probléme avec des verres et autres genres

Sa fait 2 jours que je m'arrache les cheveux.

je vous reméci d'avant

Bonjour,

Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:02:18, on 23.09.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\Explorer.EXE
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Program Files\Acer\Acer eConsole\MediaSync.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Program Files\TRENDnet\TEW-424UB\TRENDnet.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB001" /M "Stylus Photo R240"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [dmzihmds] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\dmzihmds.dll"
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [EPSON Product Rappel concernant l'enregistrement] C:\WINDOWS\Temp\RegModule.exe
O4 - HKLM\..\Run: [Vaderetro Outlook] "C:\PROGRA~1\GOTOSO~1\VADERE~1\VrMoRegister.exe -s"
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\hgkvnxtp.dll",sitypnow
O4 - HKLM\..\RunServices: [RunDLL32] C:\WINDOWS\system32\yvxadvfs.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\iqgvlbyo.dll",sitypnow
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-21-2573422041-2398195971-2695629368-501\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-2573422041-2398195971-2695629368-501\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User '?')
O4 - HKUS\S-1-5-21-2573422041-2398195971-2695629368-501\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\iqgvlbyo.dll",sitypnow (User '?')
O4 - HKUS\S-1-5-21-2573422041-2398195971-2695629368-501\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-2573422041-2398195971-2695629368-501\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: Wireless Configuration Utility HW.32.lnk = ?
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://www.touslesdrivers.com/fichiers/hardwaredetectio...
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Unknown owner - C:\Program Files\Canon\CAL\CALMAIN.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\TRENDnet\TEW-424UB\SiSWLSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 13396 bytes

Alors!!!!!!
Est-ce grave docteur?

Re,

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.

Double-clique VundoFix.exe afin de le lancer

Clique sur le bouton Scan for Vundo

Lorsque le scan est complété, clique sur le bouton Remove Vundo

Une invite te demandera si tu veux supprimer les fichiers, clique YES

Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers

Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK

Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

VundoFix V6.5.9

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 18:41:27 23.09.2007

Listing files found while scanning....

C:\WINDOWS\system32\awtqr.dll
C:\windows\system32\drvbas.dll
C:\WINDOWS\system32\dumaeswu.dll
C:\windows\system32\eyahvoey.dll
C:\windows\system32\flmsipxp.ini
C:\windows\system32\hgkvnxtp.dll
C:\windows\system32\iqgvlbyo.dll
C:\windows\system32\jbhfgadv.dll
C:\windows\system32\juwxotik.ini
C:\windows\system32\kitoxwuj.dll
C:\windows\system32\obkjwftv.dll
C:\windows\system32\oyblvgqi.ini
C:\windows\system32\ptxnvkgh.ini
C:\windows\system32\pxpismlf.dll
C:\WINDOWS\system32\rqtwa.bak1
C:\WINDOWS\system32\rqtwa.bak2
C:\WINDOWS\system32\rqtwa.ini
C:\WINDOWS\system32\rqtwa.ini2
C:\WINDOWS\system32\rqtwa.tmp
C:\windows\system32\sptll.dll
C:\WINDOWS\system32\uwseamud.ini
C:\windows\system32\vdagfhbj.ini
C:\windows\system32\vtfwjkbo.ini
C:\windows\system32\yeovhaye.ini

Beginning removal...




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:05:43, on 23.09.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Program Files\Acer\Acer eConsole\MediaSync.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\TRENDnet\TEW-424UB\TRENDnet.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\TRENDnet\TEW-424UB\SiSWLSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\PROGRA~1\SPEEDB~1\VideoAccelerator.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*http://fr.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jeuxvideo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB001" /M "Stylus Photo R240"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [dmzihmds] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\dmzihmds.dll"
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [EPSON Product Rappel concernant l'enregistrement] C:\WINDOWS\Temp\RegModule.exe
O4 - HKLM\..\Run: [Vaderetro Outlook] "C:\PROGRA~1\GOTOSO~1\VADERE~1\VrMoRegister.exe -s"
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\hgkvnxtp.dll",sitypnow
O4 - HKLM\..\RunServices: [RunDLL32] C:\WINDOWS\system32\yvxadvfs.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingD9972] cmd /c del "C:\Documents and Settings\All Users\Application Data\dmzihmds.dll_old"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: Wireless Configuration Utility HW.32.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://www.touslesdrivers.com/fichiers/hardwaredetectio...
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Unknown owner - C:\Program Files\Canon\CAL\CALMAIN.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\TRENDnet\TEW-424UB\SiSWLSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 15456 bytes

alors.

Refais un scan Vundofix puis poste le rapport.

VundoFix V6.5.9

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 20:32:50 23.09.2007

Listing files found while scanning....

C:\WINDOWS\system32\awtqr.dll
C:\WINDOWS\system32\rqtwa.ini

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awtqr.dll
C:\WINDOWS\system32\awtqr.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\rqtwa.ini
C:\WINDOWS\system32\rqtwa.ini Has been deleted!

Performing Repairs to the registry.
Done!

Re,

Télécharge combofix.exe (par sUBs) sur ton Bureau.

Double clique combofix.exe.

Tape sur la touche 1 (Yes) pour démarrer le scan.

Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

alors

Tu as vu le message ?

Microsoft Windows XP dition familiale 5.1.2600.2.1252.33.1036.18.111 [GMT 2:00]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\tsks~1
C:\WINDOWS\system32\wapiisv.exe
C:\WINDOWS\system32\winuqw32.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_IPRIP
-------\Iprip


((((((((((((((((((((((((( Files Created from 2007-08-23 to 2007-09-23 )))))))))))))))))))))))))))))))
.

2007-09-23 20:46 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-23 18:41 <REP> d-------- C:\VundoFix Backups
2007-09-23 18:01 <REP> d-------- C:\Program Files\Trend Micro
2007-09-21 21:21 <REP> d-------- C:\DOCUME~1\ben\APPLIC~1\Apple Computer
2007-09-21 07:30 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-09-21 07:30 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-09-21 07:30 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-09-21 07:19 6,620 --a------ C:\WINDOWS\system32\tmp.reg
2007-09-20 21:53 <REP> d-------- C:\Program Files\7-Zip
2007-09-20 18:30 <REP> d-------- C:\DOCUME~1\ben\APPLIC~1\VadeRetro
2007-09-20 18:29 <REP> d-------- C:\Program Files\Goto Software
2007-09-20 18:29 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\VadeRetro
2007-09-20 13:23 <REP> d-------- C:\Program Files\Fichiers communs\Everstrike Software
2007-09-20 13:23 <REP> d-------- C:\Program Files\Everstrike Software
2007-09-19 13:09 <REP> d-------- C:\Program Files\EClea2_0
2007-09-16 11:15 <REP> d-------- C:\DOCUME~1\ben\APPLIC~1\CyberLink
2007-09-15 20:30 <REP> d-------- C:\DOCUME~1\ben\APPLIC~1\Ahead
2007-09-15 10:24 <REP> d-------- C:\DOCUME~1\teste\APPLIC~1\CyberLink
2007-09-14 17:55 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-12 21:43 369,248 --------- C:\WINDOWS\system32\awtqr.dll
2007-09-12 21:39 <REP> d-------- C:\WINDOWS\system32\okqipwgf
2007-09-12 18:42 <REP> d-------- C:\DOCUME~1\teste\APPLIC~1\Help
2007-09-08 11:27 <REP> d-------- C:\Program Files\Microsoft Games
2007-09-03 19:56 <REP> d-------- C:\Program Files\MSXML 4.0
2007-09-03 16:00 <REP> d-------- C:\Program Files\Alcohol Soft
2007-09-03 15:52 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-09-03 09:12 <REP> d-------- C:\DOCUME~1\teste\APPLIC~1\Ahead
2007-09-03 09:12 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
2007-09-03 09:10 <REP> d-------- C:\Program Files\Nero
2007-09-03 09:10 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
2007-09-03 09:10 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-23 20:30 --------- d-------- C:\Program Files\SDFix
2007-09-23 20:10 --------- d-------- C:\Program Files\Fichiers communs\Symantec Shared
2007-09-23 20:07 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-09-23 15:51 --------- d-------- C:\Program Files\eMule
2007-09-21 18:35 --------- d-------- C:\DOCUME~1\ben\APPLIC~1\U3
2007-09-19 18:48 --------- d-------- C:\Program Files\SpeedBit Video Accelerator
2007-09-19 18:38 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-09-18 19:31 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-18 19:30 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
2007-09-18 19:25 --------- d-------- C:\Program Files\EPSON
2007-09-18 15:27 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-09-18 15:27 60800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-09-18 15:27 123952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-09-18 15:27 10676 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-09-18 15:27 --------- d-------- C:\Program Files\Symantec
2007-09-12 11:49 --------- d-------- C:\Program Files\DivX
2007-09-03 17:32 12528 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2007-08-24 10:04 --------- d-------- C:\DOCUME~1\teste\APPLIC~1\U3
2007-08-23 11:18 737280 --a------ C:\WINDOWS\iun6002.exe
2007-08-13 21:58 --------- d-------- C:\DOCUME~1\teste\APPLIC~1\DivX
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-05 10:13 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-06-26 08:09 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25F4C1C4-F28C-468A-A9F9-0B1FD191ADDF}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2781F56E-AA72-4C84-9A7C-76B13D3C5031}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2960AF1E-02C7-443B-A29E-CEBC1659FC82}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{38479C40-2EF2-4B29-9075-C8B53B03786C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3BD2848C-2D8B-4066-9B87-603EF424552A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414EEE6C-B6BA-4BA2-8B50-DC7129DD5CAC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{535E1DFB-7EDF-41ED-8DA5-41314F9BC1DB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5401D951-5432-40EA-822E-A34E1F271396}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6136772A-B9EE-4464-B90F-7710915C4CDA}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64B94229-7967-860A-A0C2-034C02BA876B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D5435BB-AA22-49D9-9C99-582ACB49A510}]
2007-09-12 21:43 369248 --------- C:\WINDOWS\system32\awtqr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{733E9132-53CA-4C97-9AC9-145C4502FA20}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8CECB713-A70C-4262-A6F3-FB19022B8FC0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{96D3FA2B-84A1-4C13-BED2-9241A764A678}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B6AE7F2-5357-48BF-B075-18C9DAC7136E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A20D8E1C-0BFE-4FA2-B300-5B2DC00929FC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A4D74AB8-0CC9-4BDB-97EE-ECBCB58B7A42}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B2129880-3751-4226-B081-18F4527A6D7C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E251B457-CF72-4EB0-9038-86D78BFC5ADE}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E3AF76F4-A624-4DAE-9440-B25C7725F08B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E610BABA-A511-4C36-B581-668AB55AD319}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7F6B155-53A2-48B4-8C1A-38EEEB8684FF}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EB261A3F-1304-42FB-800E-E58A0E2806D8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F1F242B8-ED5C-405B-8E13-2BECDFBAAEF4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FB02A91E-387E-43A3-9CBC-DCE818D2FA35}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"ntiMUI"="c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 17:15]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 07:00]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-05 07:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 07:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 07:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 07:00]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"Acer Empowering Technology Monitor"="C:\WINDOWS\system32\SysMonitor.exe" [2006-04-18 20:54]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 16:00]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 15:40]
"AspireService"="C:\Program Files\Acer\Acer eMode Management\AspireService.exe" [2006-08-11 17:14]
"MediaSync"="C:\Program Files\Acer\Acer eConsole\MediaSync.exe" [2006-07-06 13:03]
"PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2006-07-26 22:42]
"EPSON Stylus Photo R240 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.exe" [2005-04-25 06:00]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 19:19]
"RTHDCPL"="RTHDCPL.EXE" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-12 00:19]
"nwiz"="nwiz.exe" [2006-07-12 00:19 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-12 00:19]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-01-09 23:59]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 01:11]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 11:09]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"RegistryMechanic"="" []
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57]
"Vaderetro Outlook"="C:\PROGRA~1\GOTOSO~1\VADERE~1\VrMoRegister.exe" [2006-07-22 11:59]
"dmzihmds"="regsvr32 /u C:\Documents and Settings\All Users\Application Data\dmzihmds.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 07:00]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-06-01 08:21]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-25 17:42]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 09:27]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 12:27]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"SpybotDeletingD9972"=cmd /c del "C:\Documents and Settings\All Users\Application Data\dmzihmds.dll_old"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"RunDLL32"=C:\WINDOWS\system32\yvxadvfs.exe

C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\
Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2007-02-26 12:47:01]
Acer WLAN 11g USB Dongle.lnk - C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe [2005-11-16 20:25:14]
Wireless Configuration Utility HW.32.lnk - C:\WINDOWS\Installer\{BDC88E5A-F47B-4314-AB38-994592E32C95}\NewShortcut1_BDC88E5AF47B4314AB38994592E32C95.exe [2007-03-14 21:49:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqr]
C:\WINDOWS\system32\awtqr.dll 2007-09-12 21:43 369248 C:\WINDOWS\system32\awtqr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfcbxx]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winuqw32]

R0 stwlfbus;stwlfbus;C:\WINDOWS\system32\DRIVERS\stwlfbus.sys
R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys
R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
R2 sbbotdi;sbbotdi;\??\C:\PROGRA~1\SPEEDB~1\sbbotdi.sys
R3 int15.sys;int15.sys;\??\C:\Acer\Empowering Technology\eRecovery\int15.sys
R3 psdfilter;psdfilter;\??\C:\WINDOWS\system32\Drivers\psdfilter.sys
R3 psdvdisk;psdvdisk;\??\C:\WINDOWS\system32\Drivers\psdvdisk.sys
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys
R3 SISNPF;SIS Netgroup Packet Filter;C:\WINDOWS\system32\drivers\SISNPF.sys
R3 st3wolf;st3wolf;C:\WINDOWS\system32\DRIVERS\st3wolf.sys
S2 Ca533av;Icatch(IV) Video Camera Device;C:\WINDOWS\system32\Drivers\Ca533av.sys
S3 p2pgasvc;Authentification de groupe réseau homologue;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 p2pimsvc;Gestionnaire d'identité réseau homologue;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 p2psvc;Réseau homologue;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 PNRPSvc;Protocole de résolution de noms d'homologues;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 USBCamera;Icatch(IV) Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk533.sys
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2007-09-17 18:00:00 C:\WINDOWS\Tasks\Norton Internet Security - Analyse système complète - mathieu.job"
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-23 20:57:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-23 21:00:24 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-23 21:00
.
--- E O F ---

alors.

Tu peux arrêter les "alors" ?   Tu patientes, c'est tout.
Reposte un rapport Hijackthis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:37:33, on 23.09.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\TRENDnet\TEW-424UB\SiSWLSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE
C:\PROGRA~1\SPEEDB~1\VideoAccelerator.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Program Files\TRENDnet\TEW-424UB\TRENDnet.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jeuxvideo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB001" /M "Stylus Photo R240"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Vaderetro Outlook] "C:\PROGRA~1\GOTOSO~1\VADERE~1\VrMoRegister.exe -s"
O4 - HKLM\..\Run: [dmzihmds] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\dmzihmds.dll"
O4 - HKLM\..\RunServices: [RunDLL32] C:\WINDOWS\system32\yvxadvfs.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingD9972] cmd /c del "C:\Documents and Settings\All Users\Application Data\dmzihmds.dll_old"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: Wireless Configuration Utility HW.32.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://www.touslesdrivers.com/fichiers/hardwaredetectio...
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Unknown owner - C:\Program Files\Canon\CAL\CALMAIN.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\TRENDnet\TEW-424UB\SiSWLSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 14209 bytes

Re,

Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :



Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier ComboFix-Do.txt dans Combofix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]

jai une message d erreur de combofix quand je le lance apres avoir déplacer cfscript.txt sur lui l et je comprend pas pourquoi tu parle de combofix-do.txt


quelle est le codage tu texte cfscript.txt

Erreur ComboFix-Do.txt = CFScript.txt, désolé.

j ai un messge d erreur

erreur comspec
la variable d environement si dessus s'est trouvée corrompue
combofix a tenté ........ qui vous aide
pressez une touche pour quitter

je sais je reposte le rapport combofix

Tu peux refaire un scan Combofix ?

ComboFix 07-09-21.2 - "teste" 2007-09-25 17:37:16.3 - NTFSx86
Microsoft Windows XP dition familiale 5.1.2600.2.1252.33.1036.18.101 [GMT 2:00]
.

((((((((((((((((((((((((((((( Fichiers créés 2007-08-25 to 2007-09-25 ))))))))))))))))))))))))))))))))))))
.

2007-09-25 06:19 83,008 --a------ C:\WINDOWS\system32\jvposdoy.dll
2007-09-25 06:13 815,330 ---hs---- C:\WINDOWS\system32\rqtwa.bak2
2007-09-24 16:35 <REP> d-------- C:\DOCUME~1\teste\APPLIC~1\VadeRetro
2007-09-24 16:24 <REP> d-------- C:\DOCUME~1\teste\APPLIC~1\Nero
2007-09-24 16:15 <REP> d-------- C:\Program Files\Fichiers communs\Nero
2007-09-24 16:15 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
2007-09-23 20:46 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-23 18:41 <REP> d-------- C:\VundoFix Backups
2007-09-23 18:01 <REP> d-------- C:\Program Files\Trend Micro
2007-09-21 21:21 <REP> d-------- C:\DOCUME~1\ben\APPLIC~1\Apple Computer
2007-09-21 07:30 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-09-21 07:30 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-09-21 07:30 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-09-21 07:19 6,620 --a------ C:\WINDOWS\system32\tmp.reg
2007-09-20 21:53 <REP> d-------- C:\Program Files\7-Zip
2007-09-20 18:30 <REP> d-------- C:\DOCUME~1\ben\APPLIC~1\VadeRetro
2007-09-20 18:29 <REP> d-------- C:\Program Files\Goto Software
2007-09-20 13:23 <REP> d-------- C:\Program Files\Fichiers communs\Everstrike Software
2007-09-20 13:23 <REP> d-------- C:\Program Files\Everstrike Software
2007-09-19 13:09 <REP> d-------- C:\Program Files\EClea2_0
2007-09-16 11:15 <REP> d-------- C:\DOCUME~1\ben\APPLIC~1\CyberLink
2007-09-15 20:30 <REP> d-------- C:\DOCUME~1\ben\APPLIC~1\Ahead
2007-09-15 10:24 <REP> d-------- C:\DOCUME~1\teste\APPLIC~1\CyberLink
2007-09-14 17:55 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-12 21:43 369,248 --------- C:\WINDOWS\system32\awtqr.dll
2007-09-12 21:39 <REP> d-------- C:\WINDOWS\system32\okqipwgf
2007-09-12 18:42 <REP> d-------- C:\DOCUME~1\teste\APPLIC~1\Help
2007-09-08 11:27 <REP> d-------- C:\Program Files\Microsoft Games
2007-09-03 19:56 <REP> d-------- C:\Program Files\MSXML 4.0
2007-09-03 16:00 <REP> d-------- C:\Program Files\Alcohol Soft
2007-09-03 15:52 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-09-03 09:12 <REP> d-------- C:\DOCUME~1\teste\APPLIC~1\Ahead
2007-09-03 09:12 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
2007-09-03 09:10 <REP> d-------- C:\Program Files\Nero

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-25 14:27 --------- d-------- C:\Program Files\eMule
2007-09-25 07:32 --------- d-------- C:\Program Files\SDFix
2007-09-24 20:17 --------- d-------- C:\Program Files\Fichiers communs\Symantec Shared
2007-09-24 19:51 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-09-24 16:34 --------- d-------- C:\Program Files\LucasArts
2007-09-21 18:35 --------- d-------- C:\DOCUME~1\ben\APPLIC~1\U3
2007-09-19 18:48 --------- d-------- C:\Program Files\SpeedBit Video Accelerator
2007-09-19 18:38 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-09-18 19:31 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-18 19:30 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
2007-09-18 19:25 --------- d-------- C:\Program Files\EPSON
2007-09-18 15:27 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-09-18 15:27 60800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-09-18 15:27 123952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-09-18 15:27 10676 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-09-18 15:27 --------- d-------- C:\Program Files\Symantec
2007-09-12 11:49 --------- d-------- C:\Program Files\DivX
2007-09-03 17:32 12528 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2007-08-24 10:04 --------- d-------- C:\DOCUME~1\teste\APPLIC~1\U3
2007-08-23 11:18 737280 --a------ C:\WINDOWS\iun6002.exe
2007-08-13 21:58 --------- d-------- C:\DOCUME~1\teste\APPLIC~1\DivX
2007-08-08 09:33 132904 --a------ C:\WINDOWS\system32\drivers\imagesrv.sys
2007-08-08 09:33 11304 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys
2007-08-04 10:40 972072 --a------ C:\WINDOWS\UNRecode.exe
2007-08-04 10:10 95600 --a------ C:\WINDOWS\system32\NeroCo.dll
2007-08-03 12:52 972072 --a------ C:\WINDOWS\UNNeroMediaHome.exe
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-05 10:13 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-06-26 08:09 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
.

((((((((((((((((((((((((((((( snapshot_2007-09-23_205923.42 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 972,336 2007-03-21 19:02:12 C:\WINDOWS\UNNeroVision.exe
----a-r 25,214 2007-09-24 14:20:30 C:\WINDOWS\Installer\{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1036}\ARPPRODUCTICON.exe
----a-w 1,757,184 2006-03-17 10:45:52 C:\WINDOWS\system32\imagX7.dll
----a-w 497,296 2006-03-17 10:45:54 C:\WINDOWS\system32\imagXpr7.dll
----a-w 258,048 2006-03-17 10:45:54 C:\WINDOWS\system32\imagXR7.dll
----a-w 802,816 2006-03-17 10:45:54 C:\WINDOWS\system32\imagXRA7.dll
----a-w 82,432 2002-02-03 18:43:00 C:\WINDOWS\system32\msxml4r.dll
----a-w 368,640 2006-03-17 13:49:46 C:\WINDOWS\system32\TwnLib4.dll
----a-w 96,256 2006-12-01 14:56:00 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
----a-w 479,232 2006-12-01 14:54:32 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
----a-w 548,864 2006-12-01 14:54:34 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
----a-w 626,688 2006-12-01 14:54:32 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
----a-w 40,960 2006-12-01 16:08:00 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
----a-w 45,056 2006-12-01 16:08:00 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
----a-w 65,536 2006-12-01 16:08:00 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
----a-w 57,344 2006-12-01 16:08:00 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
----a-w 61,440 2006-12-01 16:08:00 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
----a-w 61,440 2006-12-01 16:08:00 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
----a-w 61,440 2006-12-01 16:08:00 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
----a-w 49,152 2006-12-01 16:08:00 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
----a-w 49,152 2006-12-01 16:08:00 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
----a-w 1,101,824 2006-12-01 16:25:52 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
----a-w 1,093,120 2006-12-01 16:25:56 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
----a-w 69,632 2006-12-01 16:25:58 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
----a-w 57,856 2006-12-01 16:26:00 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
.
----a-w 972,336 2007-05-15 07:45:14 C:\WINDOWS\UNNeroVision.exe
----a-w 1,568,768 2004-07-26 15:16:10 C:\WINDOWS\system32\imagX7.dll
----a-w 476,320 2004-07-26 15:16:10 C:\WINDOWS\system32\imagXpr7.dll
----a-w 262,144 2004-07-26 15:16:10 C:\WINDOWS\system32\imagXR7.dll
----a-w 471,040 2004-07-26 15:16:10 C:\WINDOWS\system32\imagXRA7.dll
----a-w 96,256 2002-02-04 01:06:14 C:\WINDOWS\system32\msxml4r.dll
----a-w 364,544 2004-07-09 07:43:56 C:\WINDOWS\system32\TwnLib4.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25F4C1C4-F28C-468A-A9F9-0B1FD191ADDF}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2781F56E-AA72-4C84-9A7C-76B13D3C5031}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2960AF1E-02C7-443B-A29E-CEBC1659FC82}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{38479C40-2EF2-4B29-9075-C8B53B03786C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3BD2848C-2D8B-4066-9B87-603EF424552A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414EEE6C-B6BA-4BA2-8B50-DC7129DD5CAC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{535E1DFB-7EDF-41ED-8DA5-41314F9BC1DB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5401D951-5432-40EA-822E-A34E1F271396}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6136772A-B9EE-4464-B90F-7710915C4CDA}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64B94229-7967-860A-A0C2-034C02BA876B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D5435BB-AA22-49D9-9C99-582ACB49A510}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8CECB713-A70C-4262-A6F3-FB19022B8FC0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{96D3FA2B-84A1-4C13-BED2-9241A764A678}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B6AE7F2-5357-48BF-B075-18C9DAC7136E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A20D8E1C-0BFE-4FA2-B300-5B2DC00929FC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A4D74AB8-0CC9-4BDB-97EE-ECBCB58B7A42}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B2129880-3751-4226-B081-18F4527A6D7C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BE6A8CFE-71F0-4121-B52D-6BA4AD9F1E29}]
2007-09-12 21:43 369248 --------- C:\WINDOWS\system32\awtqr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E251B457-CF72-4EB0-9038-86D78BFC5ADE}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E3AF76F4-A624-4DAE-9440-B25C7725F08B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E610BABA-A511-4C36-B581-668AB55AD319}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7F6B155-53A2-48B4-8C1A-38EEEB8684FF}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EA7AC04E-70F7-469A-912D-B7F3494A04D7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EB261A3F-1304-42FB-800E-E58A0E2806D8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F1F242B8-ED5C-405B-8E13-2BECDFBAAEF4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FB02A91E-387E-43A3-9CBC-DCE818D2FA35}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"ntiMUI"="c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 17:15]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 07:00]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-05 07:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 07:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 07:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 07:00]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"Acer Empowering Technology Monitor"="C:\WINDOWS\system32\SysMonitor.exe" [2006-04-18 20:54]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 16:00]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 15:40]
"AspireService"="C:\Program Files\Acer\Acer eMode Management\AspireService.exe" [2006-08-11 17:14]
"MediaSync"="C:\Program Files\Acer\Acer eConsole\MediaSync.exe" [2006-07-06 13:03]
"PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2006-07-26 22:42]
"EPSON Stylus Photo R240 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.exe" [2005-04-25 06:00]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 19:19]
"RTHDCPL"="RTHDCPL.EXE" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-12 00:19]
"nwiz"="nwiz.exe" [2006-07-12 00:19 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-12 00:19]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-01-09 23:59]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 01:11]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 11:09]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"RegistryMechanic"="" []
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 09:25]
"SearchIndexer"="C:\WINDOWS\system32\jvposdoy.dll" [2007-09-25 06:19]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 07:00]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-06-01 08:21]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-25 17:42]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" []
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 12:27]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"RunDLL32"=C:\WINDOWS\system32\yvxadvfs.exe

C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\
Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2007-02-26 12:47:01]
Acer WLAN 11g USB Dongle.lnk - C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe [2005-11-16 20:25:14]
Wireless Configuration Utility HW.32.lnk - C:\WINDOWS\Installer\{BDC88E5A-F47B-4314-AB38-994592E32C95}\NewShortcut1_BDC88E5AF47B4314AB38994592E32C95.exe [2007-03-14 21:49:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqr]
C:\WINDOWS\system32\awtqr.dll 2007-09-12 21:43 369248 C:\WINDOWS\system32\awtqr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfcbxx]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winuqw32]

R0 stwlfbus;stwlfbus;C:\WINDOWS\system32\DRIVERS\stwlfbus.sys
R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
R2 sbbotdi;sbbotdi;\??\C:\PROGRA~1\SPEEDB~1\sbbotdi.sys
R3 int15.sys;int15.sys;\??\C:\Acer\Empowering Technology\eRecovery\int15.sys
R3 psdfilter;psdfilter;\??\C:\WINDOWS\system32\Drivers\psdfilter.sys
R3 psdvdisk;psdvdisk;\??\C:\WINDOWS\system32\Drivers\psdvdisk.sys
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys
R3 SISNPF;SIS Netgroup Packet Filter;C:\WINDOWS\system32\drivers\SISNPF.sys
R3 st3wolf;st3wolf;C:\WINDOWS\system32\DRIVERS\st3wolf.sys
S2 Ca533av;Icatch(IV) Video Camera Device;C:\WINDOWS\system32\Drivers\Ca533av.sys
S3 p2pgasvc;Authentification de groupe réseau homologue;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 p2pimsvc;Gestionnaire d'identité réseau homologue;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 p2psvc;Réseau homologue;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 PNRPSvc;Protocole de résolution de noms d'homologues;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 USBCamera;Icatch(IV) Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk533.sys
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc

*Newly Created Service* - COMHOST
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-09-17 18:00:00 C:\WINDOWS\Tasks\Norton Internet Security - Analyse système complète - mathieu.job"
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-25 17:43:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-25 17:45:49
C:\ComboFix-quarantined-files.txt ... 2007-09-25 17:45
.
--- E O F ---

Tu peux réessayer le script Combofix ?

c est bon j ai fait ton truck



ComboFix 07-09-21.2 - "teste" 2007-09-25 17:59:27.4 - NTFSx86
Microsoft Windows XP dition familiale 5.1.2600.2.1252.33.1036.18.104 [GMT 2:00]
Command switches used :: C:\Documents and Settings\teste\Bureau\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\system32\awtqr.dll
C:\Documents and Settings\All Users\Application Data\dmzihmds.dll
C:\Documents and Settings\All Users\Application Data\dmzihmds.dll_old
C:\WINDOWS\system32\yvxadvfs.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\awtqr.dll

.
((((((((((((((((((((((((( Files Created from 2007-08-25 to 2007-09-25 )))))))))))))))))))))))))))))))
.

2007-09-25 06:19 83,008 --a------ C:\WINDOWS\system32\jvposdoy.dll
2007-09-25 06:13 815,330 ---hs---- C:\WINDOWS\system32\rqtwa.bak2
2007-09-24 16:35 <REP> d-------- C:\DOCUME~1\teste\APPLIC~1\VadeRetro
2007-09-24 16:24 <REP> d-------- C:\DOCUME~1\teste\APPLIC~1\Nero
2007-09-24 16:15 <REP> d-------- C:\Program Files\Fichiers communs\Nero
2007-09-24 16:15 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
2007-09-23 20:46 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-23 18:41 <REP> d-------- C:\VundoFix Backups
2007-09-23 18:01 <REP> d-------- C:\Program Files\Trend Micro
2007-09-21 21:21 <REP> d-------- C:\DOCUME~1\ben\APPLIC~1\Apple Computer
2007-09-21 07:30 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-09-21 07:30 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-09-21 07:30 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-09-21 07:19 6,620 --a------ C:\WINDOWS\system32\tmp.reg
2007-09-20 21:53 <REP> d-------- C:\Program Files\7-Zip
2007-09-20 18:30 <REP> d-------- C:\DOCUME~1\ben\APPLIC~1\VadeRetro
2007-09-20 18:29 <REP> d-------- C:\Program Files\Goto Software
2007-09-20 13:23 <REP> d-------- C:\Program Files\Fichiers communs\Everstrike Software
2007-09-20 13:23 <REP> d-------- C:\Program Files\Everstrike Software
2007-09-19 13:09 <REP> d-------- C:\Program Files\EClea2_0
2007-09-16 11:15 <REP> d-------- C:\DOCUME~1\ben\APPLIC~1\CyberLink
2007-09-15 20:30 <REP> d-------- C:\DOCUME~1\ben\APPLIC~1\Ahead
2007-09-15 10:24 <REP> d-------- C:\DOCUME~1\teste\APPLIC~1\CyberLink
2007-09-14 17:55 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-12 21:39 <REP> d-------- C:\WINDOWS\system32\okqipwgf
2007-09-12 18:42 <REP> d-------- C:\DOCUME~1\teste\APPLIC~1\Help
2007-09-08 11:27 <REP> d-------- C:\Program Files\Microsoft Games
2007-09-03 19:56 <REP> d-------- C:\Program Files\MSXML 4.0
2007-09-03 16:00 <REP> d-------- C:\Program Files\Alcohol Soft
2007-09-03 15:52 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-09-03 09:12 <REP> d-------- C:\DOCUME~1\teste\APPLIC~1\Ahead
2007-09-03 09:12 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
2007-09-03 09:10 <REP> d-------- C:\Program Files\Nero

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-25 14:27 --------- d-------- C:\Program Files\eMule
2007-09-25 07:32 --------- d-------- C:\Program Files\SDFix
2007-09-24 20:17 --------- d-------- C:\Program Files\Fichiers communs\Symantec Shared
2007-09-24 19:51 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-09-24 16:34 --------- d-------- C:\Program Files\LucasArts
2007-09-21 18:35 --------- d-------- C:\DOCUME~1\ben\APPLIC~1\U3
2007-09-19 18:48 --------- d-------- C:\Program Files\SpeedBit Video Accelerator
2007-09-19 18:38 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-09-18 19:31 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-18 19:30 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
2007-09-18 19:25 --------- d-------- C:\Program Files\EPSON
2007-09-18 15:27 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-09-18 15:27 60800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-09-18 15:27 123952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-09-18 15:27 10676 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-09-18 15:27 --------- d-------- C:\Program Files\Symantec
2007-09-12 11:49 --------- d-------- C:\Program Files\DivX
2007-09-03 17:32 12528 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2007-08-24 10:04 --------- d-------- C:\DOCUME~1\teste\APPLIC~1\U3
2007-08-23 11:18 737280 --a------ C:\WINDOWS\iun6002.exe
2007-08-13 21:58 --------- d-------- C:\DOCUME~1\teste\APPLIC~1\DivX
2007-08-08 09:33 132904 --a------ C:\WINDOWS\system32\drivers\imagesrv.sys
2007-08-08 09:33 11304 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys
2007-08-04 10:40 972072 --a------ C:\WINDOWS\UNRecode.exe
2007-08-04 10:10 95600 --a------ C:\WINDOWS\system32\NeroCo.dll
2007-08-03 12:52 972072 --a------ C:\WINDOWS\UNNeroMediaHome.exe
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-05 10:13 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-06-26 08:09 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
.

((((((((((((((((((((((((((((( snapshot_2007-09-23_205923.42 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 972,336 2007-03-21 19:02:12 C:\WINDOWS\UNNeroVision.exe
----a-r 25,214 2007-09-24 14:20:30 C:\WINDOWS\Installer\{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1036}\ARPPRODUCTICON.exe
----a-w 1,757,184 2006-03-17 10:45:52 C:\WINDOWS\system32\imagX7.dll
----a-w 497,296 2006-03-17 10:45:54 C:\WINDOWS\system32\imagXpr7.dll
----a-w 258,048 2006-03-17 10:45:54 C:\WINDOWS\system32\imagXR7.dll
----a-w 802,816 2006-03-17 10:45:54 C:\WINDOWS\system32\imagXRA7.dll
----a-w 82,432 2002-02-03 18:43:00 C:\WINDOWS\system32\msxml4r.dll
----a-w 368,640 2006-03-17 13:49:46 C:\WINDOWS\system32\TwnLib4.dll
----a-w 96,256 2006-12-01 14:56:00 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
----a-w 479,232 2006-12-01 14:54:32 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
----a-w 548,864 2006-12-01 14:54:34 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
----a-w 626,688 2006-12-01 14:54:32 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
----a-w 40,960 2006-12-01 16:08:00 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
----a-w 45,056 2006-12-01 16:08:00 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
----a-w 65,536 2006-12-01 16:08:00 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
----a-w 57,344 2006-12-01 16:08:00 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
----a-w 61,440 2006-12-01 16:08:00 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
----a-w 61,440 2006-12-01 16:08:00 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
----a-w 61,440 2006-12-01 16:08:00 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
----a-w 49,152 2006-12-01 16:08:00 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
----a-w 49,152 2006-12-01 16:08:00 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
----a-w 1,101,824 2006-12-01 16:25:52 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
----a-w 1,093,120 2006-12-01 16:25:56 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
----a-w 69,632 2006-12-01 16:25:58 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
----a-w 57,856 2006-12-01 16:26:00 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
.
----a-w 972,336 2007-05-15 07:45:14 C:\WINDOWS\UNNeroVision.exe
----a-w 1,568,768 2004-07-26 15:16:10 C:\WINDOWS\system32\imagX7.dll
----a-w 476,320 2004-07-26 15:16:10 C:\WINDOWS\system32\imagXpr7.dll
----a-w 262,144 2004-07-26 15:16:10 C:\WINDOWS\system32\imagXR7.dll
----a-w 471,040 2004-07-26 15:16:10 C:\WINDOWS\system32\imagXRA7.dll
----a-w 96,256 2002-02-04 01:06:14 C:\WINDOWS\system32\msxml4r.dll
----a-w 364,544 2004-07-09 07:43:56 C:\WINDOWS\system32\TwnLib4.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EA7AC04E-70F7-469A-912D-B7F3494A04D7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 07:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-25 17:42]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-06-01 08:21]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" []

C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\
Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2007-02-26 12:47:01]
Acer WLAN 11g USB Dongle.lnk - C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe [2005-11-16 20:25:14]
Wireless Configuration Utility HW.32.lnk - C:\WINDOWS\Installer\{BDC88E5A-F47B-4314-AB38-994592E32C95}\NewShortcut1_BDC88E5AF47B4314AB38994592E32C95.exe [2007-03-14 21:49:08]

R0 stwlfbus;stwlfbus;C:\WINDOWS\system32\DRIVERS\stwlfbus.sys
R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
R2 sbbotdi;sbbotdi;\??\C:\PROGRA~1\SPEEDB~1\sbbotdi.sys
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys
R3 SISNPF;SIS Netgroup Packet Filter;C:\WINDOWS\system32\drivers\SISNPF.sys
R3 st3wolf;st3wolf;C:\WINDOWS\system32\DRIVERS\st3wolf.sys
S2 Ca533av;Icatch(IV) Video Camera Device;C:\WINDOWS\system32\Drivers\Ca533av.sys
S3 int15.sys;int15.sys;\??\C:\Acer\Empowering Technology\eRecovery\int15.sys
S3 p2pgasvc;Authentification de groupe réseau homologue;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 p2pimsvc;Gestionnaire d'identité réseau homologue;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 p2psvc;Réseau homologue;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 PNRPSvc;Protocole de résolution de noms d'homologues;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 psdfilter;psdfilter;\??\C:\WINDOWS\system32\Drivers\psdfilter.sys
S3 psdvdisk;psdvdisk;\??\C:\WINDOWS\system32\Drivers\psdvdisk.sys
S3 USBCamera;Icatch(IV) Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk533.sys
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05cc5967-dc5f-11db-94b0-0018e7069a78}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wbsinstalls.exe
infected\command- wbsinstalls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05cc596a-dc5f-11db-94b0-0018e7069a78}]
AutoRun\command- N:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05cc596b-dc5f-11db-94b0-0018e7069a78}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wbsinstalls.exe
infected\command- wbsinstalls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31cb13a0-dc6d-11db-94b2-0018e7069a78}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wbsinstalls.exe
infected\command- G:\wbsinstalls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e12d5181-d0ab-11db-9470-0018e7069a78}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wbsinstalls.exe
infected\command- G:\wbsinstalls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e12d5187-d0ab-11db-9470-0018e7069a78}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wbsinstalls.exe
infected\command- wbsinstalls.exe

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2007-09-17 18:00:00 C:\WINDOWS\Tasks\Norton Internet Security - Analyse système complète - mathieu.job"
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-25 18:06:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-25 18:08:33 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-25 18:08
C:\ComboFix2.txt ... 2007-09-25 17:45
.
--- E O F ---

Reposte un rapport Hijackthis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:54, on 2007-09-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\TRENDnet\TEW-424UB\SiSWLSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Program Files\TRENDnet\TEW-424UB\TRENDnet.exe
C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\Program Files\Adobe\Adobe InDesign CS2\InDesign.exe
C:\DOCUME~1\ben\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Adobe\Adobe Illustrator CS2\Support Files\Contents\Windows\Illustrator.exe
C:\DOCUME~1\ben\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\DOCUME~1\ben\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {EA7AC04E-70F7-469A-912D-B7F3494A04D7} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: Wireless Configuration Utility HW.32.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://www.touslesdrivers.com/fichiers/hardwaredetectio...
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Unknown owner - C:\Program Files\Canon\CAL\CALMAIN.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\TRENDnet\TEW-424UB\SiSWLSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 12264 bytes

Re,

Utilise ce script :

ComboFix 07-09-21.2 - "ben" 2007-09-25 21:39:28.6 - NTFSx86
Microsoft Windows XP dition familiale 5.1.2600.2.1252.33.1036.18.138 [GMT 2:00]
Command switches used :: C:\Documents and Settings\teste\Bureau\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\system32\jvposdoy.dll
C:\WINDOWS\system32\rqtwa.bak2
C:\WINDOWS\iun6002.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\iun6002.exe
C:\WINDOWS\system32\jvposdoy.dll
C:\WINDOWS\system32\okqipwgf
C:\WINDOWS\system32\okqipwgf\bg1.gif
C:\WINDOWS\system32\okqipwgf\bgtop.gif
C:\WINDOWS\system32\okqipwgf\bottom1.gif
C:\WINDOWS\system32\okqipwgf\essentials.gif
C:\WINDOWS\system32\okqipwgf\icon1.ico
C:\WINDOWS\system32\okqipwgf\install1.gif
C:\WINDOWS\system32\okqipwgf\left1.gif
C:\WINDOWS\system32\okqipwgf\li.gif
C:\WINDOWS\system32\okqipwgf\logo.gif
C:\WINDOWS\system32\okqipwgf\main.htm
C:\WINDOWS\system32\okqipwgf\mainframe.htm
C:\WINDOWS\system32\okqipwgf\reinstall1.gif
C:\WINDOWS\system32\okqipwgf\right1.gif
C:\WINDOWS\system32\okqipwgf\s1.htm
C:\WINDOWS\system32\okqipwgf\s2.htm
C:\WINDOWS\system32\okqipwgf\s3.htm
C:\WINDOWS\system32\okqipwgf\SMTop1.gif
C:\WINDOWS\system32\okqipwgf\SMTop2.gif
C:\WINDOWS\system32\okqipwgf\SMTop3.gif
C:\WINDOWS\system32\okqipwgf\SMTop4.gif
C:\WINDOWS\system32\okqipwgf\soft1_off.gif
C:\WINDOWS\system32\okqipwgf\soft1_off_ext.gif
C:\WINDOWS\system32\okqipwgf\soft1_on.gif
C:\WINDOWS\system32\okqipwgf\soft1_on_ext.gif
C:\WINDOWS\system32\okqipwgf\soft2_off.gif
C:\WINDOWS\system32\okqipwgf\soft2_off_ext.gif
C:\WINDOWS\system32\okqipwgf\soft2_on.gif
C:\WINDOWS\system32\okqipwgf\soft2_on_ext.gif
C:\WINDOWS\system32\okqipwgf\soft3_off.gif
C:\WINDOWS\system32\okqipwgf\soft3_off_ext.gif
C:\WINDOWS\system32\okqipwgf\soft3_on.gif
C:\WINDOWS\system32\okqipwgf\soft3_on_ext.gif
C:\WINDOWS\system32\okqipwgf\softbottom_off.gif
C:\WINDOWS\system32\okqipwgf\softbottom_on.gif
C:\WINDOWS\system32\okqipwgf\softleft_off.gif
C:\WINDOWS\system32\okqipwgf\softleft_on.gif
C:\WINDOWS\system32\okqipwgf\top1.gif
C:\WINDOWS\system32\okqipwgf\top2.gif
C:\WINDOWS\system32\okqipwgf\turnoff1.gif
C:\WINDOWS\system32\okqipwgf\turnon1.gif
C:\WINDOWS\system32\rqtwa.bak2

.
((((((((((((((((((((((((( Files Created from 2007-08-25 to 2007-09-25 )))))))))))))))))))))))))))))))
.

2007-09-25 19:41 <REP> d-------- C:\DOCUME~1\ben\APPLIC~1\Nero
2007-09-24 16:35 <REP> d-------- C:\DOCUME~1\teste\APPLIC~1\VadeRetro
2007-09-24 16:24 <REP> d-------- C:\DOCUME~1\teste\APPLIC~1\Nero
2007-09-24 16:15 <REP> d-------- C:\Program Files\Fichiers communs\Nero
2007-09-24 16:15 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
2007-09-23 20:46 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-23 18:41 <REP> d-------- C:\VundoFix Backups
2007-09-23 18:01 <REP> d-------- C:\Program Files\Trend Micro
2007-09-21 21:21 <REP> d-------- C:\DOCUME~1\ben\APPLIC~1\Apple Computer
2007-09-21 07:30 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-09-21 07:30 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-09-21 07:30 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-09-21 07:19 6,620 --a------ C:\WINDOWS\system32\tmp.reg
2007-09-20 21:53 <REP> d-------- C:\Program Files\7-Zip
2007-09-20 18:30 <REP> d-------- C:\DOCUME~1\ben\APPLIC~1\VadeRetro
2007-09-20 18:29 <REP> d-------- C:\Program Files\Goto Software
2007-09-20 13:23 <REP> d-------- C:\Program Files\Fichiers communs\Everstrike Software
2007-09-20 13:23 <REP> d-------- C:\Program Files\Everstrike Software
2007-09-19 13:09 <REP> d-------- C:\Program Files\EClea2_0
2007-09-16 11:15 <REP> d-------- C:\DOCUME~1\ben\APPLIC~1\CyberLink
2007-09-15 20:30 <REP> d-------- C:\DOCUME~1\ben\APPLIC~1\Ahead
2007-09-15 10:24 <REP> d-------- C:\DOCUME~1\teste\APPLIC~1\CyberLink
2007-09-14 17:55 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-12 18:42 <REP> d-------- C:\DOCUME~1\teste\APPLIC~1\Help
2007-09-08 11:27 <REP> d-------- C:\Program Files\Microsoft Games
2007-09-03 19:56 <REP> d-------- C:\Program Files\MSXML 4.0
2007-09-03 16:00 <REP> d-------- C:\Program Files\Alcohol Soft
2007-09-03 15:52 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-09-03 09:12 <REP> d-------- C:\DOCUME~1\teste\APPLIC~1\Ahead
2007-09-03 09:12 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
2007-09-03 09:10 <REP> d-------- C:\Program Files\Nero

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-25 20:26 --------- d-------- C:\Program Files\Dofus
2007-09-25 19:08 --------- d-------- C:\Program Files\Fichiers communs\Symantec Shared
2007-09-25 14:27 --------- d-------- C:\Program Files\eMule
2007-09-25 07:32 --------- d-------- C:\Program Files\SDFix
2007-09-24 19:51 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-09-24 16:34 --------- d-------- C:\Program Files\LucasArts
2007-09-21 18:35 --------- d-------- C:\DOCUME~1\ben\APPLIC~1\U3
2007-09-19 18:48 --------- d-------- C:\Program Files\SpeedBit Video Accelerator
2007-09-19 18:38 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-09-18 19:31 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-18 19:30 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
2007-09-18 19:25 --------- d-------- C:\Program Files\EPSON
2007-09-18 15:27 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-09-18 15:27 60800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-09-18 15:27 123952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-09-18 15:27 10676 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-09-18 15:27 --------- d-------- C:\Program Files\Symantec
2007-09-12 11:49 --------- d-------- C:\Program Files\DivX
2007-09-03 17:32 12528 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2007-08-24 10:04 --------- d-------- C:\DOCUME~1\teste\APPLIC~1\U3
2007-08-13 21:58 --------- d-------- C:\DOCUME~1\teste\APPLIC~1\DivX
2007-08-08 09:33 132904 --a------ C:\WINDOWS\system32\drivers\imagesrv.sys
2007-08-08 09:33 11304 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys
2007-08-04 10:40 972072 --a------ C:\WINDOWS\UNRecode.exe
2007-08-04 10:10 95600 --a------ C:\WINDOWS\system32\NeroCo.dll
2007-08-03 12:52 972072 --a------ C:\WINDOWS\UNNeroMediaHome.exe
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-05 10:13 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-06-26 08:09 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
.

((((((((((((((((((((((((((((( snapshot_2007-09-23_205923.42 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 972,336 2007-03-21 19:02:12 C:\WINDOWS\UNNeroVision.exe
----a-r 25,214 2007-09-24 14:20:30 C:\WINDOWS\Installer\{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1036}\ARPPRODUCTICON.exe
----a-w 1,757,184 2006-03-17 10:45:52 C:\WINDOWS\system32\imagX7.dll
----a-w 497,296 2006-03-17 10:45:54 C:\WINDOWS\system32\imagXpr7.dll
----a-w 258,048 2006-03-17 10:45:54 C:\WINDOWS\system32\imagXR7.dll
----a-w 802,816 2006-03-17 10:45:54 C:\WINDOWS\system32\imagXRA7.dll
----a-w 82,432 2002-02-03 18:43:00 C:\WINDOWS\system32\msxml4r.dll
----a-w 368,640 2006-03-17 13:49:46 C:\WINDOWS\system32\TwnLib4.dll
----a-w 96,256 2006-12-01 14:56:00 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
----a-w 479,232 2006-12-01 14:54:32 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
----a-w 548,864 2006-12-01 14:54:34 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
----a-w 626,688 2006-12-01 14:54:32 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
----a-w 40,960 2006-12-01 16:08:00 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
----a-w 45,056 2006-12-01 16:08:00 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
----a-w 65,536 2006-12-01 16:08:00 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
----a-w 57,344 2006-12-01 16:08:00 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
----a-w 61,440 2006-12-01 16:08:00 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
----a-w 61,440 2006-12-01 16:08:00 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
----a-w 61,440 2006-12-01 16:08:00 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
----a-w 49,152 2006-12-01 16:08:00 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
----a-w 49,152 2006-12-01 16:08:00 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
----a-w 1,101,824 2006-12-01 16:25:52 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
----a-w 1,093,120 2006-12-01 16:25:56 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
----a-w 69,632 2006-12-01 16:25:58 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
----a-w 57,856 2006-12-01 16:26:00 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
.
----a-w 972,336 2007-05-15 07:45:14 C:\WINDOWS\UNNeroVision.exe
----a-w 1,568,768 2004-07-26 15:16:10 C:\WINDOWS\system32\imagX7.dll
----a-w 476,320 2004-07-26 15:16:10 C:\WINDOWS\system32\imagXpr7.dll
----a-w 262,144 2004-07-26 15:16:10 C:\WINDOWS\system32\imagXR7.dll
----a-w 471,040 2004-07-26 15:16:10 C:\WINDOWS\system32\imagXRA7.dll
----a-w 96,256 2002-02-04 01:06:14 C:\WINDOWS\system32\msxml4r.dll
----a-w 364,544 2004-07-09 07:43:56 C:\WINDOWS\system32\TwnLib4.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EA7AC04E-70F7-469A-912D-B7F3494A04D7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-12 00:19]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 07:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-25 17:42]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-06-01 08:21]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" []

C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\
Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2007-02-26 12:47:01]
Acer WLAN 11g USB Dongle.lnk - C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe [2005-11-16 20:25:14]
Wireless Configuration Utility HW.32.lnk - C:\WINDOWS\Installer\{BDC88E5A-F47B-4314-AB38-994592E32C95}\NewShortcut1_BDC88E5AF47B4314AB38994592E32C95.exe [2007-03-14 21:49:08]

R0 stwlfbus;stwlfbus;C:\WINDOWS\system32\DRIVERS\stwlfbus.sys
R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
R2 sbbotdi;sbbotdi;\??\C:\PROGRA~1\SPEEDB~1\sbbotdi.sys
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys
R3 SISNPF;SIS Netgroup Packet Filter;C:\WINDOWS\system32\drivers\SISNPF.sys
R3 st3wolf;st3wolf;C:\WINDOWS\system32\DRIVERS\st3wolf.sys
S2 Ca533av;Icatch(IV) Video Camera Device;C:\WINDOWS\system32\Drivers\Ca533av.sys
S3 int15.sys;int15.sys;\??\C:\Acer\Empowering Technology\eRecovery\int15.sys
S3 p2pgasvc;Authentification de groupe réseau homologue;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 p2pimsvc;Gestionnaire d'identité réseau homologue;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 p2psvc;Réseau homologue;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 PNRPSvc;Protocole de résolution de noms d'homologues;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 psdfilter;psdfilter;\??\C:\WINDOWS\system32\Drivers\psdfilter.sys
S3 psdvdisk;psdvdisk;\??\C:\WINDOWS\system32\Drivers\psdvdisk.sys
S3 USBCamera;Icatch(IV) Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk533.sys
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05cc596a-dc5f-11db-94b0-0018e7069a78}]
AutoRun\command- N:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05cc596b-dc5f-11db-94b0-0018e7069a78}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wbsinstalls.exe
infected\command- wbsinstalls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31cb13a0-dc6d-11db-94b2-0018e7069a78}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wbsinstalls.exe
infected\command- G:\wbsinstalls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e12d5181-d0ab-11db-9470-0018e7069a78}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wbsinstalls.exe
infected\command- G:\wbsinstalls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e12d5187-d0ab-11db-9470-0018e7069a78}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wbsinstalls.exe
infected\command- wbsinstalls.exe

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2007-09-17 18:00:00 C:\WINDOWS\Tasks\Norton Internet Security - Analyse système complète - mathieu.job"
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-25 21:45:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-25 21:47:11 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-25 21:47
C:\ComboFix2.txt ... 2007-09-25 18:08
C:\ComboFix3.txt ... 2007-09-25 17:45
.
--- E O F ---

Reposte un rapport Hijackthis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:45, on 2007-09-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\TRENDnet\TEW-424UB\TRENDnet.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\TRENDnet\TEW-424UB\SiSWLSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Emule Speed Booster\Emule Speed Booster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {EA7AC04E-70F7-469A-912D-B7F3494A04D7} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: Wireless Configuration Utility HW.32.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://www.touslesdrivers.com/fichiers/hardwaredetectio...
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Unknown owner - C:\Program Files\Canon\CAL\CALMAIN.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\TRENDnet\TEW-424UB\SiSWLSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 11737 bytes

Mieux ?

1 er je n ais plus c est fenetre internet qui apparait
2em je ne n ai plus mon anti virus qui me dit qui détecte un virus
3em au démarage apparament je n ai plus de probléme de fichier dll
4 em je n ai plus de fentre de service débogage
et je pense quand mode sans échec sa devrai marchait
Je te dit merci, trop sympa a+




mon probléme est résolue

Bonne continuation alors