[Résolu] Ultimate cleaner et defender

Bonjour,

Télécharge puis installe Hijackthis (Trend Micro).
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2

Voila le rapport: (merci de l'aide en tout cas)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:50:31, on 23/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Avast\aswUpdSv.exe
D:\Program Files\Avast\ashServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
D:\PROGRA~1\Avast\ashDisp.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\QuickTime\QTTask.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\yhlmwxce.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
D:\Program Files\Avast\ashMaiSv.exe
D:\Program Files\Avast\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Counter\Steam.exe
D:\Program Files\Mozilla\firefox.exe
C:\Documents and Settings\Damien\Application Data\SopCast\adv\SopAdver.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\APPS\ODP\OD2State.exe
D:\Program Files\WinRar\WinRAR.exe
C:\DOCUME~1\Damien\LOCALS~1\Temp\Rar$EX00.938\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [gpijwfuv] rundll32.exe "C:\Program Files\gpijwfuv\ivmzupyv.dll",Init
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\dm\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [20bfbf54] rundll32.exe "C:\WINDOWS\system32\lmradmrq.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [1voIp469zJ] rundll32.exe "C:\WINDOWS\system32\ndaTqsVqrX.dll",DllCleanServer
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Sitecom WLAN Client Utility.lnk = D:\Program Files\Wifi\WLANUTL.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Avast\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Avast\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\yhlmwxce.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 7788 bytes

Re,

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.

Double-clique VundoFix.exe afin de le lancer

Clique sur le bouton Scan for Vundo

Lorsque le scan est complété, clique sur le bouton Remove Vundo

Une invite te demandera si tu veux supprimer les fichiers, clique YES

Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers

Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK

Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

avec ce genre de virus une bonne vieille restauration à une date anterieure à l infection et c est reparti comme en 40 !!

Ou pas  

Voila sa c'est le rapport de vundofix:

VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Scan started at 12:57:39 24/12/2007

Listing files found while scanning....

C:\WINDOWS\system32\agilurtd.dll
C:\WINDOWS\system32\csyttcfl.dll
C:\WINDOWS\system32\dkhgavly.exe
C:\WINDOWS\system32\eavhlijh.exe
C:\WINDOWS\system32\ecdmoqne.dll
C:\WINDOWS\system32\efcawxw.dll
C:\WINDOWS\system32\enlvghbk.exe
C:\WINDOWS\system32\eqtvqaig.exe
C:\WINDOWS\system32\fdpgreqw.exe
C:\WINDOWS\system32\iifyyfma.dll
C:\WINDOWS\system32\ijkkj.ini
C:\WINDOWS\system32\ijkkj.ini2
C:\WINDOWS\system32\jicsslup.exe
C:\WINDOWS\system32\jkkji.dll
C:\WINDOWS\system32\jsgmnqpt.dll
C:\WINDOWS\system32\khfcyxv.dll
C:\WINDOWS\system32\kmgqxqnr.dll
C:\WINDOWS\system32\ksrmmgxk.dll
C:\WINDOWS\system32\lhubuffh.dll
C:\WINDOWS\system32\lmradmrq.dll
C:\WINDOWS\system32\niehdyjp.exe
C:\WINDOWS\system32\ocxjsbkf.dll
C:\WINDOWS\system32\pjdrcsda.dll
C:\WINDOWS\system32\ripojtvn.exe
C:\WINDOWS\system32\rslcfuit.dll
C:\WINDOWS\system32\tgflnola.dll
C:\WINDOWS\system32\ufdvrtwu.exe
C:\WINDOWS\system32\uhcssvuj.dll
C:\WINDOWS\system32\uvmwjupl.dll
C:\WINDOWS\system32\vsolxwis.dll
C:\WINDOWS\system32\wpiyqolq.exe
C:\WINDOWS\system32\wqerptum.dll
C:\WINDOWS\system32\wvutrss.dll
C:\WINDOWS\system32\xqplvrng.dll
C:\WINDOWS\system32\xvrdssdu.exe
C:\WINDOWS\system32\ydluxaol.exe
C:\WINDOWS\system32\yhlmwxce.exe
C:\WINDOWS\system32\yitqgbxw.exe

Beginning removal...

Attempting to delete C:\WINDOWS\system32\agilurtd.dll
C:\WINDOWS\system32\agilurtd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\csyttcfl.dll
C:\WINDOWS\system32\csyttcfl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\dkhgavly.exe
C:\WINDOWS\system32\dkhgavly.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\eavhlijh.exe
C:\WINDOWS\system32\eavhlijh.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ecdmoqne.dll
C:\WINDOWS\system32\ecdmoqne.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\efcawxw.dll
C:\WINDOWS\system32\efcawxw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\enlvghbk.exe
C:\WINDOWS\system32\enlvghbk.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\eqtvqaig.exe
C:\WINDOWS\system32\eqtvqaig.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\fdpgreqw.exe
C:\WINDOWS\system32\fdpgreqw.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\iifyyfma.dll
C:\WINDOWS\system32\iifyyfma.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ijkkj.ini
C:\WINDOWS\system32\ijkkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ijkkj.ini2
C:\WINDOWS\system32\ijkkj.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\jicsslup.exe
C:\WINDOWS\system32\jicsslup.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkji.dll
C:\WINDOWS\system32\jkkji.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jsgmnqpt.dll
C:\WINDOWS\system32\jsgmnqpt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\khfcyxv.dll
C:\WINDOWS\system32\khfcyxv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\kmgqxqnr.dll
C:\WINDOWS\system32\kmgqxqnr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ksrmmgxk.dll
C:\WINDOWS\system32\ksrmmgxk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\lhubuffh.dll
C:\WINDOWS\system32\lhubuffh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\lmradmrq.dll
C:\WINDOWS\system32\lmradmrq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\niehdyjp.exe
C:\WINDOWS\system32\niehdyjp.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ocxjsbkf.dll
C:\WINDOWS\system32\ocxjsbkf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pjdrcsda.dll
C:\WINDOWS\system32\pjdrcsda.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ripojtvn.exe
C:\WINDOWS\system32\ripojtvn.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\rslcfuit.dll
C:\WINDOWS\system32\rslcfuit.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tgflnola.dll
C:\WINDOWS\system32\tgflnola.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ufdvrtwu.exe
C:\WINDOWS\system32\ufdvrtwu.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\uhcssvuj.dll
C:\WINDOWS\system32\uhcssvuj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\uvmwjupl.dll
C:\WINDOWS\system32\uvmwjupl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vsolxwis.dll
C:\WINDOWS\system32\vsolxwis.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wpiyqolq.exe
C:\WINDOWS\system32\wpiyqolq.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\wqerptum.dll
C:\WINDOWS\system32\wqerptum.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wvutrss.dll
C:\WINDOWS\system32\wvutrss.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\xqplvrng.dll
C:\WINDOWS\system32\xqplvrng.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xvrdssdu.exe
C:\WINDOWS\system32\xvrdssdu.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ydluxaol.exe
C:\WINDOWS\system32\ydluxaol.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\yhlmwxce.exe
C:\WINDOWS\system32\yhlmwxce.exe Could not be deleted.

Attempting to delete C:\WINDOWS\system32\yitqgbxw.exe
C:\WINDOWS\system32\yitqgbxw.exe Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\wvutrss.dll
C:\WINDOWS\system32\wvutrss.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yhlmwxce.exe
C:\WINDOWS\system32\yhlmwxce.exe Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

On continue :

Désactive tes protections résidentes (antivirus...) ![/#f]

Télécharge [#ff0000]combofix.exe

(par sUBs) sur ton Bureau.

Double clique combofix.exe.

Tape sur la touche 1 (Yes) pour démarrer le scan.

Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Et s'en suit celui de HiJackThis: (merci beaucoup de ton aide AngelDark)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:33:53, on 24/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
D:\Program Files\Avast\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\yhlmwxce.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
D:\Program Files\Avast\ashMaiSv.exe
D:\Program Files\Avast\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
D:\PROGRA~1\Avast\ashDisp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\apps\ABoard\AOSD.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Mozilla\firefox.exe
D:\Program Files\WinRar\WinRAR.exe
C:\DOCUME~1\Damien\LOCALS~1\Temp\Rar$EX00.625\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1A0C18BA-DD63-4347-A683-E1DA1AA72DBB} - C:\WINDOWS\system32\jkkji.dll (file missing)
O2 - BHO: (no name) - {6D1830D6-4F84-46BF-A592-1DFA80144DF6} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: {5fb93449-cf16-e939-1de4-b75717fcbe9f} - {f9ebcf71-757b-4ed1-939e-61fc94439bf5} - C:\WINDOWS\system32\wqerptum.dll (file missing)
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [gpijwfuv] rundll32.exe "C:\Program Files\gpijwfuv\ivmzupyv.dll",Init
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\dm\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [20bfbf54] rundll32.exe "C:\WINDOWS\system32\lmradmrq.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [1voIp469zJ] rundll32.exe "C:\WINDOWS\system32\ndaTqsVqrX.dll",DllCleanServer
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Sitecom WLAN Client Utility.lnk = D:\Program Files\Wifi\WLANUTL.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O20 - Winlogon Notify: wintfj32 - wintfj32.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Avast\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Avast\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\yhlmwxce.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8309 bytes

Et s'en suit celui de HiJackThis: (merci beaucoup de ton aide AngelDark)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:33:53, on 24/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
D:\Program Files\Avast\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\yhlmwxce.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
D:\Program Files\Avast\ashMaiSv.exe
D:\Program Files\Avast\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
D:\PROGRA~1\Avast\ashDisp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\apps\ABoard\AOSD.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Mozilla\firefox.exe
D:\Program Files\WinRar\WinRAR.exe
C:\DOCUME~1\Damien\LOCALS~1\Temp\Rar$EX00.625\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1A0C18BA-DD63-4347-A683-E1DA1AA72DBB} - C:\WINDOWS\system32\jkkji.dll (file missing)
O2 - BHO: (no name) - {6D1830D6-4F84-46BF-A592-1DFA80144DF6} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: {5fb93449-cf16-e939-1de4-b75717fcbe9f} - {f9ebcf71-757b-4ed1-939e-61fc94439bf5} - C:\WINDOWS\system32\wqerptum.dll (file missing)
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [gpijwfuv] rundll32.exe "C:\Program Files\gpijwfuv\ivmzupyv.dll",Init
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\dm\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [20bfbf54] rundll32.exe "C:\WINDOWS\system32\lmradmrq.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [1voIp469zJ] rundll32.exe "C:\WINDOWS\system32\ndaTqsVqrX.dll",DllCleanServer
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Sitecom WLAN Client Utility.lnk = D:\Program Files\Wifi\WLANUTL.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O20 - Winlogon Notify: wintfj32 - wintfj32.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Avast\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Avast\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\yhlmwxce.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8309 bytes

Tu as vu mon message ?

Oui j'ai vu, voila le rapport combofix:

ComboFix 07-12-21.4 - Damien 2007-12-24 13:39:16.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.589 [GMT 1:00]
Running from: D:\Mes Documents\Firefox dL\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\gpijwfuv
C:\Program Files\gpijwfuv\ivmzupyv.dll
C:\Program Files\SecCenter
C:\Program Files\SecCenter\scprot4.exe
C:\Program Files\SecCenter\scprot4.exe.bak
C:\WINDOWS\PerfInfo
C:\WINDOWS\PerfInfo\1voIp469zJuc.exe
C:\WINDOWS\PerfInfo\1voIp469zJud.exe
C:\WINDOWS\system32\gjisfclw
C:\WINDOWS\system32\gjisfclw\bg1.gif
C:\WINDOWS\system32\gjisfclw\bgtop.gif
C:\WINDOWS\system32\gjisfclw\bottom1.gif
C:\WINDOWS\system32\gjisfclw\essentials.gif
C:\WINDOWS\system32\gjisfclw\gjisfclw1.exe
C:\WINDOWS\system32\gjisfclw\gjisfclw2.exe
C:\WINDOWS\system32\gjisfclw\gjisfclw3.exe
C:\WINDOWS\system32\gjisfclw\icon1.ico
C:\WINDOWS\system32\gjisfclw\install1.gif
C:\WINDOWS\system32\gjisfclw\left1.gif
C:\WINDOWS\system32\gjisfclw\li.gif
C:\WINDOWS\system32\gjisfclw\logo.gif
C:\WINDOWS\system32\gjisfclw\main.htm
C:\WINDOWS\system32\gjisfclw\mainframe.htm
C:\WINDOWS\system32\gjisfclw\reinstall1.gif
C:\WINDOWS\system32\gjisfclw\right1.gif
C:\WINDOWS\system32\gjisfclw\s1.htm
C:\WINDOWS\system32\gjisfclw\s2.htm
C:\WINDOWS\system32\gjisfclw\s3.htm
C:\WINDOWS\system32\gjisfclw\SMTop1.gif
C:\WINDOWS\system32\gjisfclw\SMTop2.gif
C:\WINDOWS\system32\gjisfclw\SMTop3.gif
C:\WINDOWS\system32\gjisfclw\SMTop4.gif
C:\WINDOWS\system32\gjisfclw\soft1_off.gif
C:\WINDOWS\system32\gjisfclw\soft1_off_ext.gif
C:\WINDOWS\system32\gjisfclw\soft1_on.gif
C:\WINDOWS\system32\gjisfclw\soft1_on_ext.gif
C:\WINDOWS\system32\gjisfclw\soft2_off.gif
C:\WINDOWS\system32\gjisfclw\soft2_off_ext.gif
C:\WINDOWS\system32\gjisfclw\soft2_on.gif
C:\WINDOWS\system32\gjisfclw\soft2_on_ext.gif
C:\WINDOWS\system32\gjisfclw\soft3_off.gif
C:\WINDOWS\system32\gjisfclw\soft3_off_ext.gif
C:\WINDOWS\system32\gjisfclw\soft3_on.gif
C:\WINDOWS\system32\gjisfclw\soft3_on_ext.gif
C:\WINDOWS\system32\gjisfclw\softbottom_off.gif
C:\WINDOWS\system32\gjisfclw\softbottom_on.gif
C:\WINDOWS\system32\gjisfclw\softleft_off.gif
C:\WINDOWS\system32\gjisfclw\softleft_on.gif
C:\WINDOWS\system32\gjisfclw\top1.gif
C:\WINDOWS\system32\gjisfclw\top2.gif
C:\WINDOWS\system32\gjisfclw\turnoff1.gif
C:\WINDOWS\system32\gjisfclw\turnon1.gif
C:\WINDOWS\system32\skjlrsjp
C:\WINDOWS\system32\skjlrsjp\bg1.gif
C:\WINDOWS\system32\skjlrsjp\bgtop.gif
C:\WINDOWS\system32\skjlrsjp\bottom1.gif
C:\WINDOWS\system32\skjlrsjp\essentials.gif
C:\WINDOWS\system32\skjlrsjp\icon1.ico
C:\WINDOWS\system32\skjlrsjp\install1.gif
C:\WINDOWS\system32\skjlrsjp\left1.gif
C:\WINDOWS\system32\skjlrsjp\li.gif
C:\WINDOWS\system32\skjlrsjp\logo.gif
C:\WINDOWS\system32\skjlrsjp\main.htm
C:\WINDOWS\system32\skjlrsjp\mainframe.htm
C:\WINDOWS\system32\skjlrsjp\reinstall1.gif
C:\WINDOWS\system32\skjlrsjp\right1.gif
C:\WINDOWS\system32\skjlrsjp\s1.htm
C:\WINDOWS\system32\skjlrsjp\s2.htm
C:\WINDOWS\system32\skjlrsjp\s3.htm
C:\WINDOWS\system32\skjlrsjp\skjlrsjp1.exe
C:\WINDOWS\system32\skjlrsjp\skjlrsjp2.exe
C:\WINDOWS\system32\skjlrsjp\skjlrsjp3.exe
C:\WINDOWS\system32\skjlrsjp\SMTop1.gif
C:\WINDOWS\system32\skjlrsjp\SMTop2.gif
C:\WINDOWS\system32\skjlrsjp\SMTop3.gif
C:\WINDOWS\system32\skjlrsjp\SMTop4.gif
C:\WINDOWS\system32\skjlrsjp\soft1_off.gif
C:\WINDOWS\system32\skjlrsjp\soft1_off_ext.gif
C:\WINDOWS\system32\skjlrsjp\soft1_on.gif
C:\WINDOWS\system32\skjlrsjp\soft1_on_ext.gif
C:\WINDOWS\system32\skjlrsjp\soft2_off.gif
C:\WINDOWS\system32\skjlrsjp\soft2_off_ext.gif
C:\WINDOWS\system32\skjlrsjp\soft2_on.gif
C:\WINDOWS\system32\skjlrsjp\soft2_on_ext.gif
C:\WINDOWS\system32\skjlrsjp\soft3_off.gif
C:\WINDOWS\system32\skjlrsjp\soft3_off_ext.gif
C:\WINDOWS\system32\skjlrsjp\soft3_on.gif
C:\WINDOWS\system32\skjlrsjp\soft3_on_ext.gif
C:\WINDOWS\system32\skjlrsjp\softbottom_off.gif
C:\WINDOWS\system32\skjlrsjp\softbottom_on.gif
C:\WINDOWS\system32\skjlrsjp\softleft_off.gif
C:\WINDOWS\system32\skjlrsjp\softleft_on.gif
C:\WINDOWS\system32\skjlrsjp\top1.gif
C:\WINDOWS\system32\skjlrsjp\top2.gif
C:\WINDOWS\system32\skjlrsjp\turnoff1.gif
C:\WINDOWS\system32\skjlrsjp\turnon1.gif
C:\WINDOWS\system32\tewcxjku.dll
C:\WINDOWS\system32\yhlmwxce.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-24 to 2007-12-24 ))))))))))))))))))))))))))))))))))))
.

2007-12-24 13:42 . 2007-12-24 13:42 <REP> d-------- C:\WINDOWS\PerfInfo
2007-12-24 12:57 . 2007-12-24 13:12 <REP> d-------- C:\VundoFix Backups
2007-12-23 17:34 . 2007-12-24 10:05 843,490 ---hs---- C:\WINDOWS\system32\qrmdarml.ini
2007-12-23 16:24 . 2007-12-23 16:24 <REP> d-------- C:\WINDOWS\ppqvmpqr
2007-12-23 16:24 . 2007-12-23 16:24 208,896 --a------ C:\WINDOWS\system32\ndaTqsVqrX.dll
2007-12-22 17:38 . 2007-12-23 16:50 843,370 ---hs---- C:\WINDOWS\system32\thqkdgdj.ini
2007-12-21 17:30 . 2007-12-22 17:32 868,962 ---hs---- C:\WINDOWS\system32\ltbhpomy.ini
2007-12-20 09:01 . 2007-12-21 17:29 901,258 ---hs---- C:\WINDOWS\system32\jmfaskxa.ini
2007-12-19 00:01 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2007-12-19 00:01 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2007-12-19 00:00 . 2007-12-19 00:00 <REP> d-------- C:\WINDOWS\Downloaded Installations
2007-12-18 23:33 . 2007-12-20 08:56 874,123 ---hs---- C:\WINDOWS\system32\vjanoitp.ini
2007-12-17 22:03 . 2007-12-18 23:31 878,492 ---hs---- C:\WINDOWS\system32\stuedgbq.ini
2007-12-17 20:08 . 2004-08-18 09:34 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2007-12-16 22:01 . 2007-12-17 22:01 862,716 ---hs---- C:\WINDOWS\system32\bxumriqk.ini
2007-12-16 21:59 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-13 23:05 . 2007-12-16 21:56 909,875 ---hs---- C:\WINDOWS\system32\pruligrr.ini
2007-12-12 23:03 . 2007-12-13 23:04 948,733 ---hs---- C:\WINDOWS\system32\vgkcyxti.ini
2007-12-11 23:01 . 2007-12-12 23:01 889,050 ---hs---- C:\WINDOWS\system32\thoyadhy.ini
2007-12-10 20:37 . 2007-12-11 22:56 991,324 ---hs---- C:\WINDOWS\system32\juhcaoss.ini
2007-12-09 20:42 . 2007-12-10 18:22 834,220 ---hs---- C:\WINDOWS\system32\motbaphw.ini
2007-12-09 12:21 . 2007-12-09 12:22 834,100 ---hs---- C:\WINDOWS\system32\owwifcbh.ini
2007-12-08 12:18 . 2007-12-08 12:19 834,760 ---hs---- C:\WINDOWS\system32\gnrvlpqx.ini
2007-12-07 08:09 . 2007-12-08 12:16 856,298 ---hs---- C:\WINDOWS\system32\noulongh.ini
2007-12-06 00:54 . 2007-12-07 07:55 833,175 ---hs---- C:\WINDOWS\system32\myssjfyr.ini
2007-12-06 00:40 . 2007-12-06 00:41 <REP> d-------- C:\Program Files\Hvmqsqsc
2007-12-04 22:21 . 2007-12-04 22:22 153 --a------ C:\WINDOWS\wininit.ini
2007-12-04 21:23 . 2007-12-06 00:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-04 20:31 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-04 18:30 . 2007-12-06 00:40 807,588 ---hs---- C:\WINDOWS\system32\iclgydkk.ini
2007-12-03 18:30 . 2007-12-04 17:26 792,829 ---hs---- C:\WINDOWS\system32\ywyfhblj.ini
2007-12-02 22:59 . 2006-10-04 15:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
2007-12-02 22:59 . 2006-10-04 15:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2007-12-02 22:59 . 2006-10-04 15:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb
2007-12-02 22:58 . 2007-12-02 22:58 <REP> d-------- C:\Program Files\Windows Media Connect 2
2007-12-02 22:56 . 2007-12-02 22:57 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-12-02 18:34 . 2007-12-02 18:34 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-12-02 13:54 . 2007-12-03 18:16 792,649 ---hs---- C:\WINDOWS\system32\qfceeobd.ini
2007-12-01 16:24 . 2007-12-01 16:24 <REP> d-------- C:\Documents and Settings\Damien\Application Data\Microsoft Games
2007-12-01 13:46 . 2007-12-01 13:46 <REP> d-------- C:\Program Files\Qlhufzpo
2007-11-25 20:42 . 2007-11-25 20:44 <REP> d-------- C:\Documents and Settings\Damien\Application Data\SopCast

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-21 21:01 --------- d-----w C:\Documents and Settings\Damien\Application Data\LimeWire
2007-12-16 20:59 --------- d-----w C:\Program Files\Java
2007-12-12 08:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-02 11:21 --------- d-----w C:\Documents and Settings\Damien\Application Data\Azureus
2007-12-01 12:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-22 15:07 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-22 15:07 22,328 ----a-w C:\Documents and Settings\Damien\Application Data\PnkBstrK.sys
2007-11-21 21:51 --------- d-----w C:\Program Files\Fichiers communs\DirectX
2007-11-21 21:44 --------- d--h--r C:\Documents and Settings\Damien\Application Data\SecuROM
2007-11-20 17:37 --------- d-----w C:\Program Files\Axon Data
2007-11-16 15:13 --------- d-----w C:\Program Files\Fichiers communs\SureThing Shared
2007-11-16 15:13 --------- d-----w C:\Documents and Settings\Damien\Application Data\Sonic
2007-11-16 15:13 --------- d-----w C:\Documents and Settings\Damien\Application Data\Leadertech
2007-11-15 06:08 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-13 19:33 --------- d-----w C:\Program Files\Windows Desktop Search
2007-11-13 17:56 --------- d-----w C:\Documents and Settings\Damien\Application Data\CyberLink
2007-11-13 17:36 --------- d-----w C:\Program Files\MSN Messenger
2007-11-13 17:35 --------- d-----w C:\Documents and Settings\Damien\Application Data\vlc
2007-11-13 17:27 --------- d-----w C:\Documents and Settings\Damien\Application Data\Apple Computer
2007-11-13 17:26 --------- d-----w C:\Program Files\QuickTime
2007-11-13 17:26 --------- d-----w C:\Program Files\iPod
2007-11-13 17:26 --------- d-----w C:\Program Files\Fichiers communs\Apple
2007-11-13 17:26 --------- d-----w C:\Program Files\Apple Software Update
2007-11-13 17:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-13 17:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-13 06:11 --------- d-----w C:\Documents and Settings\Damien\Application Data\OD2
2007-11-11 21:38 --------- d-----w C:\Program Files\MSBuild
2007-11-11 21:38 --------- d-----w C:\Program Files\Microsoft Works
2007-11-11 21:37 --------- d-----w C:\Program Files\Microsoft.NET
2007-11-11 21:03 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-11-11 19:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2007-11-11 17:46 --------- d-----w C:\Documents and Settings\Damien\Application Data\AdobeUM
2007-11-09 02:16 --------- d-----w C:\Program Files\AOL 9.0
2007-11-09 02:13 --------- d-----w C:\Program Files\Services en ligne
2007-11-09 02:12 --------- d-----w C:\Program Files\Fichiers communs\Sonic Shared
2007-11-09 02:12 --------- d-----w C:\Program Files\Fichiers communs\aolshare
2007-11-09 02:12 --------- d-----w C:\Program Files\Fichiers communs\AOL
2007-11-09 02:11 --------- d-----w C:\Program Files\AOL Compagnon
2007-11-09 02:10 --------- d-----w C:\Program Files\Windows Media Components
2007-11-09 02:10 --------- d-----w C:\Program Files\Viewpoint
2007-11-09 02:10 --------- d-----w C:\Program Files\Ulead Systems
2007-11-09 02:10 --------- d-----w C:\Program Files\Sonic
2007-11-09 02:10 --------- d-----w C:\Program Files\Real
2007-11-09 02:10 --------- d-----w C:\Program Files\Norman
2007-11-09 02:10 --------- d-----w C:\Program Files\microsoft frontpage
2007-11-09 02:10 --------- d-----w C:\Program Files\Learn2.com
2007-11-09 02:10 --------- d-----w C:\Program Files\GMixon
2007-11-09 02:10 --------- d-----w C:\Program Files\Fichiers communs\xing shared
2007-11-09 02:10 --------- d-----w C:\Program Files\Fichiers communs\Ulead Systems
2007-11-09 02:10 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
2007-11-09 02:10 --------- d-----w C:\Program Files\Fichiers communs\Real
2007-11-09 02:10 --------- d-----w C:\Program Files\Fichiers communs\ODBC
2007-11-09 02:10 --------- d-----w C:\Program Files\Fichiers communs\Nullsoft
2007-11-09 02:10 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
2007-11-09 02:10 --------- d-----w C:\Program Files\Fichiers communs\Java
2007-11-09 02:10 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-11-09 02:10 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-11-09 02:10 --------- d-----w C:\Program Files\CyberLink
2007-11-09 02:10 --------- d-----w C:\Program Files\AMD
2007-11-08 20:23 --------- d-----w C:\Program Files\MSXML 4.0
2007-11-08 17:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-11-08 17:52 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-11-08 17:26 --------- d-----w C:\Documents and Settings\Damien\Application Data\Talkback
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1A0C18BA-DD63-4347-A683-E1DA1AA72DBB}]
C:\WINDOWS\system32\jkkji.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f9ebcf71-757b-4ed1-939e-61fc94439bf5}]
C:\WINDOWS\system32\wqerptum.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 17:48 C:\WINDOWS\SOUNDMAN.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"Ulead AutoDetector v2"="C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 10:43]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 12:48]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 13:00]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 10:31]
"avast!"="D:\PROGRA~1\Avast\ashDisp.exe" [2007-12-04 14:00]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 13:00 C:\WINDOWS\system32\bthprops.cpl]
"DAEMON Tools-1033"="D:\Program Files\dm\daemon.exe" [2004-08-22 17:05]
"20bfbf54"="C:\WINDOWS\system32\lmradmrq.dll" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wintfj32]
wintfj32.dll

R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-05-27 11:51]
R3 STCWL;Sitecom 802.11g WL-140/141 Driver;C:\WINDOWS\system32\DRIVERS\wlanCIG.sys [2005-03-01 18:27]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{306816fb-9455-11dc-94a5-00038a000015}]
\Shell\AutoRun\command - J:\Launcher\LAUNCHER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aba5157d-9771-11dc-94b4-000cf6146574}]
\Shell\AutoRun\command - J:\setup\rsrc\Autorun.exe
\Shell\dinstall\command - J:\Directx\dxsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4898c46-98f3-11dc-94b9-00038a000015}]
\Shell\AutoRun\command - J:\setup\rsrc\Autorun.exe
\Shell\dinstall\command - J:\Directx\dxsetup.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-21 20:22:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-08 17:21:17 C:\WINDOWS\Tasks\Rappel d'enregistrement 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-24 13:42:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\ndaTqsVqrX.dll
.
Completion time: 2007-12-24 13:43:28 - machine was rebooted [Damien]
.
2007-12-12 08:29:17 --- E O F ---

En passant depuis vundofix, au démarage du pc, j'ai ce message d'erreur:

http://img176.imageshack.us/my.php?image=sanstitremb0.p...

On va corriger ça :

[#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :



Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]

Alors, il n'y a pas eu de redémarrage!

Combofix:

ComboFix 07-12-21.4 - Damien 2007-12-24 17:03:57.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.608 [GMT 1:00]
Running from: D:\Mes Documents\Firefox dL\ComboFix.exe
Command switches used :: C:\Documents and Settings\Damien\Mes documents\CFScript.txt..txt
* Created a new restore point

FILE
C:\WINDOWS\system32\bxumriqk.ini
C:\WINDOWS\system32\gnrvlpqx.ini
C:\WINDOWS\system32\iclgydkk.ini
C:\WINDOWS\system32\jkkji.dll
C:\WINDOWS\system32\jmfaskxa.ini
C:\WINDOWS\system32\juhcaoss.ini
C:\WINDOWS\system32\lmradmrq.dll
C:\WINDOWS\system32\ltbhpomy.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\motbaphw.ini
C:\WINDOWS\system32\myssjfyr.ini
C:\WINDOWS\system32\ndaTqsVqrX.dll
C:\WINDOWS\system32\noulongh.ini
C:\WINDOWS\system32\owwifcbh.ini
C:\WINDOWS\system32\pruligrr.ini
C:\WINDOWS\system32\qfceeobd.ini
C:\WINDOWS\system32\qrmdarml.ini
C:\WINDOWS\system32\stuedgbq.ini
C:\WINDOWS\system32\thoyadhy.ini
C:\WINDOWS\system32\thqkdgdj.ini
C:\WINDOWS\system32\vgkcyxti.ini
C:\WINDOWS\system32\vjanoitp.ini
C:\WINDOWS\system32\wqerptum.dll
C:\WINDOWS\system32\ywyfhblj.ini
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\PerfInfo
C:\WINDOWS\PerfInfo\1voIp469zJuc.exe
C:\WINDOWS\PerfInfo\1voIp469zJud.exe
C:\WINDOWS\system32\bxumriqk.ini
C:\WINDOWS\system32\gnrvlpqx.ini
C:\WINDOWS\system32\iclgydkk.ini
C:\WINDOWS\system32\jmfaskxa.ini
C:\WINDOWS\system32\juhcaoss.ini
C:\WINDOWS\system32\ltbhpomy.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\motbaphw.ini
C:\WINDOWS\system32\myssjfyr.ini
C:\WINDOWS\system32\ndaTqsVqrX.dll
C:\WINDOWS\system32\noulongh.ini
C:\WINDOWS\system32\owwifcbh.ini
C:\WINDOWS\system32\pruligrr.ini
C:\WINDOWS\system32\qfceeobd.ini
C:\WINDOWS\system32\qrmdarml.ini
C:\WINDOWS\system32\stuedgbq.ini
C:\WINDOWS\system32\thoyadhy.ini
C:\WINDOWS\system32\thqkdgdj.ini
C:\WINDOWS\system32\vgkcyxti.ini
C:\WINDOWS\system32\vjanoitp.ini
C:\WINDOWS\system32\ywyfhblj.ini

.
((((((((((((((((((((((((((((( Fichiers créés 2007-11-24 to 2007-12-24 ))))))))))))))))))))))))))))))))))))
.

2007-12-24 12:57 . 2007-12-24 13:12 <REP> d-------- C:\VundoFix Backups
2007-12-23 16:24 . 2007-12-23 16:24 <REP> d-------- C:\WINDOWS\ppqvmpqr
2007-12-19 00:00 . 2007-12-19 00:00 <REP> d-------- C:\WINDOWS\Downloaded Installations
2007-12-17 20:08 . 2004-08-18 09:34 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2007-12-16 21:59 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-06 00:40 . 2007-12-06 00:41 <REP> d-------- C:\Program Files\Hvmqsqsc
2007-12-04 22:21 . 2007-12-04 22:22 153 --a------ C:\WINDOWS\wininit.ini
2007-12-04 21:23 . 2007-12-06 00:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-04 20:31 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-02 22:59 . 2006-10-04 15:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
2007-12-02 22:59 . 2006-10-04 15:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2007-12-02 22:59 . 2006-10-04 15:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb
2007-12-02 22:58 . 2007-12-02 22:58 <REP> d-------- C:\Program Files\Windows Media Connect 2
2007-12-02 22:56 . 2007-12-02 22:57 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-12-01 16:24 . 2007-12-01 16:24 <REP> d-------- C:\Documents and Settings\Damien\Application Data\Microsoft Games
2007-12-01 13:46 . 2007-12-01 13:46 <REP> d-------- C:\Program Files\Qlhufzpo
2007-11-25 20:42 . 2007-11-25 20:44 <REP> d-------- C:\Documents and Settings\Damien\Application Data\SopCast

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-21 21:01 --------- d-----w C:\Documents and Settings\Damien\Application Data\LimeWire
2007-12-16 20:59 --------- d-----w C:\Program Files\Java
2007-12-12 08:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-11 22:34 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-12-11 22:34 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-12-02 11:21 --------- d-----w C:\Documents and Settings\Damien\Application Data\Azureus
2007-12-01 12:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-22 15:07 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-11-22 15:07 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-22 15:07 22,328 ----a-w C:\Documents and Settings\Damien\Application Data\PnkBstrK.sys
2007-11-22 15:07 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-11-21 21:51 --------- d-----w C:\Program Files\Fichiers communs\DirectX
2007-11-21 21:44 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-11-21 21:44 --------- d--h--r C:\Documents and Settings\Damien\Application Data\SecuROM
2007-11-20 17:37 --------- d-----w C:\Program Files\Axon Data
2007-11-16 15:13 --------- d-----w C:\Program Files\Fichiers communs\SureThing Shared
2007-11-16 15:13 --------- d-----w C:\Documents and Settings\Damien\Application Data\Sonic
2007-11-16 15:13 --------- d-----w C:\Documents and Settings\Damien\Application Data\Leadertech
2007-11-15 06:08 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-13 19:33 --------- d-----w C:\Program Files\Windows Desktop Search
2007-11-13 17:56 --------- d-----w C:\Documents and Settings\Damien\Application Data\CyberLink
2007-11-13 17:36 --------- d-----w C:\Program Files\MSN Messenger
2007-11-13 17:35 --------- d-----w C:\Documents and Settings\Damien\Application Data\vlc
2007-11-13 17:27 --------- d-----w C:\Documents and Settings\Damien\Application Data\Apple Computer
2007-11-13 17:26 --------- d-----w C:\Program Files\QuickTime
2007-11-13 17:26 --------- d-----w C:\Program Files\iPod
2007-11-13 17:26 --------- d-----w C:\Program Files\Fichiers communs\Apple
2007-11-13 17:26 --------- d-----w C:\Program Files\Apple Software Update
2007-11-13 17:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-13 17:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-13 06:11 --------- d-----w C:\Documents and Settings\Damien\Application Data\OD2
2007-11-11 21:38 --------- d-----w C:\Program Files\MSBuild
2007-11-11 21:38 --------- d-----w C:\Program Files\Microsoft Works
2007-11-11 21:37 --------- d-----w C:\Program Files\Microsoft.NET
2007-11-11 21:03 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-11-11 19:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2007-11-11 17:46 --------- d-----w C:\Documents and Settings\Damien\Application Data\AdobeUM
2007-11-09 02:16 --------- d-----w C:\Program Files\AOL 9.0
2007-11-09 02:13 --------- d-----w C:\Program Files\Services en ligne
2007-11-09 02:12 --------- d-----w C:\Program Files\Fichiers communs\Sonic Shared
2007-11-09 02:12 --------- d-----w C:\Program Files\Fichiers communs\aolshare
2007-11-09 02:12 --------- d-----w C:\Program Files\Fichiers communs\AOL
2007-11-09 02:11 --------- d-----w C:\Program Files\AOL Compagnon
2007-11-09 02:10 --------- d-----w C:\Program Files\Windows Media Components
2007-11-09 02:10 --------- d-----w C:\Program Files\Viewpoint
2007-11-09 02:10 --------- d-----w C:\Program Files\Ulead Systems
2007-11-09 02:10 --------- d-----w C:\Program Files\Sonic
2007-11-09 02:10 --------- d-----w C:\Program Files\Real
2007-11-09 02:10 --------- d-----w C:\Program Files\Norman
2007-11-09 02:10 --------- d-----w C:\Program Files\microsoft frontpage
2007-11-09 02:10 --------- d-----w C:\Program Files\Learn2.com
2007-11-09 02:10 --------- d-----w C:\Program Files\GMixon
2007-11-09 02:10 --------- d-----w C:\Program Files\Fichiers communs\xing shared
2007-11-09 02:10 --------- d-----w C:\Program Files\Fichiers communs\Ulead Systems
2007-11-09 02:10 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
2007-11-09 02:10 --------- d-----w C:\Program Files\Fichiers communs\Real
2007-11-09 02:10 --------- d-----w C:\Program Files\Fichiers communs\ODBC
2007-11-09 02:10 --------- d-----w C:\Program Files\Fichiers communs\Nullsoft
2007-11-09 02:10 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
2007-11-09 02:10 --------- d-----w C:\Program Files\Fichiers communs\Java
2007-11-09 02:10 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-11-09 02:10 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-11-09 02:10 --------- d-----w C:\Program Files\CyberLink
2007-11-09 02:10 --------- d-----w C:\Program Files\AMD
2007-11-08 20:23 --------- d-----w C:\Program Files\MSXML 4.0
2007-11-08 17:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-11-08 17:52 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-11-08 17:26 --------- d-----w C:\Documents and Settings\Damien\Application Data\Talkback
2007-10-30 23:23 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:56 8,510,976 ------w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-10 23:49 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:49 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:49 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:49 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:49 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:49 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:49 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:49 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:49 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:49 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:49 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:49 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 23:49 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:49 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:49 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:49 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:49 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:49 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
.

((((((((((((((((((((((((((((( snapshot@2007-12-24_13.42.59.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-24 12:59:23 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6ec.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 17:48 C:\WINDOWS\SOUNDMAN.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"Ulead AutoDetector v2"="C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 10:43]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 12:48]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 13:00]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 10:31]
"avast!"="D:\PROGRA~1\Avast\ashDisp.exe" [2007-12-04 14:00]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 13:00 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00]

R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-05-27 11:51]
R3 STCWL;Sitecom 802.11g WL-140/141 Driver;C:\WINDOWS\system32\DRIVERS\wlanCIG.sys [2005-03-01 18:27]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{306816fb-9455-11dc-94a5-00038a000015}]
\Shell\AutoRun\command - J:\Launcher\LAUNCHER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aba5157d-9771-11dc-94b4-000cf6146574}]
\Shell\AutoRun\command - J:\setup\rsrc\Autorun.exe
\Shell\dinstall\command - J:\Directx\dxsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4898c46-98f3-11dc-94b9-00038a000015}]
\Shell\AutoRun\command - J:\setup\rsrc\Autorun.exe
\Shell\dinstall\command - J:\Directx\dxsetup.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-12-21 20:22:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-08 17:21:17 C:\WINDOWS\Tasks\Rappel d'enregistrement 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-24 17:05:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-24 17:05:50
C:\ComboFix2.txt ... 2007-12-24 13:43
.
2007-12-12 08:29:17 --- E O F ---


HiJackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:07:19, on 24/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
D:\Program Files\Avast\aswUpdSv.exe
D:\Program Files\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
D:\PROGRA~1\Avast\ashDisp.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\QuickTime\QTTask.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Mozilla\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
D:\Program Files\WinRar\WinRAR.exe
C:\DOCUME~1\Damien\LOCALS~1\Temp\Rar$EX00.375\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [1voIp469zJ] rundll32.exe "C:\WINDOWS\system32\ndaTqsVqrX.dll",DllCleanServer
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Sitecom WLAN Client Utility.lnk = D:\Program Files\Wifi\WLANUTL.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Avast\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Avast\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 7182 bytes

C'est mieux déjà ?

Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir

Fais un scan complet puis poste le rapport en fin d'analyse.
AIDE : Tutorial sur l'antivirus AntiVir Personal Edition Classic

J'ai touours le même message d'erreur au démarrage en revanche.

Je suis en train de changer d'antivirus, je t'envoie un message d"s que j'ai fini.
Quand tu dis scan complet, tu parle de scan complet par Antivir ??

Bah oui  

Lool d'accord  .
Préfere être sûr on ne sait jamais ....

J'ai démarré le scan, c'est en cours. Il a déja détecté beaucoup de malware ou autre ainsi que trojan; j'ai fait delete sauf ceux auquel delete était en gris donc inaccessible.

PS: j'ai toujours le meesage d'erreur au démarrage.

On verra ça après  

Rapport d'Antivir:



AntiVir PersonalEdition Classic
Report file date: lundi 24 décembre 2007 17:40

Scanning for 991527 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: 104691570313

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 16:39:14
ANTIVIR2.VDF : 7.0.1.96 2048 Bytes 14/12/2007 16:39:14
ANTIVIR3.VDF : 7.0.1.151 271872 Bytes 24/12/2007 16:39:14
AVEWIN32.DLL : 7.6.0.46 3084800 Bytes 24/12/2007 16:39:14
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.2 360488 Bytes 24/12/2007 16:39:14
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: d:\program files\antivir\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: lundi 24 décembre 2007 17:40

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'AOSD.EXE' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'QTTask.exe' - '1' Module(s) have been scanned
Scan process 'ABOARD.EXE' - '1' Module(s) have been scanned
Scan process 'PCMService.exe' - '1' Module(s) have been scanned
Scan process 'Monitor.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'CLSched.exe' - '1' Module(s) have been scanned
Scan process 'ULCDRSvr.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrB.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'HidService.exe' - '1' Module(s) have been scanned
Scan process 'CLMLService.exe' - '1' Module(s) have been scanned
Scan process 'CLMLServer.exe' - '1' Module(s) have been scanned
Scan process 'CLCapSvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'AOLacsd.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
43 processes with 43 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '30' files ).


Starting the file scan:

Begin scan in 'C:\' <HDD>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeddc.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '47e1e235.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeddc1.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '47e1e23a.qua'!
C:\qoobox\Quarantine\C\Program Files\gpijwfuv\ivmzupyv.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47dce337.qua'!
C:\qoobox\Quarantine\C\Program Files\SecCenter\scprot4.exe.bak.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '47dfe326.qua'!
C:\qoobox\Quarantine\C\Program Files\SecCenter\scprot4.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '47dfe328.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\gjisfclw\gjisfclw2.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
[INFO] The file was moved to '47d8e331.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\skjlrsjp\skjlrsjp2.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
[INFO] The file was moved to '47d9e334.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP38\A0006088.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP42\A0006805.dll
[DETECTION] Is the Trojan horse TR/Vundo.AU
[INFO] The file was deleted!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP43\A0006990.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[INFO] The file was deleted!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP43\A0006991.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[INFO] The file was deleted!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP43\A0006992.dll
[DETECTION] Is the Trojan horse TR/Crypt.PEC2X.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP43\A0007088.dll
[DETECTION] Is the Trojan horse TR/Vundo.DRT
[INFO] The file was deleted!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0007287.dll
[DETECTION] Is the Trojan horse TR/Vundo.DRT
[INFO] The file was deleted!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP46\A0007616.dll
[DETECTION] Is the Trojan horse TR/Vundo.DRT
[INFO] The file was deleted!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP46\A0007684.dll
[DETECTION] Is the Trojan horse TR/Vundo.AU
[INFO] The file was deleted!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP47\A0007689.dll
[DETECTION] Is the Trojan horse TR/Vundo.DRT
[INFO] The file was deleted!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP47\A0007782.dll
[DETECTION] Is the Trojan horse TR/Vundo.DRT
[INFO] The file was deleted!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP48\A0007884.dll
[DETECTION] Is the Trojan horse TR/Vundo.DRT
[INFO] The file was deleted!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP48\A0008957.dll
[DETECTION] Is the Trojan horse TR/Vundo.DRT
[INFO] The file was deleted!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP49\A0009190.dll
[DETECTION] Is the Trojan horse TR/Vundo.DRT
[INFO] The file was deleted!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP5\A0001216.dll
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP50\A0009222.dll
[DETECTION] Is the Trojan horse TR/Vundo.DRT
[INFO] The file was deleted!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP51\A0010237.dll
[DETECTION] Is the Trojan horse TR/Vundo.DRT
[INFO] The file was deleted!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP52\A0010268.dll
[DETECTION] Is the Trojan horse TR/Vundo.DRT
[INFO] The file was deleted!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP54\A0010419.dll
[DETECTION] Is the Trojan horse TR/Vundo.DRT
[INFO] The file was deleted!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP55\A0011771.dll
[DETECTION] Is the Trojan horse TR/Vundo.DRT
[INFO] The file was deleted!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP56\A0011898.dll
[DETECTION] Is the Trojan horse TR/Vundo.DRT
[INFO] The file was deleted!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP57\A0013080.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP57\A0013157.dll
[DETECTION] Is the Trojan horse TR/BHO.aby
[INFO] The file was deleted!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP57\A0013161.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP57\A0013167.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP57\A0013168.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP57\A0013169.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agent.fnw.3
[INFO] The file was deleted!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP57\A0013173.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP57\A0013175.dll
[DETECTION] Is the Trojan horse TR/Virtumonde.C
[INFO] The file was deleted!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP57\A0013182.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP57\A0013185.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP57\A0013186.dll
[DETECTION] Is the Trojan horse TR/Vundo.DRT
[INFO] The file was deleted!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP57\A0013198.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agent.fnw.3
[INFO] The file was deleted!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP58\A0013240.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP58\A0013242.exe
[DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP58\A0013245.exe
[DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP58\A0013250.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\VundoFix Backups\csyttcfl.dll.bad
[DETECTION] Is the Trojan horse TR/BHO.aby
[INFO] The file was deleted!
C:\VundoFix Backups\efcawxw.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\VundoFix Backups\jkkji.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\VundoFix Backups\jsgmnqpt.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\VundoFix Backups\khfcyxv.dll.bad
[DETECTION] Is the Trojan horse TR/Dldr.Agent.fnw.3
[INFO] The file was deleted!
C:\VundoFix Backups\lmradmrq.dll.bad
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was deleted!
C:\VundoFix Backups\ocxjsbkf.dll.bad
[DETECTION] Is the Trojan horse TR/Virtumonde.C
[INFO] The file was deleted!
C:\VundoFix Backups\uvmwjupl.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\VundoFix Backups\wqerptum.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\VundoFix Backups\wvutrss.dll.bad
[DETECTION] Is the Trojan horse TR/Dldr.Agent.fnw.3
[INFO] The file was deleted!
C:\VundoFix Backups\xqplvrng.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.DRT
[INFO] The file was deleted!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <Disque Damien>


End of the scan: lundi 24 décembre 2007 18:14
Used time: 34:15 min

The scan has been done completely.

8055 Scanning directories
290889 Files were scanned
52 viruses and/or unwanted programs were found
2 Files were classified as suspicious:
47 files were deleted
0 files were repaired
7 files were moved to quarantine
0 files were renamed
4 Files cannot be scanned
290837 Files not concerned
7070 Archives were scanned
4 Warnings
0 Notes

J'ai aussi supprimer ce qui était en quarantaine

Reposte un rapport Hijackthis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:19:26, on 24/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\QuickTime\QTTask.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\apps\ABoard\AOSD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Mozilla\firefox.exe
D:\Program Files\Antivir\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\Program Files\Antivir\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\Program Files\Antivir\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Program Files\WinRar\WinRAR.exe
C:\DOCUME~1\Damien\LOCALS~1\Temp\Rar$EX00.109\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Antivir\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [1voIp469zJ] rundll32.exe "C:\WINDOWS\system32\ndaTqsVqrX.dll",DllCleanServer
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Sitecom WLAN Client Utility.lnk = D:\Program Files\Wifi\WLANUTL.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Antivir\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Program Files\Antivir\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 7266 bytes

Tu as encore des soucis ?

Ecoute pour l'instant je n'ai pas vu Ultimate, mais j'ai toujours ce probleme en allumant mon ordi !!

Démarrer/Exécuter/MSCONFIG/Démarrage
Tu n'as rien sur la dll ?

Je ne comprend pas lool. (honte)

Qu'est ce que la dll ?? ( j'ai une fenêtre qui s'affiche avec plein de trucs mais rien de marqué dll...)

Le fichier ayant pour extension .dll et qui est inscrit dans le message d'erreur.

Je vois bien toutes ces lignes dans la section démarrage mais je ne vois pas ce que je dois chercher ou faire... dsl

Dans ton message d'erreur, tu vois la .dll ?

Voila ce que je vois:

http://img254.imageshack.us/my.php?image=sanstitrelw0.p...

http://img254.imageshack.us/my.php?image=69854099dn8.pn...

Re,

On va essayer qq chose :

Fix la ligne dans le cadre ci-dessous avec Hijackthis : AIDE EN IMAGES

C'est fait et tout est rentré dans l'ordre!! Plus de message d'érreur plus rien.  

Grand merci a toi Angeldark  

Merci d'avoir pasez du temps à m'aider en tout cas c'est simpa grand merci.  

allez, comme j ai suivi l affaire je dis aussi un grd bravo a angeldark !!
l
big UUPP ! je suis epaté

Big Big uppp. Heuresement que certains s'y connaissent pour aider les autres lool

Passe un bon réveillon  

Télécharge ToolsCleaner sur ton Bureau.

Clique sur Recherche et laisse le scan se terminer.

Clique sur Suppression pour finaliser.

Clique sur Quitter, pour que le rapport puisse se créer.

Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\)

Désactive puis réactive la restauration du système : Voir aide

Ajoute maintenant [Résolu] au titre. Pour cela :
* Clique, dans ton premier message, sur le bouton "Editer"
* Rajoute la mention [Résolu] au titre
* Clique ensuite sur "Valider votre message"

Lis le dossier dossier sur la prévention et la protection pour ne plus avoir ce genre de problème en cliquant sur l'image ci-dessous :

-->- Recherche:

C:\Vundofix backups: trouvé !
C:\Qoobox: trouvé !
C:\Documents and Settings\Damien\Local Settings\Temp\Rar$EX00.266\HijackThis.exe: trouvé !
C:\Documents and Settings\Damien\Recent\HijackThis.lnk: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\Damien\Local Settings\Temp\Rar$EX00.266\HijackThis.exe: supprimé !
C:\Documents and Settings\Damien\Recent\HijackThis.lnk: supprimé !
C:\Vundofix backups: supprimé !
C:\Qoobox: supprimé !

Voila le rapport de Toolscleaner ci-dessus.

Vraiment grand merci et chapeau tu gêres Angel merci beaucoup.
Passe un bon réveillon et tout et tout...  

Encore merci