Se connecter / S'enregistrer
Votre question

[Résolu] PC infecté par : Packed.Win32.Monder.gen

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
22 Avril 2008 17:52:15

Bonjour tout le monde

Voilà j'ai un problème avec mon pc, il est infecter. Je l'ai supprimer plusieurs fois, et quand je refait une analyse du pc, ce truc est toujours présent :cry: 

Après un redémarrage j'ai toujours un message qui apparait:




J'ai essayé pas mal de trucs, mais c'est toujours infecter :cry:  .
J'ai fait des recherche mais je pense que demander directement serait mieux

Je vous remercie d'avance pour votre aide
A++ :hello: 

Autres pages sur : resolu infecte packed win32 monder gen

22 Avril 2008 18:05:12

Vous êtes très rapide!!
Voici le rapport Hijackthis:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:02:21, on 22/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\AntivirusFirewall\Common\FSM32.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe
C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AntivirusFirewall\Common\FCH32.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\PROGRA~1\ANTIVI~1\ANTI-S~1\fsaw.exe
C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\mspaint.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.carrefour.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.carrefour.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Base frag grid bows] C:\Documents and Settings\All Users\Application Data\Cast ping base frag\Ball aim.exe
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [3073c4d6] rundll32.exe "C:\WINDOWS\system32\hruccgma.dll",b
O4 - HKLM\..\Run: [BM3340f74a] Rundll32.exe "C:\WINDOWS\system32\iskwilnv.dll",s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Flag 1] C:\DOCUME~1\SELUK~1\APPLIC~1\ROADAB~1\dart grey.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Startup Defender.lnk = C:\Program Files\Zards software\Startup Defender\Startup Defender.exe
O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.carrefour.fr/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 12427 bytes
Contenus similaires
a b 8 Sécurité
22 Avril 2008 18:09:14

Re,

Télécharge Lop S&D.exe sur ton Bureau.
  • Double-clique dessus pour lancer l'installation
  • Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
  • Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
  • Patiente jusqu'à la fin du scan
  • Poste le rapport généré (C:\lopR.txt)

    (Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)
    22 Avril 2008 18:20:09

    Voici le rapport, comme tu la demandé
    ps:Le bureau n'apparait toujours pas après la manip'
    Merci de ton aide Angeldark

    -----------------------[ Lop S&D 4.1.1-6 XP/Vista ]---------------------

    [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
    [ USER : Sel‡uk ] [ "C:\Lop SD" ]
    [ 22/04/2008 | 18:12:05,53 ] [ PC : OEM-2B7087C8C3D ]
    [ MAJ : 21-04-2008 | 19:45 ]

    -------------[ Listing des dossiers dans Application Data ]------------

    [02/05/2006|13:56] C:\DOCUME~1\ADMINI~1\APPLIC~1\.
    [02/05/2006|13:56] C:\DOCUME~1\ADMINI~1\APPLIC~1\..
    [02/05/2006|12:08] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
    [11/04/2008|19:50] C:\DOCUME~1\ADMINI~1\APPLIC~1\AOL
    [21/04/2008|14:58] C:\DOCUME~1\ADMINI~1\APPLIC~1\ATI
    [02/05/2006|13:56] C:\DOCUME~1\ADMINI~1\APPLIC~1\CyberLink
    [28/04/2006|11:18] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini
    [28/04/2006|09:38] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
    [02/05/2006|13:10] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
    [02/05/2006|12:08] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
    [02/05/2006|12:10] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun
    [02/05/2006|12:02] C:\DOCUME~1\ADMINI~1\APPLIC~1\You've Got Pictures Screensaver

    [22/04/2008|13:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.
    [22/04/2008|13:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\..
    [18/04/2008|22:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [02/05/2006|12:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
    [11/04/2008|19:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
    [22/04/2008|13:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
    [22/04/2008|13:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    [21/04/2008|15:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ATI
    [11/04/2008|21:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ
    [11/04/2008|20:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Cast ping base frag
    [02/05/2006|13:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
    [28/04/2006|11:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
    [11/04/2008|22:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\F-Secure
    [11/04/2008|20:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    [11/04/2008|21:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
    [17/04/2008|23:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
    [11/04/2008|21:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
    [14/04/2008|16:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [11/04/2008|22:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
    [02/05/2006|12:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
    [02/05/2006|13:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
    [11/04/2008|21:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft
    [18/04/2008|20:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    [02/05/2006|12:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
    [02/05/2006|14:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    [11/04/2008|19:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
    [11/04/2008|19:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\X10 Settings
    [11/04/2008|20:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion

    [02/05/2006|13:56] C:\DOCUME~1\DEFAUL~1\APPLIC~1\.
    [02/05/2006|13:56] C:\DOCUME~1\DEFAUL~1\APPLIC~1\..
    [02/05/2006|12:08] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Adobe
    [11/04/2008|19:50] C:\DOCUME~1\DEFAUL~1\APPLIC~1\AOL
    [21/04/2008|14:58] C:\DOCUME~1\DEFAUL~1\APPLIC~1\ATI
    [02/05/2006|13:56] C:\DOCUME~1\DEFAUL~1\APPLIC~1\CyberLink
    [28/04/2006|11:18] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
    [28/04/2006|09:38] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
    [02/05/2006|13:10] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
    [02/05/2006|12:08] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
    [02/05/2006|12:10] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
    [02/05/2006|12:02] C:\DOCUME~1\DEFAUL~1\APPLIC~1\You've Got Pictures Screensaver

    [21/04/2008|15:03] C:\DOCUME~1\LOCALS~1\APPLIC~1\.
    [21/04/2008|15:03] C:\DOCUME~1\LOCALS~1\APPLIC~1\..
    [21/04/2008|15:03] C:\DOCUME~1\LOCALS~1\APPLIC~1\DivX
    [11/04/2008|20:52] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
    [02/05/2006|10:51] C:\DOCUME~1\LOCALS~1\APPLIC~1\X10 Commander

    [28/04/2006|09:33] C:\DOCUME~1\NETWOR~1\APPLIC~1\.
    [28/04/2006|09:33] C:\DOCUME~1\NETWOR~1\APPLIC~1\..
    [28/04/2006|09:33] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
    [16/04/2008|03:28] C:\DOCUME~1\NETWOR~1\APPLIC~1\X10 Commander

    [21/04/2008|21:52] C:\DOCUME~1\SELUK~1\APPLIC~1\.
    [21/04/2008|21:52] C:\DOCUME~1\SELUK~1\APPLIC~1\..
    [22/04/2008|18:04] C:\DOCUME~1\SELUK~1\APPLIC~1\.googlewebacchosts
    [17/04/2008|16:12] C:\DOCUME~1\SELUK~1\APPLIC~1\Adobe
    [17/04/2008|14:09] C:\DOCUME~1\SELUK~1\APPLIC~1\AdobeUM
    [11/04/2008|19:50] C:\DOCUME~1\SELUK~1\APPLIC~1\AOL
    [22/04/2008|13:14] C:\DOCUME~1\SELUK~1\APPLIC~1\Apple Computer
    [21/04/2008|15:04] C:\DOCUME~1\SELUK~1\APPLIC~1\ATI
    [12/04/2008|11:03] C:\DOCUME~1\SELUK~1\APPLIC~1\Auslogics
    [02/05/2006|13:56] C:\DOCUME~1\SELUK~1\APPLIC~1\CyberLink
    [11/04/2008|22:22] C:\DOCUME~1\SELUK~1\APPLIC~1\DAEMON Tools
    [18/04/2008|19:56] C:\DOCUME~1\SELUK~1\APPLIC~1\Datalayer
    [28/04/2006|11:18] C:\DOCUME~1\SELUK~1\APPLIC~1\desktop.ini
    [11/04/2008|22:44] C:\DOCUME~1\SELUK~1\APPLIC~1\F-Secure
    [11/04/2008|20:22] C:\DOCUME~1\SELUK~1\APPLIC~1\GRETECH
    [16/04/2008|20:30] C:\DOCUME~1\SELUK~1\APPLIC~1\Help
    [28/04/2006|09:38] C:\DOCUME~1\SELUK~1\APPLIC~1\Identities
    [11/04/2008|22:41] C:\DOCUME~1\SELUK~1\APPLIC~1\ispnews
    [20/04/2008|23:47] C:\DOCUME~1\SELUK~1\APPLIC~1\LimeWire
    [02/05/2006|13:10] C:\DOCUME~1\SELUK~1\APPLIC~1\Macromedia
    [14/04/2008|17:24] C:\DOCUME~1\SELUK~1\APPLIC~1\Media Player Classic
    [11/04/2008|23:34] C:\DOCUME~1\SELUK~1\APPLIC~1\Microsoft
    [11/04/2008|20:08] C:\DOCUME~1\SELUK~1\APPLIC~1\Mozilla
    [12/04/2008|11:21] C:\DOCUME~1\SELUK~1\APPLIC~1\MuralPix
    [11/04/2008|22:08] C:\DOCUME~1\SELUK~1\APPLIC~1\Nero
    [21/04/2008|21:52] C:\DOCUME~1\SELUK~1\APPLIC~1\Nokia Multimedia Player
    [11/04/2008|22:22] C:\DOCUME~1\SELUK~1\APPLIC~1\Notepad++
    [11/04/2008|21:19] C:\DOCUME~1\SELUK~1\APPLIC~1\OpenOffice.org2
    [18/04/2008|15:18] C:\DOCUME~1\SELUK~1\APPLIC~1\PC Suite
    [11/04/2008|20:35] C:\DOCUME~1\SELUK~1\APPLIC~1\road about owns
    [11/04/2008|21:32] C:\DOCUME~1\SELUK~1\APPLIC~1\ScanSoft
    [14/04/2008|21:01] C:\DOCUME~1\SELUK~1\APPLIC~1\SecuROM
    [02/05/2006|12:10] C:\DOCUME~1\SELUK~1\APPLIC~1\Sun
    [12/04/2008|00:06] C:\DOCUME~1\SELUK~1\APPLIC~1\SystemRequirementsLab
    [12/04/2008|16:04] C:\DOCUME~1\SELUK~1\APPLIC~1\TeamViewer
    [22/04/2008|14:56] C:\DOCUME~1\SELUK~1\APPLIC~1\uTorrent
    [11/04/2008|20:54] C:\DOCUME~1\SELUK~1\APPLIC~1\vlc
    [11/04/2008|20:15] C:\DOCUME~1\SELUK~1\APPLIC~1\WinRAR
    [02/05/2006|12:02] C:\DOCUME~1\SELUK~1\APPLIC~1\You've Got Pictures Screensaver

    ----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

    [22/04/2008 13:03][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [22/04/2008 02:02][--a------] C:\WINDOWS\tasks\Scheduled scanning task.job
    [22/04/2008 18:00][--ah-----] C:\WINDOWS\tasks\AF85952C91AE0728.job
    [22/04/2008 17:22][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [10/08/2004 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

    ---------------[ Listing des dossiers dans C:\Program Files ]--------------

    [22/04/2008|18:01] C:\Program Files\.
    [22/04/2008|18:01] C:\Program Files\..
    [18/04/2008|22:05] C:\Program Files\Adobe
    [13/04/2008|22:12] C:\Program Files\Alcohol Soft
    [16/04/2008|16:23] C:\Program Files\Amadis Software
    [11/04/2008|22:38] C:\Program Files\AntivirusFirewall
    [22/04/2008|13:03] C:\Program Files\Apple Software Update
    [11/04/2008|21:30] C:\Program Files\ArcSoft
    [21/04/2008|14:59] C:\Program Files\ATI Technologies
    [12/04/2008|11:03] C:\Program Files\Auslogics
    [11/04/2008|22:35] C:\Program Files\CA
    [11/04/2008|21:34] C:\Program Files\Canon
    [11/04/2008|21:28] C:\Program Files\CanonBJ
    [11/04/2008|20:09] C:\Program Files\CCleaner
    [17/04/2008|18:36] C:\Program Files\Circle Developement
    [02/05/2006|10:14] C:\Program Files\Common Files
    [02/05/2006|12:07] C:\Program Files\CyberLink
    [11/04/2008|22:40] C:\Program Files\DAEMON Tools Lite
    [19/04/2008|02:48] C:\Program Files\DVDVideoSoft
    [22/04/2008|13:13] C:\Program Files\Fichiers communs
    [18/04/2008|22:53] C:\Program Files\Google
    [11/04/2008|20:28] C:\Program Files\GRETECH
    [12/04/2008|10:53] C:\Program Files\inKline Global
    [21/04/2008|14:59] C:\Program Files\InstallShield Installation Information
    [02/05/2006|10:51] C:\Program Files\Intel
    [12/04/2008|10:39] C:\Program Files\Internet Explorer
    [22/04/2008|13:14] C:\Program Files\iPod
    [22/04/2008|13:14] C:\Program Files\iTunes
    [11/04/2008|22:13] C:\Program Files\Java
    [18/04/2008|22:15] C:\Program Files\K-Lite Codec Pack
    [15/04/2008|21:53] C:\Program Files\KONAMI
    [17/04/2008|23:52] C:\Program Files\Lavasoft
    [02/05/2006|12:02] C:\Program Files\Learn2.com
    [11/04/2008|20:18] C:\Program Files\LimeWire
    [02/05/2006|11:23] C:\Program Files\Messenger
    [11/04/2008|20:34] C:\Program Files\Messenger Plus! Live
    [13/04/2008|03:01] C:\Program Files\Microsoft CAPICOM 2.1.0.2
    [28/04/2006|09:30] C:\Program Files\microsoft frontpage
    [11/04/2008|21:04] C:\Program Files\Microsoft LifeCam
    [11/04/2008|23:37] C:\Program Files\Microsoft Plus! Digital Media Edition
    [28/04/2006|09:27] C:\Program Files\Movie Maker
    [22/04/2008|17:25] C:\Program Files\Mozilla Firefox
    [28/04/2006|09:22] C:\Program Files\MSN
    [28/04/2006|09:23] C:\Program Files\MSN Gaming Zone
    [13/04/2008|03:01] C:\Program Files\MSXML 4.0
    [12/04/2008|11:21] C:\Program Files\MuralPix
    [11/04/2008|22:06] C:\Program Files\Nero
    [11/04/2008|22:09] C:\Program Files\NeroInstall.bak
    [28/04/2006|09:27] C:\Program Files\NetMeeting
    [21/04/2008|21:34] C:\Program Files\Nokia
    [11/04/2008|20:32] C:\Program Files\Notepad++
    [28/04/2006|09:25] C:\Program Files\Online Services
    [11/04/2008|21:11] C:\Program Files\OpenOffice.org 2.4
    [11/04/2008|22:20] C:\Program Files\Outlook Express
    [14/04/2008|15:18] C:\Program Files\QuickTime
    [02/05/2006|12:02] C:\Program Files\Real
    [11/04/2008|20:34] C:\Program Files\road about owns
    [11/04/2008|21:32] C:\Program Files\ScanSoft
    [28/04/2006|09:28] C:\Program Files\Services en ligne
    [18/04/2008|20:50] C:\Program Files\Spybot - Search & Destroy
    [12/04/2008|00:06] C:\Program Files\SystemRequirementsLab
    [12/04/2008|15:55] C:\Program Files\TeamViewer3
    [21/04/2008|00:58] C:\Program Files\Torrents Open Registrations Checker
    [21/04/2008|00:58] C:\Program Files\Tracker Checker 2
    [22/04/2008|18:01] C:\Program Files\Trend Micro
    [12/04/2008|10:39] C:\Program Files\Uninstall Information
    [15/04/2008|02:53] C:\Program Files\uTorrent
    [11/04/2008|20:43] C:\Program Files\VideoLAN
    [02/05/2006|12:02] C:\Program Files\Viewpoint
    [02/05/2006|11:18] C:\Program Files\Windows Journal Viewer
    [11/04/2008|20:02] C:\Program Files\Windows Live
    [11/04/2008|20:52] C:\Program Files\Windows Media Connect 2
    [16/04/2008|19:27] C:\Program Files\Windows Media Player
    [28/04/2006|09:23] C:\Program Files\Windows NT
    [28/04/2006|09:24] C:\Program Files\Windows Plus
    [11/04/2008|20:16] C:\Program Files\WinRAR
    [02/05/2006|10:14] C:\Program Files\X10 Hardware
    [28/04/2006|09:30] C:\Program Files\xerox
    [11/04/2008|20:09] C:\Program Files\Yahoo!
    [17/04/2008|17:20] C:\Program Files\Zards software

    ------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

    [22/04/2008|13:13] C:\Program Files\Fichiers communs\.
    [22/04/2008|13:13] C:\Program Files\Fichiers communs\..
    [18/04/2008|22:06] C:\Program Files\Fichiers communs\Adobe
    [11/04/2008|19:52] C:\Program Files\Fichiers communs\AOL
    [11/04/2008|19:51] C:\Program Files\Fichiers communs\aolshare
    [22/04/2008|13:13] C:\Program Files\Fichiers communs\Apple
    [19/04/2008|02:49] C:\Program Files\Fichiers communs\DVDVideoSoft
    [21/04/2008|14:55] C:\Program Files\Fichiers communs\InstallShield
    [02/05/2006|11:56] C:\Program Files\Fichiers communs\Java
    [15/04/2008|00:37] C:\Program Files\Fichiers communs\Microsoft Shared
    [28/04/2006|09:27] C:\Program Files\Fichiers communs\MSSoap
    [11/04/2008|22:07] C:\Program Files\Fichiers communs\Nero
    [21/04/2008|21:33] C:\Program Files\Fichiers communs\Nokia
    [02/05/2006|12:02] C:\Program Files\Fichiers communs\Nullsoft
    [21/04/2008|21:33] C:\Program Files\Fichiers communs\PCSuite
    [02/05/2006|12:02] C:\Program Files\Fichiers communs\Real
    [11/04/2008|21:32] C:\Program Files\Fichiers communs\ScanSoft Shared
    [28/04/2006|09:27] C:\Program Files\Fichiers communs\Services
    [28/04/2006|11:18] C:\Program Files\Fichiers communs\SpeechEngines
    [11/04/2008|22:20] C:\Program Files\Fichiers communs\System
    [11/04/2008|20:02] C:\Program Files\Fichiers communs\WindowsLiveInstaller
    [18/04/2008|20:51] C:\Program Files\Fichiers communs\Wise Installation Wizard

    ----------------------[ Recherche avec S_Lop ]---------------------

    C:\DOCUME~1\SELUK~1\LOCALS~1\Temp\bis243.exe

    -----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Cast ping base frag
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Cast ping base frag\Ball aim.exe
    C:\Program Files\Circle Developement
    C:\WINDOWS\Tasks\AF85952C91AE0728.job

    ----------------------[ Verification du Registre ]----------------------

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Base frag grid bows"="C:\\Documents and Settings\\All Users\\Application Data\\Cast ping base frag\\Ball aim.exe"

    --------------------[ Verification du fichier Hosts ]---------------------

    Fichier Hosts MODIFIE

    127.0.0.1 bin.errorprotector.com ## added by CiD
    127.0.0.1 br.errorsafe.com ## added by CiD
    127.0.0.1 br.winantivirus.com ## added by CiD
    127.0.0.1 br.winfixer.com ## added by CiD
    127.0.0.1 cdn.drivecleaner.com ## added by CiD
    127.0.0.1 cdn.errorsafe.com ## added by CiD
    127.0.0.1 cdn.winsoftware.com ## added by CiD
    127.0.0.1 de.errorsafe.com ## added by CiD
    127.0.0.1 de.winantivirus.com ## added by CiD
    127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
    127.0.0.1 download.cdn.errorsafe.com ## added by CiD
    127.0.0.1 download.cdn.winsoftware.com ## added by CiD
    127.0.0.1 download.errorsafe.com ## added by CiD
    127.0.0.1 download.systemdoctor.com ## added by CiD
    127.0.0.1 download.winantispyware.com ## added by CiD
    127.0.0.1 download.windrivecleaner.com ## added by CiD
    127.0.0.1 download.winfixer.com ## added by CiD
    127.0.0.1 drivecleaner.com ## added by CiD
    127.0.0.1 dynamique.drivecleaner.com ## added by CiD
    127.0.0.1 errorprotector.com ## added by CiD
    127.0.0.1 errorsafe.com ## added by CiD
    127.0.0.1 es.winantivirus.com ## added by CiD
    127.0.0.1 fr.winantivirus.com ## added by CiD
    127.0.0.1 fr.winfixer.com ## added by CiD
    127.0.0.1 go.drivecleaner.com ## added by CiD
    127.0.0.1 go.errorsafe.com ## added by CiD
    127.0.0.1 go.winantispyware.com ## added by CiD
    127.0.0.1 go.winantivirus.com ## added by CiD
    127.0.0.1 hk.winantivirus.com ## added by CiD
    127.0.0.1 instlog.errorsafe.com ## added by CiD
    127.0.0.1 instlog.winantivirus.com ## added by CiD
    127.0.0.1 instlog.winfixer.com ## added by CiD
    127.0.0.1 jsp.drivecleaner.com ## added by CiD
    127.0.0.1 kb.errorsafe.com ## added by CiD
    127.0.0.1 kb.winantivirus.com ## added by CiD
    127.0.0.1 nl.errorsafe.com ## added by CiD
    127.0.0.1 se.errorsafe.com ## added by CiD
    127.0.0.1 secure.drivecleaner.com ## added by CiD
    127.0.0.1 secure.errorsafe.com ## added by CiD
    127.0.0.1 secure.winantispam.com ## added by CiD
    127.0.0.1 secure.winantispy.com ## added by CiD
    127.0.0.1 secure.winantivirus.com ## added by CiD
    127.0.0.1 support.winantivirus.com ## added by CiD
    127.0.0.1 trial.updates.winsoftware.com ## added by CiD
    127.0.0.1 ulog.winantivirus.com ## added by CiD
    127.0.0.1 utils.errorsafe.com ## added by CiD
    127.0.0.1 utils.winantivirus.com ## added by CiD
    127.0.0.1 utils.winfixer.com ## added by CiD
    127.0.0.1 winantispyware.com ## added by CiD
    127.0.0.1 winantivirus.com ## added by CiD
    127.0.0.1 winfixer.com ## added by CiD
    127.0.0.1 winfixer2006.com ## added by CiD
    127.0.0.1 winsoftware.com ## added by CiD
    127.0.0.1 www.drivecleaner.com ## added by CiD
    127.0.0.1 www.errorprotector.com ## added by CiD
    127.0.0.1 www.errorsafe.com ## added by CiD
    127.0.0.1 www.systemdoctor.com ## added by CiD
    127.0.0.1 www.utils.winfixer.com ## added by CiD
    127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
    127.0.0.1 www.win-virus-pro.com ## added by CiD
    127.0.0.1 www.winantispam.com ## added by CiD
    127.0.0.1 www.winantispy.com ## added by CiD
    127.0.0.1 www.winantispyware.com ## added by CiD
    127.0.0.1 www.winantivirus.com ## added by CiD
    127.0.0.1 www.winantiviruspro.com ## added by CiD
    127.0.0.1 www.windrivecleaner.com ## added by CiD
    127.0.0.1 www.windrivesafe.com ## added by CiD
    127.0.0.1 www.winfixer.com ## added by CiD
    127.0.0.1 www.winfixer2006.com ## added by CiD
    127.0.0.1 www.winsoftware.com ## added by CiD

    -> 8251 ( 70 ## added by CiD )

    /!\ 2 Not 127.0.0.1 !!

    ----------------[ Recherche de fichiers avec Catchme ]-----------------

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-22 18:12:52
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 0

    --------------------[ Recherche d'autres infections ]---------------------

    C:\WINDOWS\system32\hgNnmnmp.ini2
    C:\WINDOWS\system32\hOWENqru.ini2
    C:\WINDOWS\system32\ilkUDJjl.ini2
    C:\WINDOWS\system32\IPprqqru.ini2
    C:\WINDOWS\system32\VCMUFfhk.ini2
    ! VUNDO Possible !


    /!\ [Fich:358][Doss:52] C:\DOCUME~1\SELUK~1\LOCALS~1\Temp
    /!\ [Fich:38][Doss:0] C:\DOCUME~1\SELUK~1\Cookies
    /!\ [Fich:1531][Doss:5] C:\DOCUME~1\SELUK~1\LOCALS~1\TEMPOR~1\content.IE5

    --------------------[ Fin du rapport a 18:13:50,75 ]----------------------
    a b 8 Sécurité
    22 Avril 2008 18:38:22

    Re,

    Relance Lop S&D

  • Choisis cette fois ci l'Option 2 (Suppression)
  • Ne ferme pas la fenêtre lors de la suppression !
  • Poste le rapport généré (C:\lopR.txt)

    (Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)
    22 Avril 2008 18:50:29

    Je ne vois toujours pas le Bureau, j'ai fai exactemen comme tu a dit mais je n'arrive pas à accédé au Bureau.

    Mais j'ai réussi à faire ce que tu ma dit, et voici le rapport

    ps: je pourrai te répondre seulement aprés 21h, car j'ai un entrainement lol donc je dois y aller.Mais tu peux continuer a me dire ce qu'il faut faire, je le ferai dés que je rentre
    En tous cas merci de ton aide


    -----------------------[ Lop S&D 4.1.1-6 XP/Vista ]---------------------

    [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
    [ USER : Sel‡uk ] [ "C:\Lop SD" ]
    [ 22/04/2008 | 18:43:25,23 ] [ PC : OEM-2B7087C8C3D ]
    [ MAJ : 21-04-2008 | 19:45 ]

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////

    Supprimé! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Cast ping base frag\Ball aim.exe
    Supprimé! - C:\WINDOWS\Tasks\AF85952C91AE0728.job
    Supprimé! - C:\DOCUME~1\SELUK~1\LOCALS~1\Temp\bis243.exe
    Supprimé! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Cast ping base frag
    Supprimé! - C:\Program Files\Circle Developement
    Restauré! - Fichier Hosts

    //////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


    -------------[ Listing des dossiers dans Application Data ]------------

    [02/05/2006|13:56] C:\DOCUME~1\ADMINI~1\APPLIC~1\.
    [02/05/2006|13:56] C:\DOCUME~1\ADMINI~1\APPLIC~1\..
    [02/05/2006|12:08] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
    [11/04/2008|19:50] C:\DOCUME~1\ADMINI~1\APPLIC~1\AOL
    [21/04/2008|14:58] C:\DOCUME~1\ADMINI~1\APPLIC~1\ATI
    [02/05/2006|13:56] C:\DOCUME~1\ADMINI~1\APPLIC~1\CyberLink
    [28/04/2006|11:18] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini
    [28/04/2006|09:38] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
    [02/05/2006|13:10] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
    [02/05/2006|12:08] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
    [02/05/2006|12:10] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun
    [02/05/2006|12:02] C:\DOCUME~1\ADMINI~1\APPLIC~1\You've Got Pictures Screensaver

    [22/04/2008|18:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.
    [22/04/2008|18:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\..
    [18/04/2008|22:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [02/05/2006|12:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
    [11/04/2008|19:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
    [22/04/2008|13:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
    [22/04/2008|13:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    [21/04/2008|15:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ATI
    [11/04/2008|21:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ
    [02/05/2006|13:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
    [28/04/2006|11:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
    [11/04/2008|22:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\F-Secure
    [11/04/2008|20:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    [11/04/2008|21:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
    [17/04/2008|23:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
    [11/04/2008|21:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
    [14/04/2008|16:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [11/04/2008|22:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
    [02/05/2006|12:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
    [02/05/2006|13:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
    [11/04/2008|21:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft
    [18/04/2008|20:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    [02/05/2006|12:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
    [02/05/2006|14:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    [11/04/2008|19:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
    [11/04/2008|19:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\X10 Settings
    [11/04/2008|20:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion

    [02/05/2006|13:56] C:\DOCUME~1\DEFAUL~1\APPLIC~1\.
    [02/05/2006|13:56] C:\DOCUME~1\DEFAUL~1\APPLIC~1\..
    [02/05/2006|12:08] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Adobe
    [11/04/2008|19:50] C:\DOCUME~1\DEFAUL~1\APPLIC~1\AOL
    [21/04/2008|14:58] C:\DOCUME~1\DEFAUL~1\APPLIC~1\ATI
    [02/05/2006|13:56] C:\DOCUME~1\DEFAUL~1\APPLIC~1\CyberLink
    [28/04/2006|11:18] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
    [28/04/2006|09:38] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
    [02/05/2006|13:10] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
    [02/05/2006|12:08] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
    [02/05/2006|12:10] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
    [02/05/2006|12:02] C:\DOCUME~1\DEFAUL~1\APPLIC~1\You've Got Pictures Screensaver

    [21/04/2008|15:03] C:\DOCUME~1\LOCALS~1\APPLIC~1\.
    [21/04/2008|15:03] C:\DOCUME~1\LOCALS~1\APPLIC~1\..
    [21/04/2008|15:03] C:\DOCUME~1\LOCALS~1\APPLIC~1\DivX
    [11/04/2008|20:52] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
    [02/05/2006|10:51] C:\DOCUME~1\LOCALS~1\APPLIC~1\X10 Commander

    [28/04/2006|09:33] C:\DOCUME~1\NETWOR~1\APPLIC~1\.
    [28/04/2006|09:33] C:\DOCUME~1\NETWOR~1\APPLIC~1\..
    [28/04/2006|09:33] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
    [16/04/2008|03:28] C:\DOCUME~1\NETWOR~1\APPLIC~1\X10 Commander

    [21/04/2008|21:52] C:\DOCUME~1\SELUK~1\APPLIC~1\.
    [21/04/2008|21:52] C:\DOCUME~1\SELUK~1\APPLIC~1\..
    [22/04/2008|18:34] C:\DOCUME~1\SELUK~1\APPLIC~1\.googlewebacchosts
    [17/04/2008|16:12] C:\DOCUME~1\SELUK~1\APPLIC~1\Adobe
    [17/04/2008|14:09] C:\DOCUME~1\SELUK~1\APPLIC~1\AdobeUM
    [11/04/2008|19:50] C:\DOCUME~1\SELUK~1\APPLIC~1\AOL
    [22/04/2008|13:14] C:\DOCUME~1\SELUK~1\APPLIC~1\Apple Computer
    [21/04/2008|15:04] C:\DOCUME~1\SELUK~1\APPLIC~1\ATI
    [12/04/2008|11:03] C:\DOCUME~1\SELUK~1\APPLIC~1\Auslogics
    [02/05/2006|13:56] C:\DOCUME~1\SELUK~1\APPLIC~1\CyberLink
    [11/04/2008|22:22] C:\DOCUME~1\SELUK~1\APPLIC~1\DAEMON Tools
    [18/04/2008|19:56] C:\DOCUME~1\SELUK~1\APPLIC~1\Datalayer
    [28/04/2006|11:18] C:\DOCUME~1\SELUK~1\APPLIC~1\desktop.ini
    [11/04/2008|22:44] C:\DOCUME~1\SELUK~1\APPLIC~1\F-Secure
    [11/04/2008|20:22] C:\DOCUME~1\SELUK~1\APPLIC~1\GRETECH
    [16/04/2008|20:30] C:\DOCUME~1\SELUK~1\APPLIC~1\Help
    [28/04/2006|09:38] C:\DOCUME~1\SELUK~1\APPLIC~1\Identities
    [11/04/2008|22:41] C:\DOCUME~1\SELUK~1\APPLIC~1\ispnews
    [20/04/2008|23:47] C:\DOCUME~1\SELUK~1\APPLIC~1\LimeWire
    [02/05/2006|13:10] C:\DOCUME~1\SELUK~1\APPLIC~1\Macromedia
    [14/04/2008|17:24] C:\DOCUME~1\SELUK~1\APPLIC~1\Media Player Classic
    [11/04/2008|23:34] C:\DOCUME~1\SELUK~1\APPLIC~1\Microsoft
    [11/04/2008|20:08] C:\DOCUME~1\SELUK~1\APPLIC~1\Mozilla
    [12/04/2008|11:21] C:\DOCUME~1\SELUK~1\APPLIC~1\MuralPix
    [11/04/2008|22:08] C:\DOCUME~1\SELUK~1\APPLIC~1\Nero
    [21/04/2008|21:52] C:\DOCUME~1\SELUK~1\APPLIC~1\Nokia Multimedia Player
    [11/04/2008|22:22] C:\DOCUME~1\SELUK~1\APPLIC~1\Notepad++
    [11/04/2008|21:19] C:\DOCUME~1\SELUK~1\APPLIC~1\OpenOffice.org2
    [18/04/2008|15:18] C:\DOCUME~1\SELUK~1\APPLIC~1\PC Suite
    [11/04/2008|20:35] C:\DOCUME~1\SELUK~1\APPLIC~1\road about owns
    [11/04/2008|21:32] C:\DOCUME~1\SELUK~1\APPLIC~1\ScanSoft
    [14/04/2008|21:01] C:\DOCUME~1\SELUK~1\APPLIC~1\SecuROM
    [02/05/2006|12:10] C:\DOCUME~1\SELUK~1\APPLIC~1\Sun
    [12/04/2008|00:06] C:\DOCUME~1\SELUK~1\APPLIC~1\SystemRequirementsLab
    [12/04/2008|16:04] C:\DOCUME~1\SELUK~1\APPLIC~1\TeamViewer
    [22/04/2008|14:56] C:\DOCUME~1\SELUK~1\APPLIC~1\uTorrent
    [11/04/2008|20:54] C:\DOCUME~1\SELUK~1\APPLIC~1\vlc
    [11/04/2008|20:15] C:\DOCUME~1\SELUK~1\APPLIC~1\WinRAR
    [02/05/2006|12:02] C:\DOCUME~1\SELUK~1\APPLIC~1\You've Got Pictures Screensaver

    ----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

    [22/04/2008 13:03][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [22/04/2008 02:02][--a------] C:\WINDOWS\tasks\Scheduled scanning task.job
    [22/04/2008 17:22][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [10/08/2004 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

    ---------------[ Listing des dossiers dans C:\Program Files ]--------------

    [22/04/2008|18:43] C:\Program Files\.
    [22/04/2008|18:43] C:\Program Files\..
    [18/04/2008|22:05] C:\Program Files\Adobe
    [13/04/2008|22:12] C:\Program Files\Alcohol Soft
    [16/04/2008|16:23] C:\Program Files\Amadis Software
    [11/04/2008|22:38] C:\Program Files\AntivirusFirewall
    [22/04/2008|13:03] C:\Program Files\Apple Software Update
    [11/04/2008|21:30] C:\Program Files\ArcSoft
    [21/04/2008|14:59] C:\Program Files\ATI Technologies
    [12/04/2008|11:03] C:\Program Files\Auslogics
    [11/04/2008|22:35] C:\Program Files\CA
    [11/04/2008|21:34] C:\Program Files\Canon
    [11/04/2008|21:28] C:\Program Files\CanonBJ
    [11/04/2008|20:09] C:\Program Files\CCleaner
    [02/05/2006|10:14] C:\Program Files\Common Files
    [02/05/2006|12:07] C:\Program Files\CyberLink
    [11/04/2008|22:40] C:\Program Files\DAEMON Tools Lite
    [19/04/2008|02:48] C:\Program Files\DVDVideoSoft
    [22/04/2008|13:13] C:\Program Files\Fichiers communs
    [18/04/2008|22:53] C:\Program Files\Google
    [11/04/2008|20:28] C:\Program Files\GRETECH
    [12/04/2008|10:53] C:\Program Files\inKline Global
    [21/04/2008|14:59] C:\Program Files\InstallShield Installation Information
    [02/05/2006|10:51] C:\Program Files\Intel
    [12/04/2008|10:39] C:\Program Files\Internet Explorer
    [22/04/2008|13:14] C:\Program Files\iPod
    [22/04/2008|13:14] C:\Program Files\iTunes
    [11/04/2008|22:13] C:\Program Files\Java
    [18/04/2008|22:15] C:\Program Files\K-Lite Codec Pack
    [15/04/2008|21:53] C:\Program Files\KONAMI
    [17/04/2008|23:52] C:\Program Files\Lavasoft
    [02/05/2006|12:02] C:\Program Files\Learn2.com
    [11/04/2008|20:18] C:\Program Files\LimeWire
    [02/05/2006|11:23] C:\Program Files\Messenger
    [11/04/2008|20:34] C:\Program Files\Messenger Plus! Live
    [13/04/2008|03:01] C:\Program Files\Microsoft CAPICOM 2.1.0.2
    [28/04/2006|09:30] C:\Program Files\microsoft frontpage
    [11/04/2008|21:04] C:\Program Files\Microsoft LifeCam
    [11/04/2008|23:37] C:\Program Files\Microsoft Plus! Digital Media Edition
    [28/04/2006|09:27] C:\Program Files\Movie Maker
    [22/04/2008|17:25] C:\Program Files\Mozilla Firefox
    [28/04/2006|09:22] C:\Program Files\MSN
    [28/04/2006|09:23] C:\Program Files\MSN Gaming Zone
    [13/04/2008|03:01] C:\Program Files\MSXML 4.0
    [12/04/2008|11:21] C:\Program Files\MuralPix
    [11/04/2008|22:06] C:\Program Files\Nero
    [11/04/2008|22:09] C:\Program Files\NeroInstall.bak
    [28/04/2006|09:27] C:\Program Files\NetMeeting
    [21/04/2008|21:34] C:\Program Files\Nokia
    [11/04/2008|20:32] C:\Program Files\Notepad++
    [28/04/2006|09:25] C:\Program Files\Online Services
    [11/04/2008|21:11] C:\Program Files\OpenOffice.org 2.4
    [11/04/2008|22:20] C:\Program Files\Outlook Express
    [14/04/2008|15:18] C:\Program Files\QuickTime
    [02/05/2006|12:02] C:\Program Files\Real
    [11/04/2008|20:34] C:\Program Files\road about owns
    [11/04/2008|21:32] C:\Program Files\ScanSoft
    [28/04/2006|09:28] C:\Program Files\Services en ligne
    [18/04/2008|20:50] C:\Program Files\Spybot - Search & Destroy
    [12/04/2008|00:06] C:\Program Files\SystemRequirementsLab
    [12/04/2008|15:55] C:\Program Files\TeamViewer3
    [21/04/2008|00:58] C:\Program Files\Torrents Open Registrations Checker
    [21/04/2008|00:58] C:\Program Files\Tracker Checker 2
    [22/04/2008|18:01] C:\Program Files\Trend Micro
    [12/04/2008|10:39] C:\Program Files\Uninstall Information
    [15/04/2008|02:53] C:\Program Files\uTorrent
    [11/04/2008|20:43] C:\Program Files\VideoLAN
    [02/05/2006|12:02] C:\Program Files\Viewpoint
    [02/05/2006|11:18] C:\Program Files\Windows Journal Viewer
    [11/04/2008|20:02] C:\Program Files\Windows Live
    [11/04/2008|20:52] C:\Program Files\Windows Media Connect 2
    [16/04/2008|19:27] C:\Program Files\Windows Media Player
    [28/04/2006|09:23] C:\Program Files\Windows NT
    [28/04/2006|09:24] C:\Program Files\Windows Plus
    [11/04/2008|20:16] C:\Program Files\WinRAR
    [02/05/2006|10:14] C:\Program Files\X10 Hardware
    [28/04/2006|09:30] C:\Program Files\xerox
    [11/04/2008|20:09] C:\Program Files\Yahoo!
    [17/04/2008|17:20] C:\Program Files\Zards software

    ------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

    [22/04/2008|13:13] C:\Program Files\Fichiers communs\.
    [22/04/2008|13:13] C:\Program Files\Fichiers communs\..
    [18/04/2008|22:06] C:\Program Files\Fichiers communs\Adobe
    [11/04/2008|19:52] C:\Program Files\Fichiers communs\AOL
    [11/04/2008|19:51] C:\Program Files\Fichiers communs\aolshare
    [22/04/2008|13:13] C:\Program Files\Fichiers communs\Apple
    [19/04/2008|02:49] C:\Program Files\Fichiers communs\DVDVideoSoft
    [21/04/2008|14:55] C:\Program Files\Fichiers communs\InstallShield
    [02/05/2006|11:56] C:\Program Files\Fichiers communs\Java
    [15/04/2008|00:37] C:\Program Files\Fichiers communs\Microsoft Shared
    [28/04/2006|09:27] C:\Program Files\Fichiers communs\MSSoap
    [11/04/2008|22:07] C:\Program Files\Fichiers communs\Nero
    [21/04/2008|21:33] C:\Program Files\Fichiers communs\Nokia
    [02/05/2006|12:02] C:\Program Files\Fichiers communs\Nullsoft
    [21/04/2008|21:33] C:\Program Files\Fichiers communs\PCSuite
    [02/05/2006|12:02] C:\Program Files\Fichiers communs\Real
    [11/04/2008|21:32] C:\Program Files\Fichiers communs\ScanSoft Shared
    [28/04/2006|09:27] C:\Program Files\Fichiers communs\Services
    [28/04/2006|11:18] C:\Program Files\Fichiers communs\SpeechEngines
    [11/04/2008|22:20] C:\Program Files\Fichiers communs\System
    [11/04/2008|20:02] C:\Program Files\Fichiers communs\WindowsLiveInstaller
    [18/04/2008|20:51] C:\Program Files\Fichiers communs\Wise Installation Wizard

    ----------------------[ Recherche avec S_Lop ]---------------------

    Aucun fichier / dossier Lop trouvé !

    -----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

    Aucun fichier / dossier Lop trouvé !

    ----------------------[ Verification du Registre ]----------------------

    ..... OK !

    --------------------[ Verification du fichier Hosts ]---------------------

    Fichier Hosts PROPRE


    ----------------[ Recherche de fichiers avec Catchme ]-----------------

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-22 18:44:13
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 0

    --------------------[ Recherche d'autres infections ]---------------------

    C:\WINDOWS\system32\hgNnmnmp.ini2
    C:\WINDOWS\system32\hOWENqru.ini2
    C:\WINDOWS\system32\ilkUDJjl.ini2
    C:\WINDOWS\system32\IPprqqru.ini2
    C:\WINDOWS\system32\VCMUFfhk.ini2
    ! VUNDO Possible !


    /!\ [Fich:358][Doss:52] C:\DOCUME~1\SELUK~1\LOCALS~1\Temp
    /!\ [Fich:38][Doss:0] C:\DOCUME~1\SELUK~1\Cookies
    /!\ [Fich:1531][Doss:5] C:\DOCUME~1\SELUK~1\LOCALS~1\TEMPOR~1\content.IE5

    --------------------[ Fin du rapport a 18:45:08,65 ]----------------------


    22 Avril 2008 18:52:51

    Surprise, j'ai réussi à avoir le Bureau après plusieurs essai
    Merci et A+
    a b 8 Sécurité
    22 Avril 2008 19:34:14

    Reposte un rapport Hijackthis :) 
    22 Avril 2008 21:39:10

    Re
    Et voilà le nouveau rapport de Hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:38:02, on 22/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\vVX3000.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
    C:\Program Files\AntivirusFirewall\Common\FSM32.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe
    C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
    C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
    C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
    C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
    C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
    C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\AntivirusFirewall\Common\FCH32.EXE
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
    C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
    C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
    C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
    C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
    C:\PROGRA~1\ANTIVI~1\ANTI-S~1\fsaw.exe
    C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.carrefour.fr/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.carrefour.fr/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
    O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [3073c4d6] rundll32.exe "C:\WINDOWS\system32\hruccgma.dll",b
    O4 - HKLM\..\Run: [BM3340f74a] Rundll32.exe "C:\WINDOWS\system32\iskwilnv.dll",s
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Flag 1] C:\DOCUME~1\SELUK~1\APPLIC~1\ROADAB~1\dart grey.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Startup Defender.lnk = C:\Program Files\Zards software\Startup Defender\Startup Defender.exe
    O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
    O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
    O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm
    O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.carrefour.fr/
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
    O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

    --
    End of file - 12116 bytes
    a b 8 Sécurité
    22 Avril 2008 21:47:59

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

  • Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
    22 Avril 2008 22:24:40

    Et voilà le rapport Combofix...



    ComboFix 08-04-20.5 - Selçuk 2008-04-22 21:56:17.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.415 [GMT 2:00]
    Endroit: C:\Documents and Settings\Selçuk\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\cookies.ini
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\amgccurh.ini
    C:\WINDOWS\system32\hgNnmnmp.ini2
    C:\WINDOWS\system32\hOWENqru.ini
    C:\WINDOWS\system32\hOWENqru.ini2
    C:\WINDOWS\system32\hruccgma.dll
    C:\WINDOWS\system32\ilkUDJjl.ini
    C:\WINDOWS\system32\ilkUDJjl.ini2
    C:\WINDOWS\system32\IPprqqru.ini
    C:\WINDOWS\system32\IPprqqru.ini2
    C:\WINDOWS\system32\iskwilnv.dll
    C:\WINDOWS\system32\jkhsxsrk.dll
    C:\WINDOWS\system32\khfFUMCV.dll
    C:\WINDOWS\system32\ssqRKbXP.dll
    C:\WINDOWS\system32\VCMUFfhk.ini
    C:\WINDOWS\system32\VCMUFfhk.ini2

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-22 to 2008-04-22 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-22 18:11 . 2008-04-22 18:45 <REP> d-------- C:\Lop SD
    2008-04-22 18:01 . 2008-04-22 18:01 <REP> d-------- C:\Program Files\Trend Micro
    2008-04-22 13:14 . 2008-04-22 13:14 <REP> d-------- C:\Program Files\iTunes
    2008-04-22 13:14 . 2008-04-22 13:14 <REP> d-------- C:\Program Files\iPod
    2008-04-22 13:13 . 2008-04-22 13:13 <REP> d-------- C:\Program Files\Fichiers communs\Apple
    2008-04-22 13:03 . 2008-04-22 13:03 <REP> d-------- C:\Program Files\Apple Software Update
    2008-04-22 13:03 . 2008-04-22 13:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
    2008-04-21 21:52 . 2008-04-22 21:59 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-04-21 21:52 . 2008-04-21 21:52 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-04-21 21:33 . 2008-04-21 21:33 <REP> d-------- C:\Program Files\Fichiers communs\Nokia
    2008-04-21 21:13 . 2008-04-22 14:24 1,541,209 ---hs---- C:\WINDOWS\system32\cmunpxnq.ini
    2008-04-21 15:51 . 2008-04-21 15:51 639,414 --a------ C:\WINDOWS\GOM_Wallpaper.bmp
    2008-04-21 15:04 . 2008-04-21 15:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ATI
    2008-04-21 15:03 . 2008-04-21 15:03 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\DivX
    2008-04-21 15:03 . 2008-04-21 15:03 0 --a------ C:\WINDOWS\ativpsrm.bin
    2008-04-21 14:55 . 2008-03-28 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
    2008-04-21 14:54 . 2008-04-21 14:54 <REP> d-------- C:\ATI
    2008-04-21 00:58 . 2008-04-21 00:58 <REP> d-------- C:\Program Files\Tracker Checker 2
    2008-04-21 00:58 . 2008-04-21 00:58 <REP> d-------- C:\Program Files\Torrents Open Registrations Checker
    2008-04-20 21:19 . 2008-04-21 21:09 766 ---hs---- C:\WINDOWS\system32\tlwjcafm.ini
    2008-04-19 21:18 . 2008-04-20 21:19 586 ---hs---- C:\WINDOWS\system32\gjmjgooa.ini
    2008-04-19 02:49 . 2008-04-19 02:49 <REP> d-------- C:\Program Files\Fichiers communs\DVDVideoSoft
    2008-04-19 02:48 . 2008-04-19 02:48 <REP> d-------- C:\Program Files\DVDVideoSoft
    2008-04-18 22:53 . 2008-04-18 22:53 <REP> d-------- C:\Program Files\Google
    2008-04-18 22:16 . 2006-09-24 17:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm
    2008-04-18 22:16 . 2007-09-04 18:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
    2008-04-18 22:16 . 2007-09-21 02:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
    2008-04-18 22:16 . 2007-10-03 17:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml
    2008-04-18 22:15 . 2008-04-18 22:15 <REP> d-------- C:\Program Files\K-Lite Codec Pack
    2008-04-18 22:15 . 2008-03-21 22:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
    2008-04-18 22:15 . 2008-01-10 14:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll
    2008-04-18 22:15 . 2008-03-31 23:25 682,496 --a------ C:\WINDOWS\system32\divx.dll
    2008-04-18 22:15 . 2004-01-25 18:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
    2008-04-18 22:15 . 2008-01-10 14:16 159,839 --a------ C:\WINDOWS\system32\xvidvfw.dll
    2008-04-18 22:15 . 2008-03-21 22:28 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
    2008-04-18 22:15 . 2008-03-28 19:41 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
    2008-04-18 22:15 . 2007-07-10 18:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
    2008-04-18 21:16 . 2008-04-19 21:16 354 ---hs---- C:\WINDOWS\system32\lubrtbdj.ini
    2008-04-18 20:51 . 2008-04-18 20:51 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-04-18 15:17 . 2008-04-21 21:33 <REP> d-------- C:\Program Files\Fichiers communs\PCSuite
    2008-04-18 15:16 . 2008-04-21 21:34 <REP> d-------- C:\Program Files\Nokia
    2008-04-18 00:03 . 2008-04-18 12:58 1,529,129 ---hs---- C:\WINDOWS\system32\shptwdpj.ini
    2008-04-17 23:52 . 2008-04-17 23:52 <REP> d-------- C:\Program Files\Lavasoft
    2008-04-17 23:52 . 2008-04-17 23:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-04-17 23:48 . 2008-04-22 14:59 789 --a------ C:\WINDOWS\wininit.ini
    2008-04-17 23:29 . 2008-04-22 21:53 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-04-17 23:29 . 2008-04-22 21:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-04-17 13:17 . 2008-04-18 22:06 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
    2008-04-17 04:50 . 2008-04-17 23:48 1,529,361 ---hs---- C:\WINDOWS\system32\mlkcucwr.ini
    2008-04-17 04:43 . 2008-04-22 21:15 109,111 --a------ C:\WINDOWS\BM3340f74a.xml
    2008-04-16 19:27 . 2008-04-16 19:30 <REP> d-------- C:\TELL ME MORE NV DEMO
    2008-04-16 19:21 . 1998-08-27 06:51 182,032 --a------ C:\WINDOWS\system32\dxtmsft3.dll
    2008-04-16 19:21 . 1998-08-20 13:02 140,800 --a------ C:\WINDOWS\system32\tm20dec.ax
    2008-04-16 19:21 . 1998-09-02 10:28 63,488 --a------ C:\WINDOWS\system32\unam4ie.exe
    2008-04-16 19:21 . 1998-09-02 10:28 38,160 --a------ C:\WINDOWS\system32\LMRTREND.dll
    2008-04-16 19:20 . 1998-09-02 10:02 194,320 --a------ C:\WINDOWS\system32\qcut.dll
    2008-04-16 19:20 . 1998-08-17 11:21 11,776 --a------ C:\WINDOWS\system32\mciqtz.drv
    2008-04-16 19:20 . 1998-08-17 11:21 10,240 --a------ C:\WINDOWS\system32\vidx16.dll
    2008-04-16 19:20 . 1998-08-17 11:21 5,672 --a------ C:\WINDOWS\system32\quartz.vxd
    2008-04-16 19:20 . 2008-04-16 19:20 4,608 --a------ C:\WINDOWS\system32\w95inf32.dll
    2008-04-16 19:20 . 2008-04-16 19:20 2,272 --a------ C:\WINDOWS\system32\w95inf16.dll
    2008-04-16 16:23 . 2008-04-16 16:23 <REP> d-------- C:\Program Files\Amadis Software
    2008-04-16 16:23 . 2006-11-07 11:22 719,872 --a------ C:\WINDOWS\system32\devil.dll
    2008-04-16 16:23 . 2007-05-17 23:30 318,976 --a------ C:\WINDOWS\system32\avisynth.dll
    2008-04-16 03:28 . 2008-04-16 03:28 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\X10 Commander
    2008-04-15 21:53 . 2008-04-15 21:53 <REP> d-------- C:\Program Files\KONAMI
    2008-04-14 21:01 . 2008-04-14 21:01 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
    2008-04-14 15:18 . 2008-04-14 15:18 <REP> d-------- C:\Program Files\QuickTime
    2008-04-14 15:18 . 2008-04-22 13:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-04-13 23:50 . 2008-04-17 17:20 <REP> d-------- C:\Program Files\Zards software
    2008-04-13 22:12 . 2008-04-13 22:12 <REP> d-------- C:\Program Files\Alcohol Soft
    2008-04-13 03:01 . 2008-04-13 03:01 <REP> d-------- C:\Program Files\MSXML 4.0
    2008-04-13 03:01 . 2008-04-13 03:01 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-04-12 15:55 . 2008-04-12 15:55 <REP> d-------- C:\Program Files\TeamViewer3
    2008-04-12 13:23 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
    2008-04-12 13:23 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
    2008-04-12 11:19 . 2008-04-12 11:21 <REP> d-------- C:\Program Files\MuralPix
    2008-04-12 11:19 . 2008-04-12 11:19 160 --a------ C:\WINDOWS\LearsyShare.dat
    2008-04-12 11:03 . 2008-04-12 11:03 <REP> d-------- C:\Program Files\Auslogics
    2008-04-12 10:53 . 2008-04-12 10:53 <REP> d-------- C:\Program Files\inKline Global
    2008-04-12 10:04 . 2008-03-01 14:58 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
    2008-04-12 10:04 . 2007-07-01 05:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
    2008-04-12 10:04 . 2007-07-01 05:36 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
    2008-04-12 10:04 . 2008-03-01 14:58 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
    2008-04-12 10:04 . 2008-03-01 14:58 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2008-04-12 10:04 . 2008-03-01 14:58 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
    2008-04-12 10:04 . 2008-03-01 14:58 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
    2008-04-12 10:04 . 2008-03-01 14:58 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2008-04-12 10:04 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-04-12 10:03 . 2008-04-12 10:04 <REP> d-------- C:\WINDOWS\system32\fr-fr
    2008-04-12 00:06 . 2008-04-12 00:06 <REP> d-------- C:\WINDOWS\Sun
    2008-04-12 00:06 . 2008-04-12 00:06 <REP> d-------- C:\Program Files\SystemRequirementsLab
    2008-04-11 23:37 . 2008-04-11 23:37 <REP> d-------- C:\Program Files\Microsoft Plus! Digital Media Edition
    2008-04-11 23:00 . 2008-04-21 22:43 69 --a------ C:\WINDOWS\NeroDigital.ini
    2008-04-11 22:38 . 2008-04-11 22:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
    2008-04-11 22:38 . 2005-11-18 17:04 70,896 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
    2008-04-11 22:38 . 2005-11-18 17:04 33,584 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
    2008-04-11 22:33 . 2008-04-11 22:38 <REP> d-------- C:\Program Files\AntivirusFirewall
    2008-04-11 22:33 . 2008-04-11 22:33 118,842 -r------- C:\WINDOWS\bwUnin-6.3.2.123-6588780L.exe
    2008-04-11 22:26 . 2008-04-11 22:40 <REP> d-------- C:\Program Files\DAEMON Tools Lite
    2008-04-11 22:22 . 2008-04-11 22:22 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2008-04-11 22:09 . 2008-04-11 22:09 <REP> d-------- C:\Program Files\NeroInstall.bak
    2008-04-11 22:06 . 2008-04-11 22:06 <REP> d-------- C:\Program Files\Nero
    2008-04-11 22:06 . 2008-04-11 22:07 <REP> d-------- C:\Program Files\Fichiers communs\Nero
    2008-04-11 22:06 . 2008-04-11 22:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
    2008-04-11 21:57 . 2008-04-11 21:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2008-04-11 21:41 . 2008-04-18 20:58 1,350 --a------ C:\WINDOWS\mozver.dat
    2008-04-11 21:33 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
    2008-04-11 21:33 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
    2008-04-11 21:33 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
    2008-04-11 21:33 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
    2008-04-11 21:32 . 2008-04-11 21:32 <REP> d-------- C:\Program Files\ScanSoft
    2008-04-11 21:32 . 2008-04-11 21:32 <REP> d-------- C:\Program Files\Fichiers communs\ScanSoft Shared
    2008-04-11 21:32 . 2008-04-11 21:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
    2008-04-11 21:32 . 2008-04-11 21:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
    2008-04-11 21:32 . 2008-04-11 21:32 419 --a------ C:\WINDOWS\MAXLINK.INI
    2008-04-11 21:30 . 2008-04-11 21:30 <REP> d-------- C:\Program Files\ArcSoft
    2008-04-11 21:30 . 1995-08-01 04:44 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
    2008-04-11 21:28 . 2008-04-11 21:28 <REP> d--h----- C:\WINDOWS\system32\CanonIJ Uninstaller Information
    2008-04-11 21:28 . 2008-04-11 21:28 <REP> d--h----- C:\Program Files\CanonBJ
    2008-04-11 21:28 . 2008-04-11 21:28 <REP> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
    2008-04-11 21:28 . 2006-04-13 10:23 1,134,592 --a------ C:\WINDOWS\system32\CNCC510.DLL
    2008-04-11 21:28 . 2006-04-23 22:00 161,792 --a------ C:\WINDOWS\system32\CNMLM85.DLL
    2008-04-11 21:28 . 2006-04-13 12:11 135,168 --a------ C:\WINDOWS\system32\CNCL510.DLL
    2008-04-11 21:28 . 2006-02-17 08:44 106,496 --a------ C:\WINDOWS\system32\cnco510.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-21 12:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-21 12:59 --------- d-----w C:\Program Files\ATI Technologies
    2008-04-21 12:55 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-04-11 20:35 --------- d-----w C:\Program Files\CA
    2008-04-11 20:13 --------- d-----w C:\Program Files\Java
    2008-04-11 18:52 --------- d-----w C:\Program Files\Windows Media Connect 2
    2008-04-11 17:52 --------- d-----w C:\Program Files\Fichiers communs\AOL
    2008-04-11 17:51 --------- d-----w C:\Program Files\Fichiers communs\aolshare
    2008-04-11 17:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
    2008-03-29 06:21 2,873,856 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
    2008-03-29 03:18 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
    2008-02-28 15:38 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
    2008-02-26 14:14 972,072 ----a-w C:\WINDOWS\UNRecode.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F8D1E047-C311-46FA-A0B6-4382407715ED}]
    C:\WINDOWS\system32\urqqrpPI.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
    "Flag 1"="C:\DOCUME~1\SELUK~1\APPLIC~1\ROADAB~1\dart grey.exe" [2008-04-11 20:34 450560]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360]
    "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-04-20 09:57 847872]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 16:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
    "Cmaudio"="cmicnfg.cpl" []
    "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 12:30 139264]
    "VX3000"="C:\WINDOWS\vVX3000.exe" [2006-04-26 05:09 994080]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 00:14 155648]
    "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 13:19 69632]
    "F-Secure Manager"="C:\Program Files\AntivirusFirewall\Common\FSM32.exe" [2005-10-26 03:51 122929]
    "F-Secure TNB"="C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" [2005-07-18 16:51 700416]
    "F-Secure Startup Wizard"="C:\Program Files\AntivirusFirewall\FSGUI\FSSW.exe" [2005-10-18 10:29 372736]
    "News Service"="C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe" [2005-05-31 14:45 356352]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
    "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-03-22 09:39 167936]
    "DataLayer"="C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe" [2005-03-31 09:30 1106944]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 14:00 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqRKbXP]
    ssqRKbXP.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.YV12"= yv12vfw.dll
    "msacm.ac3acm"= ac3acm.acm
    "msacm.lameacm"= lameACM.acm

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3073c4d6]
    C:\WINDOWS\system32\jpdwtphs.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
    --a------ 2008-02-22 17:58 217544 C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM3340f74a]
    C:\WINDOWS\system32\sducpowk.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    --a------ 2008-04-01 11:39 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    --a------ 2008-02-28 17:07 1828136 C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
    --a------ 2006-04-28 02:36 260896 C:\Program Files\Microsoft LifeCam\LifeExp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
    --a------ 2008-02-18 16:29 2221352 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2008-02-28 09:59 570664 C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    --------- 2006-11-03 09:59 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\WINDOWS\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\WINDOWS\\system32\\fxsclnt.exe"=
    "C:\\Program Files\\NetMeeting\\Conf.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
    "C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
    "C:\\Program Files\\Fichiers communs\\Nero\\Nero Web\\SetupX.exe"=
    "C:\\Program Files\\AntivirusFirewall\\backweb\\6588780\\Program\\fspex.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3478:UDP"= 3478:UDP:stun
    "3479:UDP"= 3479:UDP:stun 2
    "6112:UDP"= 6112:UDP:stun 3
    "5730:UDP"= 5730:UDP:game
    "5739:UDP"= 5739:UDP:game 1
    "9001:TCP"= 9001:TCP:game 2
    "11881:TCP"= 11881:TCP:game 3

    R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 17:04]
    R2 BackWeb Plug-in - 6588780;Antivirus Firewall;C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE [2008-04-11 22:37]
    R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 17:14]
    R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSgk.sys [2008-04-11 22:47]
    R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [2004-06-01 11:03]
    R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamSvc.exe" [2006-04-18 05:32]
    R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-12-06 12:16]
    R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2005-05-12 14:39]
    R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-06-13 11:50]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
    \Shell\AutoRun\command - M:\autorun_PES2008.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-04-22 11:03:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-04-22 00:02:17 C:\WINDOWS\Tasks\Scheduled scanning task.job"
    - C:\PROGRA~1\ANTIVI~1\ANTI-V~1\fsav.exeZ /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\ANTIVI~1\ANTI-V~1\report.txt
    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-22 21:59:21
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fsbl]
    "ImagePath"="\??\C:\Program Files\AntivirusFirewall\Anti-Virus\fsbl3989.sys"
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\ati2evxx.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\ati2evxx.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\ehome\ehrecvr.exe
    C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
    C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
    C:\WINDOWS\ehome\ehSched.exe
    C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
    C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32.exe
    C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fsbwsys.exe
    C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
    C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
    C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
    C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
    C:\Program Files\AntivirusFirewall\Common\FCH32.EXE
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
    C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
    C:\Program Files\AntivirusFirewall\Anti-Virus\FSRW.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\PROGRA~1\COMMON~1\X10\Common\X10nets.exe
    C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\AntivirusFirewall\Anti-Virus\FSAV32.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\AntivirusFirewall\FWES\program\fsdfwd.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Google\Web Accelerator\GoogleWebAccClient.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\PROGRA~1\ANTIVI~1\ANTI-S~1\FSAW.exe
    C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-04-22 22:01:46 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-04-22 20:01:43

    Pre-Run: 75,596,115,968 octets libres
    Post-Run: 75,829,940,224 octets libres

    333 --- E O F --- 2008-04-13 19:48:04
    a b 8 Sécurité
    23 Avril 2008 12:57:23

    Re,

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    23 Avril 2008 15:10:42

    Le rapport MalwareByte's


    Malwarebytes' Anti-Malware 1.11
    Version de la base de données: 672

    Type de recherche: Examen complet (C:\|D:\|E:\|)
    Eléments examinés: 119519
    Temps écoulé: 23 minute(s), 14 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 3
    Valeur(s) du Registre infectée(s): 2
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 9

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\QooBox\Quarantine\C\WINDOWS\system32\jkhsxsrk.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\khfFUMCV.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{FE62DFD1-E165-47AF-AC5D-5300B6972916}\RP43\A0005946.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{FE62DFD1-E165-47AF-AC5D-5300B6972916}\RP43\A0005948.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{FE62DFD1-E165-47AF-AC5D-5300B6972916}\RP53\A0007711.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{FE62DFD1-E165-47AF-AC5D-5300B6972916}\RP53\A0007712.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{FE62DFD1-E165-47AF-AC5D-5300B6972916}\RP63\A0011206.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{FE62DFD1-E165-47AF-AC5D-5300B6972916}\RP64\A0013507.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{FE62DFD1-E165-47AF-AC5D-5300B6972916}\RP64\A0013520.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    a b 8 Sécurité
    23 Avril 2008 17:57:24

    Refais un scan Combofix.
    23 Avril 2008 18:12:13

    Le scan Combofix


    ComboFix 08-04-20.5 - Selçuk 2008-04-23 18:10:15.3 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.425 [GMT 2:00]
    Endroit: C:\Documents and Settings\Selçuk\Bureau\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-03-23 to 2008-04-23 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-23 14:35 . 2008-04-23 14:35 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\Malwarebytes
    2008-04-23 14:32 . 2008-04-23 14:37 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-04-23 14:32 . 2008-04-23 14:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-04-22 22:01 . 2008-04-22 22:01 <REP> d-------- C:\Documents and Settings\Selþuk
    2008-04-22 18:11 . 2008-04-22 18:45 <REP> d-------- C:\Lop SD
    2008-04-22 18:01 . 2008-04-22 18:01 <REP> d-------- C:\Program Files\Trend Micro
    2008-04-22 13:14 . 2008-04-22 13:14 <REP> d-------- C:\Program Files\iTunes
    2008-04-22 13:14 . 2008-04-22 13:14 <REP> d-------- C:\Program Files\iPod
    2008-04-22 13:13 . 2008-04-22 13:13 <REP> d-------- C:\Program Files\Fichiers communs\Apple
    2008-04-22 13:03 . 2008-04-22 13:03 <REP> d-------- C:\Program Files\Apple Software Update
    2008-04-22 13:03 . 2008-04-22 13:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
    2008-04-21 21:52 . 2008-04-21 21:52 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\Nokia Multimedia Player
    2008-04-21 21:52 . 2008-04-23 15:07 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-04-21 21:52 . 2008-04-21 21:52 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-04-21 21:33 . 2008-04-21 21:33 <REP> d-------- C:\Program Files\Fichiers communs\Nokia
    2008-04-21 21:13 . 2008-04-22 14:24 1,541,209 ---hs---- C:\WINDOWS\system32\cmunpxnq.ini
    2008-04-21 15:51 . 2008-04-21 15:51 639,414 --a------ C:\WINDOWS\GOM_Wallpaper.bmp
    2008-04-21 15:04 . 2008-04-21 15:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ATI
    2008-04-21 15:03 . 2008-04-21 15:03 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\DivX
    2008-04-21 15:03 . 2008-04-21 15:03 0 --a------ C:\WINDOWS\ativpsrm.bin
    2008-04-21 14:55 . 2008-03-28 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
    2008-04-21 14:54 . 2008-04-21 14:54 <REP> d-------- C:\ATI
    2008-04-21 00:58 . 2008-04-21 00:58 <REP> d-------- C:\Program Files\Tracker Checker 2
    2008-04-21 00:58 . 2008-04-21 00:58 <REP> d-------- C:\Program Files\Torrents Open Registrations Checker
    2008-04-20 21:19 . 2008-04-21 21:09 766 ---hs---- C:\WINDOWS\system32\tlwjcafm.ini
    2008-04-19 21:18 . 2008-04-20 21:19 586 ---hs---- C:\WINDOWS\system32\gjmjgooa.ini
    2008-04-19 02:49 . 2008-04-19 02:49 <REP> d-------- C:\Program Files\Fichiers communs\DVDVideoSoft
    2008-04-19 02:48 . 2008-04-19 02:48 <REP> d-------- C:\Program Files\DVDVideoSoft
    2008-04-18 22:53 . 2008-04-18 22:53 <REP> d-------- C:\Program Files\Google
    2008-04-18 22:16 . 2006-09-24 17:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm
    2008-04-18 22:16 . 2007-09-04 18:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
    2008-04-18 22:16 . 2007-09-21 02:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
    2008-04-18 22:16 . 2007-10-03 17:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml
    2008-04-18 22:15 . 2008-04-18 22:15 <REP> d-------- C:\Program Files\K-Lite Codec Pack
    2008-04-18 22:15 . 2008-03-21 22:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
    2008-04-18 22:15 . 2008-01-10 14:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll
    2008-04-18 22:15 . 2008-03-31 23:25 682,496 --a------ C:\WINDOWS\system32\divx.dll
    2008-04-18 22:15 . 2004-01-25 18:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
    2008-04-18 22:15 . 2008-01-10 14:16 159,839 --a------ C:\WINDOWS\system32\xvidvfw.dll
    2008-04-18 22:15 . 2008-03-21 22:28 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
    2008-04-18 22:15 . 2008-03-28 19:41 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
    2008-04-18 22:15 . 2007-07-10 18:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
    2008-04-18 21:16 . 2008-04-19 21:16 354 ---hs---- C:\WINDOWS\system32\lubrtbdj.ini
    2008-04-18 20:51 . 2008-04-18 20:51 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-04-18 19:56 . 2008-04-18 19:56 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\Datalayer
    2008-04-18 15:18 . 2008-04-18 19:56 <REP> d-------- C:\Documents and Settings\Selçuk\Phone Browser
    2008-04-18 15:18 . 2008-04-18 19:56 <REP> d-------- C:\Documents and Settings\Selçuk\Phone Browser
    2008-04-18 15:18 . 2008-04-18 15:18 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\PC Suite
    2008-04-18 15:17 . 2008-04-21 21:33 <REP> d-------- C:\Program Files\Fichiers communs\PCSuite
    2008-04-18 15:16 . 2008-04-21 21:34 <REP> d-------- C:\Program Files\Nokia
    2008-04-18 00:03 . 2008-04-18 12:58 1,529,129 ---hs---- C:\WINDOWS\system32\shptwdpj.ini
    2008-04-17 23:52 . 2008-04-17 23:52 <REP> d-------- C:\Program Files\Lavasoft
    2008-04-17 23:52 . 2008-04-17 23:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-04-17 23:48 . 2008-04-22 14:59 789 --a------ C:\WINDOWS\wininit.ini
    2008-04-17 23:29 . 2008-04-22 21:53 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-04-17 23:29 . 2008-04-22 21:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-04-17 13:17 . 2008-04-18 22:06 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
    2008-04-17 12:39 . 2008-04-17 14:09 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\AdobeUM
    2008-04-17 04:50 . 2008-04-17 23:48 1,529,361 ---hs---- C:\WINDOWS\system32\mlkcucwr.ini
    2008-04-17 04:43 . 2008-04-22 21:15 109,111 --a------ C:\WINDOWS\BM3340f74a.xml
    2008-04-16 19:27 . 2008-04-16 19:30 <REP> d-------- C:\TELL ME MORE NV DEMO
    2008-04-16 19:21 . 1998-08-27 06:51 182,032 --a------ C:\WINDOWS\system32\dxtmsft3.dll
    2008-04-16 19:21 . 1998-08-20 13:02 140,800 --a------ C:\WINDOWS\system32\tm20dec.ax
    2008-04-16 19:21 . 1998-09-02 10:28 63,488 --a------ C:\WINDOWS\system32\unam4ie.exe
    2008-04-16 19:21 . 1998-09-02 10:28 38,160 --a------ C:\WINDOWS\system32\LMRTREND.dll
    2008-04-16 19:20 . 1998-09-02 10:02 194,320 --a------ C:\WINDOWS\system32\qcut.dll
    2008-04-16 19:20 . 1998-08-17 11:21 11,776 --a------ C:\WINDOWS\system32\mciqtz.drv
    2008-04-16 19:20 . 1998-08-17 11:21 10,240 --a------ C:\WINDOWS\system32\vidx16.dll
    2008-04-16 19:20 . 1998-08-17 11:21 5,672 --a------ C:\WINDOWS\system32\quartz.vxd
    2008-04-16 19:20 . 2008-04-16 19:20 4,608 --a------ C:\WINDOWS\system32\w95inf32.dll
    2008-04-16 19:20 . 2008-04-16 19:20 2,272 --a------ C:\WINDOWS\system32\w95inf16.dll
    2008-04-16 16:23 . 2008-04-16 16:23 <REP> d-------- C:\Program Files\Amadis Software
    2008-04-16 16:23 . 2006-11-07 11:22 719,872 --a------ C:\WINDOWS\system32\devil.dll
    2008-04-16 16:23 . 2007-05-17 23:30 318,976 --a------ C:\WINDOWS\system32\avisynth.dll
    2008-04-16 15:03 . 2008-04-22 13:14 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\Apple Computer
    2008-04-16 03:28 . 2008-04-16 03:28 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\X10 Commander
    2008-04-15 21:53 . 2008-04-15 21:53 <REP> d-------- C:\Program Files\KONAMI
    2008-04-14 21:01 . 2008-04-14 21:01 <REP> dr-h----- C:\Documents and Settings\Selçuk\Application Data\SecuROM
    2008-04-14 21:01 . 2008-04-14 21:01 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
    2008-04-14 17:24 . 2008-04-14 17:24 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\Media Player Classic
    2008-04-14 15:18 . 2008-04-14 15:18 <REP> d-------- C:\Program Files\QuickTime
    2008-04-14 15:18 . 2008-04-22 13:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-04-13 23:50 . 2008-04-17 17:20 <REP> d-------- C:\Program Files\Zards software
    2008-04-13 22:12 . 2008-04-13 22:12 <REP> d-------- C:\Program Files\Alcohol Soft
    2008-04-13 03:01 . 2008-04-13 03:01 <REP> d-------- C:\Program Files\MSXML 4.0
    2008-04-13 03:01 . 2008-04-13 03:01 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-04-12 15:55 . 2008-04-12 15:55 <REP> d-------- C:\Program Files\TeamViewer3
    2008-04-12 15:55 . 2008-04-12 16:04 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\TeamViewer
    2008-04-12 15:54 . 2008-04-12 15:54 <REP> d-------- C:\Documents and Settings\Selçuk\temp
    2008-04-12 15:54 . 2008-04-12 15:54 <REP> d-------- C:\Documents and Settings\Selçuk\temp
    2008-04-12 13:23 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
    2008-04-12 13:23 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
    2008-04-12 11:19 . 2008-04-12 11:21 <REP> d-------- C:\Program Files\MuralPix
    2008-04-12 11:19 . 2008-04-12 11:21 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\MuralPix
    2008-04-12 11:19 . 2008-04-12 11:19 160 --a------ C:\WINDOWS\LearsyShare.dat
    2008-04-12 11:03 . 2008-04-12 11:03 <REP> d-------- C:\Program Files\Auslogics
    2008-04-12 11:03 . 2008-04-12 11:03 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\Auslogics
    2008-04-12 10:53 . 2008-04-12 10:53 <REP> d-------- C:\Program Files\inKline Global
    2008-04-12 10:04 . 2008-03-01 14:58 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
    2008-04-12 10:04 . 2007-07-01 05:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
    2008-04-12 10:04 . 2007-07-01 05:36 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
    2008-04-12 10:04 . 2008-03-01 14:58 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
    2008-04-12 10:04 . 2008-03-01 14:58 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2008-04-12 10:04 . 2008-03-01 14:58 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
    2008-04-12 10:04 . 2008-03-01 14:58 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
    2008-04-12 10:04 . 2008-03-01 14:58 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2008-04-12 10:04 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-04-12 10:03 . 2008-04-12 10:04 <REP> d-------- C:\WINDOWS\system32\fr-fr
    2008-04-12 00:06 . 2008-04-12 00:06 <REP> d-------- C:\WINDOWS\Sun
    2008-04-12 00:06 . 2008-04-12 00:06 <REP> d-------- C:\Program Files\SystemRequirementsLab
    2008-04-12 00:06 . 2008-04-12 00:06 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\SystemRequirementsLab
    2008-04-11 23:37 . 2008-04-11 23:37 <REP> d-------- C:\Program Files\Microsoft Plus! Digital Media Edition
    2008-04-11 23:00 . 2008-04-21 22:43 69 --a------ C:\WINDOWS\NeroDigital.ini
    2008-04-11 22:42 . 2008-04-11 22:44 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\F-Secure
    2008-04-11 22:41 . 2008-04-11 22:41 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\ispnews
    2008-04-11 22:38 . 2008-04-11 22:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
    2008-04-11 22:38 . 2005-11-18 17:04 70,896 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
    2008-04-11 22:38 . 2005-11-18 17:04 33,584 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
    2008-04-11 22:33 . 2008-04-11 22:38 <REP> d-------- C:\Program Files\AntivirusFirewall
    2008-04-11 22:33 . 2008-04-11 22:33 118,842 -r------- C:\WINDOWS\bwUnin-6.3.2.123-6588780L.exe
    2008-04-11 22:26 . 2008-04-11 22:40 <REP> d-------- C:\Program Files\DAEMON Tools Lite
    2008-04-11 22:22 . 2008-04-11 22:22 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\DAEMON Tools
    2008-04-11 22:22 . 2008-04-11 22:22 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2008-04-11 22:09 . 2008-04-11 22:09 <REP> d-------- C:\Program Files\NeroInstall.bak
    2008-04-11 22:08 . 2008-04-11 22:08 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\Nero

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-21 12:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-21 12:59 --------- d-----w C:\Program Files\ATI Technologies
    2008-04-21 12:55 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-04-11 20:35 --------- d-----w C:\Program Files\CA
    2008-04-11 20:13 --------- d-----w C:\Program Files\Java
    2008-04-11 18:52 --------- d-----w C:\Program Files\Windows Media Connect 2
    2008-04-11 17:52 --------- d-----w C:\Program Files\Fichiers communs\AOL
    2008-04-11 17:51 --------- d-----w C:\Program Files\Fichiers communs\aolshare
    2008-04-11 17:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
    2008-03-29 06:21 2,873,856 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
    2008-03-29 04:04 299,008 ----a-w C:\WINDOWS\system32\ati2dvag.dll
    2008-03-29 03:56 172,032 ----a-w C:\WINDOWS\system32\atipdlxx.dll
    2008-03-29 03:56 126,976 ----a-w C:\WINDOWS\system32\Oemdspif.dll
    2008-03-29 03:55 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
    2008-03-29 03:55 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
    2008-03-29 03:55 126,976 ----a-w C:\WINDOWS\system32\ati2evxx.dll
    2008-03-29 03:54 536,576 ----a-w C:\WINDOWS\system32\ati2evxx.exe
    2008-03-29 03:52 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
    2008-03-29 03:43 3,176,480 ----a-w C:\WINDOWS\system32\ati3duag.dll
    2008-03-29 03:39 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
    2008-03-29 03:36 1,765,120 ----a-w C:\WINDOWS\system32\ativvaxx.dll
    2008-03-29 03:23 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
    2008-03-29 03:21 393,216 ----a-w C:\WINDOWS\system32\atikvmag.dll
    2008-03-29 03:19 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
    2008-03-29 03:18 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
    2008-03-29 03:12 520,192 ----a-w C:\WINDOWS\system32\ati2cqag.dll
    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-02-28 15:38 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
    2008-02-26 14:14 972,072 ----a-w C:\WINDOWS\UNRecode.exe
    2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
    2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
    2008-02-18 14:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
    2008-01-29 10:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-04-22_22.01.32.75 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-04-22 19:59:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-04-23 13:07:21 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F8D1E047-C311-46FA-A0B6-4382407715ED}]
    C:\WINDOWS\system32\urqqrpPI.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
    "Flag 1"="C:\DOCUME~1\SELUK~1\APPLIC~1\ROADAB~1\dart grey.exe" [2008-04-11 20:34 450560]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360]
    "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-04-20 09:57 847872]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 16:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
    "Cmaudio"="cmicnfg.cpl" []
    "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 12:30 139264]
    "VX3000"="C:\WINDOWS\vVX3000.exe" [2006-04-26 05:09 994080]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 00:14 155648]
    "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 13:19 69632]
    "F-Secure Manager"="C:\Program Files\AntivirusFirewall\Common\FSM32.exe" [2005-10-26 03:51 122929]
    "F-Secure TNB"="C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" [2005-07-18 16:51 700416]
    "F-Secure Startup Wizard"="C:\Program Files\AntivirusFirewall\FSGUI\FSSW.exe" [2005-10-18 10:29 372736]
    "News Service"="C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe" [2005-05-31 14:45 356352]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
    "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-03-22 09:39 167936]
    "DataLayer"="C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe" [2005-03-31 09:30 1106944]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 14:00 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Antivirus Firewall.lnk - C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe [2008-04-11 22:33:33 32807]
    Run Google Web Accelerator.lnk - C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe [2007-07-09 22:24:38 1134592]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqRKbXP]
    ssqRKbXP.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.YV12"= yv12vfw.dll
    "msacm.ac3acm"= ac3acm.acm
    "msacm.lameacm"= lameACM.acm

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3073c4d6]
    C:\WINDOWS\system32\jpdwtphs.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
    --a------ 2008-02-22 17:58 217544 C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM3340f74a]
    C:\WINDOWS\system32\sducpowk.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    --a------ 2008-04-01 11:39 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    --a------ 2008-02-28 17:07 1828136 C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
    --a------ 2006-04-28 02:36 260896 C:\Program Files\Microsoft LifeCam\LifeExp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
    --a------ 2008-02-18 16:29 2221352 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2008-02-28 09:59 570664 C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    --------- 2006-11-03 09:59 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\WINDOWS\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\WINDOWS\\system32\\fxsclnt.exe"=
    "C:\\Program Files\\NetMeeting\\Conf.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
    "C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
    "C:\\Program Files\\Fichiers communs\\Nero\\Nero Web\\SetupX.exe"=
    "C:\\Program Files\\AntivirusFirewall\\backweb\\6588780\\Program\\fspex.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3478:UDP"= 3478:UDP:stun
    "3479:UDP"= 3479:UDP:stun 2
    "6112:UDP"= 6112:UDP:stun 3
    "5730:UDP"= 5730:UDP:game
    "5739:UDP"= 5739:UDP:game 1
    "9001:TCP"= 9001:TCP:game 2
    "11881:TCP"= 11881:TCP:game 3

    R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 17:04]
    R2 BackWeb Plug-in - 6588780;Antivirus Firewall;C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE [2008-04-11 22:37]
    R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 17:14]
    R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSgk.sys [2008-04-11 22:47]
    R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [2004-06-01 11:03]
    R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamSvc.exe" [2006-04-18 05:32]
    R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-12-06 12:16]
    R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2005-05-12 14:39]
    R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-06-13 11:50]
    S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-04-07 20:17]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
    \Shell\AutoRun\command - M:\autorun_PES2008.exe

    *Newly Created Service* - CATCHME
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-04-22 11:03:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-04-23 00:00:09 C:\WINDOWS\Tasks\Scheduled scanning task.job"
    - C:\PROGRA~1\ANTIVI~1\ANTI-V~1\fsav.exeZ /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\ANTIVI~1\ANTI-V~1\report.txt
    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-23 18:10:56
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-04-23 18:11:31
    ComboFix-quarantined-files.txt 2008-04-23 16:11:22
    ComboFix2.txt 2008-04-22 20:01:47

    Pre-Run: 73,026,596,864 octets libres
    Post-Run: 73,012,682,752 octets libres

    297 --- E O F --- 2008-04-13 19:48:04
    a b 8 Sécurité
    23 Avril 2008 18:31:05

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    C:\WINDOWS\system32\cmunpxnq.ini
    C:\WINDOWS\system32\tlwjcafm.ini
    C:\WINDOWS\system32\gjmjgooa.ini
    C:\WINDOWS\system32\lubrtbdj.ini
    C:\WINDOWS\system32\shptwdpj.ini
    C:\WINDOWS\system32\mlkcucwr.ini

    Folder::
    C:\DOCUME~1\SELUK~1\APPLIC~1\ROADAB~1

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F8D1E047-C311-46FA-A0B6-4382407715ED}]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Flag 1"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqRKbXP]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3073c4d6]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM3340f74a]


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    23 Avril 2008 18:47:27

    Le rapport Combofix
    ps: je n'est pas eu à faire 1 puis valide, mais je pense que c'est bon

    ComboFix 08-04-20.5 - Selçuk 2008-04-23 18:40:54.4 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.287 [GMT 2:00]
    Endroit: C:\Documents and Settings\Selçuk\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Selçuk\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    C:\WINDOWS\system32\cmunpxnq.ini
    C:\WINDOWS\system32\gjmjgooa.ini
    C:\WINDOWS\system32\lubrtbdj.ini
    C:\WINDOWS\system32\mlkcucwr.ini
    C:\WINDOWS\system32\shptwdpj.ini
    C:\WINDOWS\system32\tlwjcafm.ini
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\DOCUME~1\SELUK~1\APPLIC~1\ROADAB~1
    C:\DOCUME~1\SELUK~1\APPLIC~1\ROADAB~1\0
    C:\DOCUME~1\SELUK~1\APPLIC~1\ROADAB~1\dart grey.exe
    C:\DOCUME~1\SELUK~1\APPLIC~1\ROADAB~1\Soap Tool 64 Grim.exe
    C:\DOCUME~1\SELUK~1\APPLIC~1\ROADAB~1\uarczsyq.exe
    C:\DOCUME~1\SELUK~1\APPLIC~1\ROADAB~1\wmaaimbold.exe
    C:\WINDOWS\system32\cmunpxnq.ini
    C:\WINDOWS\system32\gjmjgooa.ini
    C:\WINDOWS\system32\lubrtbdj.ini
    C:\WINDOWS\system32\mlkcucwr.ini
    C:\WINDOWS\system32\shptwdpj.ini
    C:\WINDOWS\system32\tlwjcafm.ini

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-03-23 to 2008-04-23 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-23 14:35 . 2008-04-23 14:35 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\Malwarebytes
    2008-04-23 14:32 . 2008-04-23 14:37 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-04-23 14:32 . 2008-04-23 14:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-04-22 22:01 . 2008-04-22 22:01 <REP> d-------- C:\Documents and Settings\Selþuk
    2008-04-22 18:11 . 2008-04-22 18:45 <REP> d-------- C:\Lop SD
    2008-04-22 18:01 . 2008-04-22 18:01 <REP> d-------- C:\Program Files\Trend Micro
    2008-04-22 13:14 . 2008-04-22 13:14 <REP> d-------- C:\Program Files\iTunes
    2008-04-22 13:14 . 2008-04-22 13:14 <REP> d-------- C:\Program Files\iPod
    2008-04-22 13:13 . 2008-04-22 13:13 <REP> d-------- C:\Program Files\Fichiers communs\Apple
    2008-04-22 13:03 . 2008-04-22 13:03 <REP> d-------- C:\Program Files\Apple Software Update
    2008-04-22 13:03 . 2008-04-22 13:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
    2008-04-21 21:52 . 2008-04-21 21:52 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\Nokia Multimedia Player
    2008-04-21 21:52 . 2008-04-23 15:07 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-04-21 21:52 . 2008-04-21 21:52 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-04-21 21:33 . 2008-04-21 21:33 <REP> d-------- C:\Program Files\Fichiers communs\Nokia
    2008-04-21 15:51 . 2008-04-21 15:51 639,414 --a------ C:\WINDOWS\GOM_Wallpaper.bmp
    2008-04-21 15:04 . 2008-04-21 15:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ATI
    2008-04-21 15:03 . 2008-04-21 15:03 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\DivX
    2008-04-21 15:03 . 2008-04-21 15:03 0 --a------ C:\WINDOWS\ativpsrm.bin
    2008-04-21 14:55 . 2008-03-28 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
    2008-04-21 14:54 . 2008-04-21 14:54 <REP> d-------- C:\ATI
    2008-04-21 00:58 . 2008-04-21 00:58 <REP> d-------- C:\Program Files\Tracker Checker 2
    2008-04-21 00:58 . 2008-04-21 00:58 <REP> d-------- C:\Program Files\Torrents Open Registrations Checker
    2008-04-19 02:49 . 2008-04-19 02:49 <REP> d-------- C:\Program Files\Fichiers communs\DVDVideoSoft
    2008-04-19 02:48 . 2008-04-19 02:48 <REP> d-------- C:\Program Files\DVDVideoSoft
    2008-04-18 22:53 . 2008-04-18 22:53 <REP> d-------- C:\Program Files\Google
    2008-04-18 22:16 . 2006-09-24 17:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm
    2008-04-18 22:16 . 2007-09-04 18:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
    2008-04-18 22:16 . 2007-09-21 02:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
    2008-04-18 22:16 . 2007-10-03 17:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml
    2008-04-18 22:15 . 2008-04-18 22:15 <REP> d-------- C:\Program Files\K-Lite Codec Pack
    2008-04-18 22:15 . 2008-03-21 22:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
    2008-04-18 22:15 . 2008-01-10 14:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll
    2008-04-18 22:15 . 2008-03-31 23:25 682,496 --a------ C:\WINDOWS\system32\divx.dll
    2008-04-18 22:15 . 2004-01-25 18:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
    2008-04-18 22:15 . 2008-01-10 14:16 159,839 --a------ C:\WINDOWS\system32\xvidvfw.dll
    2008-04-18 22:15 . 2008-03-21 22:28 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
    2008-04-18 22:15 . 2008-03-28 19:41 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
    2008-04-18 22:15 . 2007-07-10 18:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
    2008-04-18 20:51 . 2008-04-18 20:51 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-04-18 19:56 . 2008-04-18 19:56 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\Datalayer
    2008-04-18 15:18 . 2008-04-18 19:56 <REP> d-------- C:\Documents and Settings\Selçuk\Phone Browser
    2008-04-18 15:18 . 2008-04-18 19:56 <REP> d-------- C:\Documents and Settings\Selçuk\Phone Browser
    2008-04-18 15:18 . 2008-04-18 15:18 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\PC Suite
    2008-04-18 15:17 . 2008-04-21 21:33 <REP> d-------- C:\Program Files\Fichiers communs\PCSuite
    2008-04-18 15:16 . 2008-04-21 21:34 <REP> d-------- C:\Program Files\Nokia
    2008-04-17 23:52 . 2008-04-17 23:52 <REP> d-------- C:\Program Files\Lavasoft
    2008-04-17 23:52 . 2008-04-17 23:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-04-17 23:48 . 2008-04-22 14:59 789 --a------ C:\WINDOWS\wininit.ini
    2008-04-17 23:29 . 2008-04-22 21:53 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-04-17 23:29 . 2008-04-22 21:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-04-17 13:17 . 2008-04-18 22:06 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
    2008-04-17 12:39 . 2008-04-17 14:09 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\AdobeUM
    2008-04-17 04:43 . 2008-04-22 21:15 109,111 --a------ C:\WINDOWS\BM3340f74a.xml
    2008-04-16 19:27 . 2008-04-16 19:30 <REP> d-------- C:\TELL ME MORE NV DEMO
    2008-04-16 19:21 . 1998-08-27 06:51 182,032 --a------ C:\WINDOWS\system32\dxtmsft3.dll
    2008-04-16 19:21 . 1998-08-20 13:02 140,800 --a------ C:\WINDOWS\system32\tm20dec.ax
    2008-04-16 19:21 . 1998-09-02 10:28 63,488 --a------ C:\WINDOWS\system32\unam4ie.exe
    2008-04-16 19:21 . 1998-09-02 10:28 38,160 --a------ C:\WINDOWS\system32\LMRTREND.dll
    2008-04-16 19:20 . 1998-09-02 10:02 194,320 --a------ C:\WINDOWS\system32\qcut.dll
    2008-04-16 19:20 . 1998-08-17 11:21 11,776 --a------ C:\WINDOWS\system32\mciqtz.drv
    2008-04-16 19:20 . 1998-08-17 11:21 10,240 --a------ C:\WINDOWS\system32\vidx16.dll
    2008-04-16 19:20 . 1998-08-17 11:21 5,672 --a------ C:\WINDOWS\system32\quartz.vxd
    2008-04-16 19:20 . 2008-04-16 19:20 4,608 --a------ C:\WINDOWS\system32\w95inf32.dll
    2008-04-16 19:20 . 2008-04-16 19:20 2,272 --a------ C:\WINDOWS\system32\w95inf16.dll
    2008-04-16 16:23 . 2008-04-16 16:23 <REP> d-------- C:\Program Files\Amadis Software
    2008-04-16 16:23 . 2006-11-07 11:22 719,872 --a------ C:\WINDOWS\system32\devil.dll
    2008-04-16 16:23 . 2007-05-17 23:30 318,976 --a------ C:\WINDOWS\system32\avisynth.dll
    2008-04-16 15:03 . 2008-04-22 13:14 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\Apple Computer
    2008-04-16 03:28 . 2008-04-16 03:28 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\X10 Commander
    2008-04-15 21:53 . 2008-04-15 21:53 <REP> d-------- C:\Program Files\KONAMI
    2008-04-14 21:01 . 2008-04-14 21:01 <REP> dr-h----- C:\Documents and Settings\Selçuk\Application Data\SecuROM
    2008-04-14 21:01 . 2008-04-14 21:01 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
    2008-04-14 17:24 . 2008-04-14 17:24 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\Media Player Classic
    2008-04-14 15:18 . 2008-04-14 15:18 <REP> d-------- C:\Program Files\QuickTime
    2008-04-14 15:18 . 2008-04-22 13:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-04-13 23:50 . 2008-04-17 17:20 <REP> d-------- C:\Program Files\Zards software
    2008-04-13 22:12 . 2008-04-13 22:12 <REP> d-------- C:\Program Files\Alcohol Soft
    2008-04-13 03:01 . 2008-04-13 03:01 <REP> d-------- C:\Program Files\MSXML 4.0
    2008-04-13 03:01 . 2008-04-13 03:01 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-04-12 15:55 . 2008-04-12 15:55 <REP> d-------- C:\Program Files\TeamViewer3
    2008-04-12 15:55 . 2008-04-12 16:04 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\TeamViewer
    2008-04-12 15:54 . 2008-04-12 15:54 <REP> d-------- C:\Documents and Settings\Selçuk\temp
    2008-04-12 15:54 . 2008-04-12 15:54 <REP> d-------- C:\Documents and Settings\Selçuk\temp
    2008-04-12 13:23 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
    2008-04-12 13:23 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
    2008-04-12 11:19 . 2008-04-12 11:21 <REP> d-------- C:\Program Files\MuralPix
    2008-04-12 11:19 . 2008-04-12 11:21 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\MuralPix
    2008-04-12 11:19 . 2008-04-12 11:19 160 --a------ C:\WINDOWS\LearsyShare.dat
    2008-04-12 11:03 . 2008-04-12 11:03 <REP> d-------- C:\Program Files\Auslogics
    2008-04-12 11:03 . 2008-04-12 11:03 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\Auslogics
    2008-04-12 10:53 . 2008-04-12 10:53 <REP> d-------- C:\Program Files\inKline Global
    2008-04-12 10:04 . 2008-03-01 14:58 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
    2008-04-12 10:04 . 2007-07-01 05:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
    2008-04-12 10:04 . 2007-07-01 05:36 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
    2008-04-12 10:04 . 2008-03-01 14:58 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
    2008-04-12 10:04 . 2008-03-01 14:58 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2008-04-12 10:04 . 2008-03-01 14:58 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
    2008-04-12 10:04 . 2008-03-01 14:58 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
    2008-04-12 10:04 . 2008-03-01 14:58 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2008-04-12 10:04 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-04-12 10:03 . 2008-04-12 10:04 <REP> d-------- C:\WINDOWS\system32\fr-fr
    2008-04-12 00:06 . 2008-04-12 00:06 <REP> d-------- C:\WINDOWS\Sun
    2008-04-12 00:06 . 2008-04-12 00:06 <REP> d-------- C:\Program Files\SystemRequirementsLab
    2008-04-12 00:06 . 2008-04-12 00:06 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\SystemRequirementsLab
    2008-04-11 23:37 . 2008-04-11 23:37 <REP> d-------- C:\Program Files\Microsoft Plus! Digital Media Edition
    2008-04-11 23:00 . 2008-04-21 22:43 69 --a------ C:\WINDOWS\NeroDigital.ini
    2008-04-11 22:42 . 2008-04-11 22:44 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\F-Secure
    2008-04-11 22:41 . 2008-04-11 22:41 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\ispnews
    2008-04-11 22:38 . 2008-04-11 22:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
    2008-04-11 22:38 . 2005-11-18 17:04 70,896 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
    2008-04-11 22:38 . 2005-11-18 17:04 33,584 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
    2008-04-11 22:33 . 2008-04-11 22:38 <REP> d-------- C:\Program Files\AntivirusFirewall
    2008-04-11 22:33 . 2008-04-11 22:33 118,842 -r------- C:\WINDOWS\bwUnin-6.3.2.123-6588780L.exe
    2008-04-11 22:26 . 2008-04-11 22:40 <REP> d-------- C:\Program Files\DAEMON Tools Lite
    2008-04-11 22:22 . 2008-04-11 22:22 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\DAEMON Tools
    2008-04-11 22:22 . 2008-04-11 22:22 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2008-04-11 22:09 . 2008-04-11 22:09 <REP> d-------- C:\Program Files\NeroInstall.bak
    2008-04-11 22:08 . 2008-04-11 22:08 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\Nero
    2008-04-11 22:06 . 2008-04-11 22:06 <REP> d-------- C:\Program Files\Nero
    2008-04-11 22:06 . 2008-04-11 22:07 <REP> d-------- C:\Program Files\Fichiers communs\Nero
    2008-04-11 22:06 . 2008-04-11 22:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
    2008-04-11 21:57 . 2008-04-11 21:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2008-04-11 21:41 . 2008-04-18 20:58 1,350 --a------ C:\WINDOWS\mozver.dat
    2008-04-11 21:33 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-21 12:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-21 12:59 --------- d-----w C:\Program Files\ATI Technologies
    2008-04-21 12:55 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-04-11 20:35 --------- d-----w C:\Program Files\CA
    2008-04-11 20:13 --------- d-----w C:\Program Files\Java
    2008-04-11 18:52 --------- d-----w C:\Program Files\Windows Media Connect 2
    2008-04-11 17:52 --------- d-----w C:\Program Files\Fichiers communs\AOL
    2008-04-11 17:51 --------- d-----w C:\Program Files\Fichiers communs\aolshare
    2008-04-11 17:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
    2008-03-29 06:21 2,873,856 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
    2008-03-29 04:04 299,008 ----a-w C:\WINDOWS\system32\ati2dvag.dll
    2008-03-29 03:56 172,032 ----a-w C:\WINDOWS\system32\atipdlxx.dll
    2008-03-29 03:56 126,976 ----a-w C:\WINDOWS\system32\Oemdspif.dll
    2008-03-29 03:55 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
    2008-03-29 03:55 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
    2008-03-29 03:55 126,976 ----a-w C:\WINDOWS\system32\ati2evxx.dll
    2008-03-29 03:54 536,576 ----a-w C:\WINDOWS\system32\ati2evxx.exe
    2008-03-29 03:52 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
    2008-03-29 03:43 3,176,480 ----a-w C:\WINDOWS\system32\ati3duag.dll
    2008-03-29 03:39 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
    2008-03-29 03:36 1,765,120 ----a-w C:\WINDOWS\system32\ativvaxx.dll
    2008-03-29 03:23 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
    2008-03-29 03:21 393,216 ----a-w C:\WINDOWS\system32\atikvmag.dll
    2008-03-29 03:19 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
    2008-03-29 03:18 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
    2008-03-29 03:12 520,192 ----a-w C:\WINDOWS\system32\ati2cqag.dll
    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-02-28 15:38 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
    2008-02-26 14:14 972,072 ----a-w C:\WINDOWS\UNRecode.exe
    2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
    2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
    2008-02-18 14:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
    2008-01-29 10:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-04-22_22.01.32.75 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-04-22 19:59:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-04-23 13:07:21 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360]
    "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-04-20 09:57 847872]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 16:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
    "Cmaudio"="cmicnfg.cpl" []
    "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 12:30 139264]
    "VX3000"="C:\WINDOWS\vVX3000.exe" [2006-04-26 05:09 994080]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 00:14 155648]
    "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 13:19 69632]
    "F-Secure Manager"="C:\Program Files\AntivirusFirewall\Common\FSM32.exe" [2005-10-26 03:51 122929]
    "F-Secure TNB"="C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" [2005-07-18 16:51 700416]
    "F-Secure Startup Wizard"="C:\Program Files\AntivirusFirewall\FSGUI\FSSW.exe" [2005-10-18 10:29 372736]
    "News Service"="C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe" [2005-05-31 14:45 356352]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
    "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-03-22 09:39 167936]
    "DataLayer"="C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe" [2005-03-31 09:30 1106944]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 14:00 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Antivirus Firewall.lnk - C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe [2008-04-11 22:33:33 32807]
    Run Google Web Accelerator.lnk - C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe [2007-07-09 22:24:38 1134592]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.YV12"= yv12vfw.dll
    "msacm.ac3acm"= ac3acm.acm
    "msacm.lameacm"= lameACM.acm

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
    --a------ 2008-02-22 17:58 217544 C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    --a------ 2008-04-01 11:39 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    --a------ 2008-02-28 17:07 1828136 C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
    --a------ 2006-04-28 02:36 260896 C:\Program Files\Microsoft LifeCam\LifeExp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
    --a------ 2008-02-18 16:29 2221352 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2008-02-28 09:59 570664 C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    --------- 2006-11-03 09:59 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\WINDOWS\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\WINDOWS\\system32\\fxsclnt.exe"=
    "C:\\Program Files\\NetMeeting\\Conf.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
    "C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
    "C:\\Program Files\\Fichiers communs\\Nero\\Nero Web\\SetupX.exe"=
    "C:\\Program Files\\AntivirusFirewall\\backweb\\6588780\\Program\\fspex.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3478:UDP"= 3478:UDP:stun
    "3479:UDP"= 3479:UDP:stun 2
    "6112:UDP"= 6112:UDP:stun 3
    "5730:UDP"= 5730:UDP:game
    "5739:UDP"= 5739:UDP:game 1
    "9001:TCP"= 9001:TCP:game 2
    "11881:TCP"= 11881:TCP:game 3

    R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 17:04]
    R2 BackWeb Plug-in - 6588780;Antivirus Firewall;C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE [2008-04-11 22:37]
    R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 17:14]
    R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSgk.sys [2008-04-11 22:47]
    R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [2004-06-01 11:03]
    R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamSvc.exe" [2006-04-18 05:32]
    R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-12-06 12:16]
    R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2005-05-12 14:39]
    R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-06-13 11:50]
    S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-04-07 20:17]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
    \Shell\AutoRun\command - M:\autorun_PES2008.exe

    *Newly Created Service* - CATCHME
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-04-22 11:03:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-04-23 00:00:09 C:\WINDOWS\Tasks\Scheduled scanning task.job"
    - C:\PROGRA~1\ANTIVI~1\ANTI-V~1\fsav.exeZ /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\ANTIVI~1\ANTI-V~1\report.txt
    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-23 18:41:42
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-04-23 18:42:08
    ComboFix-quarantined-files.txt 2008-04-23 16:42:03
    ComboFix2.txt 2008-04-23 16:11:31
    ComboFix3.txt 2008-04-22 20:01:47

    Pre-Run: 72,978,587,648 octets libres
    Post-Run: 72,958,029,824 octets libres

    313 --- E O F --- 2008-04-13 19:48:04




    Le rapport Hijachthis


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:46:34, on 23/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\vVX3000.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
    C:\Program Files\AntivirusFirewall\Common\FSM32.EXE
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
    C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
    C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
    C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
    C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
    C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\Program Files\AntivirusFirewall\Common\FCH32.EXE
    C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
    C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
    C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
    C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
    C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
    C:\PROGRA~1\ANTIVI~1\ANTI-S~1\fsaw.exe
    C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.carrefour.fr/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
    O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Startup Defender.lnk = C:\Program Files\Zards software\Startup Defender\Startup Defender.exe
    O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
    O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
    O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm
    O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.carrefour.fr/
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
    O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

    --
    End of file - 11928 bytes
    a b 8 Sécurité
    23 Avril 2008 18:50:32

    C'est mieux ?
    23 Avril 2008 18:59:05

    Oui oui, on voit la différence entre avant et aprés.
    Un grand merci à toi Angeldark, j'aurai jamais réussi sans ton aide.
    Je vais refaire une analyse complète du pc et je te tient au courant, mais il ne doit plus rien resté. Je recevais plein de pub CID mais là plus rien.
    Merci encore une fois et bravo.
    a b 8 Sécurité
    23 Avril 2008 19:10:35

    Ok ;) 

  • Télécharge ToolsCleaner sur ton Bureau.
  • Clique sur Recherche et laisse le scan se terminer.
  • Clique sur Suppression pour finaliser.
  • Clique sur Quitter, pour que le rapport puisse se créer.
  • Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\)

    Désactive puis réactive la restauration du système : Voir aide

    Ajoute maintenant [Résolu] au titre. Pour cela :
    * Clique, dans ton premier message, sur le bouton "Editer"
    * Rajoute la mention [Résolu] au titre
    * Clique ensuite sur "Valider votre message"

    Lis le dossier dossier sur la prévention et la protection pour ne plus avoir ce genre de problème en cliquant sur l'image ci-dessous :


    24 Avril 2008 06:07:40

    Le rapport ToolsCleaner :


    -->- Recherche:

    C:\Combofix: trouvé !
    C:\Lop SD: trouvé !
    C:\Qoobox: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
    C:\Documents and Settings\Selçuk\Bureau\HijackThis.lnk: trouvé !
    C:\Documents and Settings\Selçuk\Bureau\Lop S&D.lnk: trouvé !
    C:\Documents and Settings\Selçuk\Bureau\LopSD.exe: trouvé !
    C:\Documents and Settings\Selçuk\Bureau\ComboFix.exe: trouvé !
    C:\Documents and Settings\Selçuk\Bureau\HJTInstall.exe: trouvé !
    C:\Documents and Settings\Selçuk\Menu Démarrer\Programmes\Lop S&D: trouvé !
    C:\Lop SD\Lop S&D.lnk: trouvé !
    C:\Program Files\Trend Micro\HijackThis: trouvé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !

    ---------------------------------
    -->- Suppression:

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
    C:\Documents and Settings\Selçuk\Bureau\HijackThis.lnk: supprimé !
    C:\Documents and Settings\Selçuk\Bureau\Lop S&D.lnk: supprimé !
    C:\Documents and Settings\Selçuk\Bureau\LopSD.exe: supprimé !
    C:\Documents and Settings\Selçuk\Bureau\ComboFix.exe: supprimé !
    C:\Documents and Settings\Selçuk\Bureau\HJTInstall.exe: supprimé !
    C:\Lop SD\Lop S&D.lnk: supprimé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
    C:\Combofix: supprimé !
    C:\Lop SD: supprimé !
    C:\Qoobox: supprimé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
    C:\Documents and Settings\Selçuk\Menu Démarrer\Programmes\Lop S&D: supprimé !
    C:\Program Files\Trend Micro\HijackThis: supprimé !




    Merci à Toi Angeldark!!
    a b 8 Sécurité
    24 Avril 2008 11:55:43

    Bon surf ;) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS