:\WINDOWS\system32\bqwhffgn.dll
    2008-05-17 14:57 . 2008-05-17 15:25 109,807 --a------ C:\WINDOWS\BM3f80a264.xml
    2008-05-17 09:24 . 2008-05-17 11:30 <REP> d-------- C:\Program Files\Enigma Software Group
    2008-05-08 18:00 . 2008-05-08 18:00 <REP> d-------- C:\WINDOWS\Club PoM
    2008-05-08 18:00 . 2008-05-08 18:00 290,816 --------- C:\WINDOWS\Setup1.exe
    2008-05-08 17:59 . 2008-05-08 17:59 74,752 --a------ C:\WINDOWS\ST6UNST.EXE
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\templates
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Setup
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\rpplugins
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\producer
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\plugins
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Netscape6
    2008-05-05 19:09 . 2008-05-05 19:31 <REP> d-------- C:\Program Files\library
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Fichiers communs\Real
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Devices
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\DataCache
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\CDBurning
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\browserrecord
    2008-05-05 19:09 . 2008-05-05 19:09 719,360 --a------ C:\Program Files\dbghelp.dll
    2008-05-05 19:09 . 2008-05-05 19:09 692,224 --a------ C:\Program Files\dtdr3260.dll
    2008-05-05 19:09 . 2008-05-05 19:09 659,456 --a------ C:\Program Files\rjbres.dll
    2008-05-05 19:09 . 2008-05-05 19:09 339,968 --a------ C:\Program Files\rjdlg.dll
    2008-05-05 19:09 . 2008-05-05 19:09 308,856 --a------ C:\Program Files\rpbrowserrecordplugin.dll
    2008-05-05 19:09 . 2008-05-05 19:09 214,560 --a------ C:\Program Files\realplay.exe
    2008-05-05 19:09 . 2008-05-05 19:09 153,176 --a------ C:\Program Files\RecordingManager.exe
    2008-05-05 19:09 . 2008-05-05 19:09 139,264 --a------ C:\Program Files\DUNZIP32.dll
    2008-05-05 19:09 . 2008-05-05 19:09 102,400 --a------ C:\Program Files\HXAudioDeviceHook.dll
    2008-05-05 19:09 . 2008-05-05 19:09 98,304 --a------ C:\Program Files\rpshellextension.dll
    2008-05-05 19:09 . 2008-05-05 19:09 95,816 --a------ C:\Program Files\rdsf3260.dll
    2008-05-05 19:09 . 2008-05-05 19:09 86,016 --a------ C:\Program Files\rpplugprot.dll
    2008-05-05 19:09 . 2008-05-05 19:09 81,920 --a------ C:\Program Files\tsasdk.dll
    2008-05-05 19:09 . 2008-05-05 19:09 65,536 --a------ C:\Program Files\rjwmapln.dll
    2008-05-05 19:09 . 2008-05-05 19:09 63,040 --a------ C:\Program Files\rpshell.dll
    2008-05-05 19:09 . 2008-05-05 19:09 57,344 --a------ C:\Program Files\tpasdk.dll
    2008-05-05 19:09 . 2008-05-05 19:09 53,248 --a------ C:\Program Files\rpau3260.dll
    2008-05-05 19:09 . 2008-05-05 19:09 43,088 --a------ C:\Program Files\rpshellsearch.dll
    2008-05-05 19:09 . 2008-05-05 19:09 41,472 --a------ C:\Program Files\mmcdda32.dll
    2008-05-05 19:09 . 2008-05-05 19:09 36,352 --a------ C:\Program Files\ierjplug.dll
    2008-05-05 19:09 . 2008-05-05 19:09 32,768 --a------ C:\Program Files\rpwa3260.dll
    2008-05-05 19:09 . 2008-05-05 19:09 19,456 --a------ C:\Program Files\tnetdtct.dll
    2008-05-05 19:09 . 2008-05-05 19:09 19,456 --a------ C:\Program Files\rjprog.dll
    2008-05-05 19:09 . 2008-05-05 19:09 14,336 --a------ C:\Program Files\wmdmhelper.dll
    2008-05-05 19:09 . 2008-05-05 19:09 9,216 --a------ C:\Program Files\rphelperapp.exe
    2008-05-05 19:09 . 2008-05-05 19:09 7,168 --a------ C:\Program Files\realjbox.exe
    2008-05-05 19:09 . 2008-05-05 19:09 6,656 --a------ C:\Program Files\fixrjb.exe
    2008-05-05 19:09 . 2008-05-05 19:09 1,001 --a------ C:\Program Files\autoplaylist.dat
    2008-05-05 19:09 . 2008-05-05 19:09 685 --a------ C:\Program Files\RecordingManager.exe.manifest
    2008-05-05 19:09 . 2008-05-05 19:09 682 --a------ C:\Program Files\realplay.exe.manifest
    2008-05-05 19:09 . 2008-05-05 19:09 480 --a------ C:\Program Files\keys.dat
    2008-05-05 19:09 . 2008-05-05 19:09 221 --a------ C:\Program Files\subscription.rnx
    2008-05-05 19:09 . 2008-05-05 19:09 71 --a------ C:\Program Files\strs23.dat
    2008-05-05 19:09 . 2008-05-05 19:09 15 --a------ C:\Program Files\strs26.dat
    2008-04-20 13:44 . 2008-04-20 13:44 <REP> d-------- C:\Documents and Settings\Fred\Application Data\Unigraphics Solutions
    2008-04-20 13:30 . 2008-04-20 13:35 <REP> d-------- C:\Program Files\Solid Edge V12
    2008-04-19 14:40 . 2008-05-01 15:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TrackMania

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-16 17:32 --------- d-----w C:\Documents and Settings\Fred\Application Data\XnView
    2008-05-15 20:17 --------- d-----w C:\Program Files\FlashFXP
    2008-05-14 19:31 --------- d-----w C:\Program Files\FlashGet
    2008-05-04 18:17 --------- d-----w C:\Program Files\Mozilla Thunderbird
    2008-05-01 13:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-28 17:33 --------- d-----w C:\Documents and Settings\Fred\Application Data\Vso
    2008-04-20 10:20 --------- d-----w C:\Program Files\Google SketchUp 6
    2008-03-29 19:27 --------- d-----w C:\Program Files\Microsoft ActiveSync
    2008-03-25 04:51 621,344 ----a-w C:\windows\system32\mswstr10.dll
    2008-03-25 04:51 194,144 ----a-w C:\windows\system32\msjint40.dll
    2008-03-24 12:46 --------- d-----w C:\Program Files\MP3toringtone
    2008-03-20 08:09 1,845,376 ----a-w C:\windows\system32\win32k.sys
    2008-03-01 12:58 826,368 ----a-w C:\windows\system32\wininet.dll
    2008-02-20 06:51 282,624 ----a-w C:\windows\system32\gdi32.dll
    2008-02-20 05:35 45,568 ----a-w C:\windows\system32\dnsrslvr.dll
    2007-09-09 09:03 47,360 ----a-w C:\Documents and Settings\Fred\Application Data\pcouffin.sys
    2007-04-16 15:53 192 --sh--r C:\windows\inf\sdatabl.sav.bin
    .

    ((((((((((((((((((((((((((((( snapshot@2008-05-17_11.07.39.93 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-05-17 09:00:58 2,048 --s-a-w C:\windows\bootstat.dat
    + 2008-05-17 13:22:23 2,048 --s-a-w C:\windows\bootstat.dat
    - 2008-05-17 07:55:55 78,228 ----a-w C:\windows\system32\perfc009.dat
    + 2008-05-17 09:53:55 78,228 ----a-w C:\windows\system32\perfc009.dat
    - 2008-05-17 07:55:55 95,800 ----a-w C:\windows\system32\perfc00C.dat
    + 2008-05-17 09:53:55 95,800 ----a-w C:\windows\system32\perfc00C.dat
    - 2008-05-17 07:55:55 439,224 ----a-w C:\windows\system32\perfh009.dat
    + 2008-05-17 09:53:55 439,224 ----a-w C:\windows\system32\perfh009.dat
    - 2008-05-17 07:55:55 511,964 ----a-w C:\windows\system32\perfh00C.dat
    + 2008-05-17 09:53:55 511,964 ----a-w C:\windows\system32\perfh00C.dat
    + 2008-05-17 13:23:46 16,384 --sha-w C:\windows\TEMP\Cookies\index.dat
    + 2008-05-17 13:23:46 32,768 --sha-w C:\windows\TEMP\Fichiers Internet temporaires\Content.IE5\index.dat
    + 2008-05-17 13:23:46 16,384 --sha-w C:\windows\TEMP\History\History.IE5\index.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d2e57eff-1336-40b0-97c9-38b4371ca742}]
    2008-05-17 15:02 134144 --a------ C:\windows\system32\uutpbtba.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-12-13 18:49 1185120]

    [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
    [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-12-13 18:49 1185120]

    [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
    [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-19 16:09 15360]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 15:07 1289000]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ULiRaid5289"="C:\Program Files\ULI5289\ULi5289.exe" [2005-06-07 15:16 409600]
    "RCSystem"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25 49152]
    "AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25 49152]
    "VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 11:34 122880]
    "CTHelper"="CTHELPER.EXE" [2006-08-17 11:32 17920 C:\WINDOWS\CTHELPER.EXE]
    "CTxfiHlp"="CTXFIHLP.EXE" [2006-08-17 11:32 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
    "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
    "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 10:33 892928]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]
    "NvCplDaemon"="C:\windows\system32\NvCpl.dll" [2007-06-29 00:43 8466432]
    "nwiz"="nwiz.exe" [2007-06-29 00:43 1626112 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\windows\system32\NvMcTray.dll" [2007-06-29 00:43 81920]
    "3cb391f8"="C:\windows\system32\rcqoliix.dll" [2008-05-17 15:02 116224]
    "BM3f80a264"="C:\windows\system32\bqwhffgn.dll" [2008-05-17 14:57 125952]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
    C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 22:34 24576 C:\Program Files\AlienGUIse\fastload.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=wbsys.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.ACDV"= ACDV.dll
    "vidc.yv12"= yv12vfw.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage d'Office.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage d'Office.lnk
    backup=C:\windows\pss\Démarrage d'Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Recherche accélérée.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Recherche accélérée.lnk
    backup=C:\windows\pss\Microsoft Recherche accélérée.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    C:\Program Files\MSN Messenger\msnmsgr.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "EVEREST AutoStart"=C:\Program Files\Everest Ultimate Edition v.3.0\everest.exe
    "ctfmon.exe"=C:\windows\system32\ctfmon.exe
    "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Device Detector"=DevDetect.exe -autorun
    "CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
    "ISUSPM Startup"=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    "nod32kui"="C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    "SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "C:\\Program Files\\FlashGet\\FlashGet.exe"=
    "C:\\Program Files\\FileZilla\\FileZilla.exe"=
    "C:\\Jeux\\Unreal Tournament 3\\Binaries\\UT3.exe"=
    "C:\\Jeux\\Hellgate London\\Launcher.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Jeux\\Battlefield 2142\\BF2142.exe"=
    "C:\\ijji\\ENGLISH\\u_skid.exe"=
    "C:\\Jeux\\DriftCity\\DriftCity.exe"=
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "C:\\Program Files\\Sprite Software\\Sprite Backup\\spriteservice.exe"=
    "C:\\Jeux\\TmUnitedForever\\TmForever.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "8352:TCP"= 8352:TCP:BitComet 8352 TCP
    "8352:UDP"= 8352:UDP:BitComet 8352 UDP
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R0 m5289;m5289;C:\windows\system32\drivers\m5289.sys [2005-07-04 14:21]
    R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\windows\system32\drivers\sfsync03.sys [2005-12-06 17:11]
    R0 uliagpkx;ULi AGP Bus Filter Driver;C:\windows\system32\DRIVERS\agpkx.sys [2005-05-03 17:31]
    R1 oreans32;oreans32;C:\windows\system32\drivers\oreans32.sys [2007-07-21 08:50]
    R2 UxTuneUp;Extension de conception TuneUp;C:\windows\System32\svchost.exe [2004-08-19 16:10]
    R3 ha20x2k;Creative 20X HAL Driver;C:\windows\system32\drivers\ha20x2k.sys [2006-08-17 11:16]
    R3 LCcfltr;Logitech USB Filter Driver;C:\windows\system32\drivers\lccfltr.sys [2004-03-03 10:50]
    R3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\windows\system32\DRIVERS\ULILAN51.SYS [2005-03-22 20:36]
    S3 hamachi_oem;PlayLinc Adapter;C:\windows\system32\DRIVERS\gan_adapter.sys [2006-10-19 13:11]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-04-11 15:16:03 C:\windows\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-17 15:23:57
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    --------------------- DLLs a charg‚ sous des processus courants ---------------------

    PROCESS: C:\windows\system32\lsass.exe
    -> C:\Program Files\Eset\pr_imon.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\AlienGUIse\wbload.exe
    C:\WINDOWS\system32\CTSVCCDA.EXE
    C:\Program Files\ESET\nod32krn.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\RAXCO\PerfectDisk\PDAgent.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\CTXFISPI.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.exe
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-05-17 15:28:59 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-05-17 13:28:53
    ComboFix2.txt 2008-05-17 12:32:33
    ComboFix3.txt 2008-05-17 11:44:28
    ComboFix4.txt 2008-05-17 11:22:25
    ComboFix5.txt 2008-05-17 09:09:52

    Pre-Run: 29,043,687,424 octets libres
    Post-Run: 29,033,414,656 octets libres

    275 --- E O F --- 2008-05-14 19:32:26
    17 Mai 2008 17:24:26

    Up!!!!

    C'est nettoyé maintenant ou non??
    17 Mai 2008 18:56:58

    J'ai refait un combofix en mode sans echec et un passage de hijachthis en mode normal voila les resultats:

    Combofix:

    ComboFix 08-05-15.3 - Fred 2008-05-17 18:41:29.6 - NTFSx86 MINIMAL
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.796 [GMT 2:00]
    Endroit: C:\Documents and Settings\Fred\Bureau\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\windows\pskt.ini

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-04-17 to 2008-05-17 ))))))))))))))))))))))))))))))))))))
    .

    2008-05-17 15:29 . 2008-05-17 18:21 414 ---hs---- C:\WINDOWS\system32\xiiloqcr.ini
    2008-05-17 15:02 . 2008-05-17 15:02 134,144 --a------ C:\WINDOWS\system32\uutpbtba.dll
    2008-05-17 15:02 . 2008-05-17 15:02 116,224 --a------ C:\WINDOWS\system32\rcqoliix.dll
    2008-05-17 14:57 . 2008-05-17 14:57 125,952 --a------ C:\WINDOWS\system32\bqwhffgn.dll
    2008-05-17 14:57 . 2008-05-17 17:20 109,836 --a------ C:\WINDOWS\BM3f80a264.xml
    2008-05-17 09:24 . 2008-05-17 11:30 <REP> d-------- C:\Program Files\Enigma Software Group
    2008-05-08 18:00 . 2008-05-08 18:00 <REP> d-------- C:\WINDOWS\Club PoM
    2008-05-08 18:00 . 2008-05-08 18:00 290,816 --------- C:\WINDOWS\Setup1.exe
    2008-05-08 17:59 . 2008-05-08 17:59 74,752 --a------ C:\WINDOWS\ST6UNST.EXE
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\templates
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Setup
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\rpplugins
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\producer
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\plugins
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Netscape6
    2008-05-05 19:09 . 2008-05-05 19:31 <REP> d-------- C:\Program Files\library
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Fichiers communs\Real
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Devices
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\DataCache
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\CDBurning
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\browserrecord
    2008-05-05 19:09 . 2008-05-05 19:09 719,360 --a------ C:\Program Files\dbghelp.dll
    2008-05-05 19:09 . 2008-05-05 19:09 692,224 --a------ C:\Program Files\dtdr3260.dll
    2008-05-05 19:09 . 2008-05-05 19:09 659,456 --a------ C:\Program Files\rjbres.dll
    2008-05-05 19:09 . 2008-05-05 19:09 339,968 --a------ C:\Program Files\rjdlg.dll
    2008-05-05 19:09 . 2008-05-05 19:09 308,856 --a------ C:\Program Files\rpbrowserrecordplugin.dll
    2008-05-05 19:09 . 2008-05-05 19:09 214,560 --a------ C:\Program Files\realplay.exe
    2008-05-05 19:09 . 2008-05-05 19:09 153,176 --a------ C:\Program Files\RecordingManager.exe
    2008-05-05 19:09 . 2008-05-05 19:09 139,264 --a------ C:\Program Files\DUNZIP32.dll
    2008-05-05 19:09 . 2008-05-05 19:09 102,400 --a------ C:\Program Files\HXAudioDeviceHook.dll
    2008-05-05 19:09 . 2008-05-05 19:09 98,304 --a------ C:\Program Files\rpshellextension.dll
    2008-05-05 19:09 . 2008-05-05 19:09 95,816 --a------ C:\Program Files\rdsf3260.dll
    2008-05-05 19:09 . 2008-05-05 19:09 86,016 --a------ C:\Program Files\rpplugprot.dll
    2008-05-05 19:09 . 2008-05-05 19:09 81,920 --a------ C:\Program Files\tsasdk.dll
    2008-05-05 19:09 . 2008-05-05 19:09 65,536 --a------ C:\Program Files\rjwmapln.dll
    2008-05-05 19:09 . 2008-05-05 19:09 63,040 --a------ C:\Program Files\rpshell.dll
    2008-05-05 19:09 . 2008-05-05 19:09 57,344 --a------ C:\Program Files\tpasdk.dll
    2008-05-05 19:09 . 2008-05-05 19:09 53,248 --a------ C:\Program Files\rpau3260.dll
    2008-05-05 19:09 . 2008-05-05 19:09 43,088 --a------ C:\Program Files\rpshellsearch.dll
    2008-05-05 19:09 . 2008-05-05 19:09 41,472 --a------ C:\Program Files\mmcdda32.dll
    2008-05-05 19:09 . 2008-05-05 19:09 36,352 --a------ C:\Program Files\ierjplug.dll
    2008-05-05 19:09 . 2008-05-05 19:09 32,768 --a------ C:\Program Files\rpwa3260.dll
    2008-05-05 19:09 . 2008-05-05 19:09 19,456 --a------ C:\Program Files\tnetdtct.dll
    2008-05-05 19:09 . 2008-05-05 19:09 19,456 --a------ C:\Program Files\rjprog.dll
    2008-05-05 19:09 . 2008-05-05 19:09 14,336 --a------ C:\Program Files\wmdmhelper.dll
    2008-05-05 19:09 . 2008-05-05 19:09 9,216 --a------ C:\Program Files\rphelperapp.exe
    2008-05-05 19:09 . 2008-05-05 19:09 7,168 --a------ C:\Program Files\realjbox.exe
    2008-05-05 19:09 . 2008-05-05 19:09 6,656 --a------ C:\Program Files\fixrjb.exe
    2008-05-05 19:09 . 2008-05-05 19:09 1,001 --a------ C:\Program Files\autoplaylist.dat
    2008-05-05 19:09 . 2008-05-05 19:09 685 --a------ C:\Program Files\RecordingManager.exe.manifest
    2008-05-05 19:09 . 2008-05-05 19:09 682 --a------ C:\Program Files\realplay.exe.manifest
    2008-05-05 19:09 . 2008-05-05 19:09 480 --a------ C:\Program Files\keys.dat
    2008-05-05 19:09 . 2008-05-05 19:09 221 --a------ C:\Program Files\subscription.rnx
    2008-05-05 19:09 . 2008-05-05 19:09 71 --a------ C:\Program Files\strs23.dat
    2008-05-05 19:09 . 2008-05-05 19:09 15 --a------ C:\Program Files\strs26.dat
    2008-04-20 13:44 . 2008-04-20 13:44 <REP> d-------- C:\Documents and Settings\Fred\Application Data\Unigraphics Solutions
    2008-04-20 13:30 . 2008-04-20 13:35 <REP> d-------- C:\Program Files\Solid Edge V12
    2008-04-19 14:40 . 2008-05-01 15:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TrackMania

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-17 16:00 --------- d-----w C:\Documents and Settings\Fred\Application Data\XnView
    2008-05-15 20:17 --------- d-----w C:\Program Files\FlashFXP
    2008-05-14 19:31 --------- d-----w C:\Program Files\FlashGet
    2008-05-04 18:17 --------- d-----w C:\Program Files\Mozilla Thunderbird
    2008-05-01 13:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-28 17:33 --------- d-----w C:\Documents and Settings\Fred\Application Data\Vso
    2008-04-20 10:20 --------- d-----w C:\Program Files\Google SketchUp 6
    2008-03-29 19:27 --------- d-----w C:\Program Files\Microsoft ActiveSync
    2008-03-25 04:51 621,344 ----a-w C:\windows\system32\mswstr10.dll
    2008-03-25 04:51 194,144 ----a-w C:\windows\system32\msjint40.dll
    2008-03-24 12:46 --------- d-----w C:\Program Files\MP3toringtone
    2008-03-20 08:09 1,845,376 ----a-w C:\windows\system32\win32k.sys
    2008-03-01 12:58 826,368 ----a-w C:\windows\system32\wininet.dll
    2008-02-20 06:51 282,624 ----a-w C:\windows\system32\gdi32.dll
    2008-02-20 05:35 45,568 ----a-w C:\windows\system32\dnsrslvr.dll
    2007-09-09 09:03 47,360 ----a-w C:\Documents and Settings\Fred\Application Data\pcouffin.sys
    2007-04-16 15:53 192 --sh--r C:\windows\inf\sdatabl.sav.bin
    .

    ((((((((((((((((((((((((((((( snapshot@2008-05-17_11.07.39.93 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-05-17 09:00:58 2,048 --s-a-w C:\windows\bootstat.dat
    + 2008-05-17 16:40:31 2,048 --s-a-w C:\windows\bootstat.dat
    - 2008-04-06 05:56:20 19,836,024 ----a-w C:\windows\system32\MRT.exe
    + 2008-05-09 21:35:04 16,863,864 ----a-w C:\windows\system32\MRT.exe
    - 2008-05-17 07:55:55 78,228 ----a-w C:\windows\system32\perfc009.dat
    + 2008-05-17 09:53:55 78,228 ----a-w C:\windows\system32\perfc009.dat
    - 2008-05-17 07:55:55 95,800 ----a-w C:\windows\system32\perfc00C.dat
    + 2008-05-17 09:53:55 95,800 ----a-w C:\windows\system32\perfc00C.dat
    - 2008-05-17 07:55:55 439,224 ----a-w C:\windows\system32\perfh009.dat
    + 2008-05-17 09:53:55 439,224 ----a-w C:\windows\system32\perfh009.dat
    - 2008-05-17 07:55:55 511,964 ----a-w C:\windows\system32\perfh00C.dat
    + 2008-05-17 09:53:55 511,964 ----a-w C:\windows\system32\perfh00C.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d2e57eff-1336-40b0-97c9-38b4371ca742}]
    2008-05-17 15:02 134144 --a------ C:\windows\system32\uutpbtba.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-12-13 18:49 1185120]

    [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
    [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-12-13 18:49 1185120]

    [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
    [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-19 16:09 15360]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 15:07 1289000]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ULiRaid5289"="C:\Program Files\ULI5289\ULi5289.exe" [2005-06-07 15:16 409600]
    "RCSystem"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25 49152]
    "AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25 49152]
    "VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 11:34 122880]
    "CTHelper"="CTHELPER.EXE" [2006-08-17 11:32 17920 C:\WINDOWS\CTHELPER.EXE]
    "CTxfiHlp"="CTXFIHLP.EXE" [2006-08-17 11:32 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
    "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
    "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 10:33 892928]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]
    "NvCplDaemon"="C:\windows\system32\NvCpl.dll" [2007-06-29 00:43 8466432]
    "nwiz"="nwiz.exe" [2007-06-29 00:43 1626112 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\windows\system32\NvMcTray.dll" [2007-06-29 00:43 81920]
    "BM3f80a264"="C:\windows\system32\bqwhffgn.dll" [2008-05-17 14:57 125952]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-05-06 08:29:21 688128]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
    C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 22:34 24576 C:\Program Files\AlienGUIse\fastload.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=wbsys.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.ACDV"= ACDV.dll
    "vidc.yv12"= yv12vfw.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage d'Office.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage d'Office.lnk
    backup=C:\windows\pss\Démarrage d'Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Recherche accélérée.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Recherche accélérée.lnk
    backup=C:\windows\pss\Microsoft Recherche accélérée.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    C:\Program Files\MSN Messenger\msnmsgr.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "EVEREST AutoStart"=C:\Program Files\Everest Ultimate Edition v.3.0\everest.exe
    "ctfmon.exe"=C:\windows\system32\ctfmon.exe
    "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Device Detector"=DevDetect.exe -autorun
    "CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
    "ISUSPM Startup"=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    "nod32kui"="C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    "SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "C:\\Program Files\\FlashGet\\FlashGet.exe"=
    "C:\\Program Files\\FileZilla\\FileZilla.exe"=
    "C:\\Jeux\\Unreal Tournament 3\\Binaries\\UT3.exe"=
    "C:\\Jeux\\Hellgate London\\Launcher.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Jeux\\Battlefield 2142\\BF2142.exe"=
    "C:\\ijji\\ENGLISH\\u_skid.exe"=
    "C:\\Jeux\\DriftCity\\DriftCity.exe"=
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "C:\\Program Files\\Sprite Software\\Sprite Backup\\spriteservice.exe"=
    "C:\\Jeux\\TmUnitedForever\\TmForever.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "8352:TCP"= 8352:TCP:BitComet 8352 TCP
    "8352:UDP"= 8352:UDP:BitComet 8352 UDP
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R0 m5289;m5289;C:\windows\system32\drivers\m5289.sys [2005-07-04 14:21]
    R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\windows\system32\drivers\sfsync03.sys [2005-12-06 17:11]
    R0 uliagpkx;ULi AGP Bus Filter Driver;C:\windows\system32\DRIVERS\agpkx.sys [2005-05-03 17:31]
    R3 LCcfltr;Logitech USB Filter Driver;C:\windows\system32\drivers\lccfltr.sys [2004-03-03 10:50]
    S1 oreans32;oreans32;C:\windows\system32\drivers\oreans32.sys [2007-07-21 08:50]
    S2 UxTuneUp;Extension de conception TuneUp;C:\windows\System32\svchost.exe [2004-08-19 16:10]
    S3 ha20x2k;Creative 20X HAL Driver;C:\windows\system32\drivers\ha20x2k.sys [2006-08-17 11:16]
    S3 hamachi_oem;PlayLinc Adapter;C:\windows\system32\DRIVERS\gan_adapter.sys [2006-10-19 13:11]
    S3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\windows\system32\DRIVERS\ULILAN51.SYS [2005-03-22 20:36]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    *Newly Created Service* - CATCHME
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-04-11 15:16:03 C:\windows\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-17 18:43:48
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-05-17 18:46:16
    ComboFix-quarantined-files.txt 2008-05-17 16:46:15
    ComboFix2.txt 2008-05-17 13:29:01
    ComboFix3.txt 2008-05-17 12:32:33
    ComboFix4.txt 2008-05-17 11:44:28
    ComboFix5.txt 2008-05-17 11:22:25

    Pre-Run: 33,674,719,232 octets libres
    Post-Run: 33,662,332,928 octets libres

    239 --- E O F --- 2008-05-17 13:59:10


    -----------------------------------------------------------------------------------------------
    Et Hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:56:07, on 17/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\windows\System32\smss.exe
    C:\windows\system32\winlogon.exe
    C:\windows\system32\services.exe
    C:\windows\system32\lsass.exe
    C:\windows\system32\svchost.exe
    C:\windows\System32\svchost.exe
    C:\Program Files\AlienGUIse\wbload.exe
    C:\windows\system32\spoolsv.exe
    C:\windows\Explorer.EXE
    C:\Program Files\ULI5289\ULi5289.exe
    C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
    C:\windows\CTHELPER.EXE
    C:\windows\system32\CTXFIHLP.EXE
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\windows\system32\nvsvc32.exe
    C:\windows\system32\RUNDLL32.EXE
    C:\windows\system32\Rundll32.exe
    C:\windows\system32\ctfmon.exe
    C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\windows\SYSTEM32\CTXFISPI.EXE
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
    C:\windows\system32\PnkBstrA.exe
    C:\windows\System32\svchost.exe
    C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
    C:\windows\system32\wscntfy.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\windows\system32\NOTEPAD.EXE
    C:\Documents and Settings\Fred\Bureau\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.diskeeper.com/updates/updates.aspx?RID=&APID...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: {247ac173-4b83-9c79-0b04-6331ffe75e2d} - {d2e57eff-1336-40b0-97c9-38b4371ca742} - C:\windows\system32\uutpbtba.dll
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
    O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O4 - HKLM\..\Run: [ULiRaid5289] C:\Program Files\ULI5289\ULi5289.exe
    O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
    O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
    O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [BM3f80a264] Rundll32.exe "C:\windows\system32\bqwhffgn.dll",s
    O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab
    O18 - Protocol: bw+0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
    O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe (file missing)
    O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (file missing)

    --
    End of file - 22286 bytes



    C'est bon ou non????
    17 Mai 2008 20:19:02

    Re,

    L'infection se regénère :o  :o 

    1) Redémarre le PC, impérativement en Mode sans échec avec prise en charge du réseau.
    Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement > Tapote par alternance les touches [F8] et [F5] jusqu'à l'affichage du menu des options avancées de Windows.
    Sélectionne "Mode sans échec avec prise en charge du réseau" et appuie sur la touche [Entrée].
    Choisis ton compte usuel, et non Administrateur. En image ici (il s'agit du second choix) > http://cybersecurite.xooit.com/t88-Demarre...-sans-echec.htm

    2) Télécharge Dr.Web CureIt sur ton Bureau:
    Rend toi sur cette page afin de télécharger le fichier CureIt.com > http://www.sendspace.com/file/9nnh7y
    pour cela, clique sur le lien en bas de page > Download Link: CureIt.com
  • Double clique sur le fichier drweb-cureit.com
    Si le lien ne marche pas : ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe
    et ensuite clique sur commencer le scan.
  • Clique Ok à l'invite de l'analyse rapide. Ce scan permet l'analyse des processus chargés en mémoire ; s'il trouve des processus infectés, clique le bouton Oui pour tout à l'invite.
    **Note : une fenêtre s'ouvrira avec options pour "Commander" ou "50% de réduction" ; clique sur le "X" pour fermer la fenêtre
  • Lorsque le scan rapide est terminé, Clique sur le menu Options >> Changer la configuration;
  • Choisis l'onglet "Scanner", et décoche "Analyse heuristique". Clique sur "Ok"
  • De retour à la fenêtre principale : clique sur le bouton radio "Analyse complète".
  • Clique sur la flèche verte sur la droite, et le scan débutera.
  • Clique Oui pour tout à l'invite "Désinfecter ?" lorsqu'un fichier est détecté, et ensuite clique sur "Désinfecter".
  • Lorsque le scan sera complété, regarde si tu peux cliquer sur cette icône, adjacente aux fichiers détectés :
  • Si oui, alors clique dessus et ensuite clique sur l'icône "Suivant", au dessous, et choisis Déplacer en quarantaine l'objet indésirable
  • Du menu principal de l'outil, au haut à gauche, clique sur le menu Fichier et choisis Enregistrer le rapport
  • Sauvegarde le rapport sur ton Bureau. Ce dernier se nommera DrWeb.csv
  • Ferme Dr.Web Cureit
  • Redémarre ton ordi (*très important*), car certains fichiers peuvent être déplacés/réparés au redémarrage.
  • Suite au redémarrage, poste (Copie/Colle) le contenu du rapport de l'outil Dr.Web dans ta prochaine réponse.

    ***********

    TOUJOURS EN MODE SANS ECHEC

    Sélectionne l'intégralité du cadre ci-dessous :

    File::
    C:\windows\system32\bqwhffgn.dll
    C:\windows\system32\uutpbtba.dll
    C:\WINDOWS\system32\xiiloqcr.ini
    C:\WINDOWS\system32\rcqoliix.dll
    C:\WINDOWS\BM3f80a264.xml

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d2e57eff-1336-40b0-97c9-38b4371ca742}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BM3f80a264"=-


    Cela va relancer Combofix. Après redémarrage, poste le contenu du rapport ComboFix.txt.
    S'il n'y a pas de rédémarrage, poste quand même le rapport.

  • Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
  • Enregistre le sous sur ton bureau sous le nom de CFScript.txt
  • Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :

  • Cela va relancer Combofix. Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.
    17 Mai 2008 20:45:04

    Merci enormement pour le temps que tu passe à m'aider.

    C'est super sympa.

    Juste un question: aprés l'utilisation de Cureit sur le dernier redemarrage avant l'utilisation de combofix, ce dernier redemarrage doit se faire en mode sans echec ou en mode normal??

    Merci
    17 Mai 2008 20:47:10

    l'acces internet est tellement bloqué que je ne peux voir ton lien:

    http://www.sendspace.com/file/9nnh7y

    Par contre si c'est une image merci de me donner le lien direct car le telechargement fonctionne encore lui
    17 Mai 2008 20:49:58

    Re,

    Redémarre normalement.
    Puis retourne en mode sans échec pour ComboFix :) 

    Le premier lien est en effet invalide, va sur le deuxième ;) 
    18 Mai 2008 08:18:46

    Bonjour,

    Bon cureit a tourné toute la nuit voici le rapport:

    RegUBP2b-Fred.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Supprimé.;
    VipNOCD.EXE;C:\Jeux\Lemmings Revolution;Tool.GameCrack;Irréparable.Quarantaine.;
    3LSEESCA.NQF;C:\Program Files\ESET\infected;Trojan.LowZones.882;Supprimé.;
    5QA35KAA.NQF;C:\Program Files\ESET\infected;Trojan.StartPage.21155;Supprimé.;
    AZ5T01AA.NQF;C:\Program Files\ESET\infected;Trojan.PWS.Egspy;Supprimé.;
    COVR0YCA.NQF;C:\Program Files\ESET\infected;BackDoor.Bulknet.108;Supprimé.;
    F1ONNKBA.NQF;C:\Program Files\ESET\infected;Trojan.Packed.149;Irréparable.Quarantaine.;
    W43QSCBA.NQF;C:\Program Files\ESET\infected;Trojan.Click.17167;Supprimé.;
    WVED3ADA.NQF;C:\Program Files\ESET\infected;BackDoor.Bifrost.79;Supprimé.;
    A0128310.EXE;C:\System Volume Information\_restore{7CF306FA-A981-48CE-A5A9-4A67574EB29F}\RP663;Program.PsExec.170;Irréparable.Quarantaine.;
    A0128422.reg;C:\System Volume Information\_restore{7CF306FA-A981-48CE-A5A9-4A67574EB29F}\RP664;Trojan.StartPage.1505;Supprimé.;


    et voici le rapport de combofix

    ComboFix 08-05-15.3 - Fred 2008-05-18 7:49:01.7 - NTFSx86 NETWORK
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.784 [GMT 2:00]
    Endroit: C:\Documents and Settings\Fred\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Fred\Bureau\CFScript.txt

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    C:\WINDOWS\BM3f80a264.xml
    C:\windows\system32\bqwhffgn.dll
    C:\WINDOWS\system32\rcqoliix.dll
    C:\windows\system32\uutpbtba.dll
    C:\WINDOWS\system32\xiiloqcr.ini
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\BM3f80a264.xml
    C:\windows\pskt.ini
    C:\windows\system32\bqwhffgn.dll
    C:\WINDOWS\system32\rcqoliix.dll
    C:\windows\system32\uutpbtba.dll
    C:\WINDOWS\system32\xiiloqcr.ini

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-04-18 to 2008-05-18 ))))))))))))))))))))))))))))))))))))
    .

    2008-05-17 21:03 . 2008-05-17 21:03 <REP> d-------- C:\Documents and Settings\Fred\DoctorWeb
    2008-05-17 09:24 . 2008-05-17 11:30 <REP> d-------- C:\Program Files\Enigma Software Group
    2008-05-08 18:00 . 2008-05-08 18:00 <REP> d-------- C:\WINDOWS\Club PoM
    2008-05-08 18:00 . 2008-05-08 18:00 290,816 --------- C:\WINDOWS\Setup1.exe
    2008-05-08 17:59 . 2008-05-08 17:59 74,752 --a------ C:\WINDOWS\ST6UNST.EXE
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\templates
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Setup
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\rpplugins
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\producer
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\plugins
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Netscape6
    2008-05-05 19:09 . 2008-05-05 19:31 <REP> d-------- C:\Program Files\library
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Fichiers communs\Real
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Devices
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\DataCache
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\CDBurning
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\browserrecord
    2008-05-05 19:09 . 2008-05-05 19:09 719,360 --a------ C:\Program Files\dbghelp.dll
    2008-05-05 19:09 . 2008-05-05 19:09 692,224 --a------ C:\Program Files\dtdr3260.dll
    2008-05-05 19:09 . 2008-05-05 19:09 659,456 --a------ C:\Program Files\rjbres.dll
    2008-05-05 19:09 . 2008-05-05 19:09 339,968 --a------ C:\Program Files\rjdlg.dll
    2008-05-05 19:09 . 2008-05-05 19:09 308,856 --a------ C:\Program Files\rpbrowserrecordplugin.dll
    2008-05-05 19:09 . 2008-05-05 19:09 214,560 --a------ C:\Program Files\realplay.exe
    2008-05-05 19:09 . 2008-05-05 19:09 153,176 --a------ C:\Program Files\RecordingManager.exe
    2008-05-05 19:09 . 2008-05-05 19:09 139,264 --a------ C:\Program Files\DUNZIP32.dll
    2008-05-05 19:09 . 2008-05-05 19:09 102,400 --a------ C:\Program Files\HXAudioDeviceHook.dll
    2008-05-05 19:09 . 2008-05-05 19:09 98,304 --a------ C:\Program Files\rpshellextension.dll
    2008-05-05 19:09 . 2008-05-05 19:09 95,816 --a------ C:\Program Files\rdsf3260.dll
    2008-05-05 19:09 . 2008-05-05 19:09 86,016 --a------ C:\Program Files\rpplugprot.dll
    2008-05-05 19:09 . 2008-05-05 19:09 81,920 --a------ C:\Program Files\tsasdk.dll
    2008-05-05 19:09 . 2008-05-05 19:09 65,536 --a------ C:\Program Files\rjwmapln.dll
    2008-05-05 19:09 . 2008-05-05 19:09 63,040 --a------ C:\Program Files\rpshell.dll
    2008-05-05 19:09 . 2008-05-05 19:09 57,344 --a------ C:\Program Files\tpasdk.dll
    2008-05-05 19:09 . 2008-05-05 19:09 53,248 --a------ C:\Program Files\rpau3260.dll
    2008-05-05 19:09 . 2008-05-05 19:09 43,088 --a------ C:\Program Files\rpshellsearch.dll
    2008-05-05 19:09 . 2008-05-05 19:09 41,472 --a------ C:\Program Files\mmcdda32.dll
    2008-05-05 19:09 . 2008-05-05 19:09 36,352 --a------ C:\Program Files\ierjplug.dll
    2008-05-05 19:09 . 2008-05-05 19:09 32,768 --a------ C:\Program Files\rpwa3260.dll
    2008-05-05 19:09 . 2008-05-05 19:09 19,456 --a------ C:\Program Files\tnetdtct.dll
    2008-05-05 19:09 . 2008-05-05 19:09 19,456 --a------ C:\Program Files\rjprog.dll
    2008-05-05 19:09 . 2008-05-05 19:09 14,336 --a------ C:\Program Files\wmdmhelper.dll
    2008-05-05 19:09 . 2008-05-05 19:09 9,216 --a------ C:\Program Files\rphelperapp.exe
    2008-05-05 19:09 . 2008-05-05 19:09 7,168 --a------ C:\Program Files\realjbox.exe
    2008-05-05 19:09 . 2008-05-05 19:09 6,656 --a------ C:\Program Files\fixrjb.exe
    2008-05-05 19:09 . 2008-05-05 19:09 1,001 --a------ C:\Program Files\autoplaylist.dat
    2008-05-05 19:09 . 2008-05-05 19:09 685 --a------ C:\Program Files\RecordingManager.exe.manifest
    2008-05-05 19:09 . 2008-05-05 19:09 682 --a------ C:\Program Files\realplay.exe.manifest
    2008-05-05 19:09 . 2008-05-05 19:09 480 --a------ C:\Program Files\keys.dat
    2008-05-05 19:09 . 2008-05-05 19:09 221 --a------ C:\Program Files\subscription.rnx
    2008-05-05 19:09 . 2008-05-05 19:09 71 --a------ C:\Program Files\strs23.dat
    2008-05-05 19:09 . 2008-05-05 19:09 15 --a------ C:\Program Files\strs26.dat
    2008-04-20 13:44 . 2008-04-20 13:44 <REP> d-------- C:\Documents and Settings\Fred\Application Data\Unigraphics Solutions
    2008-04-20 13:30 . 2008-04-20 13:35 <REP> d-------- C:\Program Files\Solid Edge V12
    2008-04-19 14:40 . 2008-05-01 15:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TrackMania

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-17 16:00 --------- d-----w C:\Documents and Settings\Fred\Application Data\XnView
    2008-05-15 20:17 --------- d-----w C:\Program Files\FlashFXP
    2008-05-14 19:31 --------- d-----w C:\Program Files\FlashGet
    2008-05-04 18:17 --------- d-----w C:\Program Files\Mozilla Thunderbird
    2008-05-01 13:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-28 17:33 --------- d-----w C:\Documents and Settings\Fred\Application Data\Vso
    2008-04-20 10:20 --------- d-----w C:\Program Files\Google SketchUp 6
    2008-03-29 19:27 --------- d-----w C:\Program Files\Microsoft ActiveSync
    2008-03-25 04:51 621,344 ----a-w C:\windows\system32\mswstr10.dll
    2008-03-25 04:51 194,144 ----a-w C:\windows\system32\msjint40.dll
    2008-03-24 12:46 --------- d-----w C:\Program Files\MP3toringtone
    2008-03-20 08:09 1,845,376 ----a-w C:\windows\system32\win32k.sys
    2008-03-01 12:58 826,368 ----a-w C:\windows\system32\wininet.dll
    2008-02-20 06:51 282,624 ----a-w C:\windows\system32\gdi32.dll
    2008-02-20 05:35 45,568 ----a-w C:\windows\system32\dnsrslvr.dll
    2007-09-09 09:03 47,360 ----a-w C:\Documents and Settings\Fred\Application Data\pcouffin.sys
    2007-04-16 15:53 192 --sh--r C:\windows\inf\sdatabl.sav.bin
    .

    ((((((((((((((((((((((((((((( snapshot@2008-05-17_11.07.39.93 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-05-17 09:00:58 2,048 --s-a-w C:\windows\bootstat.dat
    + 2008-05-18 05:47:38 2,048 --s-a-w C:\windows\bootstat.dat
    - 2008-04-06 05:56:20 19,836,024 ----a-w C:\windows\system32\MRT.exe
    + 2008-05-09 21:35:04 16,863,864 ----a-w C:\windows\system32\MRT.exe
    - 2008-05-17 07:55:55 78,228 ----a-w C:\windows\system32\perfc009.dat
    + 2008-05-17 09:53:55 78,228 ----a-w C:\windows\system32\perfc009.dat
    - 2008-05-17 07:55:55 95,800 ----a-w C:\windows\system32\perfc00C.dat
    + 2008-05-17 09:53:55 95,800 ----a-w C:\windows\system32\perfc00C.dat
    - 2008-05-17 07:55:55 439,224 ----a-w C:\windows\system32\perfh009.dat
    + 2008-05-17 09:53:55 439,224 ----a-w C:\windows\system32\perfh009.dat
    - 2008-05-17 07:55:55 511,964 ----a-w C:\windows\system32\perfh00C.dat
    + 2008-05-17 09:53:55 511,964 ----a-w C:\windows\system32\perfh00C.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-12-13 18:49 1185120]

    [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
    [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-12-13 18:49 1185120]

    [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
    [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-19 16:09 15360]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 15:07 1289000]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ULiRaid5289"="C:\Program Files\ULI5289\ULi5289.exe" [2005-06-07 15:16 409600]
    "RCSystem"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25 49152]
    "AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25 49152]
    "VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 11:34 122880]
    "CTHelper"="CTHELPER.EXE" [2006-08-17 11:32 17920 C:\WINDOWS\CTHELPER.EXE]
    "CTxfiHlp"="CTXFIHLP.EXE" [2006-08-17 11:32 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
    "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
    "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 10:33 892928]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]
    "NvCplDaemon"="C:\windows\system32\NvCpl.dll" [2007-06-29 00:43 8466432]
    "nwiz"="nwiz.exe" [2007-06-29 00:43 1626112 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\windows\system32\NvMcTray.dll" [2007-06-29 00:43 81920]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-05-06 08:29:21 688128]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
    C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 22:34 24576 C:\Program Files\AlienGUIse\fastload.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=wbsys.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.ACDV"= ACDV.dll
    "vidc.yv12"= yv12vfw.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage d'Office.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage d'Office.lnk
    backup=C:\windows\pss\Démarrage d'Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Recherche accélérée.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Recherche accélérée.lnk
    backup=C:\windows\pss\Microsoft Recherche accélérée.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    C:\Program Files\MSN Messenger\msnmsgr.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "EVEREST AutoStart"=C:\Program Files\Everest Ultimate Edition v.3.0\everest.exe
    "ctfmon.exe"=C:\windows\system32\ctfmon.exe
    "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Device Detector"=DevDetect.exe -autorun
    "CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
    "ISUSPM Startup"=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    "nod32kui"="C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    "SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "C:\\Program Files\\FlashGet\\FlashGet.exe"=
    "C:\\Program Files\\FileZilla\\FileZilla.exe"=
    "C:\\Jeux\\Unreal Tournament 3\\Binaries\\UT3.exe"=
    "C:\\Jeux\\Hellgate London\\Launcher.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Jeux\\Battlefield 2142\\BF2142.exe"=
    "C:\\ijji\\ENGLISH\\u_skid.exe"=
    "C:\\Jeux\\DriftCity\\DriftCity.exe"=
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "C:\\Program Files\\Sprite Software\\Sprite Backup\\spriteservice.exe"=
    "C:\\Jeux\\TmUnitedForever\\TmForever.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "8352:TCP"= 8352:TCP:BitComet 8352 TCP
    "8352:UDP"= 8352:UDP:BitComet 8352 UDP
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R0 m5289;m5289;C:\windows\system32\drivers\m5289.sys [2005-07-04 14:21]
    R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\windows\system32\drivers\sfsync03.sys [2005-12-06 17:11]
    R0 uliagpkx;ULi AGP Bus Filter Driver;C:\windows\system32\DRIVERS\agpkx.sys [2005-05-03 17:31]
    R3 LCcfltr;Logitech USB Filter Driver;C:\windows\system32\drivers\lccfltr.sys [2004-03-03 10:50]
    R3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\windows\system32\DRIVERS\ULILAN51.SYS [2005-03-22 20:36]
    S1 oreans32;oreans32;C:\windows\system32\drivers\oreans32.sys [2007-07-21 08:50]
    S2 UxTuneUp;Extension de conception TuneUp;C:\windows\System32\svchost.exe [2004-08-19 16:10]
    S3 ha20x2k;Creative 20X HAL Driver;C:\windows\system32\drivers\ha20x2k.sys [2006-08-17 11:16]
    S3 hamachi_oem;PlayLinc Adapter;C:\windows\system32\DRIVERS\gan_adapter.sys [2006-10-19 13:11]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-04-11 15:16:03 C:\windows\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-18 07:51:42
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-05-18 7:54:33
    ComboFix-quarantined-files.txt 2008-05-18 05:54:32
    ComboFix2.txt 2008-05-17 16:46:17
    ComboFix3.txt 2008-05-17 13:29:01
    ComboFix4.txt 2008-05-17 12:32:33
    ComboFix5.txt 2008-05-17 11:44:28

    Pre-Run: 33,600,544,768 octets libres
    Post-Run: 33,588,015,104 octets libres

    248 --- E O F --- 2008-05-17 13:59:10

    J'espere que cette fois ça a marché
    18 Mai 2008 08:51:20

    Tant que j'y suis j'ai repassé un petit coup de HijackThis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 08:48:06, on 18/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\windows\System32\smss.exe
    C:\windows\system32\winlogon.exe
    C:\windows\system32\services.exe
    C:\windows\system32\lsass.exe
    C:\windows\system32\svchost.exe
    C:\windows\System32\svchost.exe
    C:\Program Files\AlienGUIse\wbload.exe
    C:\windows\system32\spoolsv.exe
    C:\windows\Explorer.EXE
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\Eset\nod32krn.exe
    C:\windows\system32\nvsvc32.exe
    C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    C:\windows\system32\PnkBstrA.exe
    C:\Program Files\ULI5289\ULi5289.exe
    C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
    C:\windows\CTHELPER.EXE
    C:\windows\System32\svchost.exe
    C:\windows\system32\CTXFIHLP.EXE
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\windows\SYSTEM32\CTXFISPI.EXE
    C:\windows\system32\RUNDLL32.EXE
    C:\windows\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\windows\system32\wscntfy.exe
    C:\Documents and Settings\Fred\Bureau\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.diskeeper.com/updates/updates.aspx?RID=&APID...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
    O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O4 - HKLM\..\Run: [ULiRaid5289] C:\Program Files\ULI5289\ULi5289.exe
    O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
    O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
    O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab
    O18 - Protocol: bw+0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
    O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe (file missing)
    O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (file missing)

    --
    End of file - 21880 bytes

    Il me semble que c'est bel et bien fini les soucis avec ce trojan, non??
    18 Mai 2008 12:40:23

    Cette fois, ça a l'air bon oui?
    Nod32 marche correctement ?
    Et ZoneAlarm? <- apparemment non.
    18 Mai 2008 12:40:36

    Cette fois, ça a l'air bon oui?
    Nod32 marche correctement ?
    Et ZoneAlarm? <- apparemment non.
    18 Mai 2008 13:04:57

    Cette fois ça a l'air effectivement bon.

    Sybot me redemandait encore de faire des corrections, donc je ne me suis pas pris la tete, je l'ai completement desinstallé et réinstallé.

    Aprés un scan en effet virtumonde n'est plus detecté, donc il ne doit plus etre la.

    Concernant NOD32, je viens de faire un scan complet et aucun soucis.

    Pour Zone alarm, c'est un relicat de quand je l'avait installé. En effet à l'epoque je n'avait pas de modem/routeur et donc avait besoin d'un firewall.

    Maintenant j'ai un firewall avec mon routeur.

    Encore une fois un enorme merci pour ton aide.
    18 Mai 2008 13:19:44

    Re,

    Relance HijackThis (clique droit -> lancer en tant qu'adminstrateur sous Vista), do a system scan only, coche ces lignes (si toujours présentes) :
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.diskeeper.com/updates/u [...] atform=x86
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
    O18 - Protocol: bw+0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {34D1BCC9-1AB4-4051-8C67-3B7CCB457F5C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe (file missing)
    O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (file missing)

    Ferme toutes les applications en cours (particulièrement ton navigateur Internet).
    Puis Fix Checked !

    Relance HijackThis

  • Clique sur Open the Misc Tools Section.
  • Choisis Delete an NT Service .
  • Tape TUWinStylerThemeSvc et valide.

    Fais la même chose avec vsmon
    18 Mai 2008 13:24:47

    Ok

    C'est quoi TUWinStylerThemeSvc ???
    18 Mai 2008 13:29:38

    Un service.
    18 Mai 2008 13:40:02

    Je viens de faire ton nettoyage et aprés un reboot voici le nouveau rapport

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:37:43, on 18/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\windows\System32\smss.exe
    C:\windows\system32\winlogon.exe
    C:\windows\system32\services.exe
    C:\windows\system32\lsass.exe
    C:\windows\system32\svchost.exe
    C:\windows\System32\svchost.exe
    C:\Program Files\AlienGUIse\wbload.exe
    C:\windows\system32\spoolsv.exe
    C:\windows\Explorer.EXE
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\ULI5289\ULi5289.exe
    C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
    C:\windows\system32\nvsvc32.exe
    C:\windows\CTHELPER.EXE
    C:\windows\system32\CTXFIHLP.EXE
    C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\windows\SYSTEM32\CTXFISPI.EXE
    C:\windows\system32\RUNDLL32.EXE
    C:\Program Files\Eset\nod32kui.exe
    C:\windows\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\windows\system32\PnkBstrA.exe
    C:\windows\System32\svchost.exe
    C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
    C:\Documents and Settings\Fred\Bureau\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\rpbrowserrecordplugin.dll
    O2 - BHO: (no name) - {522E0112-EDD9-413D-A99E-C311A54B6676} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {984F2F13-D8B7-4A73-99AA-DA5BB0B443D7} - (no file)
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
    O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O4 - HKLM\..\Run: [ULiRaid5289] C:\Program Files\ULI5289\ULi5289.exe
    O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
    O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
    O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab
    O20 - Winlogon Notify: hgGaXOGa - C:\windows\
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
    O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe (file missing)
    O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (file missing)

    --
    End of file - 9669 bytes

    Malheureusement WinStylerThemeSvc et vsmon ne veulent pas disparaitre.
    18 Mai 2008 14:17:00

    Re,

    Sélectionne l’intégralité du cadre ci-dessous :
    @echo off & cls
    (echo Rapport commencé sur l'ordinateur de %username% le %date% @ %time% & echo. & echo.)>> service.log
    (echo ****** Désactivation des services ****** & echo.) >> service.log

    sc config TUWinStylerThemeSvc start= disabled
    if '%errorlevel%'=='0' echo Le service TUWinStylerThemeSvc a bien été désactivé. >> service.log
    if '%errorlevel%'=='1060' echo ! ERREUR ! Le service TUWinStylerThemeSvc n'a pas été désactivé ! >> service.log
    sc config vsmon start= disabled
    if '%errorlevel%'=='0' echo Le service vsmon a bien été désactivé. >> service.log
    if '%errorlevel%'=='1060' echo ! ERREUR ! Le service vsmon n'a pas été désactivé ! >> service.log
    (echo. & echo ****** Suppression des services ****** & echo.) >> service.log
    sc delete TUWinStylerThemeSvc
    if '%errorlevel%'=='0' echo Le service TUWinStylerThemeSvc a bien été supprimé. >> service.log
    if '%errorlevel%'=='1060' echo ! ERREUR ! Le service TUWinStylerThemeSvc n'a pas été supprimé ! >> service.log
    sc delete vsmon
    if '%errorlevel%'=='0' echo Le service vsmon a bien été supprimé. >> service.log
    if '%errorlevel%'=='1060' echo ! ERREUR ! Le service vsmon n'a pas été supprimé ! >> service.log
    (echo. & echo Rapport terminé à %time%) >> service.log
    service.log & del service.log
    exit

    Copie/colle le dans le Bloc-notes (Démarrer\Tous les programmes\Accessoires\Bloc-notes.)
    Enregistre le sous sur ton bureau sous le nom de Correction.bat
    Double-clique dessus. Poste le rapport généré (si présent).

    L'infection est revenue ..
    18 Mai 2008 15:19:24

    L'infection est revenue???

    Je ne vois rien d'anormal sur le comportement de la machine !!
    18 Mai 2008 15:44:32

    voici le rapport de ton fichier bat:

    Rapport commencé sur l'ordinateur de Fred le 18/05/2008 @ 15:43:55,12


    ****** Désactivation des services ******

    Le service TUWinStylerThemeSvc a bien été désactivé.
    Le service vsmon a bien été désactivé.

    ****** Suppression des services ******

    Le service TUWinStylerThemeSvc a bien été supprimé.
    Le service vsmon a bien été supprimé.

    Rapport terminé à 15:43:55,73
    18 Mai 2008 15:46:17

    et voici le rapport hijackthis fait juste aprés:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:45:12, on 18/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\windows\System32\smss.exe
    C:\windows\system32\winlogon.exe
    C:\windows\system32\services.exe
    C:\windows\system32\lsass.exe
    C:\windows\system32\svchost.exe
    C:\windows\System32\svchost.exe
    C:\Program Files\AlienGUIse\wbload.exe
    C:\windows\system32\spoolsv.exe
    C:\windows\Explorer.EXE
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\ULI5289\ULi5289.exe
    C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
    C:\windows\system32\nvsvc32.exe
    C:\windows\CTHELPER.EXE
    C:\windows\system32\CTXFIHLP.EXE
    C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\windows\SYSTEM32\CTXFISPI.EXE
    C:\windows\system32\RUNDLL32.EXE
    C:\Program Files\Eset\nod32kui.exe
    C:\windows\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\windows\system32\PnkBstrA.exe
    C:\windows\System32\svchost.exe
    C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
    C:\Program Files\WinHTTrack\WinHTTrack.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Fred\Bureau\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\rpbrowserrecordplugin.dll
    O2 - BHO: (no name) - {522E0112-EDD9-413D-A99E-C311A54B6676} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {984F2F13-D8B7-4A73-99AA-DA5BB0B443D7} - (no file)
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
    O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O4 - HKLM\..\Run: [ULiRaid5289] C:\Program Files\ULI5289\ULi5289.exe
    O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
    O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
    O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab
    O20 - Winlogon Notify: hgGaXOGa - C:\windows\
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
    O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe

    --
    End of file - 9472 bytes
    18 Mai 2008 16:47:44

    Re,

    On recommence ..

    Repasse ComboFix, poste son rapport.
    18 Mai 2008 17:44:03

    Voila le nouveau rapport de combofix (mode ss echec avec prise en charge reseau)

    ComboFix 08-05-15.3 - Fred 2008-05-18 17:31:29.8 - NTFSx86 NETWORK
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.785 [GMT 2:00]
    Endroit: C:\Documents and Settings\Fred\Bureau\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-04-18 to 2008-05-18 ))))))))))))))))))))))))))))))))))))
    .

    2008-05-18 11:01 . 2008-05-18 11:01 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-05-17 21:03 . 2008-05-17 21:03 <REP> d-------- C:\Documents and Settings\Fred\DoctorWeb
    2008-05-17 19:26 . 2008-05-17 19:26 <REP> d-------- C:\Documents and Settings\Fred\Application Data\Malwarebytes
    2008-05-17 19:26 . 2008-05-17 19:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-05-17 09:24 . 2008-05-17 11:30 <REP> d-------- C:\Program Files\Enigma Software Group
    2008-05-08 18:00 . 2008-05-08 18:00 <REP> d-------- C:\WINDOWS\Club PoM
    2008-05-08 18:00 . 2008-05-08 18:00 290,816 --------- C:\WINDOWS\Setup1.exe
    2008-05-08 17:59 . 2008-05-08 17:59 74,752 --a------ C:\WINDOWS\ST6UNST.EXE
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\templates
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Setup
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\rpplugins
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\producer
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\plugins
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Netscape6
    2008-05-05 19:09 . 2008-05-05 19:31 <REP> d-------- C:\Program Files\library
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Fichiers communs\Real
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Devices
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\DataCache
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\CDBurning
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\browserrecord
    2008-05-05 19:09 . 2008-05-05 19:09 719,360 --a------ C:\Program Files\dbghelp.dll
    2008-05-05 19:09 . 2008-05-05 19:09 692,224 --a------ C:\Program Files\dtdr3260.dll
    2008-05-05 19:09 . 2008-05-05 19:09 659,456 --a------ C:\Program Files\rjbres.dll
    2008-05-05 19:09 . 2008-05-05 19:09 339,968 --a------ C:\Program Files\rjdlg.dll
    2008-05-05 19:09 . 2008-05-05 19:09 308,856 --a------ C:\Program Files\rpbrowserrecordplugin.dll
    2008-05-05 19:09 . 2008-05-05 19:09 214,560 --a------ C:\Program Files\realplay.exe
    2008-05-05 19:09 . 2008-05-05 19:09 153,176 --a------ C:\Program Files\RecordingManager.exe
    2008-05-05 19:09 . 2008-05-05 19:09 139,264 --a------ C:\Program Files\DUNZIP32.dll
    2008-05-05 19:09 . 2008-05-05 19:09 102,400 --a------ C:\Program Files\HXAudioDeviceHook.dll
    2008-05-05 19:09 . 2008-05-05 19:09 98,304 --a------ C:\Program Files\rpshellextension.dll
    2008-05-05 19:09 . 2008-05-05 19:09 95,816 --a------ C:\Program Files\rdsf3260.dll
    2008-05-05 19:09 . 2008-05-05 19:09 86,016 --a------ C:\Program Files\rpplugprot.dll
    2008-05-05 19:09 . 2008-05-05 19:09 81,920 --a------ C:\Program Files\tsasdk.dll
    2008-05-05 19:09 . 2008-05-05 19:09 65,536 --a------ C:\Program Files\rjwmapln.dll
    2008-05-05 19:09 . 2008-05-05 19:09 63,040 --a------ C:\Program Files\rpshell.dll
    2008-05-05 19:09 . 2008-05-05 19:09 57,344 --a------ C:\Program Files\tpasdk.dll
    2008-05-05 19:09 . 2008-05-05 19:09 53,248 --a------ C:\Program Files\rpau3260.dll
    2008-05-05 19:09 . 2008-05-05 19:09 43,088 --a------ C:\Program Files\rpshellsearch.dll
    2008-05-05 19:09 . 2008-05-05 19:09 41,472 --a------ C:\Program Files\mmcdda32.dll
    2008-05-05 19:09 . 2008-05-05 19:09 36,352 --a------ C:\Program Files\ierjplug.dll
    2008-05-05 19:09 . 2008-05-05 19:09 32,768 --a------ C:\Program Files\rpwa3260.dll
    2008-05-05 19:09 . 2008-05-05 19:09 19,456 --a------ C:\Program Files\tnetdtct.dll
    2008-05-05 19:09 . 2008-05-05 19:09 19,456 --a------ C:\Program Files\rjprog.dll
    2008-05-05 19:09 . 2008-05-05 19:09 14,336 --a------ C:\Program Files\wmdmhelper.dll
    2008-05-05 19:09 . 2008-05-05 19:09 9,216 --a------ C:\Program Files\rphelperapp.exe
    2008-05-05 19:09 . 2008-05-05 19:09 7,168 --a------ C:\Program Files\realjbox.exe
    2008-05-05 19:09 . 2008-05-05 19:09 6,656 --a------ C:\Program Files\fixrjb.exe
    2008-05-05 19:09 . 2008-05-05 19:09 1,001 --a------ C:\Program Files\autoplaylist.dat
    2008-05-05 19:09 . 2008-05-05 19:09 685 --a------ C:\Program Files\RecordingManager.exe.manifest
    2008-05-05 19:09 . 2008-05-05 19:09 682 --a------ C:\Program Files\realplay.exe.manifest
    2008-05-05 19:09 . 2008-05-05 19:09 480 --a------ C:\Program Files\keys.dat
    2008-05-05 19:09 . 2008-05-05 19:09 221 --a------ C:\Program Files\subscription.rnx
    2008-05-05 19:09 . 2008-05-05 19:09 71 --a------ C:\Program Files\strs23.dat
    2008-05-05 19:09 . 2008-05-05 19:09 15 --a------ C:\Program Files\strs26.dat
    2008-04-20 13:44 . 2008-04-20 13:44 <REP> d-------- C:\Documents and Settings\Fred\Application Data\Unigraphics Solutions
    2008-04-20 13:30 . 2008-04-20 13:35 <REP> d-------- C:\Program Files\Solid Edge V12
    2008-04-19 14:40 . 2008-05-01 15:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TrackMania

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-18 09:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-05-18 07:58 --------- d-----w C:\Documents and Settings\Fred\Application Data\XnView
    2008-05-15 20:17 --------- d-----w C:\Program Files\FlashFXP
    2008-05-14 19:31 --------- d-----w C:\Program Files\FlashGet
    2008-05-04 18:17 --------- d-----w C:\Program Files\Mozilla Thunderbird
    2008-05-01 13:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-28 17:33 --------- d-----w C:\Documents and Settings\Fred\Application Data\Vso
    2008-04-20 10:20 --------- d-----w C:\Program Files\Google SketchUp 6
    2008-03-29 19:27 --------- d-----w C:\Program Files\Microsoft ActiveSync
    2008-03-25 04:51 621,344 ----a-w C:\windows\system32\mswstr10.dll
    2008-03-25 04:51 194,144 ----a-w C:\windows\system32\msjint40.dll
    2008-03-24 12:46 --------- d-----w C:\Program Files\MP3toringtone
    2008-03-20 08:09 1,845,376 ----a-w C:\windows\system32\win32k.sys
    2008-03-01 12:58 826,368 ----a-w C:\windows\system32\wininet.dll
    2008-02-20 06:51 282,624 ----a-w C:\windows\system32\gdi32.dll
    2008-02-20 05:35 45,568 ----a-w C:\windows\system32\dnsrslvr.dll
    2007-09-09 09:03 47,360 ----a-w C:\Documents and Settings\Fred\Application Data\pcouffin.sys
    2007-04-16 15:53 192 --sh--r C:\windows\inf\sdatabl.sav.bin
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{522E0112-EDD9-413D-A99E-C311A54B6676}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{984F2F13-D8B7-4A73-99AA-DA5BB0B443D7}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-12-13 18:49 1185120]

    [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
    [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-12-13 18:49 1185120]

    [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
    [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-19 16:09 15360]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 15:07 1289000]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ULiRaid5289"="C:\Program Files\ULI5289\ULi5289.exe" [2005-06-07 15:16 409600]
    "RCSystem"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25 49152]
    "AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25 49152]
    "VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 11:34 122880]
    "CTHelper"="CTHELPER.EXE" [2006-08-17 11:32 17920 C:\WINDOWS\CTHELPER.EXE]
    "CTxfiHlp"="CTXFIHLP.EXE" [2006-08-17 11:32 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
    "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
    "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 10:33 892928]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]
    "NvCplDaemon"="C:\windows\system32\NvCpl.dll" [2007-06-29 00:43 8466432]
    "nwiz"="nwiz.exe" [2007-06-29 00:43 1626112 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\windows\system32\NvMcTray.dll" [2007-06-29 00:43 81920]
    "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2006-09-12 17:35 921600]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-05-06 08:29:21 688128]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgGaXOGa]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
    C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 22:34 24576 C:\Program Files\AlienGUIse\fastload.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=wbsys.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.ACDV"= ACDV.dll
    "vidc.yv12"= yv12vfw.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage d'Office.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage d'Office.lnk
    backup=C:\windows\pss\Démarrage d'Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Recherche accélérée.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Recherche accélérée.lnk
    backup=C:\windows\pss\Microsoft Recherche accélérée.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    C:\Program Files\MSN Messenger\msnmsgr.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "EVEREST AutoStart"=C:\Program Files\Everest Ultimate Edition v.3.0\everest.exe
    "ctfmon.exe"=C:\windows\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Device Detector"=DevDetect.exe -autorun
    "CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
    "ISUSPM Startup"=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "C:\\Program Files\\FlashGet\\FlashGet.exe"=
    "C:\\Program Files\\FileZilla\\FileZilla.exe"=
    "C:\\Jeux\\Unreal Tournament 3\\Binaries\\UT3.exe"=
    "C:\\Jeux\\Hellgate London\\Launcher.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Jeux\\Battlefield 2142\\BF2142.exe"=
    "C:\\ijji\\ENGLISH\\u_skid.exe"=
    "C:\\Jeux\\DriftCity\\DriftCity.exe"=
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "C:\\Program Files\\Sprite Software\\Sprite Backup\\spriteservice.exe"=
    "C:\\Jeux\\TmUnitedForever\\TmForever.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "8352:TCP"= 8352:TCP:BitComet 8352 TCP
    "8352:UDP"= 8352:UDP:BitComet 8352 UDP
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R0 m5289;m5289;C:\windows\system32\drivers\m5289.sys [2005-07-04 14:21]
    R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\windows\system32\drivers\sfsync03.sys [2005-12-06 17:11]
    R0 uliagpkx;ULi AGP Bus Filter Driver;C:\windows\system32\DRIVERS\agpkx.sys [2005-05-03 17:31]
    R3 LCcfltr;Logitech USB Filter Driver;C:\windows\system32\drivers\lccfltr.sys [2004-03-03 10:50]
    R3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\windows\system32\DRIVERS\ULILAN51.SYS [2005-03-22 20:36]
    S1 oreans32;oreans32;C:\windows\system32\drivers\oreans32.sys [2007-07-21 08:50]
    S2 UxTuneUp;Extension de conception TuneUp;C:\windows\System32\svchost.exe [2004-08-19 16:10]
    S3 ha20x2k;Creative 20X HAL Driver;C:\windows\system32\drivers\ha20x2k.sys [2006-08-17 11:16]
    S3 hamachi_oem;PlayLinc Adapter;C:\windows\system32\DRIVERS\gan_adapter.sys [2006-10-19 13:11]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-04-11 15:16:03 C:\windows\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-18 17:34:12
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-05-18 17:36:51
    ComboFix-quarantined-files.txt 2008-05-18 15:36:49
    ComboFix2.txt 2008-05-18 05:54:34
    ComboFix3.txt 2008-05-17 16:46:17
    ComboFix4.txt 2008-05-17 13:29:01
    ComboFix5.txt 2008-05-17 12:32:33

    Pre-Run: 37,097,115,648 octets libres
    Post-Run: 37,087,371,264 octets libres

    216 --- E O F --- 2008-05-17 13:59:10
    18 Mai 2008 18:00:21

    Re,

    Sélectionne l'intégralité du cadre ci-dessous :

    DirLook::
    C:\WINDOWS\Club PoM

    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Device Detector"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgGaXOGa]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{522E0112-EDD9-413D-A99E-C311A54B6676}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{984F2F13-D8B7-4A73-99AA-DA5BB0B443D7}]


    Cela va relancer Combofix. Après redémarrage, poste le contenu du rapport ComboFix.txt.
    S'il n'y a pas de rédémarrage, poste quand même le rapport.

  • Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
  • Enregistre le sous sur ton bureau sous le nom de CFScript.txt
  • Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :

  • Cela va relancer Combofix. Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.
    18 Mai 2008 18:19:01

    Voila le nouveau rapport:

    ComboFix 08-05-15.3 - Fred 2008-05-18 18:06:11.9 - NTFSx86 NETWORK
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.784 [GMT 2:00]
    Endroit: C:\Documents and Settings\Fred\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Fred\Bureau\CFScript.txt

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-04-18 to 2008-05-18 ))))))))))))))))))))))))))))))))))))
    .

    2008-05-18 11:01 . 2008-05-18 11:01 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-05-17 21:03 . 2008-05-17 21:03 <REP> d-------- C:\Documents and Settings\Fred\DoctorWeb
    2008-05-17 19:26 . 2008-05-17 19:26 <REP> d-------- C:\Documents and Settings\Fred\Application Data\Malwarebytes
    2008-05-17 19:26 . 2008-05-17 19:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-05-17 09:24 . 2008-05-17 11:30 <REP> d-------- C:\Program Files\Enigma Software Group
    2008-05-08 18:00 . 2008-05-08 18:00 <REP> d-------- C:\WINDOWS\Club PoM
    2008-05-08 18:00 . 2008-05-08 18:00 290,816 --------- C:\WINDOWS\Setup1.exe
    2008-05-08 17:59 . 2008-05-08 17:59 74,752 --a------ C:\WINDOWS\ST6UNST.EXE
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\templates
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Setup
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\rpplugins
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\producer
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\plugins
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Netscape6
    2008-05-05 19:09 . 2008-05-05 19:31 <REP> d-------- C:\Program Files\library
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Fichiers communs\Real
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\Devices
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\DataCache
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\CDBurning
    2008-05-05 19:09 . 2008-05-05 19:09 <REP> d-------- C:\Program Files\browserrecord
    2008-05-05 19:09 . 2008-05-05 19:09 719,360 --a------ C:\Program Files\dbghelp.dll
    2008-05-05 19:09 . 2008-05-05 19:09 692,224 --a------ C:\Program Files\dtdr3260.dll
    2008-05-05 19:09 . 2008-05-05 19:09 659,456 --a------ C:\Program Files\rjbres.dll
    2008-05-05 19:09 . 2008-05-05 19:09 339,968 --a------ C:\Program Files\rjdlg.dll
    2008-05-05 19:09 . 2008-05-05 19:09 308,856 --a------ C:\Program Files\rpbrowserrecordplugin.dll
    2008-05-05 19:09 . 2008-05-05 19:09 214,560 --a------ C:\Program Files\realplay.exe
    2008-05-05 19:09 . 2008-05-05 19:09 153,176 --a------ C:\Program Files\RecordingManager.exe
    2008-05-05 19:09 . 2008-05-05 19:09 139,264 --a------ C:\Program Files\DUNZIP32.dll
    2008-05-05 19:09 . 2008-05-05 19:09 102,400 --a------ C:\Program Files\HXAudioDeviceHook.dll
    2008-05-05 19:09 . 2008-05-05 19:09 98,304 --a------ C:\Program Files\rpshellextension.dll
    2008-05-05 19:09 . 2008-05-05 19:09 95,816 --a------ C:\Program Files\rdsf3260.dll
    2008-05-05 19:09 . 2008-05-05 19:09 86,016 --a------ C:\Program Files\rpplugprot.dll
    2008-05-05 19:09 . 2008-05-05 19:09 81,920 --a------ C:\Program Files\tsasdk.dll
    2008-05-05 19:09 . 2008-05-05 19:09 65,536 --a------ C:\Program Files\rjwmapln.dll
    2008-05-05 19:09 . 2008-05-05 19:09 63,040 --a------ C:\Program Files\rpshell.dll
    2008-05-05 19:09 . 2008-05-05 19:09 57,344 --a------ C:\Program Files\tpasdk.dll
    2008-05-05 19:09 . 2008-05-05 19:09 53,248 --a------ C:\Program Files\rpau3260.dll
    2008-05-05 19:09 . 2008-05-05 19:09 43,088 --a------ C:\Program Files\rpshellsearch.dll
    2008-05-05 19:09 . 2008-05-05 19:09 41,472 --a------ C:\Program Files\mmcdda32.dll
    2008-05-05 19:09 . 2008-05-05 19:09 36,352 --a------ C:\Program Files\ierjplug.dll
    2008-05-05 19:09 . 2008-05-05 19:09 32,768 --a------ C:\Program Files\rpwa3260.dll
    2008-05-05 19:09 . 2008-05-05 19:09 19,456 --a------ C:\Program Files\tnetdtct.dll
    2008-05-05 19:09 . 2008-05-05 19:09 19,456 --a------ C:\Program Files\rjprog.dll
    2008-05-05 19:09 . 2008-05-05 19:09 14,336 --a------ C:\Program Files\wmdmhelper.dll
    2008-05-05 19:09 . 2008-05-05 19:09 9,216 --a------ C:\Program Files\rphelperapp.exe
    2008-05-05 19:09 . 2008-05-05 19:09 7,168 --a------ C:\Program Files\realjbox.exe
    2008-05-05 19:09 . 2008-05-05 19:09 6,656 --a------ C:\Program Files\fixrjb.exe
    2008-05-05 19:09 . 2008-05-05 19:09 1,001 --a------ C:\Program Files\autoplaylist.dat
    2008-05-05 19:09 . 2008-05-05 19:09 685 --a------ C:\Program Files\RecordingManager.exe.manifest
    2008-05-05 19:09 . 2008-05-05 19:09 682 --a------ C:\Program Files\realplay.exe.manifest
    2008-05-05 19:09 . 2008-05-05 19:09 480 --a------ C:\Program Files\keys.dat
    2008-05-05 19:09 . 2008-05-05 19:09 221 --a------ C:\Program Files\subscription.rnx
    2008-05-05 19:09 . 2008-05-05 19:09 71 --a------ C:\Program Files\strs23.dat
    2008-05-05 19:09 . 2008-05-05 19:09 15 --a------ C:\Program Files\strs26.dat
    2008-04-20 13:44 . 2008-04-20 13:44 <REP> d-------- C:\Documents and Settings\Fred\Application Data\Unigraphics Solutions
    2008-04-20 13:30 . 2008-04-20 13:35 <REP> d-------- C:\Program Files\Solid Edge V12
    2008-04-19 14:40 . 2008-05-01 15:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TrackMania

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-18 09:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-05-18 07:58 --------- d-----w C:\Documents and Settings\Fred\Application Data\XnView
    2008-05-15 20:17 --------- d-----w C:\Program Files\FlashFXP
    2008-05-14 19:31 --------- d-----w C:\Program Files\FlashGet
    2008-05-04 18:17 --------- d-----w C:\Program Files\Mozilla Thunderbird
    2008-05-01 13:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-28 17:33 --------- d-----w C:\Documents and Settings\Fred\Application Data\Vso
    2008-04-20 10:20 --------- d-----w C:\Program Files\Google SketchUp 6
    2008-03-29 19:27 --------- d-----w C:\Program Files\Microsoft ActiveSync
    2008-03-25 04:51 621,344 ----a-w C:\windows\system32\mswstr10.dll
    2008-03-25 04:51 194,144 ----a-w C:\windows\system32\msjint40.dll
    2008-03-24 12:46 --------- d-----w C:\Program Files\MP3toringtone
    2008-03-20 08:09 1,845,376 ----a-w C:\windows\system32\win32k.sys
    2008-03-01 12:58 826,368 ----a-w C:\windows\system32\wininet.dll
    2008-02-20 06:51 282,624 ----a-w C:\windows\system32\gdi32.dll
    2008-02-20 05:35 45,568 ----a-w C:\windows\system32\dnsrslvr.dll
    2007-09-09 09:03 47,360 ----a-w C:\Documents and Settings\Fred\Application Data\pcouffin.sys
    2007-04-16 15:53 192 --sh--r C:\windows\inf\sdatabl.sav.bin
    .

    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    ---- Directory of C:\WINDOWS\Club PoM ----

    2008-05-08 18:01 652 --a------ C:\WINDOWS\Club PoM\LIRE\Préférences\Utilisateurs\Xx.UTL
    2008-05-08 18:01 300 --a------ C:\WINDOWS\Club PoM\LIRE\Préférences\Préférences.PRF
    1999-04-15 17:43 26817 --a------ C:\WINDOWS\Club PoM\LIRE\Préférences\Exercices\EX004.KR2
    1999-04-15 17:42 39587 --a------ C:\WINDOWS\Club PoM\LIRE\Préférences\Exercices\EX003.KR2
    1999-04-15 17:42 39587 --a------ C:\WINDOWS\Club PoM\LIRE\Préférences\Exercices\EX002.KR2
    1999-04-15 17:42 39587 --a------ C:\WINDOWS\Club PoM\LIRE\Préférences\Exercices\EX001.KR2
    1999-04-15 17:42 37033 --a------ C:\WINDOWS\Club PoM\LIRE\Préférences\Exercices\EX005.KR2
    1999-04-15 17:42 20432 --a------ C:\WINDOWS\Club PoM\LIRE\Préférences\Exercices\EX006.KR2


    ((((((((((((((((((((((((((((( snapshot@2008-05-18_17.36.44,85 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-05-18 15:30:21 2,048 --s-a-w C:\windows\bootstat.dat
    + 2008-05-18 16:04:48 2,048 --s-a-w C:\windows\bootstat.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-12-13 18:49 1185120]

    [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
    [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-12-13 18:49 1185120]

    [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
    [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-19 16:09 15360]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 15:07 1289000]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ULiRaid5289"="C:\Program Files\ULI5289\ULi5289.exe" [2005-06-07 15:16 409600]
    "RCSystem"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25 49152]
    "AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25 49152]
    "VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 11:34 122880]
    "CTHelper"="CTHELPER.EXE" [2006-08-17 11:32 17920 C:\WINDOWS\CTHELPER.EXE]
    "CTxfiHlp"="CTXFIHLP.EXE" [2006-08-17 11:32 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
    "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
    "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 10:33 892928]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]
    "NvCplDaemon"="C:\windows\system32\NvCpl.dll" [2007-06-29 00:43 8466432]
    "nwiz"="nwiz.exe" [2007-06-29 00:43 1626112 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\windows\system32\NvMcTray.dll" [2007-06-29 00:43 81920]
    "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2006-09-12 17:35 921600]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-05-06 08:29:21 688128]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
    C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 22:34 24576 C:\Program Files\AlienGUIse\fastload.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=wbsys.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.ACDV"= ACDV.dll
    "vidc.yv12"= yv12vfw.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage d'Office.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage d'Office.lnk
    backup=C:\windows\pss\Démarrage d'Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Recherche accélérée.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Recherche accélérée.lnk
    backup=C:\windows\pss\Microsoft Recherche accélérée.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    C:\Program Files\MSN Messenger\msnmsgr.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "EVEREST AutoStart"=C:\Program Files\Everest Ultimate Edition v.3.0\everest.exe
    "ctfmon.exe"=C:\windows\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
    "ISUSPM Startup"=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "C:\\Program Files\\FlashGet\\FlashGet.exe"=
    "C:\\Program Files\\FileZilla\\FileZilla.exe"=
    "C:\\Jeux\\Unreal Tournament 3\\Binaries\\UT3.exe"=
    "C:\\Jeux\\Hellgate London\\Launcher.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Jeux\\Battlefield 2142\\BF2142.exe"=
    "C:\\ijji\\ENGLISH\\u_skid.exe"=
    "C:\\Jeux\\DriftCity\\DriftCity.exe"=
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "C:\\Program Files\\Sprite Software\\Sprite Backup\\spriteservice.exe"=
    "C:\\Jeux\\TmUnitedForever\\TmForever.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "8352:TCP"= 8352:TCP:BitComet 8352 TCP
    "8352:UDP"= 8352:UDP:BitComet 8352 UDP
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R0 m5289;m5289;C:\windows\system32\drivers\m5289.sys [2005-07-04 14:21]
    R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\windows\system32\drivers\sfsync03.sys [2005-12-06 17:11]
    R0 uliagpkx;ULi AGP Bus Filter Driver;C:\windows\system32\DRIVERS\agpkx.sys [2005-05-03 17:31]
    R3 LCcfltr;Logitech USB Filter Driver;C:\windows\system32\drivers\lccfltr.sys [2004-03-03 10:50]
    R3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\windows\system32\DRIVERS\ULILAN51.SYS [2005-03-22 20:36]
    S1 oreans32;oreans32;C:\windows\system32\drivers\oreans32.sys [2007-07-21 08:50]
    S2 UxTuneUp;Extension de conception TuneUp;C:\windows\System32\svchost.exe [2004-08-19 16:10]
    S3 ha20x2k;Creative 20X HAL Driver;C:\windows\system32\drivers\ha20x2k.sys [2006-08-17 11:16]
    S3 hamachi_oem;PlayLinc Adapter;C:\windows\system32\DRIVERS\gan_adapter.sys [2006-10-19 13:11]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-04-11 15:16:03 C:\windows\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-18 18:08:34
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-05-18 18:11:06
    ComboFix-quarantined-files.txt 2008-05-18 16:11:04
    ComboFix2.txt 2008-05-18 15:36:51
    ComboFix3.txt 2008-05-18 05:54:34
    ComboFix4.txt 2008-05-17 16:46:17
    ComboFix5.txt 2008-05-17 13:29:01

    Pre-Run: 37,067,100,160 octets libres
    Post-Run: 37,057,712,128 octets libres

    229 --- E O F --- 2008-05-17 13:59:10
    18 Mai 2008 18:38:37

    ça semble Ok,

    reposte un Hijack'
    18 Mai 2008 19:26:31

    Voila le Hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:25:25, on 18/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\windows\System32\smss.exe
    C:\windows\system32\winlogon.exe
    C:\windows\system32\services.exe
    C:\windows\system32\lsass.exe
    C:\windows\system32\svchost.exe
    C:\windows\System32\svchost.exe
    C:\Program Files\AlienGUIse\wbload.exe
    C:\windows\system32\spoolsv.exe
    C:\windows\Explorer.EXE
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\Eset\nod32krn.exe
    C:\windows\system32\nvsvc32.exe
    C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    C:\Program Files\ULI5289\ULi5289.exe
    C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
    C:\windows\CTHELPER.EXE
    C:\windows\system32\CTXFIHLP.EXE
    C:\Program Files\Eset\nod32kui.exe
    C:\windows\SYSTEM32\CTXFISPI.EXE
    C:\windows\system32\ctfmon.exe
    C:\windows\system32\PnkBstrA.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\windows\System32\svchost.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
    C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Documents and Settings\Fred\Bureau\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
    O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O4 - HKLM\..\Run: [ULiRaid5289] C:\Program Files\ULI5289\ULi5289.exe
    O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
    O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
    O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
    O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe

    --
    End of file - 9175 bytes
    18 Mai 2008 20:16:32

    Re,

    Télécharge Clean (de Malekal) sur ton Bureau.

  • Dézippe le sur ton bureau. Double-clic sur le dossier Clean qui vient d'apparaître.
  • Double-clic sur Clean.cmd. (L’extension cmd peut ne pas apparaître) Cela va ouvrir une fenêtre noire.
  • Un menu va apparaître, choisis l'option 1 puis entrée. Ensuite appuies sur une touche comme il te sera demandé.
  • Poste le rapport qui se trouve ici : C:\rapport_clean.txt

    Si tu obtiens un fichier C:\upload_moi.zip, merci de faire ceci.

    Aide : Comment utiliser Clean.
    18 Mai 2008 21:42:53

    Voila je suis en train d'envoyer le fichier C:\upload_moi_MINUS.tar.gz de 17 mo sur le site que tu m'a indiqué.

    Voila le rapport clean:

    18/05/2008 a 21:31:48,10

    *** Recherche des fichiers dans C:

    *** Recherche des fichiers dans C:\windows\

    *** Recherche des fichiers dans C:\windows\system32
    C:\windows\system32\SpoonUninstall.exe FOUND

    *** Recherche des fichiers dans C:\Program Files
    18 Mai 2008 21:46:52

    Re,

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.

  • Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées :
    Redémarre en mode sans échec
    /!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.

    REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    [#FF0000]Aide
    : Comment utiliser MBAM.

    **********

    Toujours en mode sans échec :

  • Relance Clean
  • Fais l’option 2 cette fois-ci et poste le rapport.
  • Le rapport se trouve ici : C:\rapport_clean.txt

    Aide : Comment utiliser Clean.
    19 Mai 2008 09:50:42

    Ok merci

    Je fais cela des ce soir et te donne les resultats
    19 Mai 2008 19:04:31

    Voila donc les deux rapport que tu m'a demandé:

    Malwarebytes's:

    Malwarebytes' Anti-Malware 1.12
    Version de la base de données: 762

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 192819
    Temps écoulé: 58 minute(s), 23 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 3
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Clean:

    Script execute en mode sans echec
    Rapport clean par Malekal_morte - http://www.malekal.com
    Script execute en mode sans echec 19/05/2008 a 18:57:11,21

    Microsoft Windows XP [version 5.1.2600]

    *** Suppression des fichiers dans C:

    *** Suppression des fichiers dans C:\windows\

    *** Suppression des fichiers dans C:\windows\system32
    tentative de suppression de C:\windows\system32\SpoonUninstall.exe

    *** Suppression des fichiers dans C:\Program Files

    *** Suppression des clefs du registre effectuee..
    *** Fin du rapport !
    19 Mai 2008 21:16:03

    bonsoir

    XmichouX est absent pour quelques jours, on reprends ses sujets

    ~Fais une analyse antivirus en ligne sur le site de Kaspersky
    http://webscanner.kaspersky.fr/

    ~ Clique sur Online Scanner.
    ~Accepte l'installation du contrôle ActiveX en cliquant sur le bouton Install.

    ~Sélectionne le poste de travail comme analyse.

    ~Enregistre le rapport en cliquant sur le bouton "Enregistrer rapport sous". Nomme-le, tu feras un copier/coller dans ta prochaine réponse.

    Tuto du scan en ligne
    19 Mai 2008 21:56:40

    Merci.

    Je lance le scan et envoi le rapport des qu'il est disponible.
    19 Mai 2008 22:58:48

    pas de souci :) 
    20 Mai 2008 07:57:45

    Le scan a tourné toute la nuit, il a trouvé des trucs, mais impossible d'accéder a l'enregistrement du rapport !!!!!!
    20 Mai 2008 09:59:08

    Question:

    Ne veut il pas mieux que j'installe une version d'evaluation de Kapersky (je desactive temporairement Nod32) et que je lance un scan et un nettoyage???
    20 Mai 2008 17:10:32

    bonjour
    comme tu veux, je veux surtout voir un rapport de scan :) 
    20 Mai 2008 18:40:43

    Ouf j'ai lancé le scan on line a midi et j'ai pu avoir le rapport:

    -------------------------------------------------------------------------------
    KASPERSKY ON-LINE SCANNER REPORT
    Tuesday, May 20, 2008 6:26:44 PM
    Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky On-line Scanner version : 5.0.83.0
    Dernière mise à jour de la base antivirus Kaspersky : 20/05/2008
    Enregistrements dans la base antivirus Kaspersky : 702681
    -------------------------------------------------------------------------------

    Paramètres d'analyse:
    Analyser avec la base antivirus suivante: standard
    Analyser les archives: vrai
    Analyser les bases de messagerie: vrai

    Cible de l'analyse - Poste de travail:
    A:\
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\
    I:\

    Statistiques de l'analyse:
    Total d'objets analysés: 391700
    Nombre de virus trouvés: 5
    Nombre d'objets infectés: 26 / 0
    Nombre d'objets suspects: 0
    Durée de l'analyse: 05:26:15

    Nom de l'objet infecté / Nom du virus / Dernière action
    C:\Documents and Settings\All Users\Application Data\Creative\CADI\Preset\PCI_BUS1102-5-211102-DC00.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\da73b6f24562fbf94438ac5748f1ff59_268f2781-b19d-405b-a42e-332a5fb82615 L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f4df0c777cfadc01c593d8ae76a75681_268f2781-b19d-405b-a42e-332a5fb82615 L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Fred\Application Data\$_hpcst$.hpc L'objet est verrouillé ignoré
    C:\Documents and Settings\Fred\Application Data\Microsoft\Internet Explorer\UserData\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Fred\Cookies\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Fred\DoctorWeb\Quarantine\F1ONNKBA.NQF Infecté : Trojan.Win32.Obfuscated.en ignoré
    C:\Documents and Settings\Fred\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Fred\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Fred\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\Fred\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Fred\Local Settings\Historique\History.IE5\MSHist012008052020080521\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Fred\Local Settings\Temp\WCESLog.log L'objet est verrouillé ignoré
    C:\Documents and Settings\Fred\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Fred\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Fred\ntuser.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Fred\ntuser.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
    C:\itouch_crash_info.txt L'objet est verrouillé ignoré
    C:\Program Files\Creative\ShareDLL\CADI\CTPLang.dat L'objet est verrouillé ignoré
    C:\Program Files\ESET\cache\CACHE.NDB L'objet est verrouillé ignoré
    C:\Program Files\ESET\infected\TYRLOMDA.NQF/addon.exe/data0008 Infecté : Trojan-Downloader.Win32.Agent.jsc ignoré
    C:\Program Files\ESET\infected\TYRLOMDA.NQF/addon.exe/data0012 Infecté : Trojan-Downloader.Win32.PurityScan.fy ignoré
    C:\Program Files\ESET\infected\TYRLOMDA.NQF/addon.exe Infecté : Trojan-Downloader.Win32.PurityScan.fy ignoré
    C:\Program Files\ESET\infected\TYRLOMDA.NQF RAR: infecté - 3 ignoré
    C:\Program Files\ESET\infected\TYRLOMDA.NQF PE-Crypt.XorPE: infecté - 3 ignoré
    C:\Program Files\ESET\logs\virlog.dat L'objet est verrouillé ignoré
    C:\Program Files\ESET\logs\warnlog.dat L'objet est verrouillé ignoré
    C:\Program Files\Microsoft Office\Modèles\Normal.dot L'objet est verrouillé ignoré
    C:\QooBox\Quarantine\C\WINDOWS\system32\ehmclstl.dll.vir Infecté : Trojan.Win32.Monder.gen ignoré
    C:\QooBox\Quarantine\C\WINDOWS\system32\feubjauh.dll.vir Infecté : Trojan.Win32.Monder.gen ignoré
    C:\QooBox\Quarantine\C\WINDOWS\system32\iwlwmrns.dll.vir Infecté : Trojan.Win32.Monder.gen ignoré
    C:\QooBox\Quarantine\C\WINDOWS\system32\olxnshug.dll.vir Infecté : Trojan.Win32.Monder.gen ignoré
    C:\QooBox\Quarantine\C\WINDOWS\system32\qlebnpgw.dll.vir Infecté : Trojan.Win32.Monder.gen ignoré
    C:\QooBox\Quarantine\C\WINDOWS\system32\uutpbtba.dll.vir Infecté : Trojan.Win32.Monder.gen ignoré
    C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
    C:\System Volume Information\_restore{7CF306FA-A981-48CE-A5A9-4A67574EB29F}\RP663\A0128291.dll Infecté : Trojan.Win32.Monder.gen ignoré
    C:\System Volume Information\_restore{7CF306FA-A981-48CE-A5A9-4A67574EB29F}\RP664\A0128449.dll Infecté : Trojan.Win32.Monder.gen ignoré
    C:\System Volume Information\_restore{7CF306FA-A981-48CE-A5A9-4A67574EB29F}\RP666\change.log L'objet est verrouillé ignoré
    C:\upload_moi_MINUS.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/ehmclstl.dll.vir Infecté : Trojan.Win32.Monder.gen ignoré
    C:\upload_moi_MINUS.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/feubjauh.dll.vir Infecté : Trojan.Win32.Monder.gen ignoré
    C:\upload_moi_MINUS.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/iwlwmrns.dll.vir Infecté : Trojan.Win32.Monder.gen ignoré
    C:\upload_moi_MINUS.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/olxnshug.dll.vir Infecté : Trojan.Win32.Monder.gen ignoré
    C:\upload_moi_MINUS.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/qlebnpgw.dll.vir Infecté : Trojan.Win32.Monder.gen ignoré
    C:\upload_moi_MINUS.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/uutpbtba.dll.vir Infecté : Trojan.Win32.Monder.gen ignoré
    C:\upload_moi_MINUS.tar.gz/upload_moi.tar Infecté : Trojan.Win32.Monder.gen ignoré
    C:\upload_moi_MINUS.tar.gz GZIP: infecté - 7 ignoré
    C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
    C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\drivers\sptd.sys L'objet est verrouillé ignoré
    C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
    C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
    C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
    F:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
    G:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
    H:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré

    Analyse terminée.
    20 Mai 2008 18:54:36

    re

    c'est ok

    d'autres soucis?
    20 Mai 2008 19:03:02

    Non c'est bon

    Je supprime le repertoire C:\QooBox\ ou d'autres fichiers pour nettoyer tout cela???

        • 1 / 2
        • 2
        • Dernier
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS