Impossible de suprimmer le trojan !! [RESOLU]

Salut,

Utilise le programme suivant :
http://www.sendspace.com/file/fl1fpr
Poste le rapport en fin de suppression.

Télécharge puis installe Hijackthis (Trend Micro).
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2

voila le raport kill.cmd [/#c60038]:

C:\WINDOWS\system32\cmcfg3.dll - Trouve !

Et voila le raport Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:46:03, on 31/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20627)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Windows\System32\VisualTaskTips.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
I:\program files\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: ::1 localhost
O1 - Hosts: 66.249.93.99 www.google.fr
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {AB2C9408-C7D6-42A2-8851-4D05FDC73CEB} - C:\WINDOWS\system32\cmcfg3.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [Steam] "i:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [burn long] C:\DOCUME~1\joe\APPLIC~1\INSIDE~1\Default Owns Bolt.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Xanadu - {5CC384BB-1326-11D5-F4AE-00C04923F885} - C:\Program Files\Foreignword\Xanadu\XanaduLaunch.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 7806 bytes

Re,

Télécharge Lop S&D.exe sur ton Bureau.

Double-clique dessus pour lancer l'installation

Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau

Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)

Patiente jusqu'à la fin du scan

Poste le rapport généré (C:\lopR.txt)

(Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)

Re,

Télécharge R-Hosts.exe (de S!ri)
Lance R-Hosts puis clique sur "Restaurer".
Valide la modification en appuyant sur OK.

Refais un scan LopS&D.

voila le rapport:




-----------------------------[ Lop S&D 2.0.2.b ]---------------------------

Microsoft Windows XP [version 5.1.2600] [ OS : Windows_NT ]

"C:\Program Files\Lop SD"

[ 01/01/2008 | 20:50:07,46 ] [ C156FA7ABCBB40A ]


-------------[ Listing des dossiers dans Application Data ]------------

C:\Documents and Settings\All Users\APPLIC~1\Kaspersky Lab
C:\Documents and Settings\All Users\APPLIC~1\Messenger Plus!
C:\Documents and Settings\All Users\APPLIC~1\Spybot - Search & Destroy
C:\Documents and Settings\All Users\APPLIC~1\Kaspersky Lab Setup Files
C:\Documents and Settings\All Users\APPLIC~1\avg7
C:\Documents and Settings\All Users\APPLIC~1\Apple Computer
C:\Documents and Settings\All Users\APPLIC~1\Apple
C:\Documents and Settings\All Users\APPLIC~1\CenerTCPMessenger
C:\Documents and Settings\All Users\APPLIC~1\nView_Profiles
C:\Documents and Settings\All Users\APPLIC~1\desktop.ini
C:\Documents and Settings\All Users\APPLIC~1\NVIDIA
C:\Documents and Settings\All Users\APPLIC~1\WindowsLiveInstaller
C:\Documents and Settings\All Users\APPLIC~1\WLInstaller
C:\Documents and Settings\All Users\APPLIC~1\Windows Genuine Advantage
C:\Documents and Settings\All Users\APPLIC~1\Microsoft

C:\Documents and Settings\Default User\APPLIC~1\desktop.ini
C:\Documents and Settings\Default User\APPLIC~1\Microsoft

C:\Documents and Settings\joe\APPLIC~1\Microsoft
C:\Documents and Settings\joe\APPLIC~1\AVG7
C:\Documents and Settings\joe\APPLIC~1\teamspeak2
C:\Documents and Settings\joe\APPLIC~1\Apple Computer
C:\Documents and Settings\joe\APPLIC~1\BitTorrent
C:\Documents and Settings\joe\APPLIC~1\FrostWire
C:\Documents and Settings\joe\APPLIC~1\Media Player Classic
C:\Documents and Settings\joe\APPLIC~1\Mozilla
C:\Documents and Settings\joe\APPLIC~1\Participatory Culture Foundation
C:\Documents and Settings\joe\APPLIC~1\LimeWire
C:\Documents and Settings\joe\APPLIC~1\Newsbin
C:\Documents and Settings\joe\APPLIC~1\Ahead
C:\Documents and Settings\joe\APPLIC~1\Nero
C:\Documents and Settings\joe\APPLIC~1\Lavasoft
C:\Documents and Settings\joe\APPLIC~1\UnH Solutions
C:\Documents and Settings\joe\APPLIC~1\WinRAR
C:\Documents and Settings\joe\APPLIC~1\Avant Profiles
C:\Documents and Settings\joe\APPLIC~1\Macromedia
C:\Documents and Settings\joe\APPLIC~1\desktop.ini
C:\Documents and Settings\joe\APPLIC~1\Xentient
C:\Documents and Settings\joe\APPLIC~1\Styler
C:\Documents and Settings\joe\APPLIC~1\Identities

C:\Documents and Settings\LocalService\APPLIC~1\Microsoft
C:\Documents and Settings\LocalService\APPLIC~1\AVG7

C:\Documents and Settings\NetworkService\APPLIC~1\Microsoft
C:\Documents and Settings\NetworkService\APPLIC~1\AVG7

----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

[31/12/2007 23:00][--ah-----]C:\WINDOWS\tasks\A9C0666D91C01AFD.job
[01/01/2008 20:10][--ah-----]C:\WINDOWS\tasks\SA.DAT
[28/08/2004 14:00][-r-h-----]C:\WINDOWS\tasks\desktop.ini

---------------[ Listing des dossiers dans C:\Program Files ]--------------

C:\Program Files\Ad-Aware
C:\Program Files\Adssite Games Collection
C:\Program Files\Alwil Software
C:\Program Files\AMD
C:\Program Files\Apple Software Update
C:\Program Files\AskSBar
C:\Program Files\AusLogics Disk Defrag
C:\Program Files\Avant Browser
C:\Program Files\BitComet
C:\Program Files\BitTorrent
C:\Program Files\Cener Development
C:\Program Files\Circle Developement
C:\Program Files\Compare It!
C:\Program Files\ComPlus Applications
C:\Program Files\Crux Calculator v5
C:\Program Files\Everest
C:\Program Files\Fichiers communs
C:\Program Files\Foreignword
C:\Program Files\FoxitReader
C:\Program Files\FrostWire
C:\Program Files\Grisoft
C:\Program Files\Hercules
C:\Program Files\IE Privacy Keeper
C:\Program Files\Internet Explorer
C:\Program Files\iPod
C:\Program Files\iTunes
C:\Program Files\Java
C:\Program Files\Kaspersky Lab
C:\Program Files\K-Lite Codec Pack
C:\Program Files\LimeWire
C:\Program Files\Lop SD
C:\Program Files\Messenger Plus! Live
C:\Program Files\microsoft frontpage
C:\Program Files\movie maker
C:\Program Files\msn gaming zone
C:\Program Files\MSN Messenger
C:\Program Files\MSXML 4.0
C:\Program Files\MSXML 6.0
C:\Program Files\Nero
C:\Program Files\Nero Portable 8.1.1.0
C:\Program Files\netmeeting
C:\Program Files\NewsBin
C:\Program Files\Occtpt
C:\Program Files\Outlook Express
C:\Program Files\Paint.NET
C:\Program Files\Participatory Culture Foundation
C:\Program Files\PKR
C:\Program Files\Prophet Soft
C:\Program Files\QuickTime
C:\Program Files\SAGEM
C:\Program Files\Soft4Ever
C:\Program Files\Spybot
C:\Program Files\Spybot - Search & Destroy
C:\Program Files\Styler
C:\Program Files\Teamspeak2_RC2
C:\Program Files\Trend Micro
C:\Program Files\TweakRAM
C:\Program Files\UberIcon
C:\Program Files\Unlocker
C:\Program Files\Windows Live
C:\Program Files\Windows Media Connect 2
C:\Program Files\Windows Media Player
C:\Program Files\windows nt
C:\Program Files\Windows Sidebar
C:\Program Files\WinRAR
C:\Program Files\xerox

------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

C:\Program Files\Fichiers communs\Ahead
C:\Program Files\Fichiers communs\Apple
C:\Program Files\Fichiers communs\InstallShield
C:\Program Files\Fichiers communs\Java
C:\Program Files\Fichiers communs\Logitech
C:\Program Files\Fichiers communs\Microsoft Shared
C:\Program Files\Fichiers communs\MSSoap
C:\Program Files\Fichiers communs\ODBC
C:\Program Files\Fichiers communs\Services
C:\Program Files\Fichiers communs\SpeechEngines
C:\Program Files\Fichiers communs\System

----------------------[ Recherche avec S_Lop ]---------------------

C:\DOCUME~1\joe\LOCALS~1\Temp\bisB.exe

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

C:\WINDOWS\Tasks\A9C0666D91C01AFD.job

----------------------[ Verification du Registre ]----------------------

..... OK !

--------------------[ Verification du fichier Hosts ]---------------------

Fichier Hosts PROPRE


----------------[ Recherche de fichiers avec Catchme ]-----------------

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-01 20:51:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden files ...
scan completed successfully
hidden files: 0

--------------------[ Recherche d'autres infections ]---------------------

Aucune autre infection trouvée !

--------------------[ Fin du rapport a 20:51:07,65 ]----------------------

Re,

Relance Lop S&D

Choisis cette fois ci l'Option 2 (Suppression)

Ne ferme pas la fenêtre lors de la suppression !

Poste le rapport généré (C:\lopR.txt)

(Si le Bureau ne réapparît pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)

voila:


-----------------------------[ Lop S&D 2.0.2.b ]---------------------------

Microsoft Windows XP [version 5.1.2600] [ OS : Windows_NT ]

"C:\Program Files\Lop SD"

[ 01/01/2008 | 21:58:20,54 ] [ C156FA7ABCBB40A ]

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////

Supprimé! - C:\WINDOWS\Tasks\A9C0666D91C01AFD.job
Supprimé! - C:\DOCUME~1\joe\LOCALS~1\Temp\bisB.exe

//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


-------------[ Listing des dossiers dans Application Data ]------------

C:\Documents and Settings\All Users\APPLIC~1\Kaspersky Lab
C:\Documents and Settings\All Users\APPLIC~1\Messenger Plus!
C:\Documents and Settings\All Users\APPLIC~1\Spybot - Search & Destroy
C:\Documents and Settings\All Users\APPLIC~1\Kaspersky Lab Setup Files
C:\Documents and Settings\All Users\APPLIC~1\avg7
C:\Documents and Settings\All Users\APPLIC~1\Apple Computer
C:\Documents and Settings\All Users\APPLIC~1\Apple
C:\Documents and Settings\All Users\APPLIC~1\CenerTCPMessenger
C:\Documents and Settings\All Users\APPLIC~1\nView_Profiles
C:\Documents and Settings\All Users\APPLIC~1\desktop.ini
C:\Documents and Settings\All Users\APPLIC~1\NVIDIA
C:\Documents and Settings\All Users\APPLIC~1\WindowsLiveInstaller
C:\Documents and Settings\All Users\APPLIC~1\WLInstaller
C:\Documents and Settings\All Users\APPLIC~1\Windows Genuine Advantage
C:\Documents and Settings\All Users\APPLIC~1\Microsoft

C:\Documents and Settings\Default User\APPLIC~1\desktop.ini
C:\Documents and Settings\Default User\APPLIC~1\Microsoft

C:\Documents and Settings\joe\APPLIC~1\Microsoft
C:\Documents and Settings\joe\APPLIC~1\AVG7
C:\Documents and Settings\joe\APPLIC~1\teamspeak2
C:\Documents and Settings\joe\APPLIC~1\Apple Computer
C:\Documents and Settings\joe\APPLIC~1\BitTorrent
C:\Documents and Settings\joe\APPLIC~1\FrostWire
C:\Documents and Settings\joe\APPLIC~1\Media Player Classic
C:\Documents and Settings\joe\APPLIC~1\Mozilla
C:\Documents and Settings\joe\APPLIC~1\Participatory Culture Foundation
C:\Documents and Settings\joe\APPLIC~1\LimeWire
C:\Documents and Settings\joe\APPLIC~1\Newsbin
C:\Documents and Settings\joe\APPLIC~1\Ahead
C:\Documents and Settings\joe\APPLIC~1\Nero
C:\Documents and Settings\joe\APPLIC~1\Lavasoft
C:\Documents and Settings\joe\APPLIC~1\UnH Solutions
C:\Documents and Settings\joe\APPLIC~1\WinRAR
C:\Documents and Settings\joe\APPLIC~1\Avant Profiles
C:\Documents and Settings\joe\APPLIC~1\Macromedia
C:\Documents and Settings\joe\APPLIC~1\desktop.ini
C:\Documents and Settings\joe\APPLIC~1\Xentient
C:\Documents and Settings\joe\APPLIC~1\Styler
C:\Documents and Settings\joe\APPLIC~1\Identities

C:\Documents and Settings\LocalService\APPLIC~1\Microsoft
C:\Documents and Settings\LocalService\APPLIC~1\AVG7

C:\Documents and Settings\NetworkService\APPLIC~1\Microsoft
C:\Documents and Settings\NetworkService\APPLIC~1\AVG7

----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

[01/01/2008 20:10][--ah-----]C:\WINDOWS\tasks\SA.DAT
[28/08/2004 14:00][-r-h-----]C:\WINDOWS\tasks\desktop.ini

---------------[ Listing des dossiers dans C:\Program Files ]--------------

C:\Program Files\Ad-Aware
C:\Program Files\Adssite Games Collection
C:\Program Files\Alwil Software
C:\Program Files\AMD
C:\Program Files\Apple Software Update
C:\Program Files\AskSBar
C:\Program Files\AusLogics Disk Defrag
C:\Program Files\Avant Browser
C:\Program Files\BitComet
C:\Program Files\BitTorrent
C:\Program Files\Cener Development
C:\Program Files\Circle Developement
C:\Program Files\Compare It!
C:\Program Files\ComPlus Applications
C:\Program Files\Crux Calculator v5
C:\Program Files\Everest
C:\Program Files\Fichiers communs
C:\Program Files\Foreignword
C:\Program Files\FoxitReader
C:\Program Files\FrostWire
C:\Program Files\Grisoft
C:\Program Files\Hercules
C:\Program Files\IE Privacy Keeper
C:\Program Files\Internet Explorer
C:\Program Files\iPod
C:\Program Files\iTunes
C:\Program Files\Java
C:\Program Files\Kaspersky Lab
C:\Program Files\K-Lite Codec Pack
C:\Program Files\LimeWire
C:\Program Files\Lop SD
C:\Program Files\Messenger Plus! Live
C:\Program Files\microsoft frontpage
C:\Program Files\movie maker
C:\Program Files\msn gaming zone
C:\Program Files\MSN Messenger
C:\Program Files\MSXML 4.0
C:\Program Files\MSXML 6.0
C:\Program Files\Nero
C:\Program Files\Nero Portable 8.1.1.0
C:\Program Files\netmeeting
C:\Program Files\NewsBin
C:\Program Files\Occtpt
C:\Program Files\Outlook Express
C:\Program Files\Paint.NET
C:\Program Files\Participatory Culture Foundation
C:\Program Files\PKR
C:\Program Files\Prophet Soft
C:\Program Files\QuickTime
C:\Program Files\SAGEM
C:\Program Files\Soft4Ever
C:\Program Files\Spybot
C:\Program Files\Spybot - Search & Destroy
C:\Program Files\Styler
C:\Program Files\Teamspeak2_RC2
C:\Program Files\Trend Micro
C:\Program Files\TweakRAM
C:\Program Files\UberIcon
C:\Program Files\Unlocker
C:\Program Files\Windows Live
C:\Program Files\Windows Media Connect 2
C:\Program Files\Windows Media Player
C:\Program Files\windows nt
C:\Program Files\Windows Sidebar
C:\Program Files\WinRAR
C:\Program Files\xerox

------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

C:\Program Files\Fichiers communs\Ahead
C:\Program Files\Fichiers communs\Apple
C:\Program Files\Fichiers communs\InstallShield
C:\Program Files\Fichiers communs\Java
C:\Program Files\Fichiers communs\Logitech
C:\Program Files\Fichiers communs\Microsoft Shared
C:\Program Files\Fichiers communs\MSSoap
C:\Program Files\Fichiers communs\ODBC
C:\Program Files\Fichiers communs\Services
C:\Program Files\Fichiers communs\SpeechEngines
C:\Program Files\Fichiers communs\System

----------------------[ Recherche avec S_Lop ]---------------------


-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

Aucun fichier / dossier Lop trouvé !

----------------------[ Verification du Registre ]----------------------

..... OK !

--------------------[ Verification du fichier Hosts ]---------------------

Fichier Hosts PROPRE


----------------[ Recherche de fichiers avec Catchme ]-----------------

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-01 21:59:20
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden files ...
scan completed successfully
hidden files: 0

--------------------[ Recherche d'autres infections ]---------------------

Aucune autre infection trouvée !

--------------------[ Fin du rapport a 21:59:25,79 ]----------------------

Reposte un rapport Hijackthis  

voila:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:05:31, on 01/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20627)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Windows\System32\VisualTaskTips.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
I:\program files\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avant Browser\avant.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {AB2C9408-C7D6-42A2-8851-4D05FDC73CEB} - C:\WINDOWS\system32\cmcfg3.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [Steam] "i:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [burn long] C:\DOCUME~1\joe\APPLIC~1\INSIDE~1\Default Owns Bolt.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Xanadu - {5CC384BB-1326-11D5-F4AE-00C04923F885} - C:\Program Files\Foreignword\Xanadu\XanaduLaunch.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 7774 bytes

Désinstalle AskSBar puis reposte un rapport Hijackthis.

voila:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:31:59, on 01/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20627)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Windows\System32\VisualTaskTips.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
I:\program files\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avant Browser\avant.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {AB2C9408-C7D6-42A2-8851-4D05FDC73CEB} - C:\WINDOWS\system32\cmcfg3.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\system32\msconfig.exe /auto
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKLM\..\RunOnce: [AskSBar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -3
O4 - HKCU\..\Run: [Steam] "i:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Xanadu - {5CC384BB-1326-11D5-F4AE-00C04923F885} - C:\Program Files\Foreignword\Xanadu\XanaduLaunch.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 7548 bytes

Re,

Dézippe l'archive suivant :
http://cjoint.com/?bbwSvBOkd4
Lance kill.cmd puis poste le rapport.

voila:

C:\WINDOWS\system32\cmcfg3.dll - Trouve !
C:\WINDOWS\system32\cmcfg3.dll - Trouve !
C:\WINDOWS\system32\cmcfg3.dll - Trouve !
C:\WINDOWS\system32\cmcfg3.dll - Trouve !
C:\WINDOWS\system32\cmcfg3.dll - Trouve !
C:\WINDOWS\system32\cmcfg3.dll - Erreur de Suppression !

Reposte un rapport Hijackthis.

voila

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:05:57, on 01/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20627)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Windows\System32\VisualTaskTips.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
I:\program files\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avant Browser\avant.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {AB2C9408-C7D6-42A2-8851-4D05FDC73CEB} - C:\WINDOWS\system32\cmcfg3.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\system32\msconfig.exe /auto
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKLM\..\RunOnce: [AskSBar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -3
O4 - HKCU\..\Run: [Steam] "i:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Xanadu - {5CC384BB-1326-11D5-F4AE-00C04923F885} - C:\Program Files\Foreignword\Xanadu\XanaduLaunch.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 7441 bytes

Re,

Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.
Sélectionne l'emplacement dans le cadre ci-dessous :


---> Clique-droit puis Copier (ou Ctrl+C)

Double-clique sur OTMoveIt.exe afin de le lancer.
Fais un Clique-droit sur le cadre de gauche puis choisis Coller (ou Ctrl+V).
Clique maintenant sur [#ff0000]MoveIt![/#f]

[#ff0000]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.[/#f]

Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

->Informations sur le logiciel<-

LoadLibrary failed for C:\WINDOWS\system32\cmcfg3.dll
C:\WINDOWS\system32\cmcfg3.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\cmcfg3.dll scheduled to be moved on reboot.

Created on 01/01/2008 23:21:57

Reposte un rapport Hijackthis.
Coriace comme fichier.

Le trojan n'est toujours pas supprimé.

voila le rapport:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:33:56, on 02/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20627)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Windows\System32\VisualTaskTips.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
I:\program files\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {AB2C9408-C7D6-42A2-8851-4D05FDC73CEB} - C:\WINDOWS\system32\cmcfg3.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [Steam] "i:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Xanadu - {5CC384BB-1326-11D5-F4AE-00C04923F885} - C:\Program Files\Foreignword\Xanadu\XanaduLaunch.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 7187 bytes

Re,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.

Double clique sur combofix.exe afin de le lancer.

Tape sur la touche 1 (Yes) pour démarrer le scan.

Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

voila:

ComboFix 08-01-02.1 - joe 2008-01-02 17:05:00.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1223 [GMT 1:00]
Running from: C:\Documents and Settings\joe\Bureau\outils virus\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\nsl3D.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NWSAPAGENT
-------\NwSapAgent


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-02 to 2008-01-02 ))))))))))))))))))))))))))))))))))))
.

2008-01-02 17:04 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-02 15:30 . 2008-01-02 15:30 <REP> d-------- C:\Program Files\Echovoice
2008-01-02 15:26 . 2008-01-02 15:26 <REP> d-------- C:\Program Files\MSBuild
2008-01-02 15:22 . 2008-01-02 15:22 <REP> d-------- C:\WINDOWS\system32\XPSViewer
2008-01-02 15:21 . 2008-01-02 15:21 <REP> d-------- C:\Program Files\Reference Assemblies
2008-01-02 15:21 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-01-02 15:20 . 2006-10-16 16:10 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-01-01 23:39 . 2008-01-01 23:41 8 --a------ C:\WINDOWS\system32\nvModes.dat
2008-01-01 20:16 . 2008-01-01 21:59 <REP> d-------- C:\Program Files\Lop SD
2007-12-31 19:45 . 2007-12-31 19:45 <REP> d-------- C:\Program Files\Trend Micro
2007-12-30 19:33 . 2007-12-30 19:33 <REP> d-------- C:\Program Files\Crux Calculator v5
2007-12-30 19:07 . 2007-12-30 19:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-12-29 23:59 . 2007-12-30 00:09 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-12-29 23:59 . 2007-12-30 00:09 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-12-29 23:57 . 2007-12-29 23:57 <REP> d-------- C:\Program Files\Kaspersky Lab
2007-12-29 23:57 . 2008-01-02 17:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-29 23:57 . 2008-01-02 17:08 2,327,840 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-29 23:57 . 2008-01-02 17:07 36,380 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-29 23:57 . 2008-01-02 17:08 23,840 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-29 23:57 . 2008-01-02 17:07 4,328 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-29 23:48 . 2007-12-29 23:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-12-29 22:18 . 2007-12-29 22:18 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\AVG7
2007-12-29 21:35 . 2008-01-01 23:46 163,353 --a------ C:\WINDOWS\system32\nvapps.xml
2007-12-29 21:35 . 2007-12-05 01:41 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu
2007-12-29 21:30 . 2007-12-29 21:30 <REP> d-------- C:\NVIDIA
2007-12-29 19:50 . 2007-12-29 19:50 109 --a------ C:\WINDOWS\wininit.ini
2007-12-29 19:11 . 2007-12-30 02:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-29 18:51 . 2007-12-29 18:51 24,973,198 --------- C:\AVG7QT.DAT
2007-12-29 18:48 . 2007-12-29 18:48 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-29 18:48 . 2007-12-29 22:22 <REP> d-------- C:\Documents and Settings\joe\Application Data\AVG7
2007-12-29 18:48 . 2007-12-29 18:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-12-29 15:51 . 2007-12-29 15:51 <REP> d-------- C:\Program Files\Messenger Plus! Live
2007-12-29 15:51 . 2007-12-29 15:51 <REP> d-------- C:\Program Files\Circle Developement
2007-12-28 23:55 . 2007-12-28 23:55 <REP> d-------- C:\Documents and Settings\joe\Application Data\teamspeak2
2007-12-28 23:54 . 2007-12-28 23:55 <REP> d-------- C:\Program Files\Teamspeak2_RC2
2007-12-28 23:54 . 2007-12-28 23:54 34,064 --a------ C:\WINDOWS\system32\lhacm.acm
2007-12-28 23:20 . 2007-12-28 23:20 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-12-28 22:49 . 2007-12-28 22:49 146 --a------ C:\WINDOWS\system32\del32.bat
2007-12-26 17:59 . 19,456 C:\WINDOWS\system32\drivers\jrrgpkti.dat
2007-12-26 17:57 . 2004-08-28 14:00 84,992 --a------ C:\WINDOWS\system32\cmcfg3.dll
2007-12-26 17:56 . 2007-12-26 17:56 <REP> d-------- C:\Program Files\Adssite Games Collection
2007-12-26 17:56 . 2007-12-26 17:56 40,733 --a------ C:\WINDOWS\system32\rightonadz-uninst.exe
2007-12-20 21:41 . 2007-12-20 21:41 <REP> d-------- C:\Program Files\iTunes
2007-12-20 21:41 . 2007-12-20 21:41 <REP> d-------- C:\Program Files\iPod
2007-12-20 21:41 . 2007-12-20 21:41 <REP> d-------- C:\Documents and Settings\joe\Application Data\Apple Computer
2007-12-20 21:41 . 2007-12-29 04:52 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-20 21:41 . 2007-12-20 21:41 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-20 21:40 . 2007-12-20 21:41 <REP> d-------- C:\Program Files\QuickTime
2007-12-20 21:40 . 2007-12-20 21:40 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2007-12-20 21:40 . 2007-12-20 21:40 <REP> d-------- C:\Program Files\Apple Software Update
2007-12-20 21:40 . 2007-12-20 21:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-20 21:40 . 2007-12-20 21:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-17 20:10 . 2007-12-17 20:10 209 --a------ C:\xmlin.ini
2007-12-16 22:13 . 2007-12-16 22:13 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2007-12-16 22:10 . 2007-12-18 19:28 <REP> d-------- C:\Program Files\BitComet
2007-12-16 21:47 . 2007-12-16 21:47 <REP> d-------- C:\Program Files\BitTorrent
2007-12-16 21:47 . 2007-12-16 21:49 <REP> d-------- C:\Documents and Settings\joe\Application Data\BitTorrent
2007-12-16 21:32 . 2007-12-16 21:32 <REP> d-------- C:\Program Files\Foreignword
2007-12-16 21:32 . 1999-12-17 09:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2007-12-16 20:59 . 2007-12-16 20:59 268 --ah----- C:\sqmdata00.sqm
2007-12-16 20:59 . 2007-12-16 20:59 244 --ah----- C:\sqmnoopt00.sqm
2007-12-13 19:08 . 2007-12-23 13:44 <REP> d-------- C:\Program Files\PKR
2007-12-11 22:27 . 2007-12-11 22:27 <REP> d-------- C:\Documents and Settings\joe\Application Data\Media Player Classic
2007-12-11 22:26 . 2007-12-11 22:26 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2007-12-11 21:24 . 2007-12-11 21:24 <REP> d-------- C:\Poker
2007-12-11 20:27 . 2007-12-11 20:27 <REP> d-------- C:\Program Files\Participatory Culture Foundation
2007-12-11 20:27 . 2007-12-11 20:27 <REP> d-------- C:\Documents and Settings\joe\Application Data\Participatory Culture Foundation
2007-12-11 20:01 . 2007-12-28 22:54 <REP> d-------- C:\Downloads
2007-12-11 18:40 . 2008-01-02 17:02 <REP> d-------- C:\Documents and Settings\joe\Shared
2007-12-11 18:39 . 2007-12-13 19:11 <REP> d-------- C:\Documents and Settings\joe\Application Data\FrostWire
2007-12-11 18:38 . 2007-12-11 18:39 <REP> d-------- C:\Program Files\FrostWire
2007-12-11 18:22 . 2007-12-11 18:22 <REP> d-------- C:\Program Files\NewsBin
2007-12-11 18:22 . 2007-12-11 18:28 <REP> d-------- C:\Documents and Settings\joe\Application Data\Newsbin
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-12-09 21:55 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-12-09 21:49 . 2007-12-09 21:49 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
2007-12-09 21:49 . 2004-10-08 12:54 1,206,272 --a------ C:\WINDOWS\system32\drivers\lvsvf2.sys
2007-12-09 21:49 . 2004-10-08 12:58 585,824 --a------ C:\WINDOWS\system32\drivers\lvcm.sys
2007-12-09 21:49 . 2004-10-08 13:00 372,736 --a------ C:\WINDOWS\system32\LVUI2RC.dll
2007-12-09 21:49 . 1998-11-13 14:16 308,224 --a------ C:\WINDOWS\IsUn040c.exe
2007-12-09 21:49 . 2004-10-08 12:56 204,800 --a------ C:\WINDOWS\system32\LVUI2.dll
2007-12-09 21:49 . 2004-10-08 12:55 204,800 --a------ C:\WINDOWS\system32\lvcodec2.dll
2007-12-09 21:49 . 2004-10-08 12:52 106,496 --a------ C:\WINDOWS\system32\lvcoinst.dll
2007-12-09 21:49 . 2004-10-08 12:46 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe
2007-12-09 21:49 . 2004-10-08 12:57 22,016 --a------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
2007-12-09 21:49 . 2004-10-08 11:52 6,812 --a------ C:\WINDOWS\system32\lvcoinst.ini
2007-12-09 21:49 . 2007-12-09 21:49 252 --a------ C:\WINDOWS\_delis32.ini
2007-12-09 21:26 . 2007-12-09 21:26 <REP> d-------- C:\Documents and Settings\joe\Application Data\Ahead
2007-12-04 21:46 . 2007-12-04 21:46 69 --a------ C:\WINDOWS\ggfirst.ini
2007-12-04 21:39 . 2007-12-11 17:29 373,760 --a------ C:\WINDOWS\system32\Msn Attack 2007.exe
2007-12-04 21:12 . 2001-08-23 17:47 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2007-12-04 21:12 . 2001-08-23 17:47 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2007-12-04 21:12 . 2001-08-17 22:55 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2007-12-04 21:12 . 2001-08-17 22:55 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2007-12-04 21:12 . 2001-08-17 22:55 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-12-04 21:12 . 2001-08-17 22:55 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2007-12-02 20:19 . 2007-12-24 23:23 <REP> d-------- C:\Program Files\Nero Portable 8.1.1.0
2007-12-02 20:18 . 2007-12-02 20:18 <REP> d-------- C:\Documents and Settings\joe\Application Data\Nero
2007-12-02 20:15 . 2007-12-02 20:15 <REP> d-------- C:\Program Files\Alwil Software

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-29 18:12 --------- d-----w C:\Program Files\Spybot
2007-12-29 18:03 --------- d-----w C:\Program Files\Ad-Aware
2007-12-29 14:51 --------- d-----w C:\Program Files\Windows Live
2007-12-29 14:51 --------- d-----w C:\Program Files\MSN Messenger
2007-12-16 20:05 --------- d-----w C:\Program Files\Avant Browser
2007-12-11 17:38 --------- d-----w C:\Program Files\LimeWire
2007-12-11 17:35 --------- d-----w C:\Documents and Settings\joe\Application Data\LimeWire
2007-12-05 00:41 7,435,392 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-12-01 00:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\CenerTCPMessenger
2007-11-30 23:58 --------- d-----w C:\Program Files\Java
2007-11-30 23:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-11-30 23:38 --------- d-----w C:\Documents and Settings\joe\Application Data\Lavasoft
2007-11-30 23:36 --------- d-----w C:\Program Files\Prophet Soft
2007-11-30 23:32 --------- d-----w C:\Documents and Settings\joe\Application Data\UnH Solutions
2007-11-30 23:10 --------- d-----w C:\Program Files\Fichiers communs\Java
2007-11-30 23:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-30 22:53 --------- d-----w C:\Program Files\Hercules
2007-11-30 22:32 --------- d-----w C:\Documents and Settings\joe\Application Data\Avant Profiles
2007-11-30 22:01 --------- d-----w C:\Program Files\AMD
2007-11-30 21:54 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-11-30 21:50 --------- d-----w C:\Program Files\SAGEM
2007-11-30 21:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\NVIDIA
2007-11-30 21:07 --------- d-----w C:\Program Files\Styler
2007-11-30 21:07 --------- d-----w C:\Documents and Settings\joe\Application Data\Xentient
2007-11-30 21:07 --------- d-----w C:\Documents and Settings\joe\Application Data\Styler
2007-11-30 21:06 --------- d-----w C:\Program Files\MSXML 6.0
2007-11-30 21:04 --------- d-----w C:\Program Files\Cener Development
2007-11-30 20:47 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
2007-11-30 20:47 --------- d-----w C:\Program Files\Fichiers communs\ODBC
2007-11-30 20:42 --------- d-----w C:\Program Files\microsoft frontpage
2007-11-30 20:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
2007-11-30 20:41 77,184 ----a-w C:\WINDOWS\system32\drivers\lnsfw1.sys
2007-11-30 20:41 45,824 ----a-w C:\WINDOWS\system32\drivers\lnsfw.sys
2007-11-30 20:41 --------- d-----w C:\Program Files\Nero
2007-11-30 20:41 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2007-11-30 20:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-30 20:41 --------- d-----r C:\Program Files\Windows Sidebar
2007-11-30 20:40 --------- d-----w C:\Program Files\MSXML 4.0
2007-11-30 20:31 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
2007-11-30 20:29 --------- d-----w C:\Program Files\Windows Media Connect 2
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB2C9408-C7D6-42A2-8851-4D05FDC73CEB}]
2004-08-28 14:00 84992 --a------ C:\WINDOWS\system32\cmcfg3.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="i:\program files\steam\steam.exe" [2007-12-30 20:58 1266936]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-28 14:00 25088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2007-01-10 21:59 1235456]
"UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2006-07-17 23:16 122880]
"VisualTaskTips"="C:\Windows\System32\VisualTaskTips.exe" [2004-08-28 14:00 36864]
"Vistadrv"="C:\WINDOWS\system32\Vistadrive\vsdrv.exe" [2006-07-30 03:37 121089]
"C-Media Mixer"="Mixer.exe" [2001-11-15 19:08 1216512 C:\WINDOWS\mixer.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51 218376]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"Echovoice Gamer Statistics"="C:\Program Files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe" [2006-11-28 22:52 53248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="C:\WINDOWS\system32\sti_ci.dll" [2004-08-28 14:00 678912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="cmd.exe" [2004-08-28 14:00 403968 C:\WINDOWS\system32\cmd.exe]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-28 14:00 44544]
"nltide3"="cmd.exe" [2004-08-28 14:00 403968 C:\WINDOWS\system32\cmd.exe]
"nltide2"="cmd.exe" [2004-08-28 14:00 403968 C:\WINDOWS\system32\cmd.exe]
"nltide_2"="regsvr32 /s /n /i:U shell32" []
"nltide_3"="advpack.dll" [2004-08-28 14:00 124928 C:\WINDOWS\system32\advpack.dll]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 1 (0x1)
"NoSMHelp"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 1 (0x1)
"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
C:\Program Files\BitComet\BitComet.exe /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\burn long]
C:\DOCUME~1\joe\APPLIC~1\INSIDE~1\Default Owns Bolt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHIN PING PHONE PILE]
C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping\Data Bib.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-28 14:00 25088 --a------ C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hid_start]
C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\system32\gzmrotate.dll DllVerify

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-12-11 12:10 267048 --a------ C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Look 'n' Stop]
C:\Program Files\Soft4Ever\looknstop\looknstop.exe -auto

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2004-10-08 11:52 221184 --a------ C:\WINDOWS\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RunDLL32.exe NvMCTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Styler]
2006-05-03 11:48 307200 --a------ C:\Program Files\styler\Styler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 01:11 132496 --a------ C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TransBar]
C:\WINDOWS\system32\transbar.exe /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2006-09-07 18:19 15872 --a------ C:\Program Files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xanadu]
2002-08-14 17:26 819200 --a------ C:\Program Files\Foreignword\Xanadu\Xanadu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"burn long"=C:\DOCUME~1\joe\APPLIC~1\INSIDE~1\Default Owns Bolt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"nwiz"=nwiz.exe /install

R0 kaftunru;kaftunru;C:\WINDOWS\system32\drivers\jrrgpkti.dat []
R0 Si3112;Si3112;C:\WINDOWS\system32\drivers\Si3112.sys [2004-08-28 14:00]
R0 Si3124;Si3124;C:\WINDOWS\system32\drivers\Si3124.sys [2004-08-28 14:00]
R0 Si3132r5;Si3132r5;C:\WINDOWS\system32\drivers\Si3132r5.sys [2004-08-28 14:00]
R0 Si3531;Si3531;C:\WINDOWS\system32\drivers\Si3531.sys [2004-08-28 14:00]
R1 lnsfw1;lnsfw1;C:\WINDOWS\system32\drivers\lnsfw1.sys [2007-11-30 21:41]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-12-29 01:58]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{279e7e7c-9f85-11dc-8a91-806d6172696f}]
\Shell\AutoRun\command - E:\ASUSACPI.exe

*Newly Created Service* - SENS
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-02 17:09:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\Program Files\UberIcon\UberIcon.dll
-> C:\Windows\System32\VttHooks.dll
.
Completion time: 2008-01-02 17:11:09 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-02 16:10:59

je sens bien que ta besoin d'un autre rapport hijackthis donc le voila:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:21, on 02/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20627)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Windows\System32\VisualTaskTips.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe
I:\program files\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {AB2C9408-C7D6-42A2-8851-4D05FDC73CEB} - C:\WINDOWS\system32\cmcfg3.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Echovoice Gamer Statistics] C:\Program Files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [Steam] "i:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Xanadu - {5CC384BB-1326-11D5-F4AE-00C04923F885} - C:\Program Files\Foreignword\Xanadu\XanaduLaunch.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 7081 bytes

Re,

[#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :



Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]

voila le rapport Combofix:

ComboFix 08-01-02.1 - joe 2008-01-02 18:35:11.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1270 [GMT 1:00]
Running from: C:\Documents and Settings\joe\Bureau\outils virus\ComboFix.exe
Command switches used :: C:\Documents and Settings\joe\Bureau\outils virus\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\cmcfg3.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\cmcfg3.dll . . . . Echec de suppression

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-02 to 2008-01-02 ))))))))))))))))))))))))))))))))))))
.

2008-01-02 17:32 . 2008-01-02 17:36 <REP> d-------- C:\Program Files\LcdStudio
2008-01-02 17:04 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-02 15:30 . 2008-01-02 15:30 <REP> d-------- C:\Program Files\Echovoice
2008-01-02 15:26 . 2008-01-02 15:26 <REP> d-------- C:\Program Files\MSBuild
2008-01-02 15:22 . 2008-01-02 15:22 <REP> d-------- C:\WINDOWS\system32\XPSViewer
2008-01-02 15:21 . 2008-01-02 15:21 <REP> d-------- C:\Program Files\Reference Assemblies
2008-01-02 15:21 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-01-02 15:20 . 2006-10-16 16:10 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-01-01 23:39 . 2008-01-01 23:41 8 --a------ C:\WINDOWS\system32\nvModes.dat
2008-01-01 20:16 . 2008-01-01 21:59 <REP> d-------- C:\Program Files\Lop SD
2007-12-31 19:45 . 2007-12-31 19:45 <REP> d-------- C:\Program Files\Trend Micro
2007-12-30 19:33 . 2007-12-30 19:33 <REP> d-------- C:\Program Files\Crux Calculator v5
2007-12-30 19:07 . 2007-12-30 19:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-12-29 23:59 . 2007-12-30 00:09 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-12-29 23:59 . 2007-12-30 00:09 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-12-29 23:57 . 2007-12-29 23:57 <REP> d-------- C:\Program Files\Kaspersky Lab
2007-12-29 23:57 . 2008-01-02 18:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-29 23:57 . 2008-01-02 18:38 2,490,912 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-29 23:57 . 2008-01-02 18:37 38,588 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-29 23:57 . 2008-01-02 18:38 26,912 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-29 23:57 . 2008-01-02 18:37 4,616 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-29 23:48 . 2007-12-29 23:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-12-29 22:18 . 2007-12-29 22:18 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\AVG7
2007-12-29 21:35 . 2008-01-01 23:46 163,353 --a------ C:\WINDOWS\system32\nvapps.xml
2007-12-29 21:35 . 2007-12-05 01:41 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu
2007-12-29 21:30 . 2007-12-29 21:30 <REP> d-------- C:\NVIDIA
2007-12-29 19:50 . 2007-12-29 19:50 109 --a------ C:\WINDOWS\wininit.ini
2007-12-29 19:11 . 2007-12-30 02:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-29 18:51 . 2007-12-29 18:51 24,973,198 --------- C:\AVG7QT.DAT
2007-12-29 18:48 . 2007-12-29 18:48 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-29 18:48 . 2007-12-29 22:22 <REP> d-------- C:\Documents and Settings\joe\Application Data\AVG7
2007-12-29 18:48 . 2007-12-29 18:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-12-29 15:51 . 2007-12-29 15:51 <REP> d-------- C:\Program Files\Messenger Plus! Live
2007-12-29 15:51 . 2007-12-29 15:51 <REP> d-------- C:\Program Files\Circle Developement
2007-12-28 23:55 . 2007-12-28 23:55 <REP> d-------- C:\Documents and Settings\joe\Application Data\teamspeak2
2007-12-28 23:54 . 2007-12-28 23:55 <REP> d-------- C:\Program Files\Teamspeak2_RC2
2007-12-28 23:54 . 2007-12-28 23:54 34,064 --a------ C:\WINDOWS\system32\lhacm.acm
2007-12-28 23:20 . 2007-12-28 23:20 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-12-28 22:49 . 2007-12-28 22:49 146 --a------ C:\WINDOWS\system32\del32.bat
2007-12-26 17:59 . 19,456 C:\WINDOWS\system32\drivers\jrrgpkti.dat
2007-12-26 17:57 . 2004-08-28 14:00 84,992 --a------ C:\WINDOWS\system32\cmcfg3.dll
2007-12-26 17:56 . 2007-12-26 17:56 <REP> d-------- C:\Program Files\Adssite Games Collection
2007-12-26 17:56 . 2007-12-26 17:56 40,733 --a------ C:\WINDOWS\system32\rightonadz-uninst.exe
2007-12-20 21:41 . 2007-12-20 21:41 <REP> d-------- C:\Program Files\iTunes
2007-12-20 21:41 . 2007-12-20 21:41 <REP> d-------- C:\Program Files\iPod
2007-12-20 21:41 . 2007-12-20 21:41 <REP> d-------- C:\Documents and Settings\joe\Application Data\Apple Computer
2007-12-20 21:41 . 2007-12-29 04:52 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-20 21:41 . 2007-12-20 21:41 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-20 21:40 . 2007-12-20 21:41 <REP> d-------- C:\Program Files\QuickTime
2007-12-20 21:40 . 2007-12-20 21:40 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2007-12-20 21:40 . 2007-12-20 21:40 <REP> d-------- C:\Program Files\Apple Software Update
2007-12-20 21:40 . 2007-12-20 21:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-20 21:40 . 2007-12-20 21:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-17 20:10 . 2007-12-17 20:10 209 --a------ C:\xmlin.ini
2007-12-16 22:13 . 2007-12-16 22:13 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2007-12-16 22:10 . 2007-12-18 19:28 <REP> d-------- C:\Program Files\BitComet
2007-12-16 21:47 . 2007-12-16 21:47 <REP> d-------- C:\Program Files\BitTorrent
2007-12-16 21:47 . 2007-12-16 21:49 <REP> d-------- C:\Documents and Settings\joe\Application Data\BitTorrent
2007-12-16 21:32 . 2007-12-16 21:32 <REP> d-------- C:\Program Files\Foreignword
2007-12-16 21:32 . 1999-12-17 09:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2007-12-16 20:59 . 2007-12-16 20:59 268 --ah----- C:\sqmdata00.sqm
2007-12-16 20:59 . 2007-12-16 20:59 244 --ah----- C:\sqmnoopt00.sqm
2007-12-13 19:08 . 2007-12-23 13:44 <REP> d-------- C:\Program Files\PKR
2007-12-11 22:27 . 2007-12-11 22:27 <REP> d-------- C:\Documents and Settings\joe\Application Data\Media Player Classic
2007-12-11 22:26 . 2007-12-11 22:26 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2007-12-11 21:24 . 2007-12-11 21:24 <REP> d-------- C:\Poker
2007-12-11 20:27 . 2007-12-11 20:27 <REP> d-------- C:\Program Files\Participatory Culture Foundation
2007-12-11 20:27 . 2007-12-11 20:27 <REP> d-------- C:\Documents and Settings\joe\Application Data\Participatory Culture Foundation
2007-12-11 20:01 . 2007-12-28 22:54 <REP> d-------- C:\Downloads
2007-12-11 18:40 . 2008-01-02 17:02 <REP> d-------- C:\Documents and Settings\joe\Shared
2007-12-11 18:39 . 2007-12-13 19:11 <REP> d-------- C:\Documents and Settings\joe\Application Data\FrostWire
2007-12-11 18:38 . 2007-12-11 18:39 <REP> d-------- C:\Program Files\FrostWire
2007-12-11 18:22 . 2007-12-11 18:22 <REP> d-------- C:\Program Files\NewsBin
2007-12-11 18:22 . 2007-12-11 18:28 <REP> d-------- C:\Documents and Settings\joe\Application Data\Newsbin
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-12-09 21:55 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-12-09 21:49 . 2007-12-09 21:49 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
2007-12-09 21:49 . 2004-10-08 12:54 1,206,272 --a------ C:\WINDOWS\system32\drivers\lvsvf2.sys
2007-12-09 21:49 . 2004-10-08 12:58 585,824 --a------ C:\WINDOWS\system32\drivers\lvcm.sys
2007-12-09 21:49 . 2004-10-08 13:00 372,736 --a------ C:\WINDOWS\system32\LVUI2RC.dll
2007-12-09 21:49 . 1998-11-13 14:16 308,224 --a------ C:\WINDOWS\IsUn040c.exe
2007-12-09 21:49 . 2004-10-08 12:56 204,800 --a------ C:\WINDOWS\system32\LVUI2.dll
2007-12-09 21:49 . 2004-10-08 12:55 204,800 --a------ C:\WINDOWS\system32\lvcodec2.dll
2007-12-09 21:49 . 2004-10-08 12:52 106,496 --a------ C:\WINDOWS\system32\lvcoinst.dll
2007-12-09 21:49 . 2004-10-08 12:46 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe
2007-12-09 21:49 . 2004-10-08 12:57 22,016 --a------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
2007-12-09 21:49 . 2004-10-08 11:52 6,812 --a------ C:\WINDOWS\system32\lvcoinst.ini
2007-12-09 21:49 . 2007-12-09 21:49 252 --a------ C:\WINDOWS\_delis32.ini
2007-12-09 21:26 . 2007-12-09 21:26 <REP> d-------- C:\Documents and Settings\joe\Application Data\Ahead
2007-12-04 21:46 . 2007-12-04 21:46 69 --a------ C:\WINDOWS\ggfirst.ini
2007-12-04 21:39 . 2007-12-11 17:29 373,760 --a------ C:\WINDOWS\system32\Msn Attack 2007.exe
2007-12-04 21:12 . 2001-08-23 17:47 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2007-12-04 21:12 . 2001-08-23 17:47 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2007-12-04 21:12 . 2001-08-17 22:55 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2007-12-04 21:12 . 2001-08-17 22:55 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2007-12-04 21:12 . 2001-08-17 22:55 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-12-04 21:12 . 2001-08-17 22:55 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2007-12-02 20:19 . 2007-12-24 23:23 <REP> d-------- C:\Program Files\Nero Portable 8.1.1.0
2007-12-02 20:18 . 2007-12-02 20:18 <REP> d-------- C:\Documents and Settings\joe\Application Data\Nero

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-29 18:12 --------- d-----w C:\Program Files\Spybot
2007-12-29 18:03 --------- d-----w C:\Program Files\Ad-Aware
2007-12-29 14:51 --------- d-----w C:\Program Files\Windows Live
2007-12-29 14:51 --------- d-----w C:\Program Files\MSN Messenger
2007-12-16 20:05 --------- d-----w C:\Program Files\Avant Browser
2007-12-11 17:38 --------- d-----w C:\Program Files\LimeWire
2007-12-11 17:35 --------- d-----w C:\Documents and Settings\joe\Application Data\LimeWire
2007-12-05 01:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2007-12-05 00:41 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-12-05 00:41 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-12-05 00:41 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-12-05 00:41 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-12-05 00:41 7,435,392 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-12-05 00:41 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-12-05 00:41 6,549,504 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-12-05 00:41 5,773,568 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-12-05 00:41 5,611,520 ----a-w C:\WINDOWS\system32\nvdispsr.dll
2007-12-05 00:41 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-12-05 00:41 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll
2007-12-05 00:41 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-12-05 00:41 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-12-05 00:41 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-12-05 00:41 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-12-05 00:41 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe
2007-12-05 00:41 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-12-05 00:41 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-12-05 00:41 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll
2007-12-05 00:41 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll
2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll
2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll
2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll
2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll
2007-12-05 00:41 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll
2007-12-05 00:41 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll
2007-12-05 00:41 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll
2007-12-05 00:41 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll
2007-12-05 00:41 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll
2007-12-05 00:41 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll
2007-12-05 00:41 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll
2007-12-05 00:41 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-12-05 00:41 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll
2007-12-05 00:41 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll
2007-12-05 00:41 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll
2007-12-05 00:41 3,715,072 ----a-w C:\WINDOWS\system32\nvvitvsr.dll
2007-12-05 00:41 3,710,976 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-12-05 00:41 3,420,160 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-12-05 00:41 3,334,144 ----a-w C:\WINDOWS\system32\nvgamesr.dll
2007-12-05 00:41 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll
2007-12-05 00:41 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll
2007-12-05 00:41 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll
2007-12-05 00:41 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll
2007-12-05 00:41 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll
2007-12-05 00:41 290,816 ----a-w C:\WINDOWS\system32\nvwrsth.dll
2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll
2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll
2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll
2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll
2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll
2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvrsel.dll
2007-12-05 00:41 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll
2007-12-05 00:41 278,528 ----a-w C:\WINDOWS\system32\nvrsit.dll
2007-12-05 00:41 278,528 ----a-w C:\WINDOWS\system32\nvrsde.dll
2007-12-05 00:41 274,432 ----a-w C:\WINDOWS\system32\nvrspt.dll
2007-12-05 00:41 274,432 ----a-w C:\WINDOWS\system32\nvrsnl.dll
2007-12-05 00:41 274,432 ----a-w C:\WINDOWS\system32\nvrsesm.dll
2007-12-05 00:41 270,336 ----a-w C:\WINDOWS\system32\nvrsru.dll
2007-12-05 00:41 266,240 ----a-w C:\WINDOWS\system32\nvrsptb.dll
2007-12-05 00:41 266,240 ----a-w C:\WINDOWS\system32\nvrsja.dll
2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrstr.dll
2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrssl.dll
2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrssk.dll
2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll
2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrshu.dll
2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrsth.dll
2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrssv.dll
2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrspl.dll
2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrsno.dll
2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrsda.dll
2007-12-05 00:41 249,856 ----a-w C:\WINDOWS\system32\nvrsfi.dll
2007-12-05 00:41 249,856 ----a-w C:\WINDOWS\system32\nvrscs.dll
2007-12-05 00:41 245,760 ----a-w C:\WINDOWS\system32\nvrseng.dll
2007-12-05 00:41 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-12-05 00:41 225,280 ----a-w C:\WINDOWS\system32\nvrszhc.dll
2007-12-05 00:41 212,992 ----a-w C:\WINDOWS\system32\nvwrsja.dll
2007-12-05 00:41 2,854,912 ----a-w C:\WINDOWS\system32\nvmoblsr.dll
2007-12-05 00:41 2,519,040 ----a-w C:\WINDOWS\system32\nvwssr.dll
2007-12-05 00:41 2,498,560 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-12-05 00:41 196,608 ----a-w C:\WINDOWS\system32\nvwrsko.dll
2007-12-05 00:41 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-12-05 00:41 167,936 ----a-w C:\WINDOWS\system32\nvwrszht.dll
2007-12-05 00:41 163,840 ----a-w C:\WINDOWS\system32\nvwrszhc.dll
2007-12-05 00:41 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-12-05 00:41 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-12-05 00:41 126,976 ----a-w C:\WINDOWS\system32\nvrszht.dll
2007-12-05 00:41 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-12-05 00:41 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-12-05 00:41 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll
2007-12-05 00:41 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2007-12-05 00:41 1,228,800 ----a-w C:\WINDOWS\system32\nvmobls.dll
.

((((((((((((((((((((((((((((( snapshot@2008-01-02_17.10.33.81 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-02 17:06:47 499,712 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a5b56f4c7a2a5f16f5a9fbb2179f3d3c\ComSvcConfig.ni.exe
+ 2008-01-02 17:06:49 1,118,208 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\19c63aca789291b780e26aed783defac\Microsoft.Transactions.Bridge.ni.dll
+ 2008-01-02 17:06:50 405,504 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\422912646394eb73d7b4d2a731dadf53\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2008-01-02 17:07:23 1,568,768 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\a17aeb679d15d0e1c488a13f6e8bd8a8\PresentationBuildTasks.ni.dll
+ 2008-01-02 17:06:51 135,168 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\92a5e70978574364c83d1ef6e0a1923b\ServiceModelReg.ni.exe
+ 2008-01-02 17:06:51 286,720 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\82d28c1c7fb7ac615cffec84a8d5fd26\SMDiagnostics.ni.dll
+ 2008-01-02 17:06:52 323,584 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMSvcHost\0c3c39e29e410f9bf5dc8438d158bdf1\SMSvcHost.ni.exe
+ 2008-01-02 17:07:27 262,144 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\sysglobl\912475636fa22b7244eb929e249ca694\sysglobl.ni.dll
+ 2008-01-02 17:06:16 241,664 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\5c0a1be893eae7a8d517a7f76737fb7f\System.IdentityModel.Selectors.ni.dll
+ 2008-01-02 17:06:15 987,136 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\62acbb854a56e1211702aa1628560e2a\System.IdentityModel.ni.dll
+ 2008-01-02 17:06:17 421,888 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IO.Log\2adc2ea418b06f4c74c67633f1593cb5\System.IO.Log.ni.dll
+ 2008-01-02 17:06:20 2,363,392 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\b4565792948b8651d432aec5a1208f14\System.Runtime.Serialization.ni.dll
+ 2008-01-02 17:06:46 17,534,976 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\b67d6aa655134e9dca4566650641ad92\System.ServiceModel.ni.dll
+ 2008-01-02 17:07:26 2,031,616 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Speech\60703045570818429e9a76215958e06c\System.Speech.ni.dll
+ 2008-01-02 17:07:28 483,328 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\44d8b6fe933dbb1523b0bdd6a78aae40\UIAutomationClient.ni.dll
+ 2008-01-02 17:07:29 1,118,208 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\41b141af40a582666de2bba411d69f08\UIAutomationClientsideProviders.ni.dll
+ 2008-01-02 17:07:32 274,432 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\20a7fd28518ebf02a2ff34ffd5262922\WindowsFormsIntegration.ni.dll
+ 2008-01-02 17:06:53 380,928 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WsatConfig\d11bc589ce335a1886b6e2c84a096856\WsatConfig.ni.exe
- 2008-01-02 14:26:35 69,526 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-01-02 16:12:48 69,526 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-01-02 14:26:35 82,220 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-01-02 16:12:48 82,220 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-01-02 14:26:35 435,192 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-01-02 16:12:48 435,192 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-01-02 14:26:35 503,176 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-01-02 16:12:48 503,176 ----a-w C:\WINDOWS\system32\perfh00C.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB2C9408-C7D6-42A2-8851-4D05FDC73CEB}]
2004-08-28 14:00 84992 --a------ C:\WINDOWS\system32\cmcfg3.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="i:\program files\steam\steam.exe" [2007-12-30 20:58 1266936]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-28 14:00 25088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2007-01-10 21:59 1235456]
"UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2006-07-17 23:16 122880]
"VisualTaskTips"="C:\Windows\System32\VisualTaskTips.exe" [2004-08-28 14:00 36864]
"Vistadrv"="C:\WINDOWS\system32\Vistadrive\vsdrv.exe" [2006-07-30 03:37 121089]
"C-Media Mixer"="Mixer.exe" [2001-11-15 19:08 1216512 C:\WINDOWS\mixer.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51 218376]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"Echovoice Gamer Statistics"="C:\Program Files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe" [2006-11-28 22:52 53248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="C:\WINDOWS\system32\sti_ci.dll" [2004-08-28 14:00 678912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="cmd.exe" [2004-08-28 14:00 403968 C:\WINDOWS\system32\cmd.exe]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-28 14:00 44544]
"nltide3"="cmd.exe" [2004-08-28 14:00 403968 C:\WINDOWS\system32\cmd.exe]
"nltide2"="cmd.exe" [2004-08-28 14:00 403968 C:\WINDOWS\system32\cmd.exe]
"nltide_2"="regsvr32 /s /n /i:U shell32" []
"nltide_3"="advpack.dll" [2004-08-28 14:00 124928 C:\WINDOWS\system32\advpack.dll]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 1 (0x1)
"NoSMHelp"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 1 (0x1)
"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
C:\Program Files\BitComet\BitComet.exe /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\burn long]
C:\DOCUME~1\joe\APPLIC~1\INSIDE~1\Default Owns Bolt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHIN PING PHONE PILE]
C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping\Data Bib.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-28 14:00 25088 --a------ C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hid_start]
C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\system32\gzmrotate.dll DllVerify

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-12-11 12:10 267048 --a------ C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Look 'n' Stop]
C:\Program Files\Soft4Ever\looknstop\looknstop.exe -auto

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2004-10-08 11:52 221184 --a------ C:\WINDOWS\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RunDLL32.exe NvMCTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Styler]
2006-05-03 11:48 307200 --a------ C:\Program Files\styler\Styler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 01:11 132496 --a------ C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TransBar]
C:\WINDOWS\system32\transbar.exe /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2006-09-07 18:19 15872 --a------ C:\Program Files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xanadu]
2002-08-14 17:26 819200 --a------ C:\Program Files\Foreignword\Xanadu\Xanadu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"burn long"=C:\DOCUME~1\joe\APPLIC~1\INSIDE~1\Default Owns Bolt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"nwiz"=nwiz.exe /install

R0 kaftunru;kaftunru;C:\WINDOWS\system32\drivers\jrrgpkti.dat []
R0 Si3112;Si3112;C:\WINDOWS\system32\drivers\Si3112.sys [2004-08-28 14:00]
R0 Si3124;Si3124;C:\WINDOWS\system32\drivers\Si3124.sys [2004-08-28 14:00]
R0 Si3132r5;Si3132r5;C:\WINDOWS\system32\drivers\Si3132r5.sys [2004-08-28 14:00]
R0 Si3531;Si3531;C:\WINDOWS\system32\drivers\Si3531.sys [2004-08-28 14:00]
R1 KS0108;KS0108;C:\Program Files\LcdStudio\ks0108.sys [2006-02-11 23:31]
R1 LC7981;LC7981;C:\Program Files\LcdStudio\LC7981.sys [2006-02-11 23:31]
R1 lnsfw1;lnsfw1;C:\WINDOWS\system32\drivers\lnsfw1.sys [2007-11-30 21:41]
R1 n3900;n3900;C:\Program Files\LcdStudio\n3900.sys [2006-08-08 15:46]
R1 SED133x;SED133x;C:\Program Files\LcdStudio\SED133x.sys [2006-02-11 23:31]
R1 T6963C;T6963C;C:\Program Files\LcdStudio\T6963c.sys [2006-02-11 23:31]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-12-29 01:58]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{279e7e7c-9f85-11dc-8a91-806d6172696f}]
\Shell\AutoRun\command - E:\ASUSACPI.exe

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-02 18:38:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\Program Files\UberIcon\UberIcon.dll
-> C:\Windows\System32\VttHooks.dll
.
Completion time: 2008-01-02 18:40:45 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-02 17:40:41
ComboFix2.txt 2008-01-02 16:11:09


Et voila le rapport Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:43, on 02/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20627)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Windows\System32\VisualTaskTips.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe
I:\program files\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {AB2C9408-C7D6-42A2-8851-4D05FDC73CEB} - C:\WINDOWS\system32\cmcfg3.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Echovoice Gamer Statistics] C:\Program Files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [Steam] "i:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Xanadu - {5CC384BB-1326-11D5-F4AE-00C04923F885} - C:\Program Files\Foreignword\Xanadu\XanaduLaunch.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 6957 bytes

Recommence avec ce script :

ComboFix 08-01-02.1 - joe 2008-01-02 20:50:33.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1205 [GMT 1:00]
Running from: C:\Documents and Settings\joe\Bureau\outils virus\ComboFix.exe
Command switches used :: C:\Documents and Settings\joe\Bureau\outils virus\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\drivers\jrrgpkti.dat
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\jrrgpkti.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_KAFTUNRU
-------\kaftunru


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-02 to 2008-01-02 ))))))))))))))))))))))))))))))))))))
.

2008-01-02 17:32 . 2008-01-02 17:36 <REP> d-------- C:\Program Files\LcdStudio
2008-01-02 17:04 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-02 15:30 . 2008-01-02 15:30 <REP> d-------- C:\Program Files\Echovoice
2008-01-02 15:26 . 2008-01-02 15:26 <REP> d-------- C:\Program Files\MSBuild
2008-01-02 15:22 . 2008-01-02 15:22 <REP> d-------- C:\WINDOWS\system32\XPSViewer
2008-01-02 15:21 . 2008-01-02 15:21 <REP> d-------- C:\Program Files\Reference Assemblies
2008-01-02 15:21 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-01-02 15:20 . 2006-10-16 16:10 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-01-01 23:39 . 2008-01-01 23:41 8 --a------ C:\WINDOWS\system32\nvModes.dat
2008-01-01 20:16 . 2008-01-01 21:59 <REP> d-------- C:\Program Files\Lop SD
2007-12-31 19:45 . 2007-12-31 19:45 <REP> d-------- C:\Program Files\Trend Micro
2007-12-30 19:33 . 2007-12-30 19:33 <REP> d-------- C:\Program Files\Crux Calculator v5
2007-12-30 19:07 . 2007-12-30 19:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-12-29 23:59 . 2007-12-30 00:09 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-12-29 23:59 . 2007-12-30 00:09 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-12-29 23:57 . 2007-12-29 23:57 <REP> d-------- C:\Program Files\Kaspersky Lab
2007-12-29 23:57 . 2008-01-02 20:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-29 23:57 . 2008-01-02 20:53 2,596,640 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-29 23:57 . 2008-01-02 20:52 40,004 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-29 23:57 . 2008-01-02 20:54 30,240 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-29 23:57 . 2008-01-02 20:52 4,928 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-29 23:48 . 2007-12-29 23:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-12-29 22:18 . 2007-12-29 22:18 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\AVG7
2007-12-29 21:35 . 2008-01-01 23:46 163,353 --a------ C:\WINDOWS\system32\nvapps.xml
2007-12-29 21:35 . 2007-12-05 01:41 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu
2007-12-29 21:30 . 2007-12-29 21:30 <REP> d-------- C:\NVIDIA
2007-12-29 19:50 . 2007-12-29 19:50 109 --a------ C:\WINDOWS\wininit.ini
2007-12-29 19:11 . 2007-12-30 02:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-29 18:51 . 2007-12-29 18:51 24,973,198 --------- C:\AVG7QT.DAT
2007-12-29 18:48 . 2007-12-29 18:48 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-29 18:48 . 2007-12-29 22:22 <REP> d-------- C:\Documents and Settings\joe\Application Data\AVG7
2007-12-29 18:48 . 2007-12-29 18:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-12-29 15:51 . 2007-12-29 15:51 <REP> d-------- C:\Program Files\Messenger Plus! Live
2007-12-29 15:51 . 2007-12-29 15:51 <REP> d-------- C:\Program Files\Circle Developement
2007-12-28 23:55 . 2007-12-28 23:55 <REP> d-------- C:\Documents and Settings\joe\Application Data\teamspeak2
2007-12-28 23:54 . 2007-12-28 23:55 <REP> d-------- C:\Program Files\Teamspeak2_RC2
2007-12-28 23:54 . 2007-12-28 23:54 34,064 --a------ C:\WINDOWS\system32\lhacm.acm
2007-12-28 23:20 . 2007-12-28 23:20 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-12-28 22:49 . 2007-12-28 22:49 146 --a------ C:\WINDOWS\system32\del32.bat
2007-12-26 17:57 . 2004-08-28 14:00 84,992 --a------ C:\WINDOWS\system32\cmcfg3.dll
2007-12-26 17:56 . 2007-12-26 17:56 <REP> d-------- C:\Program Files\Adssite Games Collection
2007-12-26 17:56 . 2007-12-26 17:56 40,733 --a------ C:\WINDOWS\system32\rightonadz-uninst.exe
2007-12-20 21:41 . 2007-12-20 21:41 <REP> d-------- C:\Program Files\iTunes
2007-12-20 21:41 . 2007-12-20 21:41 <REP> d-------- C:\Program Files\iPod
2007-12-20 21:41 . 2007-12-20 21:41 <REP> d-------- C:\Documents and Settings\joe\Application Data\Apple Computer
2007-12-20 21:41 . 2007-12-29 04:52 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-20 21:41 . 2007-12-20 21:41 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-20 21:40 . 2007-12-20 21:41 <REP> d-------- C:\Program Files\QuickTime
2007-12-20 21:40 . 2007-12-20 21:40 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2007-12-20 21:40 . 2007-12-20 21:40 <REP> d-------- C:\Program Files\Apple Software Update
2007-12-20 21:40 . 2007-12-20 21:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-20 21:40 . 2007-12-20 21:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-17 20:10 . 2007-12-17 20:10 209 --a------ C:\xmlin.ini
2007-12-16 22:13 . 2007-12-16 22:13 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2007-12-16 22:10 . 2007-12-18 19:28 <REP> d-------- C:\Program Files\BitComet
2007-12-16 21:47 . 2007-12-16 21:47 <REP> d-------- C:\Program Files\BitTorrent
2007-12-16 21:47 . 2007-12-16 21:49 <REP> d-------- C:\Documents and Settings\joe\Application Data\BitTorrent
2007-12-16 21:32 . 2007-12-16 21:32 <REP> d-------- C:\Program Files\Foreignword
2007-12-16 21:32 . 1999-12-17 09:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2007-12-16 20:59 . 2007-12-16 20:59 268 --ah----- C:\sqmdata00.sqm
2007-12-16 20:59 . 2007-12-16 20:59 244 --ah----- C:\sqmnoopt00.sqm
2007-12-13 19:08 . 2007-12-23 13:44 <REP> d-------- C:\Program Files\PKR
2007-12-11 22:27 . 2007-12-11 22:27 <REP> d-------- C:\Documents and Settings\joe\Application Data\Media Player Classic
2007-12-11 22:26 . 2007-12-11 22:26 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2007-12-11 21:24 . 2007-12-11 21:24 <REP> d-------- C:\Poker
2007-12-11 20:27 . 2007-12-11 20:27 <REP> d-------- C:\Program Files\Participatory Culture Foundation
2007-12-11 20:27 . 2007-12-11 20:27 <REP> d-------- C:\Documents and Settings\joe\Application Data\Participatory Culture Foundation
2007-12-11 20:01 . 2007-12-28 22:54 <REP> d-------- C:\Downloads
2007-12-11 18:40 . 2008-01-02 17:02 <REP> d-------- C:\Documents and Settings\joe\Shared
2007-12-11 18:39 . 2007-12-13 19:11 <REP> d-------- C:\Documents and Settings\joe\Application Data\FrostWire
2007-12-11 18:38 . 2007-12-11 18:39 <REP> d-------- C:\Program Files\FrostWire
2007-12-11 18:22 . 2007-12-11 18:22 <REP> d-------- C:\Program Files\NewsBin
2007-12-11 18:22 . 2007-12-11 18:28 <REP> d-------- C:\Documents and Settings\joe\Application Data\Newsbin
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-12-09 21:55 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-12-09 21:49 . 2007-12-09 21:49 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
2007-12-09 21:49 . 2004-10-08 12:54 1,206,272 --a------ C:\WINDOWS\system32\drivers\lvsvf2.sys
2007-12-09 21:49 . 2004-10-08 12:58 585,824 --a------ C:\WINDOWS\system32\drivers\lvcm.sys
2007-12-09 21:49 . 2004-10-08 13:00 372,736 --a------ C:\WINDOWS\system32\LVUI2RC.dll
2007-12-09 21:49 . 1998-11-13 14:16 308,224 --a------ C:\WINDOWS\IsUn040c.exe
2007-12-09 21:49 . 2004-10-08 12:56 204,800 --a------ C:\WINDOWS\system32\LVUI2.dll
2007-12-09 21:49 . 2004-10-08 12:55 204,800 --a------ C:\WINDOWS\system32\lvcodec2.dll
2007-12-09 21:49 . 2004-10-08 12:52 106,496 --a------ C:\WINDOWS\system32\lvcoinst.dll
2007-12-09 21:49 . 2004-10-08 12:46 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe
2007-12-09 21:49 . 2004-10-08 12:57 22,016 --a------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
2007-12-09 21:49 . 2004-10-08 11:52 6,812 --a------ C:\WINDOWS\system32\lvcoinst.ini
2007-12-09 21:49 . 2007-12-09 21:49 252 --a------ C:\WINDOWS\_delis32.ini
2007-12-09 21:26 . 2007-12-09 21:26 <REP> d-------- C:\Documents and Settings\joe\Application Data\Ahead
2007-12-04 21:46 . 2007-12-04 21:46 69 --a------ C:\WINDOWS\ggfirst.ini
2007-12-04 21:39 . 2007-12-11 17:29 373,760 --a------ C:\WINDOWS\system32\Msn Attack 2007.exe
2007-12-04 21:12 . 2001-08-23 17:47 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2007-12-04 21:12 . 2001-08-23 17:47 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2007-12-04 21:12 . 2001-08-17 22:55 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2007-12-04 21:12 . 2001-08-17 22:55 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2007-12-04 21:12 . 2001-08-17 22:55 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-12-04 21:12 . 2001-08-17 22:55 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2007-12-02 20:19 . 2007-12-24 23:23 <REP> d-------- C:\Program Files\Nero Portable 8.1.1.0
2007-12-02 20:18 . 2007-12-02 20:18 <REP> d-------- C:\Documents and Settings\joe\Application Data\Nero
2007-12-02 20:15 . 2007-12-02 20:15 <REP> d-------- C:\Program Files\Alwil Software

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-29 18:12 --------- d-----w C:\Program Files\Spybot
2007-12-29 18:03 --------- d-----w C:\Program Files\Ad-Aware
2007-12-29 14:51 --------- d-----w C:\Program Files\Windows Live
2007-12-29 14:51 --------- d-----w C:\Program Files\MSN Messenger
2007-12-16 20:05 --------- d-----w C:\Program Files\Avant Browser
2007-12-11 17:38 --------- d-----w C:\Program Files\LimeWire
2007-12-11 17:35 --------- d-----w C:\Documents and Settings\joe\Application Data\LimeWire
2007-12-05 01:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2007-12-05 00:41 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-12-05 00:41 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-12-05 00:41 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-12-05 00:41 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-12-05 00:41 7,435,392 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-12-05 00:41 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-12-05 00:41 6,549,504 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-12-05 00:41 5,773,568 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-12-05 00:41 5,611,520 ----a-w C:\WINDOWS\system32\nvdispsr.dll
2007-12-05 00:41 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-12-05 00:41 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll
2007-12-05 00:41 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-12-05 00:41 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-12-05 00:41 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-12-05 00:41 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-12-05 00:41 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe
2007-12-05 00:41 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-12-05 00:41 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-12-05 00:41 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll
2007-12-05 00:41 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll
2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll
2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll
2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll
2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll
2007-12-05 00:41 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll
2007-12-05 00:41 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll
2007-12-05 00:41 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll
2007-12-05 00:41 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll
2007-12-05 00:41 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll
2007-12-05 00:41 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll
2007-12-05 00:41 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll
2007-12-05 00:41 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-12-05 00:41 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll
2007-12-05 00:41 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll
2007-12-05 00:41 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll
2007-12-05 00:41 3,715,072 ----a-w C:\WINDOWS\system32\nvvitvsr.dll
2007-12-05 00:41 3,710,976 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-12-05 00:41 3,420,160 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-12-05 00:41 3,334,144 ----a-w C:\WINDOWS\system32\nvgamesr.dll
2007-12-05 00:41 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll
2007-12-05 00:41 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll
2007-12-05 00:41 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll
2007-12-05 00:41 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll
2007-12-05 00:41 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll
2007-12-05 00:41 290,816 ----a-w C:\WINDOWS\system32\nvwrsth.dll
2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll
2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll
2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll
2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll
2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll
2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvrsel.dll
2007-12-05 00:41 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll
2007-12-05 00:41 278,528 ----a-w C:\WINDOWS\system32\nvrsit.dll
2007-12-05 00:41 278,528 ----a-w C:\WINDOWS\system32\nvrsde.dll
2007-12-05 00:41 274,432 ----a-w C:\WINDOWS\system32\nvrspt.dll
2007-12-05 00:41 274,432 ----a-w C:\WINDOWS\system32\nvrsnl.dll
2007-12-05 00:41 274,432 ----a-w C:\WINDOWS\system32\nvrsesm.dll
2007-12-05 00:41 270,336 ----a-w C:\WINDOWS\system32\nvrsru.dll
2007-12-05 00:41 266,240 ----a-w C:\WINDOWS\system32\nvrsptb.dll
2007-12-05 00:41 266,240 ----a-w C:\WINDOWS\system32\nvrsja.dll
2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrstr.dll
2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrssl.dll
2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrssk.dll
2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll
2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrshu.dll
2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrsth.dll
2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrssv.dll
2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrspl.dll
2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrsno.dll
2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrsda.dll
2007-12-05 00:41 249,856 ----a-w C:\WINDOWS\system32\nvrsfi.dll
2007-12-05 00:41 249,856 ----a-w C:\WINDOWS\system32\nvrscs.dll
2007-12-05 00:41 245,760 ----a-w C:\WINDOWS\system32\nvrseng.dll
2007-12-05 00:41 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-12-05 00:41 225,280 ----a-w C:\WINDOWS\system32\nvrszhc.dll
2007-12-05 00:41 212,992 ----a-w C:\WINDOWS\system32\nvwrsja.dll
2007-12-05 00:41 2,854,912 ----a-w C:\WINDOWS\system32\nvmoblsr.dll
2007-12-05 00:41 2,519,040 ----a-w C:\WINDOWS\system32\nvwssr.dll
2007-12-05 00:41 2,498,560 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-12-05 00:41 196,608 ----a-w C:\WINDOWS\system32\nvwrsko.dll
2007-12-05 00:41 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-12-05 00:41 167,936 ----a-w C:\WINDOWS\system32\nvwrszht.dll
2007-12-05 00:41 163,840 ----a-w C:\WINDOWS\system32\nvwrszhc.dll
2007-12-05 00:41 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-12-05 00:41 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-12-05 00:41 126,976 ----a-w C:\WINDOWS\system32\nvrszht.dll
2007-12-05 00:41 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-12-05 00:41 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-12-05 00:41 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll
2007-12-05 00:41 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2007-12-05 00:41 1,228,800 ----a-w C:\WINDOWS\system32\nvmobls.dll
.

((((((((((((((((((((((((((((( snapshot@2008-01-02_17.10.33.81 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-02 17:06:47 499,712 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a5b56f4c7a2a5f16f5a9fbb2179f3d3c\ComSvcConfig.ni.exe
+ 2008-01-02 17:06:49 1,118,208 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\19c63aca789291b780e26aed783defac\Microsoft.Transactions.Bridge.ni.dll
+ 2008-01-02 17:06:50 405,504 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\422912646394eb73d7b4d2a731dadf53\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2008-01-02 17:07:23 1,568,768 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\a17aeb679d15d0e1c488a13f6e8bd8a8\PresentationBuildTasks.ni.dll
+ 2008-01-02 17:06:51 135,168 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\92a5e70978574364c83d1ef6e0a1923b\ServiceModelReg.ni.exe
+ 2008-01-02 17:06:51 286,720 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\82d28c1c7fb7ac615cffec84a8d5fd26\SMDiagnostics.ni.dll
+ 2008-01-02 17:06:52 323,584 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMSvcHost\0c3c39e29e410f9bf5dc8438d158bdf1\SMSvcHost.ni.exe
+ 2008-01-02 17:07:27 262,144 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\sysglobl\912475636fa22b7244eb929e249ca694\sysglobl.ni.dll
+ 2008-01-02 17:06:16 241,664 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\5c0a1be893eae7a8d517a7f76737fb7f\System.IdentityModel.Selectors.ni.dll
+ 2008-01-02 17:06:15 987,136 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\62acbb854a56e1211702aa1628560e2a\System.IdentityModel.ni.dll
+ 2008-01-02 17:06:17 421,888 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IO.Log\2adc2ea418b06f4c74c67633f1593cb5\System.IO.Log.ni.dll
+ 2008-01-02 17:06:20 2,363,392 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\b4565792948b8651d432aec5a1208f14\System.Runtime.Serialization.ni.dll
+ 2008-01-02 17:06:46 17,534,976 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\b67d6aa655134e9dca4566650641ad92\System.ServiceModel.ni.dll
+ 2008-01-02 17:07:26 2,031,616 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Speech\60703045570818429e9a76215958e06c\System.Speech.ni.dll
+ 2008-01-02 17:07:28 483,328 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\44d8b6fe933dbb1523b0bdd6a78aae40\UIAutomationClient.ni.dll
+ 2008-01-02 17:07:29 1,118,208 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\41b141af40a582666de2bba411d69f08\UIAutomationClientsideProviders.ni.dll
+ 2008-01-02 17:07:32 274,432 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\20a7fd28518ebf02a2ff34ffd5262922\WindowsFormsIntegration.ni.dll
+ 2008-01-02 17:06:53 380,928 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WsatConfig\d11bc589ce335a1886b6e2c84a096856\WsatConfig.ni.exe
- 2008-01-02 14:26:35 69,526 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-01-02 16:12:48 69,526 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-01-02 14:26:35 82,220 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-01-02 16:12:48 82,220 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-01-02 14:26:35 435,192 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-01-02 16:12:48 435,192 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-01-02 14:26:35 503,176 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-01-02 16:12:48 503,176 ----a-w C:\WINDOWS\system32\perfh00C.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="i:\program files\steam\steam.exe" [2007-12-30 20:58 1266936]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-28 14:00 25088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2007-01-10 21:59 1235456]
"UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2006-07-17 23:16 122880]
"VisualTaskTips"="C:\Windows\System32\VisualTaskTips.exe" [2004-08-28 14:00 36864]
"Vistadrv"="C:\WINDOWS\system32\Vistadrive\vsdrv.exe" [2006-07-30 03:37 121089]
"C-Media Mixer"="Mixer.exe" [2001-11-15 19:08 1216512 C:\WINDOWS\mixer.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51 218376]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"Echovoice Gamer Statistics"="C:\Program Files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe" [2006-11-28 22:52 53248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="C:\WINDOWS\system32\sti_ci.dll" [2004-08-28 14:00 678912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="cmd.exe" [2004-08-28 14:00 403968 C:\WINDOWS\system32\cmd.exe]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-28 14:00 44544]
"nltide3"="cmd.exe" [2004-08-28 14:00 403968 C:\WINDOWS\system32\cmd.exe]
"nltide2"="cmd.exe" [2004-08-28 14:00 403968 C:\WINDOWS\system32\cmd.exe]
"nltide_2"="regsvr32 /s /n /i:U shell32" []
"nltide_3"="advpack.dll" [2004-08-28 14:00 124928 C:\WINDOWS\system32\advpack.dll]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 1 (0x1)
"NoSMHelp"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 1 (0x1)
"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
C:\Program Files\BitComet\BitComet.exe /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\burn long]
C:\DOCUME~1\joe\APPLIC~1\INSIDE~1\Default Owns Bolt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHIN PING PHONE PILE]
C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping\Data Bib.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-28 14:00 25088 --a------ C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hid_start]
C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\system32\gzmrotate.dll DllVerify

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-12-11 12:10 267048 --a------ C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Look 'n' Stop]
C:\Program Files\Soft4Ever\looknstop\looknstop.exe -auto

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2004-10-08 11:52 221184 --a------ C:\WINDOWS\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RunDLL32.exe NvMCTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Styler]
2006-05-03 11:48 307200 --a------ C:\Program Files\styler\Styler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 01:11 132496 --a------ C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TransBar]
C:\WINDOWS\system32\transbar.exe /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2006-09-07 18:19 15872 --a------ C:\Program Files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xanadu]
2002-08-14 17:26 819200 --a------ C:\Program Files\Foreignword\Xanadu\Xanadu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"burn long"=C:\DOCUME~1\joe\APPLIC~1\INSIDE~1\Default Owns Bolt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"nwiz"=nwiz.exe /install

R0 Si3112;Si3112;C:\WINDOWS\system32\drivers\Si3112.sys [2004-08-28 14:00]
R0 Si3124;Si3124;C:\WINDOWS\system32\drivers\Si3124.sys [2004-08-28 14:00]
R0 Si3132r5;Si3132r5;C:\WINDOWS\system32\drivers\Si3132r5.sys [2004-08-28 14:00]
R0 Si3531;Si3531;C:\WINDOWS\system32\drivers\Si3531.sys [2004-08-28 14:00]
R1 KS0108;KS0108;C:\Program Files\LcdStudio\ks0108.sys [2006-02-11 23:31]
R1 LC7981;LC7981;C:\Program Files\LcdStudio\LC7981.sys [2006-02-11 23:31]
R1 lnsfw1;lnsfw1;C:\WINDOWS\system32\drivers\lnsfw1.sys [2007-11-30 21:41]
R1 n3900;n3900;C:\Program Files\LcdStudio\n3900.sys [2006-08-08 15:46]
R1 SED133x;SED133x;C:\Program Files\LcdStudio\SED133x.sys [2006-02-11 23:31]
R1 T6963C;T6963C;C:\Program Files\LcdStudio\T6963c.sys [2006-02-11 23:31]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-12-29 01:58]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{279e7e7c-9f85-11dc-8a91-806d6172696f}]
\Shell\AutoRun\command - E:\ASUSACPI.exe

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-02 20:54:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\Program Files\UberIcon\UberIcon.dll
-> C:\Windows\System32\VttHooks.dll
.
Completion time: 2008-01-02 20:55:49 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-02 19:55:40
ComboFix2.txt 2008-01-02 17:40:45
ComboFix3.txt 2008-01-02 16:11:09










































Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:56, on 02/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20627)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Windows\System32\VisualTaskTips.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe
I:\program files\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\verclsid.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Echovoice Gamer Statistics] C:\Program Files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [Steam] "i:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Xanadu - {5CC384BB-1326-11D5-F4AE-00C04923F885} - C:\Program Files\Foreignword\Xanadu\XanaduLaunch.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 6896 bytes

C'est mieux ?

voila jai pu le supprimer il était plus protégé !!!

Merci frenchement de t'ètre investi autant pour moi ses vrément cool !!

Un grand merci a toi !!!!!!!!!!!

a l'aide moi aussi j'ai le meme probleme je reprendre tout comme la perssonne les etapes ci dessus ou pas
merci

Bonsoir marechsand ,

Surtout pas ! ce genre de manip doit être suivie de près , tous les cas sont différents ...
Merci de créer ton propre sujet

PS : Angel , tu peux faire le ménage et virer mon post  

Je laisse  
-----
Tu as des questions ?