Votre question

[Résolu] Ultimate cleaner et defender

Tags :
  • Ultimate
  • Sécurité
Dernière réponse : dans Sécurité et virus
23 Décembre 2007 21:07:14

Salut, j'ai un virus ou je ne sait comment le nommer sur mon ordi. Il s'appelle Ultimate cleaner et defender sa dépend de la page qu'il affiche. Pour ce qui ne le connaisse pas il affiche sans cesse des fenetres de soi disant probleme sur mon ordi alors que le seul probleme qu'il y a c'est lui. Evidemment aucune trace de lui et je n'arrive point a l'enlever.

Si quelqu'un avait une solution merci d'avance.

Autres pages sur : resolu ultimate cleaner defender

23 Décembre 2007 21:49:18

Voila le rapport: (merci de l'aide en tout cas)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:50:31, on 23/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Avast\aswUpdSv.exe
D:\Program Files\Avast\ashServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
D:\PROGRA~1\Avast\ashDisp.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\QuickTime\QTTask.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\yhlmwxce.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
D:\Program Files\Avast\ashMaiSv.exe
D:\Program Files\Avast\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Counter\Steam.exe
D:\Program Files\Mozilla\firefox.exe
C:\Documents and Settings\Damien\Application Data\SopCast\adv\SopAdver.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\APPS\ODP\OD2State.exe
D:\Program Files\WinRar\WinRAR.exe
C:\DOCUME~1\Damien\LOCALS~1\Temp\Rar$EX00.938\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [gpijwfuv] rundll32.exe "C:\Program Files\gpijwfuv\ivmzupyv.dll",Init
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\dm\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [20bfbf54] rundll32.exe "C:\WINDOWS\system32\lmradmrq.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [1voIp469zJ] rundll32.exe "C:\WINDOWS\system32\ndaTqsVqrX.dll",DllCleanServer
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Sitecom WLAN Client Utility.lnk = D:\Program Files\Wifi\WLANUTL.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Avast\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Avast\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\yhlmwxce.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 7788 bytes
Contenus similaires
a b 8 Sécurité
24 Décembre 2007 12:03:42

Re,

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
  • Double-clique VundoFix.exe afin de le lancer
  • Clique sur le bouton Scan for Vundo
  • Lorsque le scan est complété, clique sur le bouton Remove Vundo
  • Une invite te demandera si tu veux supprimer les fichiers, clique YES
  • Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
  • Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
  • Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse
    Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
    Anonyme
    24 Décembre 2007 12:16:06

    psodam a dit :
    Salut, j'ai un virus ou je ne sait comment le nommer sur mon ordi. Il s'appelle Ultimate cleaner et defender sa dépend de la page qu'il affiche. Pour ce qui ne le connaisse pas il affiche sans cesse des fenetres de soi disant probleme sur mon ordi alors que le seul probleme qu'il y a c'est lui. Evidemment aucune trace de lui et je n'arrive point a l'enlever.

    Si quelqu'un avait une solution merci d'avance.


    avec ce genre de virus une bonne vieille restauration à une date anterieure à l infection et c est reparti comme en 40 !!
    a b 8 Sécurité
    24 Décembre 2007 12:18:43

    Ou pas :o 
    24 Décembre 2007 13:30:36

    Voila sa c'est le rapport de vundofix:

    VundoFix V6.7.7

    Checking Java version...

    Java version is 1.5.0.2
    Old versions of java are exploitable and should be removed.

    Scan started at 12:57:39 24/12/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\agilurtd.dll
    C:\WINDOWS\system32\csyttcfl.dll
    C:\WINDOWS\system32\dkhgavly.exe
    C:\WINDOWS\system32\eavhlijh.exe
    C:\WINDOWS\system32\ecdmoqne.dll
    C:\WINDOWS\system32\efcawxw.dll
    C:\WINDOWS\system32\enlvghbk.exe
    C:\WINDOWS\system32\eqtvqaig.exe
    C:\WINDOWS\system32\fdpgreqw.exe
    C:\WINDOWS\system32\iifyyfma.dll
    C:\WINDOWS\system32\ijkkj.ini
    C:\WINDOWS\system32\ijkkj.ini2
    C:\WINDOWS\system32\jicsslup.exe
    C:\WINDOWS\system32\jkkji.dll
    C:\WINDOWS\system32\jsgmnqpt.dll
    C:\WINDOWS\system32\khfcyxv.dll
    C:\WINDOWS\system32\kmgqxqnr.dll
    C:\WINDOWS\system32\ksrmmgxk.dll
    C:\WINDOWS\system32\lhubuffh.dll
    C:\WINDOWS\system32\lmradmrq.dll
    C:\WINDOWS\system32\niehdyjp.exe
    C:\WINDOWS\system32\ocxjsbkf.dll
    C:\WINDOWS\system32\pjdrcsda.dll
    C:\WINDOWS\system32\ripojtvn.exe
    C:\WINDOWS\system32\rslcfuit.dll
    C:\WINDOWS\system32\tgflnola.dll
    C:\WINDOWS\system32\ufdvrtwu.exe
    C:\WINDOWS\system32\uhcssvuj.dll
    C:\WINDOWS\system32\uvmwjupl.dll
    C:\WINDOWS\system32\vsolxwis.dll
    C:\WINDOWS\system32\wpiyqolq.exe
    C:\WINDOWS\system32\wqerptum.dll
    C:\WINDOWS\system32\wvutrss.dll
    C:\WINDOWS\system32\xqplvrng.dll
    C:\WINDOWS\system32\xvrdssdu.exe
    C:\WINDOWS\system32\ydluxaol.exe
    C:\WINDOWS\system32\yhlmwxce.exe
    C:\WINDOWS\system32\yitqgbxw.exe

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\agilurtd.dll
    C:\WINDOWS\system32\agilurtd.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\csyttcfl.dll
    C:\WINDOWS\system32\csyttcfl.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\dkhgavly.exe
    C:\WINDOWS\system32\dkhgavly.exe Has been deleted!

    Attempting to delete C:\WINDOWS\system32\eavhlijh.exe
    C:\WINDOWS\system32\eavhlijh.exe Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ecdmoqne.dll
    C:\WINDOWS\system32\ecdmoqne.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\efcawxw.dll
    C:\WINDOWS\system32\efcawxw.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\enlvghbk.exe
    C:\WINDOWS\system32\enlvghbk.exe Has been deleted!

    Attempting to delete C:\WINDOWS\system32\eqtvqaig.exe
    C:\WINDOWS\system32\eqtvqaig.exe Has been deleted!

    Attempting to delete C:\WINDOWS\system32\fdpgreqw.exe
    C:\WINDOWS\system32\fdpgreqw.exe Has been deleted!

    Attempting to delete C:\WINDOWS\system32\iifyyfma.dll
    C:\WINDOWS\system32\iifyyfma.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ijkkj.ini
    C:\WINDOWS\system32\ijkkj.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ijkkj.ini2
    C:\WINDOWS\system32\ijkkj.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jicsslup.exe
    C:\WINDOWS\system32\jicsslup.exe Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jkkji.dll
    C:\WINDOWS\system32\jkkji.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jsgmnqpt.dll
    C:\WINDOWS\system32\jsgmnqpt.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\khfcyxv.dll
    C:\WINDOWS\system32\khfcyxv.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\kmgqxqnr.dll
    C:\WINDOWS\system32\kmgqxqnr.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ksrmmgxk.dll
    C:\WINDOWS\system32\ksrmmgxk.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\lhubuffh.dll
    C:\WINDOWS\system32\lhubuffh.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\lmradmrq.dll
    C:\WINDOWS\system32\lmradmrq.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\niehdyjp.exe
    C:\WINDOWS\system32\niehdyjp.exe Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ocxjsbkf.dll
    C:\WINDOWS\system32\ocxjsbkf.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pjdrcsda.dll
    C:\WINDOWS\system32\pjdrcsda.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ripojtvn.exe
    C:\WINDOWS\system32\ripojtvn.exe Has been deleted!

    Attempting to delete C:\WINDOWS\system32\rslcfuit.dll
    C:\WINDOWS\system32\rslcfuit.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\tgflnola.dll
    C:\WINDOWS\system32\tgflnola.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ufdvrtwu.exe
    C:\WINDOWS\system32\ufdvrtwu.exe Has been deleted!

    Attempting to delete C:\WINDOWS\system32\uhcssvuj.dll
    C:\WINDOWS\system32\uhcssvuj.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\uvmwjupl.dll
    C:\WINDOWS\system32\uvmwjupl.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vsolxwis.dll
    C:\WINDOWS\system32\vsolxwis.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\wpiyqolq.exe
    C:\WINDOWS\system32\wpiyqolq.exe Has been deleted!

    Attempting to delete C:\WINDOWS\system32\wqerptum.dll
    C:\WINDOWS\system32\wqerptum.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\wvutrss.dll
    C:\WINDOWS\system32\wvutrss.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\xqplvrng.dll
    C:\WINDOWS\system32\xqplvrng.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\xvrdssdu.exe
    C:\WINDOWS\system32\xvrdssdu.exe Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ydluxaol.exe
    C:\WINDOWS\system32\ydluxaol.exe Has been deleted!

    Attempting to delete C:\WINDOWS\system32\yhlmwxce.exe
    C:\WINDOWS\system32\yhlmwxce.exe Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\yitqgbxw.exe
    C:\WINDOWS\system32\yitqgbxw.exe Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\wvutrss.dll
    C:\WINDOWS\system32\wvutrss.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\yhlmwxce.exe
    C:\WINDOWS\system32\yhlmwxce.exe Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Beginning removal...
    a b 8 Sécurité
    24 Décembre 2007 13:32:38

    On continue :

    Désactive tes protections résidentes (antivirus...) ![/#f]

  • Télécharge [#ff0000]combofix.exe
  • (par sUBs) sur ton Bureau.
  • Double clique combofix.exe.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt
    24 Décembre 2007 13:34:16

    Et s'en suit celui de HiJackThis: (merci beaucoup de ton aide AngelDark)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:33:53, on 24/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    D:\Program Files\Avast\aswUpdSv.exe
    C:\WINDOWS\Explorer.EXE
    D:\Program Files\Avast\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\WINDOWS\system32\yhlmwxce.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    c:\APPS\HIDSERVICE\HIDSERVICE.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    D:\Program Files\Avast\ashMaiSv.exe
    D:\Program Files\Avast\ashWebSv.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
    C:\Apps\Powercinema\PCMService.exe
    C:\apps\ABoard\ABoard.exe
    D:\PROGRA~1\Avast\ashDisp.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\apps\ABoard\AOSD.exe
    D:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    D:\Program Files\Mozilla\firefox.exe
    D:\Program Files\WinRar\WinRAR.exe
    C:\DOCUME~1\Damien\LOCALS~1\Temp\Rar$EX00.625\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1A0C18BA-DD63-4347-A683-E1DA1AA72DBB} - C:\WINDOWS\system32\jkkji.dll (file missing)
    O2 - BHO: (no name) - {6D1830D6-4F84-46BF-A592-1DFA80144DF6} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: {5fb93449-cf16-e939-1de4-b75717fcbe9f} - {f9ebcf71-757b-4ed1-939e-61fc94439bf5} - C:\WINDOWS\system32\wqerptum.dll (file missing)
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
    O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
    O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
    O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\Avast\ashDisp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [gpijwfuv] rundll32.exe "C:\Program Files\gpijwfuv\ivmzupyv.dll",Init
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\dm\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [20bfbf54] rundll32.exe "C:\WINDOWS\system32\lmradmrq.dll",b
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKLM\..\Policies\Explorer\Run: [1voIp469zJ] rundll32.exe "C:\WINDOWS\system32\ndaTqsVqrX.dll",DllCleanServer
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Sitecom WLAN Client Utility.lnk = D:\Program Files\Wifi\WLANUTL.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O20 - Winlogon Notify: wintfj32 - wintfj32.dll (file missing)
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Avast\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Avast\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Avast\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Avast\ashWebSv.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: DomainService - - C:\WINDOWS\system32\yhlmwxce.exe
    O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

    --
    End of file - 8309 bytes
    24 Décembre 2007 13:35:06

    Et s'en suit celui de HiJackThis: (merci beaucoup de ton aide AngelDark)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:33:53, on 24/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    D:\Program Files\Avast\aswUpdSv.exe
    C:\WINDOWS\Explorer.EXE
    D:\Program Files\Avast\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\WINDOWS\system32\yhlmwxce.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    c:\APPS\HIDSERVICE\HIDSERVICE.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    D:\Program Files\Avast\ashMaiSv.exe
    D:\Program Files\Avast\ashWebSv.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
    C:\Apps\Powercinema\PCMService.exe
    C:\apps\ABoard\ABoard.exe
    D:\PROGRA~1\Avast\ashDisp.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\apps\ABoard\AOSD.exe
    D:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    D:\Program Files\Mozilla\firefox.exe
    D:\Program Files\WinRar\WinRAR.exe
    C:\DOCUME~1\Damien\LOCALS~1\Temp\Rar$EX00.625\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1A0C18BA-DD63-4347-A683-E1DA1AA72DBB} - C:\WINDOWS\system32\jkkji.dll (file missing)
    O2 - BHO: (no name) - {6D1830D6-4F84-46BF-A592-1DFA80144DF6} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: {5fb93449-cf16-e939-1de4-b75717fcbe9f} - {f9ebcf71-757b-4ed1-939e-61fc94439bf5} - C:\WINDOWS\system32\wqerptum.dll (file missing)
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
    O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
    O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
    O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\Avast\ashDisp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [gpijwfuv] rundll32.exe "C:\Program Files\gpijwfuv\ivmzupyv.dll",Init
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\dm\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [20bfbf54] rundll32.exe "C:\WINDOWS\system32\lmradmrq.dll",b
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKLM\..\Policies\Explorer\Run: [1voIp469zJ] rundll32.exe "C:\WINDOWS\system32\ndaTqsVqrX.dll",DllCleanServer
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Sitecom WLAN Client Utility.lnk = D:\Program Files\Wifi\WLANUTL.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O20 - Winlogon Notify: wintfj32 - wintfj32.dll (file missing)
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Avast\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Avast\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Avast\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Avast\ashWebSv.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: DomainService - - C:\WINDOWS\system32\yhlmwxce.exe
    O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

    --
    End of file - 8309 bytes
    a b 8 Sécurité
    24 Décembre 2007 13:37:31

    Tu as vu mon message ?
    24 Décembre 2007 13:43:38

    Oui j'ai vu, voila le rapport combofix:

    ComboFix 07-12-21.4 - Damien 2007-12-24 13:39:16.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.589 [GMT 1:00]
    Running from: D:\Mes Documents\Firefox dL\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\gpijwfuv
    C:\Program Files\gpijwfuv\ivmzupyv.dll
    C:\Program Files\SecCenter
    C:\Program Files\SecCenter\scprot4.exe
    C:\Program Files\SecCenter\scprot4.exe.bak
    C:\WINDOWS\PerfInfo
    C:\WINDOWS\PerfInfo\1voIp469zJuc.exe
    C:\WINDOWS\PerfInfo\1voIp469zJud.exe
    C:\WINDOWS\system32\gjisfclw
    C:\WINDOWS\system32\gjisfclw\bg1.gif
    C:\WINDOWS\system32\gjisfclw\bgtop.gif
    C:\WINDOWS\system32\gjisfclw\bottom1.gif
    C:\WINDOWS\system32\gjisfclw\essentials.gif
    C:\WINDOWS\system32\gjisfclw\gjisfclw1.exe
    C:\WINDOWS\system32\gjisfclw\gjisfclw2.exe
    C:\WINDOWS\system32\gjisfclw\gjisfclw3.exe
    C:\WINDOWS\system32\gjisfclw\icon1.ico
    C:\WINDOWS\system32\gjisfclw\install1.gif
    C:\WINDOWS\system32\gjisfclw\left1.gif
    C:\WINDOWS\system32\gjisfclw\li.gif
    C:\WINDOWS\system32\gjisfclw\logo.gif
    C:\WINDOWS\system32\gjisfclw\main.htm
    C:\WINDOWS\system32\gjisfclw\mainframe.htm
    C:\WINDOWS\system32\gjisfclw\reinstall1.gif
    C:\WINDOWS\system32\gjisfclw\right1.gif
    C:\WINDOWS\system32\gjisfclw\s1.htm
    C:\WINDOWS\system32\gjisfclw\s2.htm
    C:\WINDOWS\system32\gjisfclw\s3.htm
    C:\WINDOWS\system32\gjisfclw\SMTop1.gif
    C:\WINDOWS\system32\gjisfclw\SMTop2.gif
    C:\WINDOWS\system32\gjisfclw\SMTop3.gif
    C:\WINDOWS\system32\gjisfclw\SMTop4.gif
    C:\WINDOWS\system32\gjisfclw\soft1_off.gif
    C:\WINDOWS\system32\gjisfclw\soft1_off_ext.gif
    C:\WINDOWS\system32\gjisfclw\soft1_on.gif
    C:\WINDOWS\system32\gjisfclw\soft1_on_ext.gif
    C:\WINDOWS\system32\gjisfclw\soft2_off.gif
    C:\WINDOWS\system32\gjisfclw\soft2_off_ext.gif
    C:\WINDOWS\system32\gjisfclw\soft2_on.gif
    C:\WINDOWS\system32\gjisfclw\soft2_on_ext.gif
    C:\WINDOWS\system32\gjisfclw\soft3_off.gif
    C:\WINDOWS\system32\gjisfclw\soft3_off_ext.gif
    C:\WINDOWS\system32\gjisfclw\soft3_on.gif
    C:\WINDOWS\system32\gjisfclw\soft3_on_ext.gif
    C:\WINDOWS\system32\gjisfclw\softbottom_off.gif
    C:\WINDOWS\system32\gjisfclw\softbottom_on.gif
    C:\WINDOWS\system32\gjisfclw\softleft_off.gif
    C:\WINDOWS\system32\gjisfclw\softleft_on.gif
    C:\WINDOWS\system32\gjisfclw\top1.gif
    C:\WINDOWS\system32\gjisfclw\top2.gif
    C:\WINDOWS\system32\gjisfclw\turnoff1.gif
    C:\WINDOWS\system32\gjisfclw\turnon1.gif
    C:\WINDOWS\system32\skjlrsjp
    C:\WINDOWS\system32\skjlrsjp\bg1.gif
    C:\WINDOWS\system32\skjlrsjp\bgtop.gif
    C:\WINDOWS\system32\skjlrsjp\bottom1.gif
    C:\WINDOWS\system32\skjlrsjp\essentials.gif
    C:\WINDOWS\system32\skjlrsjp\icon1.ico
    C:\WINDOWS\system32\skjlrsjp\install1.gif
    C:\WINDOWS\system32\skjlrsjp\left1.gif
    C:\WINDOWS\system32\skjlrsjp\li.gif
    C:\WINDOWS\system32\skjlrsjp\logo.gif
    C:\WINDOWS\system32\skjlrsjp\main.htm
    C:\WINDOWS\system32\skjlrsjp\mainframe.htm
    C:\WINDOWS\system32\skjlrsjp\reinstall1.gif
    C:\WINDOWS\system32\skjlrsjp\right1.gif
    C:\WINDOWS\system32\skjlrsjp\s1.htm
    C:\WINDOWS\system32\skjlrsjp\s2.htm
    C:\WINDOWS\system32\skjlrsjp\s3.htm
    C:\WINDOWS\system32\skjlrsjp\skjlrsjp1.exe
    C:\WINDOWS\system32\skjlrsjp\skjlrsjp2.exe
    C:\WINDOWS\system32\skjlrsjp\skjlrsjp3.exe
    C:\WINDOWS\system32\skjlrsjp\SMTop1.gif
    C:\WINDOWS\system32\skjlrsjp\SMTop2.gif
    C:\WINDOWS\system32\skjlrsjp\SMTop3.gif
    C:\WINDOWS\system32\skjlrsjp\SMTop4.gif
    C:\WINDOWS\system32\skjlrsjp\soft1_off.gif
    C:\WINDOWS\system32\skjlrsjp\soft1_off_ext.gif
    C:\WINDOWS\system32\skjlrsjp\soft1_on.gif
    C:\WINDOWS\system32\skjlrsjp\soft1_on_ext.gif
    C:\WINDOWS\system32\skjlrsjp\soft2_off.gif
    C:\WINDOWS\system32\skjlrsjp\soft2_off_ext.gif
    C:\WINDOWS\system32\skjlrsjp\soft2_on.gif
    C:\WINDOWS\system32\skjlrsjp\soft2_on_ext.gif
    C:\WINDOWS\system32\skjlrsjp\soft3_off.gif
    C:\WINDOWS\system32\skjlrsjp\soft3_off_ext.gif
    C:\WINDOWS\system32\skjlrsjp\soft3_on.gif
    C:\WINDOWS\system32\skjlrsjp\soft3_on_ext.gif
    C:\WINDOWS\system32\skjlrsjp\softbottom_off.gif
    C:\WINDOWS\system32\skjlrsjp\softbottom_on.gif
    C:\WINDOWS\system32\skjlrsjp\softleft_off.gif
    C:\WINDOWS\system32\skjlrsjp\softleft_on.gif
    C:\WINDOWS\system32\skjlrsjp\top1.gif
    C:\WINDOWS\system32\skjlrsjp\top2.gif
    C:\WINDOWS\system32\skjlrsjp\turnoff1.gif
    C:\WINDOWS\system32\skjlrsjp\turnon1.gif
    C:\WINDOWS\system32\tewcxjku.dll
    C:\WINDOWS\system32\yhlmwxce.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_DOMAINSERVICE
    -------\DomainService


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-24 to 2007-12-24 ))))))))))))))))))))))))))))))))))))
    .

    2007-12-24 13:42 . 2007-12-24 13:42 <REP> d-------- C:\WINDOWS\PerfInfo
    2007-12-24 12:57 . 2007-12-24 13:12 <REP> d-------- C:\VundoFix Backups
    2007-12-23 17:34 . 2007-12-24 10:05 843,490 ---hs---- C:\WINDOWS\system32\qrmdarml.ini
    2007-12-23 16:24 . 2007-12-23 16:24 <REP> d-------- C:\WINDOWS\ppqvmpqr
    2007-12-23 16:24 . 2007-12-23 16:24 208,896 --a------ C:\WINDOWS\system32\ndaTqsVqrX.dll
    2007-12-22 17:38 . 2007-12-23 16:50 843,370 ---hs---- C:\WINDOWS\system32\thqkdgdj.ini
    2007-12-21 17:30 . 2007-12-22 17:32 868,962 ---hs---- C:\WINDOWS\system32\ltbhpomy.ini
    2007-12-20 09:01 . 2007-12-21 17:29 901,258 ---hs---- C:\WINDOWS\system32\jmfaskxa.ini
    2007-12-19 00:01 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
    2007-12-19 00:01 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
    2007-12-19 00:00 . 2007-12-19 00:00 <REP> d-------- C:\WINDOWS\Downloaded Installations
    2007-12-18 23:33 . 2007-12-20 08:56 874,123 ---hs---- C:\WINDOWS\system32\vjanoitp.ini
    2007-12-17 22:03 . 2007-12-18 23:31 878,492 ---hs---- C:\WINDOWS\system32\stuedgbq.ini
    2007-12-17 20:08 . 2004-08-18 09:34 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
    2007-12-16 22:01 . 2007-12-17 22:01 862,716 ---hs---- C:\WINDOWS\system32\bxumriqk.ini
    2007-12-16 21:59 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
    2007-12-13 23:05 . 2007-12-16 21:56 909,875 ---hs---- C:\WINDOWS\system32\pruligrr.ini
    2007-12-12 23:03 . 2007-12-13 23:04 948,733 ---hs---- C:\WINDOWS\system32\vgkcyxti.ini
    2007-12-11 23:01 . 2007-12-12 23:01 889,050 ---hs---- C:\WINDOWS\system32\thoyadhy.ini
    2007-12-10 20:37 . 2007-12-11 22:56 991,324 ---hs---- C:\WINDOWS\system32\juhcaoss.ini
    2007-12-09 20:42 . 2007-12-10 18:22 834,220 ---hs---- C:\WINDOWS\system32\motbaphw.ini
    2007-12-09 12:21 . 2007-12-09 12:22 834,100 ---hs---- C:\WINDOWS\system32\owwifcbh.ini
    2007-12-08 12:18 . 2007-12-08 12:19 834,760 ---hs---- C:\WINDOWS\system32\gnrvlpqx.ini
    2007-12-07 08:09 . 2007-12-08 12:16 856,298 ---hs---- C:\WINDOWS\system32\noulongh.ini
    2007-12-06 00:54 . 2007-12-07 07:55 833,175 ---hs---- C:\WINDOWS\system32\myssjfyr.ini
    2007-12-06 00:40 . 2007-12-06 00:41 <REP> d-------- C:\Program Files\Hvmqsqsc
    2007-12-04 22:21 . 2007-12-04 22:22 153 --a------ C:\WINDOWS\wininit.ini
    2007-12-04 21:23 . 2007-12-06 00:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-12-04 20:31 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
    2007-12-04 18:30 . 2007-12-06 00:40 807,588 ---hs---- C:\WINDOWS\system32\iclgydkk.ini
    2007-12-03 18:30 . 2007-12-04 17:26 792,829 ---hs---- C:\WINDOWS\system32\ywyfhblj.ini
    2007-12-02 22:59 . 2006-10-04 15:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
    2007-12-02 22:59 . 2006-10-04 15:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
    2007-12-02 22:59 . 2006-10-04 15:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb
    2007-12-02 22:58 . 2007-12-02 22:58 <REP> d-------- C:\Program Files\Windows Media Connect 2
    2007-12-02 22:56 . 2007-12-02 22:57 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
    2007-12-02 18:34 . 2007-12-02 18:34 143 --a------ C:\WINDOWS\system32\mcrh.tmp
    2007-12-02 13:54 . 2007-12-03 18:16 792,649 ---hs---- C:\WINDOWS\system32\qfceeobd.ini
    2007-12-01 16:24 . 2007-12-01 16:24 <REP> d-------- C:\Documents and Settings\Damien\Application Data\Microsoft Games
    2007-12-01 13:46 . 2007-12-01 13:46 <REP> d-------- C:\Program Files\Qlhufzpo
    2007-11-25 20:42 . 2007-11-25 20:44 <REP> d-------- C:\Documents and Settings\Damien\Application Data\SopCast

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-21 21:01 --------- d-----w C:\Documents and Settings\Damien\Application Data\LimeWire
    2007-12-16 20:59 --------- d-----w C:\Program Files\Java
    2007-12-12 08:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-12-02 11:21 --------- d-----w C:\Documents and Settings\Damien\Application Data\Azureus
    2007-12-01 12:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-11-22 15:07 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2007-11-22 15:07 22,328 ----a-w C:\Documents and Settings\Damien\Application Data\PnkBstrK.sys
    2007-11-21 21:51 --------- d-----w C:\Program Files\Fichiers communs\DirectX
    2007-11-21 21:44 --------- d--h--r C:\Documents and Settings\Damien\Application Data\SecuROM
    2007-11-20 17:37 --------- d-----w C:\Program Files\Axon Data
    2007-11-16 15:13 --------- d-----w C:\Program Files\Fichiers communs\SureThing Shared
    2007-11-16 15:13 --------- d-----w C:\Documents and Settings\Damien\Application Data\Sonic
    2007-11-16 15:13 --------- d-----w C:\Documents and Settings\Damien\Application Data\Leadertech
    2007-11-15 06:08 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2007-11-13 19:33 --------- d-----w C:\Program Files\Windows Desktop Search
    2007-11-13 17:56 --------- d-----w C:\Documents and Settings\Damien\Application Data\CyberLink
    2007-11-13 17:36 --------- d-----w C:\Program Files\MSN Messenger
    2007-11-13 17:35 --------- d-----w C:\Documents and Settings\Damien\Application Data\vlc
    2007-11-13 17:27 --------- d-----w C:\Documents and Settings\Damien\Application Data\Apple Computer
    2007-11-13 17:26 --------- d-----w C:\Program Files\QuickTime
    2007-11-13 17:26 --------- d-----w C:\Program Files\iPod
    2007-11-13 17:26 --------- d-----w C:\Program Files\Fichiers communs\Apple
    2007-11-13 17:26 --------- d-----w C:\Program Files\Apple Software Update
    2007-11-13 17:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2007-11-13 17:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
    2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-11-13 06:11 --------- d-----w C:\Documents and Settings\Damien\Application Data\OD2
    2007-11-11 21:38 --------- d-----w C:\Program Files\MSBuild
    2007-11-11 21:38 --------- d-----w C:\Program Files\Microsoft Works
    2007-11-11 21:37 --------- d-----w C:\Program Files\Microsoft.NET
    2007-11-11 21:03 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2007-11-11 19:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
    2007-11-11 17:46 --------- d-----w C:\Documents and Settings\Damien\Application Data\AdobeUM
    2007-11-09 02:16 --------- d-----w C:\Program Files\AOL 9.0
    2007-11-09 02:13 --------- d-----w C:\Program Files\Services en ligne
    2007-11-09 02:12 --------- d-----w C:\Program Files\Fichiers communs\Sonic Shared
    2007-11-09 02:12 --------- d-----w C:\Program Files\Fichiers communs\aolshare
    2007-11-09 02:12 --------- d-----w C:\Program Files\Fichiers communs\AOL
    2007-11-09 02:11 --------- d-----w C:\Program Files\AOL Compagnon
    2007-11-09 02:10 --------- d-----w C:\Program Files\Windows Media Components
    2007-11-09 02:10 --------- d-----w C:\Program Files\Viewpoint
    2007-11-09 02:10 --------- d-----w C:\Program Files\Ulead Systems
    2007-11-09 02:10 --------- d-----w C:\Program Files\Sonic
    2007-11-09 02:10 --------- d-----w C:\Program Files\Real
    2007-11-09 02:10 --------- d-----w C:\Program Files\Norman
    2007-11-09 02:10 --------- d-----w C:\Program Files\microsoft frontpage
    2007-11-09 02:10 --------- d-----w C:\Program Files\Learn2.com
    2007-11-09 02:10 --------- d-----w C:\Program Files\GMixon
    2007-11-09 02:10 --------- d-----w C:\Program Files\Fichiers communs\xing shared
    2007-11-09 02:10 --------- d-----w C:\Program Files\Fichiers communs\Ulead Systems
    2007-11-09 02:10 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
    2007-11-09 02:10 --------- d-----w C:\Program Files\Fichiers communs\Real
    2007-11-09 02:10 --------- d-----w C:\Program Files\Fichiers communs\ODBC
    2007-11-09 02:10 --------- d-----w C:\Program Files\Fichiers communs\Nullsoft
    2007-11-09 02:10 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
    2007-11-09 02:10 --------- d-----w C:\Program Files\Fichiers communs\Java
    2007-11-09 02:10 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2007-11-09 02:10 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2007-11-09 02:10 --------- d-----w C:\Program Files\CyberLink
    2007-11-09 02:10 --------- d-----w C:\Program Files\AMD
    2007-11-08 20:23 --------- d-----w C:\Program Files\MSXML 4.0
    2007-11-08 17:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
    2007-11-08 17:52 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2007-11-08 17:26 --------- d-----w C:\Documents and Settings\Damien\Application Data\Talkback
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1A0C18BA-DD63-4347-A683-E1DA1AA72DBB}]
    C:\WINDOWS\system32\jkkji.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f9ebcf71-757b-4ed1-939e-61fc94439bf5}]
    C:\WINDOWS\system32\wqerptum.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00]
    "SoundMan"="SOUNDMAN.EXE" [2005-05-17 17:48 C:\WINDOWS\SOUNDMAN.EXE]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
    "Ulead AutoDetector v2"="C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 10:43]
    "PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 12:48]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 13:00]
    "ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 10:31]
    "avast!"="D:\PROGRA~1\Avast\ashDisp.exe" [2007-12-04 14:00]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
    "iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 13:00 C:\WINDOWS\system32\bthprops.cpl]
    "DAEMON Tools-1033"="D:\Program Files\dm\daemon.exe" [2004-08-22 17:05]
    "20bfbf54"="C:\WINDOWS\system32\lmradmrq.dll" []

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wintfj32]
    wintfj32.dll

    R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-05-27 11:51]
    R3 STCWL;Sitecom 802.11g WL-140/141 Driver;C:\WINDOWS\system32\DRIVERS\wlanCIG.sys [2005-03-01 18:27]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{306816fb-9455-11dc-94a5-00038a000015}]
    \Shell\AutoRun\command - J:\Launcher\LAUNCHER.EXE

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aba5157d-9771-11dc-94b4-000cf6146574}]
    \Shell\AutoRun\command - J:\setup\rsrc\Autorun.exe
    \Shell\dinstall\command - J:\Directx\dxsetup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4898c46-98f3-11dc-94b9-00038a000015}]
    \Shell\AutoRun\command - J:\setup\rsrc\Autorun.exe
    \Shell\dinstall\command - J:\Directx\dxsetup.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2007-12-21 20:22:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2007-11-08 17:21:17 C:\WINDOWS\Tasks\Rappel d'enregistrement 1.job"
    - C:\WINDOWS\system32\OOBE\oobebaln.exe
    .
    **************************************************************************

    catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-24 13:42:42
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
    -> C:\WINDOWS\system32\ndaTqsVqrX.dll
    .
    Completion time: 2007-12-24 13:43:28 - machine was rebooted [Damien]
    .
    2007-12-12 08:29:17 --- E O F ---
    a b 8 Sécurité
    24 Décembre 2007 16:32:12

    On va corriger ça :

    [#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    Folder::
    C:\WINDOWS\PerfInfo
    C:\WINDOWS\ppqvmpqr
    C:\Program Files\Hvmqsqsc
    C:\Program Files\Qlhufzpo

    File::
    C:\WINDOWS\system32\qrmdarml.ini
    C:\WINDOWS\system32\ndaTqsVqrX.dll
    C:\WINDOWS\system32\thqkdgdj.ini
    C:\WINDOWS\system32\ltbhpomy.ini
    C:\WINDOWS\system32\jmfaskxa.ini
    C:\WINDOWS\system32\vjanoitp.ini
    C:\WINDOWS\system32\stuedgbq.ini
    C:\WINDOWS\system32\bxumriqk.ini
    C:\WINDOWS\system32\pruligrr.ini
    C:\WINDOWS\system32\vgkcyxti.ini
    C:\WINDOWS\system32\thoyadhy.ini
    C:\WINDOWS\system32\juhcaoss.ini
    C:\WINDOWS\system32\motbaphw.ini
    C:\WINDOWS\system32\owwifcbh.ini
    C:\WINDOWS\system32\gnrvlpqx.ini
    C:\WINDOWS\system32\noulongh.ini
    C:\WINDOWS\system32\myssjfyr.ini
    C:\WINDOWS\system32\iclgydkk.ini
    C:\WINDOWS\system32\ywyfhblj.ini
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\qfceeobd.ini
    C:\WINDOWS\system32\jkkji.dll
    C:\WINDOWS\system32\wqerptum.dll
    C:\WINDOWS\system32\lmradmrq.dll

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1A0C18BA-DD63-4347-A683-E1DA1AA72DBB}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f9ebcf71-757b-4ed1-939e-61fc94439bf5}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "20bfbf54"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wintfj32]


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    24 Décembre 2007 17:05:30

    Alors, il n'y a pas eu de redémarrage!

    Combofix:

    ComboFix 07-12-21.4 - Damien 2007-12-24 17:03:57.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.608 [GMT 1:00]
    Running from: D:\Mes Documents\Firefox dL\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Damien\Mes documents\CFScript.txt..txt
    * Created a new restore point

    FILE
    C:\WINDOWS\system32\bxumriqk.ini
    C:\WINDOWS\system32\gnrvlpqx.ini
    C:\WINDOWS\system32\iclgydkk.ini
    C:\WINDOWS\system32\jkkji.dll
    C:\WINDOWS\system32\jmfaskxa.ini
    C:\WINDOWS\system32\juhcaoss.ini
    C:\WINDOWS\system32\lmradmrq.dll
    C:\WINDOWS\system32\ltbhpomy.ini
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\motbaphw.ini
    C:\WINDOWS\system32\myssjfyr.ini
    C:\WINDOWS\system32\ndaTqsVqrX.dll
    C:\WINDOWS\system32\noulongh.ini
    C:\WINDOWS\system32\owwifcbh.ini
    C:\WINDOWS\system32\pruligrr.ini
    C:\WINDOWS\system32\qfceeobd.ini
    C:\WINDOWS\system32\qrmdarml.ini
    C:\WINDOWS\system32\stuedgbq.ini
    C:\WINDOWS\system32\thoyadhy.ini
    C:\WINDOWS\system32\thqkdgdj.ini
    C:\WINDOWS\system32\vgkcyxti.ini
    C:\WINDOWS\system32\vjanoitp.ini
    C:\WINDOWS\system32\wqerptum.dll
    C:\WINDOWS\system32\ywyfhblj.ini
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\PerfInfo
    C:\WINDOWS\PerfInfo\1voIp469zJuc.exe
    C:\WINDOWS\PerfInfo\1voIp469zJud.exe
    C:\WINDOWS\system32\bxumriqk.ini
    C:\WINDOWS\system32\gnrvlpqx.ini
    C:\WINDOWS\system32\iclgydkk.ini
    C:\WINDOWS\system32\jmfaskxa.ini
    C:\WINDOWS\system32\juhcaoss.ini
    C:\WINDOWS\system32\ltbhpomy.ini
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\motbaphw.ini
    C:\WINDOWS\system32\myssjfyr.ini
    C:\WINDOWS\system32\ndaTqsVqrX.dll
    C:\WINDOWS\system32\noulongh.ini
    C:\WINDOWS\system32\owwifcbh.ini
    C:\WINDOWS\system32\pruligrr.ini
    C:\WINDOWS\system32\qfceeobd.ini
    C:\WINDOWS\system32\qrmdarml.ini
    C:\WINDOWS\system32\stuedgbq.ini
    C:\WINDOWS\system32\thoyadhy.ini
    C:\WINDOWS\system32\thqkdgdj.ini
    C:\WINDOWS\system32\vgkcyxti.ini
    C:\WINDOWS\system32\vjanoitp.ini
    C:\WINDOWS\system32\ywyfhblj.ini

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2007-11-24 to 2007-12-24 ))))))))))))))))))))))))))))))))))))
    .

    2007-12-24 12:57 . 2007-12-24 13:12 <REP> d-------- C:\VundoFix Backups
    2007-12-23 16:24 . 2007-12-23 16:24 <REP> d-------- C:\WINDOWS\ppqvmpqr
    2007-12-19 00:00 . 2007-12-19 00:00 <REP> d-------- C:\WINDOWS\Downloaded Installations
    2007-12-17 20:08 . 2004-08-18 09:34 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
    2007-12-16 21:59 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
    2007-12-06 00:40 . 2007-12-06 00:41 <REP> d-------- C:\Program Files\Hvmqsqsc
    2007-12-04 22:21 . 2007-12-04 22:22 153 --a------ C:\WINDOWS\wininit.ini
    2007-12-04 21:23 . 2007-12-06 00:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-12-04 20:31 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
    2007-12-02 22:59 . 2006-10-04 15:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
    2007-12-02 22:59 . 2006-10-04 15:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
    2007-12-02 22:59 . 2006-10-04 15:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb
    2007-12-02 22:58 . 2007-12-02 22:58 <REP> d-------- C:\Program Files\Windows Media Connect 2
    2007-12-02 22:56 . 2007-12-02 22:57 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
    2007-12-01 16:24 . 2007-12-01 16:24 <REP> d-------- C:\Documents and Settings\Damien\Application Data\Microsoft Games
    2007-12-01 13:46 . 2007-12-01 13:46 <REP> d-------- C:\Program Files\Qlhufzpo
    2007-11-25 20:42 . 2007-11-25 20:44 <REP> d-------- C:\Documents and Settings\Damien\Application Data\SopCast

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-21 21:01 --------- d-----w C:\Documents and Settings\Damien\Application Data\LimeWire
    2007-12-16 20:59 --------- d-----w C:\Program Files\Java
    2007-12-12 08:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2007-12-11 22:34 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2007-12-11 22:34 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
    2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
    2007-12-02 11:21 --------- d-----w C:\Documents and Settings\Damien\Application Data\Azureus
    2007-12-01 12:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-11-22 15:07 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
    2007-11-22 15:07 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2007-11-22 15:07 22,328 ----a-w C:\Documents and Settings\Damien\Application Data\PnkBstrK.sys
    2007-11-22 15:07 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
    2007-11-21 21:51 --------- d-----w C:\Program Files\Fichiers communs\DirectX
    2007-11-21 21:44 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2007-11-21 21:44 --------- d--h--r C:\Documents and Settings\Damien\Application Data\SecuROM
    2007-11-20 17:37 --------- d-----w C:\Program Files\Axon Data
    2007-11-16 15:13 --------- d-----w C:\Program Files\Fichiers communs\SureThing Shared
    2007-11-16 15:13 --------- d-----w C:\Documents and Settings\Damien\Application Data\Sonic
    2007-11-16 15:13 --------- d-----w C:\Documents and Settings\Damien\Application Data\Leadertech
    2007-11-15 06:08 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2007-11-13 19:33 --------- d-----w C:\Program Files\Windows Desktop Search
    2007-11-13 17:56 --------- d-----w C:\Documents and Settings\Damien\Application Data\CyberLink
    2007-11-13 17:36 --------- d-----w C:\Program Files\MSN Messenger
    2007-11-13 17:35 --------- d-----w C:\Documents and Settings\Damien\Application Data\vlc
    2007-11-13 17:27 --------- d-----w C:\Documents and Settings\Damien\Application Data\Apple Computer
    2007-11-13 17:26 --------- d-----w C:\Program Files\QuickTime
    2007-11-13 17:26 --------- d-----w C:\Program Files\iPod
    2007-11-13 17:26 --------- d-----w C:\Program Files\Fichiers communs\Apple
    2007-11-13 17:26 --------- d-----w C:\Program Files\Apple Software Update
    2007-11-13 17:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2007-11-13 17:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
    2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-11-13 06:11 --------- d-----w C:\Documents and Settings\Damien\Application Data\OD2
    2007-11-11 21:38 --------- d-----w C:\Program Files\MSBuild
    2007-11-11 21:38 --------- d-----w C:\Program Files\Microsoft Works
    2007-11-11 21:37 --------- d-----w C:\Program Files\Microsoft.NET
    2007-11-11 21:03 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2007-11-11 19:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
    2007-11-11 17:46 --------- d-----w C:\Documents and Settings\Damien\Application Data\AdobeUM
    2007-11-09 02:16 --------- d-----w C:\Program Files\AOL 9.0
    2007-11-09 02:13 --------- d-----w C:\Program Files\Services en ligne
    2007-11-09 02:12 --------- d-----w C:\Program Files\Fichiers communs\Sonic Shared
    2007-11-09 02:12 --------- d-----w C:\Program Files\Fichiers communs\aolshare
    2007-11-09 02:12 --------- d-----w C:\Program Files\Fichiers communs\AOL
    2007-11-09 02:11 --------- d-----w C:\Program Files\AOL Compagnon
    2007-11-09 02:10 --------- d-----w C:\Program Files\Windows Media Components
    2007-11-09 02:10 --------- d-----w C:\Program Files\Viewpoint
    2007-11-09 02:10 --------- d-----w C:\Program Files\Ulead Systems
    2007-11-09 02:10 --------- d-----w C:\Program Files\Sonic
    2007-11-09 02:10 --------- d-----w C:\Program Files\Real
    2007-11-09 02:10 --------- d-----w C:\Program Files\Norman
    2007-11-09 02:10 --------- d-----w C:\Program Files\microsoft frontpage
    2007-11-09 02:10 --------- d-----w C:\Program Files\Learn2.com
    2007-11-09 02:10 --------- d-----w C:\Program Files\GMixon
    2007-11-09 02:10 --------- d-----w C:\Program Files\Fichiers communs\xing shared
    2007-11-09 02:10 --------- d-----w C:\Program Files\Fichiers communs\Ulead Systems
    2007-11-09 02:10 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
    2007-11-09 02:10 --------- d-----w C:\Program Files\Fichiers communs\Real
    2007-11-09 02:10 --------- d-----w C:\Program Files\Fichiers communs\ODBC
    2007-11-09 02:10 --------- d-----w C:\Program Files\Fichiers communs\Nullsoft
    2007-11-09 02:10 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
    2007-11-09 02:10 --------- d-----w C:\Program Files\Fichiers communs\Java
    2007-11-09 02:10 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2007-11-09 02:10 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2007-11-09 02:10 --------- d-----w C:\Program Files\CyberLink
    2007-11-09 02:10 --------- d-----w C:\Program Files\AMD
    2007-11-08 20:23 --------- d-----w C:\Program Files\MSXML 4.0
    2007-11-08 17:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
    2007-11-08 17:52 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2007-11-08 17:26 --------- d-----w C:\Documents and Settings\Damien\Application Data\Talkback
    2007-10-30 23:23 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    2007-10-29 22:43 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll
    2007-10-25 16:56 8,510,976 ------w C:\WINDOWS\system32\dllcache\shell32.dll
    2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
    2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
    2007-10-10 23:49 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
    2007-10-10 23:49 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
    2007-10-10 23:49 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
    2007-10-10 23:49 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
    2007-10-10 23:49 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2007-10-10 23:49 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
    2007-10-10 23:49 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
    2007-10-10 23:49 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
    2007-10-10 23:49 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
    2007-10-10 23:49 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2007-10-10 23:49 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
    2007-10-10 23:49 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
    2007-10-10 23:49 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
    2007-10-10 23:49 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
    2007-10-10 23:49 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
    2007-10-10 23:49 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
    2007-10-10 23:49 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
    2007-10-10 23:49 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2007-12-24_13.42.59.45 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-12-24 12:59:23 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6ec.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00]
    "SoundMan"="SOUNDMAN.EXE" [2005-05-17 17:48 C:\WINDOWS\SOUNDMAN.EXE]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
    "Ulead AutoDetector v2"="C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 10:43]
    "PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 12:48]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 13:00]
    "ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 10:31]
    "avast!"="D:\PROGRA~1\Avast\ashDisp.exe" [2007-12-04 14:00]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
    "iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 13:00 C:\WINDOWS\system32\bthprops.cpl]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00]

    R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-05-27 11:51]
    R3 STCWL;Sitecom 802.11g WL-140/141 Driver;C:\WINDOWS\system32\DRIVERS\wlanCIG.sys [2005-03-01 18:27]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{306816fb-9455-11dc-94a5-00038a000015}]
    \Shell\AutoRun\command - J:\Launcher\LAUNCHER.EXE

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aba5157d-9771-11dc-94b4-000cf6146574}]
    \Shell\AutoRun\command - J:\setup\rsrc\Autorun.exe
    \Shell\dinstall\command - J:\Directx\dxsetup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4898c46-98f3-11dc-94b9-00038a000015}]
    \Shell\AutoRun\command - J:\setup\rsrc\Autorun.exe
    \Shell\dinstall\command - J:\Directx\dxsetup.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2007-12-21 20:22:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2007-11-08 17:21:17 C:\WINDOWS\Tasks\Rappel d'enregistrement 1.job"
    - C:\WINDOWS\system32\OOBE\oobebaln.exe
    .
    **************************************************************************

    catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-24 17:05:20
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-12-24 17:05:50
    C:\ComboFix2.txt ... 2007-12-24 13:43
    .
    2007-12-12 08:29:17 --- E O F ---


    HiJackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:07:19, on 24/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    D:\Program Files\Avast\aswUpdSv.exe
    D:\Program Files\Avast\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
    C:\Apps\Powercinema\PCMService.exe
    C:\apps\ABoard\ABoard.exe
    D:\PROGRA~1\Avast\ashDisp.exe
    C:\apps\ABoard\AOSD.exe
    C:\Program Files\QuickTime\QTTask.exe
    D:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    c:\APPS\HIDSERVICE\HIDSERVICE.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\svchost.exe
    D:\Program Files\Mozilla\firefox.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\explorer.exe
    D:\Program Files\WinRar\WinRAR.exe
    C:\DOCUME~1\Damien\LOCALS~1\Temp\Rar$EX00.375\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
    O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
    O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
    O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\Avast\ashDisp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKLM\..\Policies\Explorer\Run: [1voIp469zJ] rundll32.exe "C:\WINDOWS\system32\ndaTqsVqrX.dll",DllCleanServer
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Sitecom WLAN Client Utility.lnk = D:\Program Files\Wifi\WLANUTL.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Avast\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Avast\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Avast\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Avast\ashWebSv.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

    --
    End of file - 7182 bytes
    24 Décembre 2007 17:19:42

    J'ai touours le même message d'erreur au démarrage en revanche.

    Je suis en train de changer d'antivirus, je t'envoie un message d"s que j'ai fini.
    Quand tu dis scan complet, tu parle de scan complet par Antivir ??
    a b 8 Sécurité
    24 Décembre 2007 17:39:33

    Citation :
    Quand tu dis scan complet, tu parle de scan complet par Antivir ??

    Bah oui ;) 
    24 Décembre 2007 17:53:15

    Lool d'accord :p .
    Préfere être sûr on ne sait jamais ....

    J'ai démarré le scan, c'est en cours. Il a déja détecté beaucoup de malware ou autre ainsi que trojan; j'ai fait delete sauf ceux auquel delete était en gris donc inaccessible.

    PS: j'ai toujours le meesage d'erreur au démarrage.
    a b 8 Sécurité
    24 Décembre 2007 18:02:00

    Citation :
    PS: j'ai toujours le meesage d'erreur au démarrage.

    On verra ça après ;) 
    24 Décembre 2007 18:12:58

    Rapport d'Antivir:



    AntiVir PersonalEdition Classic
    Report file date: lundi 24 décembre 2007 17:40

    Scanning for 991527 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: SYSTEM
    Computer name: 104691570313

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
    ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 16:39:14
    ANTIVIR2.VDF : 7.0.1.96 2048 Bytes 14/12/2007 16:39:14
    ANTIVIR3.VDF : 7.0.1.151 271872 Bytes 24/12/2007 16:39:14
    AVEWIN32.DLL : 7.6.0.46 3084800 Bytes 24/12/2007 16:39:14
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
    AVPACK32.DLL : 7.6.0.2 360488 Bytes 24/12/2007 16:39:14
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: d:\program files\antivir\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: D:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: lundi 24 décembre 2007 17:40

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'firefox.exe' - '1' Module(s) have been scanned
    Scan process 'iPodService.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'AOSD.EXE' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
    Scan process 'QTTask.exe' - '1' Module(s) have been scanned
    Scan process 'ABOARD.EXE' - '1' Module(s) have been scanned
    Scan process 'PCMService.exe' - '1' Module(s) have been scanned
    Scan process 'Monitor.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
    Scan process 'CLSched.exe' - '1' Module(s) have been scanned
    Scan process 'ULCDRSvr.exe' - '1' Module(s) have been scanned
    Scan process 'PnkBstrB.exe' - '1' Module(s) have been scanned
    Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
    Scan process 'HidService.exe' - '1' Module(s) have been scanned
    Scan process 'CLMLService.exe' - '1' Module(s) have been scanned
    Scan process 'CLMLServer.exe' - '1' Module(s) have been scanned
    Scan process 'CLCapSvc.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
    Scan process 'AOLacsd.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    43 processes with 43 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'D:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '30' files ).


    Starting the file scan:

    Begin scan in 'C:\' <HDD>
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeddc.zip
    [DETECTION] Contains suspicious code GEN/PwdZIP
    [INFO] The file was moved to '47e1e235.qua'!
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeddc1.zip
    [DETECTION] Contains suspicious code GEN/PwdZIP
    [INFO] The file was moved to '47e1e23a.qua'!
    C:\qoobox\Quarantine\C\Program Files\gpijwfuv\ivmzupyv.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '47dce337.qua'!
    C:\qoobox\Quarantine\C\Program Files\SecCenter\scprot4.exe.bak.vir
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was moved to '47dfe326.qua'!
    C:\qoobox\Quarantine\C\Program Files\SecCenter\scprot4.exe.vir
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was moved to '47dfe328.qua'!
    C:\qoobox\Quarantine\C\WINDOWS\system32\gjisfclw\gjisfclw2.exe.vir
    [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
    [INFO] The file was moved to '47d8e331.qua'!
    C:\qoobox\Quarantine\C\WINDOWS\system32\skjlrsjp\skjlrsjp2.exe.vir
    [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
    [INFO] The file was moved to '47d9e334.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP38\A0006088.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP42\A0006805.dll
    [DETECTION] Is the Trojan horse TR/Vundo.AU
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP43\A0006990.exe
    [DETECTION] Is the Trojan horse TR/Fotomoto.F.1
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP43\A0006991.exe
    [DETECTION] Is the Trojan horse TR/Fotomoto.F.1
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP43\A0006992.dll
    [DETECTION] Is the Trojan horse TR/Crypt.PEC2X.Gen
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP43\A0007088.dll
    [DETECTION] Is the Trojan horse TR/Vundo.DRT
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0007287.dll
    [DETECTION] Is the Trojan horse TR/Vundo.DRT
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP46\A0007616.dll
    [DETECTION] Is the Trojan horse TR/Vundo.DRT
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP46\A0007684.dll
    [DETECTION] Is the Trojan horse TR/Vundo.AU
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP47\A0007689.dll
    [DETECTION] Is the Trojan horse TR/Vundo.DRT
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP47\A0007782.dll
    [DETECTION] Is the Trojan horse TR/Vundo.DRT
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP48\A0007884.dll
    [DETECTION] Is the Trojan horse TR/Vundo.DRT
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP48\A0008957.dll
    [DETECTION] Is the Trojan horse TR/Vundo.DRT
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP49\A0009190.dll
    [DETECTION] Is the Trojan horse TR/Vundo.DRT
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP5\A0001216.dll
    [WARNING] The file could not be opened!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP50\A0009222.dll
    [DETECTION] Is the Trojan horse TR/Vundo.DRT
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP51\A0010237.dll
    [DETECTION] Is the Trojan horse TR/Vundo.DRT
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP52\A0010268.dll
    [DETECTION] Is the Trojan horse TR/Vundo.DRT
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP54\A0010419.dll
    [DETECTION] Is the Trojan horse TR/Vundo.DRT
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP55\A0011771.dll
    [DETECTION] Is the Trojan horse TR/Vundo.DRT
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP56\A0011898.dll
    [DETECTION] Is the Trojan horse TR/Vundo.DRT
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP57\A0013080.dll
    [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP57\A0013157.dll
    [DETECTION] Is the Trojan horse TR/BHO.aby
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP57\A0013161.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP57\A0013167.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP57\A0013168.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP57\A0013169.dll
    [DETECTION] Is the Trojan horse TR/Dldr.Agent.fnw.3
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP57\A0013173.dll
    [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP57\A0013175.dll
    [DETECTION] Is the Trojan horse TR/Virtumonde.C
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP57\A0013182.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP57\A0013185.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP57\A0013186.dll
    [DETECTION] Is the Trojan horse TR/Vundo.DRT
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP57\A0013198.dll
    [DETECTION] Is the Trojan horse TR/Dldr.Agent.fnw.3
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP58\A0013240.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP58\A0013242.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP58\A0013245.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP58\A0013250.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was deleted!
    C:\VundoFix Backups\csyttcfl.dll.bad
    [DETECTION] Is the Trojan horse TR/BHO.aby
    [INFO] The file was deleted!
    C:\VundoFix Backups\efcawxw.dll.bad
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was deleted!
    C:\VundoFix Backups\jkkji.dll.bad
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was deleted!
    C:\VundoFix Backups\jsgmnqpt.dll.bad
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was deleted!
    C:\VundoFix Backups\khfcyxv.dll.bad
    [DETECTION] Is the Trojan horse TR/Dldr.Agent.fnw.3
    [INFO] The file was deleted!
    C:\VundoFix Backups\lmradmrq.dll.bad
    [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
    [INFO] The file was deleted!
    C:\VundoFix Backups\ocxjsbkf.dll.bad
    [DETECTION] Is the Trojan horse TR/Virtumonde.C
    [INFO] The file was deleted!
    C:\VundoFix Backups\uvmwjupl.dll.bad
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was deleted!
    C:\VundoFix Backups\wqerptum.dll.bad
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was deleted!
    C:\VundoFix Backups\wvutrss.dll.bad
    [DETECTION] Is the Trojan horse TR/Dldr.Agent.fnw.3
    [INFO] The file was deleted!
    C:\VundoFix Backups\xqplvrng.dll.bad
    [DETECTION] Is the Trojan horse TR/Vundo.DRT
    [INFO] The file was deleted!
    C:\WINDOWS\system32\drivers\sptd.sys
    [WARNING] The file could not be opened!
    Begin scan in 'D:\' <Disque Damien>


    End of the scan: lundi 24 décembre 2007 18:14
    Used time: 34:15 min

    The scan has been done completely.

    8055 Scanning directories
    290889 Files were scanned
    52 viruses and/or unwanted programs were found
    2 Files were classified as suspicious:
    47 files were deleted
    0 files were repaired
    7 files were moved to quarantine
    0 files were renamed
    4 Files cannot be scanned
    290837 Files not concerned
    7070 Archives were scanned
    4 Warnings
    0 Notes

    24 Décembre 2007 18:14:18

    J'ai aussi supprimer ce qui était en quarantaine
    a b 8 Sécurité
    24 Décembre 2007 18:15:02

    Reposte un rapport Hijackthis.
    24 Décembre 2007 18:17:34

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:19:26, on 24/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    c:\APPS\HIDSERVICE\HIDSERVICE.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
    C:\Apps\Powercinema\PCMService.exe
    C:\apps\ABoard\ABoard.exe
    C:\Program Files\QuickTime\QTTask.exe
    D:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\apps\ABoard\AOSD.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    D:\Program Files\Mozilla\firefox.exe
    D:\Program Files\Antivir\Avira\AntiVir PersonalEdition Classic\avguard.exe
    D:\Program Files\Antivir\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    D:\Program Files\Antivir\Avira\AntiVir PersonalEdition Classic\sched.exe
    D:\Program Files\WinRar\WinRAR.exe
    C:\DOCUME~1\Damien\LOCALS~1\Temp\Rar$EX00.109\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
    O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
    O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Antivir\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKLM\..\Policies\Explorer\Run: [1voIp469zJ] rundll32.exe "C:\WINDOWS\system32\ndaTqsVqrX.dll",DllCleanServer
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Sitecom WLAN Client Utility.lnk = D:\Program Files\Wifi\WLANUTL.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Antivir\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Program Files\Antivir\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

    --
    End of file - 7266 bytes
    a b 8 Sécurité
    26 Décembre 2007 11:16:12

    Tu as encore des soucis ?
    26 Décembre 2007 12:01:49

    Ecoute pour l'instant je n'ai pas vu Ultimate, mais j'ai toujours ce probleme en allumant mon ordi !!
    a b 8 Sécurité
    26 Décembre 2007 14:42:08

    Démarrer/Exécuter/MSCONFIG/Démarrage
    Tu n'as rien sur la dll ?
    26 Décembre 2007 18:24:56

    Je ne comprend pas lool. (honte)

    Qu'est ce que la dll ?? ( j'ai une fenêtre qui s'affiche avec plein de trucs mais rien de marqué dll...)
    a b 8 Sécurité
    26 Décembre 2007 19:45:22

    Le fichier ayant pour extension .dll et qui est inscrit dans le message d'erreur.
    27 Décembre 2007 00:02:21

    Je vois bien toutes ces lignes dans la section démarrage mais je ne vois pas ce que je dois chercher ou faire... dsl
    a b 8 Sécurité
    27 Décembre 2007 12:37:36

    Dans ton message d'erreur, tu vois la .dll ?
    a b 8 Sécurité
    27 Décembre 2007 15:01:01

    Re,

    On va essayer qq chose :

    Fix la ligne dans le cadre ci-dessous avec Hijackthis : AIDE EN IMAGES

    O4 - HKLM\..\Policies\Explorer\Run: [1voIp469zJ] rundll32.exe "C:\WINDOWS\system32\ndaTqsVqrX.dll",DllCleanServer
    27 Décembre 2007 16:46:07

    C'est fait et tout est rentré dans l'ordre!! Plus de message d'érreur plus rien. :love: 

    Grand merci a toi Angeldark :bounce: 

    Merci d'avoir pasez du temps à m'aider en tout cas c'est simpa grand merci. :p 
    Anonyme
    27 Décembre 2007 16:52:43

    allez, comme j ai suivi l affaire je dis aussi un grd bravo a angeldark !!
    l
    big UUPP ! je suis epaté
    27 Décembre 2007 16:58:45

    Big Big uppp. Heuresement que certains s'y connaissent pour aider les autres lool
    a b 8 Sécurité
    27 Décembre 2007 17:02:05

    Passe un bon réveillon ;) 

  • Télécharge ToolsCleaner sur ton Bureau.
  • Clique sur Recherche et laisse le scan se terminer.
  • Clique sur Suppression pour finaliser.
  • Clique sur Quitter, pour que le rapport puisse se créer.
  • Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\)

    Désactive puis réactive la restauration du système : Voir aide

    Ajoute maintenant [Résolu] au titre. Pour cela :
    * Clique, dans ton premier message, sur le bouton "Editer"
    * Rajoute la mention [Résolu] au titre
    * Clique ensuite sur "Valider votre message"

    Lis le dossier dossier sur la prévention et la protection pour ne plus avoir ce genre de problème en cliquant sur l'image ci-dessous :

    27 Décembre 2007 22:08:11

    -->- Recherche:

    C:\Vundofix backups: trouvé !
    C:\Qoobox: trouvé !
    C:\Documents and Settings\Damien\Local Settings\Temp\Rar$EX00.266\HijackThis.exe: trouvé !
    C:\Documents and Settings\Damien\Recent\HijackThis.lnk: trouvé !

    ---------------------------------
    -->- Suppression:

    C:\Documents and Settings\Damien\Local Settings\Temp\Rar$EX00.266\HijackThis.exe: supprimé !
    C:\Documents and Settings\Damien\Recent\HijackThis.lnk: supprimé !
    C:\Vundofix backups: supprimé !
    C:\Qoobox: supprimé !


    Voila le rapport de Toolscleaner ci-dessus.

    Vraiment grand merci et chapeau tu gêres Angel merci beaucoup.
    Passe un bon réveillon et tout et tout... :pt1cable: 

    Encore merci :hello: 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS