Bonjour,

Télécharge puis installe Hijackthis (Trend Micro).
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2

Re,

Télécharge Lop S&D.exe sur ton Bureau.

• Double-clique dessus pour lancer l'installation
• Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
• Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
• Patiente jusqu'à la fin du scan
• Poste le rapport généré (C:\lopR.txt)

(Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)

Re,

Relance Lop S&D

• Choisis cette fois ci l'Option 2 (Suppression)
• Ne ferme pas la fenêtre lors de la suppression !
• Poste le rapport généré (C:\lopR.txt)

(Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)

Surprise, j'ai réussi à avoir le Bureau après plusieurs essai
Merci et A+

Re
Et voilà le nouveau rapport de Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:38:02, on 22/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\AntivirusFirewall\Common\FSM32.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe
C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AntivirusFirewall\Common\FCH32.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\PROGRA~1\ANTIVI~1\ANTI-S~1\fsaw.exe
C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.carrefour.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.carrefour.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [3073c4d6] rundll32.exe "C:\WINDOWS\system32\hruccgma.dll",b
O4 - HKLM\..\Run: [BM3340f74a] Rundll32.exe "C:\WINDOWS\system32\iskwilnv.dll",s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Flag 1] C:\DOCUME~1\SELUK~1\APPLIC~1\ROADAB~1\dart grey.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Startup Defender.lnk = C:\Program Files\Zards software\Startup Defender\Startup Defender.exe
O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.carrefour.fr/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/micros [...] 6571234203
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/micros [...] 6571226250
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 12116 bytes

Et voilà le rapport Combofix...



ComboFix 08-04-20.5 - Selçuk 2008-04-22 21:56:17.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.415 [GMT 2:00]
Endroit: C:\Documents and Settings\Selçuk\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\amgccurh.ini
C:\WINDOWS\system32\hgNnmnmp.ini2
C:\WINDOWS\system32\hOWENqru.ini
C:\WINDOWS\system32\hOWENqru.ini2
C:\WINDOWS\system32\hruccgma.dll
C:\WINDOWS\system32\ilkUDJjl.ini
C:\WINDOWS\system32\ilkUDJjl.ini2
C:\WINDOWS\system32\IPprqqru.ini
C:\WINDOWS\system32\IPprqqru.ini2
C:\WINDOWS\system32\iskwilnv.dll
C:\WINDOWS\system32\jkhsxsrk.dll
C:\WINDOWS\system32\khfFUMCV.dll
C:\WINDOWS\system32\ssqRKbXP.dll
C:\WINDOWS\system32\VCMUFfhk.ini
C:\WINDOWS\system32\VCMUFfhk.ini2

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-22 to 2008-04-22 ))))))))))))))))))))))))))))))))))))
.

2008-04-22 18:11 . 2008-04-22 18:45 <REP> d-------- C:\Lop SD
2008-04-22 18:01 . 2008-04-22 18:01 <REP> d-------- C:\Program Files\Trend Micro
2008-04-22 13:14 . 2008-04-22 13:14 <REP> d-------- C:\Program Files\iTunes
2008-04-22 13:14 . 2008-04-22 13:14 <REP> d-------- C:\Program Files\iPod
2008-04-22 13:13 . 2008-04-22 13:13 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2008-04-22 13:03 . 2008-04-22 13:03 <REP> d-------- C:\Program Files\Apple Software Update
2008-04-22 13:03 . 2008-04-22 13:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-04-21 21:52 . 2008-04-22 21:59 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-21 21:52 . 2008-04-21 21:52 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-21 21:33 . 2008-04-21 21:33 <REP> d-------- C:\Program Files\Fichiers communs\Nokia
2008-04-21 21:13 . 2008-04-22 14:24 1,541,209 ---hs---- C:\WINDOWS\system32\cmunpxnq.ini
2008-04-21 15:51 . 2008-04-21 15:51 639,414 --a------ C:\WINDOWS\GOM_Wallpaper.bmp
2008-04-21 15:04 . 2008-04-21 15:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-04-21 15:03 . 2008-04-21 15:03 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\DivX
2008-04-21 15:03 . 2008-04-21 15:03 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-04-21 14:55 . 2008-03-28 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-04-21 14:54 . 2008-04-21 14:54 <REP> d-------- C:\ATI
2008-04-21 00:58 . 2008-04-21 00:58 <REP> d-------- C:\Program Files\Tracker Checker 2
2008-04-21 00:58 . 2008-04-21 00:58 <REP> d-------- C:\Program Files\Torrents Open Registrations Checker
2008-04-20 21:19 . 2008-04-21 21:09 766 ---hs---- C:\WINDOWS\system32\tlwjcafm.ini
2008-04-19 21:18 . 2008-04-20 21:19 586 ---hs---- C:\WINDOWS\system32\gjmjgooa.ini
2008-04-19 02:49 . 2008-04-19 02:49 <REP> d-------- C:\Program Files\Fichiers communs\DVDVideoSoft
2008-04-19 02:48 . 2008-04-19 02:48 <REP> d-------- C:\Program Files\DVDVideoSoft
2008-04-18 22:53 . 2008-04-18 22:53 <REP> d-------- C:\Program Files\Google
2008-04-18 22:16 . 2006-09-24 17:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm
2008-04-18 22:16 . 2007-09-04 18:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-04-18 22:16 . 2007-09-21 02:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
2008-04-18 22:16 . 2007-10-03 17:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-04-18 22:15 . 2008-04-18 22:15 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-04-18 22:15 . 2008-03-21 22:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-04-18 22:15 . 2008-01-10 14:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-04-18 22:15 . 2008-03-31 23:25 682,496 --a------ C:\WINDOWS\system32\divx.dll
2008-04-18 22:15 . 2004-01-25 18:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-04-18 22:15 . 2008-01-10 14:16 159,839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-04-18 22:15 . 2008-03-21 22:28 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2008-04-18 22:15 . 2008-03-28 19:41 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-04-18 22:15 . 2007-07-10 18:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-04-18 21:16 . 2008-04-19 21:16 354 ---hs---- C:\WINDOWS\system32\lubrtbdj.ini
2008-04-18 20:51 . 2008-04-18 20:51 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-04-18 15:17 . 2008-04-21 21:33 <REP> d-------- C:\Program Files\Fichiers communs\PCSuite
2008-04-18 15:16 . 2008-04-21 21:34 <REP> d-------- C:\Program Files\Nokia
2008-04-18 00:03 . 2008-04-18 12:58 1,529,129 ---hs---- C:\WINDOWS\system32\shptwdpj.ini
2008-04-17 23:52 . 2008-04-17 23:52 <REP> d-------- C:\Program Files\Lavasoft
2008-04-17 23:52 . 2008-04-17 23:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-17 23:48 . 2008-04-22 14:59 789 --a------ C:\WINDOWS\wininit.ini
2008-04-17 23:29 . 2008-04-22 21:53 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-17 23:29 . 2008-04-22 21:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-17 13:17 . 2008-04-18 22:06 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-04-17 04:50 . 2008-04-17 23:48 1,529,361 ---hs---- C:\WINDOWS\system32\mlkcucwr.ini
2008-04-17 04:43 . 2008-04-22 21:15 109,111 --a------ C:\WINDOWS\BM3340f74a.xml
2008-04-16 19:27 . 2008-04-16 19:30 <REP> d-------- C:\TELL ME MORE NV DEMO
2008-04-16 19:21 . 1998-08-27 06:51 182,032 --a------ C:\WINDOWS\system32\dxtmsft3.dll
2008-04-16 19:21 . 1998-08-20 13:02 140,800 --a------ C:\WINDOWS\system32\tm20dec.ax
2008-04-16 19:21 . 1998-09-02 10:28 63,488 --a------ C:\WINDOWS\system32\unam4ie.exe
2008-04-16 19:21 . 1998-09-02 10:28 38,160 --a------ C:\WINDOWS\system32\LMRTREND.dll
2008-04-16 19:20 . 1998-09-02 10:02 194,320 --a------ C:\WINDOWS\system32\qcut.dll
2008-04-16 19:20 . 1998-08-17 11:21 11,776 --a------ C:\WINDOWS\system32\mciqtz.drv
2008-04-16 19:20 . 1998-08-17 11:21 10,240 --a------ C:\WINDOWS\system32\vidx16.dll
2008-04-16 19:20 . 1998-08-17 11:21 5,672 --a------ C:\WINDOWS\system32\quartz.vxd
2008-04-16 19:20 . 2008-04-16 19:20 4,608 --a------ C:\WINDOWS\system32\w95inf32.dll
2008-04-16 19:20 . 2008-04-16 19:20 2,272 --a------ C:\WINDOWS\system32\w95inf16.dll
2008-04-16 16:23 . 2008-04-16 16:23 <REP> d-------- C:\Program Files\Amadis Software
2008-04-16 16:23 . 2006-11-07 11:22 719,872 --a------ C:\WINDOWS\system32\devil.dll
2008-04-16 16:23 . 2007-05-17 23:30 318,976 --a------ C:\WINDOWS\system32\avisynth.dll
2008-04-16 03:28 . 2008-04-16 03:28 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\X10 Commander
2008-04-15 21:53 . 2008-04-15 21:53 <REP> d-------- C:\Program Files\KONAMI
2008-04-14 21:01 . 2008-04-14 21:01 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-04-14 15:18 . 2008-04-14 15:18 <REP> d-------- C:\Program Files\QuickTime
2008-04-14 15:18 . 2008-04-22 13:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-13 23:50 . 2008-04-17 17:20 <REP> d-------- C:\Program Files\Zards software
2008-04-13 22:12 . 2008-04-13 22:12 <REP> d-------- C:\Program Files\Alcohol Soft
2008-04-13 03:01 . 2008-04-13 03:01 <REP> d-------- C:\Program Files\MSXML 4.0
2008-04-13 03:01 . 2008-04-13 03:01 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-12 15:55 . 2008-04-12 15:55 <REP> d-------- C:\Program Files\TeamViewer3
2008-04-12 13:23 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-12 13:23 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-12 11:19 . 2008-04-12 11:21 <REP> d-------- C:\Program Files\MuralPix
2008-04-12 11:19 . 2008-04-12 11:19 160 --a------ C:\WINDOWS\LearsyShare.dat
2008-04-12 11:03 . 2008-04-12 11:03 <REP> d-------- C:\Program Files\Auslogics
2008-04-12 10:53 . 2008-04-12 10:53 <REP> d-------- C:\Program Files\inKline Global
2008-04-12 10:04 . 2008-03-01 14:58 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-12 10:04 . 2007-07-01 05:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-12 10:04 . 2007-07-01 05:36 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-12 10:04 . 2008-03-01 14:58 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-12 10:04 . 2008-03-01 14:58 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-12 10:04 . 2008-03-01 14:58 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-12 10:04 . 2008-03-01 14:58 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-12 10:04 . 2008-03-01 14:58 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-12 10:04 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-12 10:03 . 2008-04-12 10:04 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-04-12 00:06 . 2008-04-12 00:06 <REP> d-------- C:\WINDOWS\Sun
2008-04-12 00:06 . 2008-04-12 00:06 <REP> d-------- C:\Program Files\SystemRequirementsLab
2008-04-11 23:37 . 2008-04-11 23:37 <REP> d-------- C:\Program Files\Microsoft Plus! Digital Media Edition
2008-04-11 23:00 . 2008-04-21 22:43 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-04-11 22:38 . 2008-04-11 22:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-04-11 22:38 . 2005-11-18 17:04 70,896 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2008-04-11 22:38 . 2005-11-18 17:04 33,584 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2008-04-11 22:33 . 2008-04-11 22:38 <REP> d-------- C:\Program Files\AntivirusFirewall
2008-04-11 22:33 . 2008-04-11 22:33 118,842 -r------- C:\WINDOWS\bwUnin-6.3.2.123-6588780L.exe
2008-04-11 22:26 . 2008-04-11 22:40 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-04-11 22:22 . 2008-04-11 22:22 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-11 22:09 . 2008-04-11 22:09 <REP> d-------- C:\Program Files\NeroInstall.bak
2008-04-11 22:06 . 2008-04-11 22:06 <REP> d-------- C:\Program Files\Nero
2008-04-11 22:06 . 2008-04-11 22:07 <REP> d-------- C:\Program Files\Fichiers communs\Nero
2008-04-11 22:06 . 2008-04-11 22:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-04-11 21:57 . 2008-04-11 21:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-04-11 21:41 . 2008-04-18 20:58 1,350 --a------ C:\WINDOWS\mozver.dat
2008-04-11 21:33 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-11 21:33 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-04-11 21:33 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-04-11 21:33 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-04-11 21:32 . 2008-04-11 21:32 <REP> d-------- C:\Program Files\ScanSoft
2008-04-11 21:32 . 2008-04-11 21:32 <REP> d-------- C:\Program Files\Fichiers communs\ScanSoft Shared
2008-04-11 21:32 . 2008-04-11 21:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-04-11 21:32 . 2008-04-11 21:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-04-11 21:32 . 2008-04-11 21:32 419 --a------ C:\WINDOWS\MAXLINK.INI
2008-04-11 21:30 . 2008-04-11 21:30 <REP> d-------- C:\Program Files\ArcSoft
2008-04-11 21:30 . 1995-08-01 04:44 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2008-04-11 21:28 . 2008-04-11 21:28 <REP> d--h----- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2008-04-11 21:28 . 2008-04-11 21:28 <REP> d--h----- C:\Program Files\CanonBJ
2008-04-11 21:28 . 2008-04-11 21:28 <REP> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-04-11 21:28 . 2006-04-13 10:23 1,134,592 --a------ C:\WINDOWS\system32\CNCC510.DLL
2008-04-11 21:28 . 2006-04-23 22:00 161,792 --a------ C:\WINDOWS\system32\CNMLM85.DLL
2008-04-11 21:28 . 2006-04-13 12:11 135,168 --a------ C:\WINDOWS\system32\CNCL510.DLL
2008-04-11 21:28 . 2006-02-17 08:44 106,496 --a------ C:\WINDOWS\system32\cnco510.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-21 12:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-21 12:59 --------- d-----w C:\Program Files\ATI Technologies
2008-04-21 12:55 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-04-11 20:35 --------- d-----w C:\Program Files\CA
2008-04-11 20:13 --------- d-----w C:\Program Files\Java
2008-04-11 18:52 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-11 17:52 --------- d-----w C:\Program Files\Fichiers communs\AOL
2008-04-11 17:51 --------- d-----w C:\Program Files\Fichiers communs\aolshare
2008-04-11 17:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-03-29 06:21 2,873,856 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-03-29 03:18 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-02-28 15:38 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2008-02-26 14:14 972,072 ----a-w C:\WINDOWS\UNRecode.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F8D1E047-C311-46FA-A0B6-4382407715ED}]
C:\WINDOWS\system32\urqqrpPI.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Flag 1"="C:\DOCUME~1\SELUK~1\APPLIC~1\ROADAB~1\dart grey.exe" [2008-04-11 20:34 450560]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-04-20 09:57 847872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 16:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"Cmaudio"="cmicnfg.cpl" []
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 12:30 139264]
"VX3000"="C:\WINDOWS\vVX3000.exe" [2006-04-26 05:09 994080]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 00:14 155648]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 13:19 69632]
"F-Secure Manager"="C:\Program Files\AntivirusFirewall\Common\FSM32.exe" [2005-10-26 03:51 122929]
"F-Secure TNB"="C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" [2005-07-18 16:51 700416]
"F-Secure Startup Wizard"="C:\Program Files\AntivirusFirewall\FSGUI\FSSW.exe" [2005-10-18 10:29 372736]
"News Service"="C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe" [2005-05-31 14:45 356352]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-03-22 09:39 167936]
"DataLayer"="C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe" [2005-03-31 09:30 1106944]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqRKbXP]
ssqRKbXP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3acm"= ac3acm.acm
"msacm.lameacm"= lameACM.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3073c4d6]
C:\WINDOWS\system32\jpdwtphs.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2008-02-22 17:58 217544 C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM3340f74a]
C:\WINDOWS\system32\sducpowk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-04-01 11:39 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-02-28 17:07 1828136 C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
--a------ 2006-04-28 02:36 260896 C:\Program Files\Microsoft LifeCam\LifeExp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-02-18 16:29 2221352 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2008-02-28 09:59 570664 C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-11-03 09:59 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\Program Files\\NetMeeting\\Conf.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Program Files\\Fichiers communs\\Nero\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\AntivirusFirewall\\backweb\\6588780\\Program\\fspex.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3478:UDP"= 3478:UDP:stun
"3479:UDP"= 3479:UDP:stun 2
"6112:UDP"= 6112:UDP:stun 3
"5730:UDP"= 5730:UDP:game
"5739:UDP"= 5739:UDP:game 1
"9001:TCP"= 9001:TCP:game 2
"11881:TCP"= 11881:TCP:game 3

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 17:04]
R2 BackWeb Plug-in - 6588780;Antivirus Firewall;C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE [2008-04-11 22:37]
R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 17:14]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSgk.sys [2008-04-11 22:47]
R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [2004-06-01 11:03]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamSvc.exe" [2006-04-18 05:32]
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-12-06 12:16]
R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2005-05-12 14:39]
R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-06-13 11:50]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
\Shell\AutoRun\command - M:\autorun_PES2008.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-22 11:03:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-22 00:02:17 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\ANTIVI~1\ANTI-V~1\fsav.exeZ /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\ANTIVI~1\ANTI-V~1\report.txt
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-22 21:59:21
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fsbl]
"ImagePath"="\??\C:\Program Files\AntivirusFirewall\Anti-Virus\fsbl3989.sys"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32.exe
C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fsbwsys.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
C:\Program Files\AntivirusFirewall\Common\FCH32.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\FSRW.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\PROGRA~1\COMMON~1\X10\Common\X10nets.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\FSAV32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AntivirusFirewall\FWES\program\fsdfwd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccClient.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\ANTIVI~1\ANTI-S~1\FSAW.exe
C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-22 22:01:46 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-22 20:01:43

Pre-Run: 75,596,115,968 octets libres
Post-Run: 75,829,940,224 octets libres

333 --- E O F --- 2008-04-13 19:48:04

Le rapport MalwareByte's


Malwarebytes' Anti-Malware 1.11
Version de la base de données: 672

Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 119519
Temps écoulé: 23 minute(s), 14 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 9

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\QooBox\Quarantine\C\WINDOWS\system32\jkhsxsrk.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\khfFUMCV.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FE62DFD1-E165-47AF-AC5D-5300B6972916}\RP43\A0005946.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FE62DFD1-E165-47AF-AC5D-5300B6972916}\RP43\A0005948.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FE62DFD1-E165-47AF-AC5D-5300B6972916}\RP53\A0007711.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FE62DFD1-E165-47AF-AC5D-5300B6972916}\RP53\A0007712.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FE62DFD1-E165-47AF-AC5D-5300B6972916}\RP63\A0011206.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FE62DFD1-E165-47AF-AC5D-5300B6972916}\RP64\A0013507.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FE62DFD1-E165-47AF-AC5D-5300B6972916}\RP64\A0013520.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

Le scan Combofix


ComboFix 08-04-20.5 - Selçuk 2008-04-23 18:10:15.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.425 [GMT 2:00]
Endroit: C:\Documents and Settings\Selçuk\Bureau\ComboFix.exe

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2008-03-23 to 2008-04-23 ))))))))))))))))))))))))))))))))))))
.

2008-04-23 14:35 . 2008-04-23 14:35 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\Malwarebytes
2008-04-23 14:32 . 2008-04-23 14:37 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-23 14:32 . 2008-04-23 14:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-22 22:01 . 2008-04-22 22:01 <REP> d-------- C:\Documents and Settings\Selþuk
2008-04-22 18:11 . 2008-04-22 18:45 <REP> d-------- C:\Lop SD
2008-04-22 18:01 . 2008-04-22 18:01 <REP> d-------- C:\Program Files\Trend Micro
2008-04-22 13:14 . 2008-04-22 13:14 <REP> d-------- C:\Program Files\iTunes
2008-04-22 13:14 . 2008-04-22 13:14 <REP> d-------- C:\Program Files\iPod
2008-04-22 13:13 . 2008-04-22 13:13 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2008-04-22 13:03 . 2008-04-22 13:03 <REP> d-------- C:\Program Files\Apple Software Update
2008-04-22 13:03 . 2008-04-22 13:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-04-21 21:52 . 2008-04-21 21:52 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\Nokia Multimedia Player
2008-04-21 21:52 . 2008-04-23 15:07 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-21 21:52 . 2008-04-21 21:52 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-21 21:33 . 2008-04-21 21:33 <REP> d-------- C:\Program Files\Fichiers communs\Nokia
2008-04-21 21:13 . 2008-04-22 14:24 1,541,209 ---hs---- C:\WINDOWS\system32\cmunpxnq.ini
2008-04-21 15:51 . 2008-04-21 15:51 639,414 --a------ C:\WINDOWS\GOM_Wallpaper.bmp
2008-04-21 15:04 . 2008-04-21 15:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-04-21 15:03 . 2008-04-21 15:03 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\DivX
2008-04-21 15:03 . 2008-04-21 15:03 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-04-21 14:55 . 2008-03-28 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-04-21 14:54 . 2008-04-21 14:54 <REP> d-------- C:\ATI
2008-04-21 00:58 . 2008-04-21 00:58 <REP> d-------- C:\Program Files\Tracker Checker 2
2008-04-21 00:58 . 2008-04-21 00:58 <REP> d-------- C:\Program Files\Torrents Open Registrations Checker
2008-04-20 21:19 . 2008-04-21 21:09 766 ---hs---- C:\WINDOWS\system32\tlwjcafm.ini
2008-04-19 21:18 . 2008-04-20 21:19 586 ---hs---- C:\WINDOWS\system32\gjmjgooa.ini
2008-04-19 02:49 . 2008-04-19 02:49 <REP> d-------- C:\Program Files\Fichiers communs\DVDVideoSoft
2008-04-19 02:48 . 2008-04-19 02:48 <REP> d-------- C:\Program Files\DVDVideoSoft
2008-04-18 22:53 . 2008-04-18 22:53 <REP> d-------- C:\Program Files\Google
2008-04-18 22:16 . 2006-09-24 17:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm
2008-04-18 22:16 . 2007-09-04 18:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-04-18 22:16 . 2007-09-21 02:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
2008-04-18 22:16 . 2007-10-03 17:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-04-18 22:15 . 2008-04-18 22:15 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-04-18 22:15 . 2008-03-21 22:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-04-18 22:15 . 2008-01-10 14:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-04-18 22:15 . 2008-03-31 23:25 682,496 --a------ C:\WINDOWS\system32\divx.dll
2008-04-18 22:15 . 2004-01-25 18:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-04-18 22:15 . 2008-01-10 14:16 159,839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-04-18 22:15 . 2008-03-21 22:28 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2008-04-18 22:15 . 2008-03-28 19:41 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-04-18 22:15 . 2007-07-10 18:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-04-18 21:16 . 2008-04-19 21:16 354 ---hs---- C:\WINDOWS\system32\lubrtbdj.ini
2008-04-18 20:51 . 2008-04-18 20:51 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-04-18 19:56 . 2008-04-18 19:56 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\Datalayer
2008-04-18 15:18 . 2008-04-18 19:56 <REP> d-------- C:\Documents and Settings\Selçuk\Phone Browser
2008-04-18 15:18 . 2008-04-18 19:56 <REP> d-------- C:\Documents and Settings\Selçuk\Phone Browser
2008-04-18 15:18 . 2008-04-18 15:18 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\PC Suite
2008-04-18 15:17 . 2008-04-21 21:33 <REP> d-------- C:\Program Files\Fichiers communs\PCSuite
2008-04-18 15:16 . 2008-04-21 21:34 <REP> d-------- C:\Program Files\Nokia
2008-04-18 00:03 . 2008-04-18 12:58 1,529,129 ---hs---- C:\WINDOWS\system32\shptwdpj.ini
2008-04-17 23:52 . 2008-04-17 23:52 <REP> d-------- C:\Program Files\Lavasoft
2008-04-17 23:52 . 2008-04-17 23:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-17 23:48 . 2008-04-22 14:59 789 --a------ C:\WINDOWS\wininit.ini
2008-04-17 23:29 . 2008-04-22 21:53 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-17 23:29 . 2008-04-22 21:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-17 13:17 . 2008-04-18 22:06 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-04-17 12:39 . 2008-04-17 14:09 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\AdobeUM
2008-04-17 04:50 . 2008-04-17 23:48 1,529,361 ---hs---- C:\WINDOWS\system32\mlkcucwr.ini
2008-04-17 04:43 . 2008-04-22 21:15 109,111 --a------ C:\WINDOWS\BM3340f74a.xml
2008-04-16 19:27 . 2008-04-16 19:30 <REP> d-------- C:\TELL ME MORE NV DEMO
2008-04-16 19:21 . 1998-08-27 06:51 182,032 --a------ C:\WINDOWS\system32\dxtmsft3.dll
2008-04-16 19:21 . 1998-08-20 13:02 140,800 --a------ C:\WINDOWS\system32\tm20dec.ax
2008-04-16 19:21 . 1998-09-02 10:28 63,488 --a------ C:\WINDOWS\system32\unam4ie.exe
2008-04-16 19:21 . 1998-09-02 10:28 38,160 --a------ C:\WINDOWS\system32\LMRTREND.dll
2008-04-16 19:20 . 1998-09-02 10:02 194,320 --a------ C:\WINDOWS\system32\qcut.dll
2008-04-16 19:20 . 1998-08-17 11:21 11,776 --a------ C:\WINDOWS\system32\mciqtz.drv
2008-04-16 19:20 . 1998-08-17 11:21 10,240 --a------ C:\WINDOWS\system32\vidx16.dll
2008-04-16 19:20 . 1998-08-17 11:21 5,672 --a------ C:\WINDOWS\system32\quartz.vxd
2008-04-16 19:20 . 2008-04-16 19:20 4,608 --a------ C:\WINDOWS\system32\w95inf32.dll
2008-04-16 19:20 . 2008-04-16 19:20 2,272 --a------ C:\WINDOWS\system32\w95inf16.dll
2008-04-16 16:23 . 2008-04-16 16:23 <REP> d-------- C:\Program Files\Amadis Software
2008-04-16 16:23 . 2006-11-07 11:22 719,872 --a------ C:\WINDOWS\system32\devil.dll
2008-04-16 16:23 . 2007-05-17 23:30 318,976 --a------ C:\WINDOWS\system32\avisynth.dll
2008-04-16 15:03 . 2008-04-22 13:14 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\Apple Computer
2008-04-16 03:28 . 2008-04-16 03:28 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\X10 Commander
2008-04-15 21:53 . 2008-04-15 21:53 <REP> d-------- C:\Program Files\KONAMI
2008-04-14 21:01 . 2008-04-14 21:01 <REP> dr-h----- C:\Documents and Settings\Selçuk\Application Data\SecuROM
2008-04-14 21:01 . 2008-04-14 21:01 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-04-14 17:24 . 2008-04-14 17:24 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\Media Player Classic
2008-04-14 15:18 . 2008-04-14 15:18 <REP> d-------- C:\Program Files\QuickTime
2008-04-14 15:18 . 2008-04-22 13:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-13 23:50 . 2008-04-17 17:20 <REP> d-------- C:\Program Files\Zards software
2008-04-13 22:12 . 2008-04-13 22:12 <REP> d-------- C:\Program Files\Alcohol Soft
2008-04-13 03:01 . 2008-04-13 03:01 <REP> d-------- C:\Program Files\MSXML 4.0
2008-04-13 03:01 . 2008-04-13 03:01 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-12 15:55 . 2008-04-12 15:55 <REP> d-------- C:\Program Files\TeamViewer3
2008-04-12 15:55 . 2008-04-12 16:04 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\TeamViewer
2008-04-12 15:54 . 2008-04-12 15:54 <REP> d-------- C:\Documents and Settings\Selçuk\temp
2008-04-12 15:54 . 2008-04-12 15:54 <REP> d-------- C:\Documents and Settings\Selçuk\temp
2008-04-12 13:23 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-12 13:23 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-12 11:19 . 2008-04-12 11:21 <REP> d-------- C:\Program Files\MuralPix
2008-04-12 11:19 . 2008-04-12 11:21 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\MuralPix
2008-04-12 11:19 . 2008-04-12 11:19 160 --a------ C:\WINDOWS\LearsyShare.dat
2008-04-12 11:03 . 2008-04-12 11:03 <REP> d-------- C:\Program Files\Auslogics
2008-04-12 11:03 . 2008-04-12 11:03 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\Auslogics
2008-04-12 10:53 . 2008-04-12 10:53 <REP> d-------- C:\Program Files\inKline Global
2008-04-12 10:04 . 2008-03-01 14:58 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-12 10:04 . 2007-07-01 05:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-12 10:04 . 2007-07-01 05:36 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-12 10:04 . 2008-03-01 14:58 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-12 10:04 . 2008-03-01 14:58 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-12 10:04 . 2008-03-01 14:58 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-12 10:04 . 2008-03-01 14:58 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-12 10:04 . 2008-03-01 14:58 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-12 10:04 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-12 10:03 . 2008-04-12 10:04 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-04-12 00:06 . 2008-04-12 00:06 <REP> d-------- C:\WINDOWS\Sun
2008-04-12 00:06 . 2008-04-12 00:06 <REP> d-------- C:\Program Files\SystemRequirementsLab
2008-04-12 00:06 . 2008-04-12 00:06 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\SystemRequirementsLab
2008-04-11 23:37 . 2008-04-11 23:37 <REP> d-------- C:\Program Files\Microsoft Plus! Digital Media Edition
2008-04-11 23:00 . 2008-04-21 22:43 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-04-11 22:42 . 2008-04-11 22:44 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\F-Secure
2008-04-11 22:41 . 2008-04-11 22:41 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\ispnews
2008-04-11 22:38 . 2008-04-11 22:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-04-11 22:38 . 2005-11-18 17:04 70,896 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2008-04-11 22:38 . 2005-11-18 17:04 33,584 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2008-04-11 22:33 . 2008-04-11 22:38 <REP> d-------- C:\Program Files\AntivirusFirewall
2008-04-11 22:33 . 2008-04-11 22:33 118,842 -r------- C:\WINDOWS\bwUnin-6.3.2.123-6588780L.exe
2008-04-11 22:26 . 2008-04-11 22:40 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-04-11 22:22 . 2008-04-11 22:22 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\DAEMON Tools
2008-04-11 22:22 . 2008-04-11 22:22 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-11 22:09 . 2008-04-11 22:09 <REP> d-------- C:\Program Files\NeroInstall.bak
2008-04-11 22:08 . 2008-04-11 22:08 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\Nero

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-21 12:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-21 12:59 --------- d-----w C:\Program Files\ATI Technologies
2008-04-21 12:55 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-04-11 20:35 --------- d-----w C:\Program Files\CA
2008-04-11 20:13 --------- d-----w C:\Program Files\Java
2008-04-11 18:52 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-11 17:52 --------- d-----w C:\Program Files\Fichiers communs\AOL
2008-04-11 17:51 --------- d-----w C:\Program Files\Fichiers communs\aolshare
2008-04-11 17:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-03-29 06:21 2,873,856 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-03-29 04:04 299,008 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-03-29 03:56 172,032 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-03-29 03:56 126,976 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-03-29 03:55 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-03-29 03:55 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-03-29 03:55 126,976 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-03-29 03:54 536,576 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-03-29 03:52 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-03-29 03:43 3,176,480 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-03-29 03:39 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-03-29 03:36 1,765,120 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-03-29 03:23 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-03-29 03:21 393,216 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-03-29 03:19 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-03-29 03:18 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-03-29 03:12 520,192 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-28 15:38 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2008-02-26 14:14 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-18 14:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
2008-01-29 10:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
.

((((((((((((((((((((((((((((( snapshot@2008-04-22_22.01.32.75 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-22 19:59:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-23 13:07:21 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F8D1E047-C311-46FA-A0B6-4382407715ED}]
C:\WINDOWS\system32\urqqrpPI.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Flag 1"="C:\DOCUME~1\SELUK~1\APPLIC~1\ROADAB~1\dart grey.exe" [2008-04-11 20:34 450560]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-04-20 09:57 847872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 16:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"Cmaudio"="cmicnfg.cpl" []
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 12:30 139264]
"VX3000"="C:\WINDOWS\vVX3000.exe" [2006-04-26 05:09 994080]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 00:14 155648]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 13:19 69632]
"F-Secure Manager"="C:\Program Files\AntivirusFirewall\Common\FSM32.exe" [2005-10-26 03:51 122929]
"F-Secure TNB"="C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" [2005-07-18 16:51 700416]
"F-Secure Startup Wizard"="C:\Program Files\AntivirusFirewall\FSGUI\FSSW.exe" [2005-10-18 10:29 372736]
"News Service"="C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe" [2005-05-31 14:45 356352]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-03-22 09:39 167936]
"DataLayer"="C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe" [2005-03-31 09:30 1106944]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 14:00 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Antivirus Firewall.lnk - C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe [2008-04-11 22:33:33 32807]
Run Google Web Accelerator.lnk - C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe [2007-07-09 22:24:38 1134592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqRKbXP]
ssqRKbXP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3acm"= ac3acm.acm
"msacm.lameacm"= lameACM.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3073c4d6]
C:\WINDOWS\system32\jpdwtphs.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2008-02-22 17:58 217544 C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM3340f74a]
C:\WINDOWS\system32\sducpowk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-04-01 11:39 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-02-28 17:07 1828136 C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
--a------ 2006-04-28 02:36 260896 C:\Program Files\Microsoft LifeCam\LifeExp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-02-18 16:29 2221352 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2008-02-28 09:59 570664 C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-11-03 09:59 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\Program Files\\NetMeeting\\Conf.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Program Files\\Fichiers communs\\Nero\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\AntivirusFirewall\\backweb\\6588780\\Program\\fspex.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3478:UDP"= 3478:UDP:stun
"3479:UDP"= 3479:UDP:stun 2
"6112:UDP"= 6112:UDP:stun 3
"5730:UDP"= 5730:UDP:game
"5739:UDP"= 5739:UDP:game 1
"9001:TCP"= 9001:TCP:game 2
"11881:TCP"= 11881:TCP:game 3

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 17:04]
R2 BackWeb Plug-in - 6588780;Antivirus Firewall;C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE [2008-04-11 22:37]
R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 17:14]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSgk.sys [2008-04-11 22:47]
R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [2004-06-01 11:03]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamSvc.exe" [2006-04-18 05:32]
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-12-06 12:16]
R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2005-05-12 14:39]
R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-06-13 11:50]
S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-04-07 20:17]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
\Shell\AutoRun\command - M:\autorun_PES2008.exe

*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-22 11:03:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-23 00:00:09 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\ANTIVI~1\ANTI-V~1\fsav.exeZ /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\ANTIVI~1\ANTI-V~1\report.txt
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-23 18:10:56
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-23 18:11:31
ComboFix-quarantined-files.txt 2008-04-23 16:11:22
ComboFix2.txt 2008-04-22 20:01:47

Pre-Run: 73,026,596,864 octets libres
Post-Run: 73,012,682,752 octets libres

297 --- E O F --- 2008-04-13 19:48:04

Le rapport Combofix
ps: je n'est pas eu à faire 1 puis valide, mais je pense que c'est bon

ComboFix 08-04-20.5 - Selçuk 2008-04-23 18:40:54.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.287 [GMT 2:00]
Endroit: C:\Documents and Settings\Selçuk\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Selçuk\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]

FILE ::
C:\WINDOWS\system32\cmunpxnq.ini
C:\WINDOWS\system32\gjmjgooa.ini
C:\WINDOWS\system32\lubrtbdj.ini
C:\WINDOWS\system32\mlkcucwr.ini
C:\WINDOWS\system32\shptwdpj.ini
C:\WINDOWS\system32\tlwjcafm.ini
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\SELUK~1\APPLIC~1\ROADAB~1
C:\DOCUME~1\SELUK~1\APPLIC~1\ROADAB~1\0
C:\DOCUME~1\SELUK~1\APPLIC~1\ROADAB~1\dart grey.exe
C:\DOCUME~1\SELUK~1\APPLIC~1\ROADAB~1\Soap Tool 64 Grim.exe
C:\DOCUME~1\SELUK~1\APPLIC~1\ROADAB~1\uarczsyq.exe
C:\DOCUME~1\SELUK~1\APPLIC~1\ROADAB~1\wmaaimbold.exe
C:\WINDOWS\system32\cmunpxnq.ini
C:\WINDOWS\system32\gjmjgooa.ini
C:\WINDOWS\system32\lubrtbdj.ini
C:\WINDOWS\system32\mlkcucwr.ini
C:\WINDOWS\system32\shptwdpj.ini
C:\WINDOWS\system32\tlwjcafm.ini

.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-23 to 2008-04-23 ))))))))))))))))))))))))))))))))))))
.

2008-04-23 14:35 . 2008-04-23 14:35 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\Malwarebytes
2008-04-23 14:32 . 2008-04-23 14:37 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-23 14:32 . 2008-04-23 14:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-22 22:01 . 2008-04-22 22:01 <REP> d-------- C:\Documents and Settings\Selþuk
2008-04-22 18:11 . 2008-04-22 18:45 <REP> d-------- C:\Lop SD
2008-04-22 18:01 . 2008-04-22 18:01 <REP> d-------- C:\Program Files\Trend Micro
2008-04-22 13:14 . 2008-04-22 13:14 <REP> d-------- C:\Program Files\iTunes
2008-04-22 13:14 . 2008-04-22 13:14 <REP> d-------- C:\Program Files\iPod
2008-04-22 13:13 . 2008-04-22 13:13 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2008-04-22 13:03 . 2008-04-22 13:03 <REP> d-------- C:\Program Files\Apple Software Update
2008-04-22 13:03 . 2008-04-22 13:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-04-21 21:52 . 2008-04-21 21:52 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\Nokia Multimedia Player
2008-04-21 21:52 . 2008-04-23 15:07 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-21 21:52 . 2008-04-21 21:52 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-21 21:33 . 2008-04-21 21:33 <REP> d-------- C:\Program Files\Fichiers communs\Nokia
2008-04-21 15:51 . 2008-04-21 15:51 639,414 --a------ C:\WINDOWS\GOM_Wallpaper.bmp
2008-04-21 15:04 . 2008-04-21 15:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-04-21 15:03 . 2008-04-21 15:03 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\DivX
2008-04-21 15:03 . 2008-04-21 15:03 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-04-21 14:55 . 2008-03-28 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-04-21 14:54 . 2008-04-21 14:54 <REP> d-------- C:\ATI
2008-04-21 00:58 . 2008-04-21 00:58 <REP> d-------- C:\Program Files\Tracker Checker 2
2008-04-21 00:58 . 2008-04-21 00:58 <REP> d-------- C:\Program Files\Torrents Open Registrations Checker
2008-04-19 02:49 . 2008-04-19 02:49 <REP> d-------- C:\Program Files\Fichiers communs\DVDVideoSoft
2008-04-19 02:48 . 2008-04-19 02:48 <REP> d-------- C:\Program Files\DVDVideoSoft
2008-04-18 22:53 . 2008-04-18 22:53 <REP> d-------- C:\Program Files\Google
2008-04-18 22:16 . 2006-09-24 17:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm
2008-04-18 22:16 . 2007-09-04 18:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-04-18 22:16 . 2007-09-21 02:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
2008-04-18 22:16 . 2007-10-03 17:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-04-18 22:15 . 2008-04-18 22:15 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-04-18 22:15 . 2008-03-21 22:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-04-18 22:15 . 2008-01-10 14:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-04-18 22:15 . 2008-03-31 23:25 682,496 --a------ C:\WINDOWS\system32\divx.dll
2008-04-18 22:15 . 2004-01-25 18:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-04-18 22:15 . 2008-01-10 14:16 159,839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-04-18 22:15 . 2008-03-21 22:28 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2008-04-18 22:15 . 2008-03-28 19:41 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-04-18 22:15 . 2007-07-10 18:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-04-18 20:51 . 2008-04-18 20:51 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-04-18 19:56 . 2008-04-18 19:56 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\Datalayer
2008-04-18 15:18 . 2008-04-18 19:56 <REP> d-------- C:\Documents and Settings\Selçuk\Phone Browser
2008-04-18 15:18 . 2008-04-18 19:56 <REP> d-------- C:\Documents and Settings\Selçuk\Phone Browser
2008-04-18 15:18 . 2008-04-18 15:18 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\PC Suite
2008-04-18 15:17 . 2008-04-21 21:33 <REP> d-------- C:\Program Files\Fichiers communs\PCSuite
2008-04-18 15:16 . 2008-04-21 21:34 <REP> d-------- C:\Program Files\Nokia
2008-04-17 23:52 . 2008-04-17 23:52 <REP> d-------- C:\Program Files\Lavasoft
2008-04-17 23:52 . 2008-04-17 23:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-17 23:48 . 2008-04-22 14:59 789 --a------ C:\WINDOWS\wininit.ini
2008-04-17 23:29 . 2008-04-22 21:53 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-17 23:29 . 2008-04-22 21:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-17 13:17 . 2008-04-18 22:06 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-04-17 12:39 . 2008-04-17 14:09 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\AdobeUM
2008-04-17 04:43 . 2008-04-22 21:15 109,111 --a------ C:\WINDOWS\BM3340f74a.xml
2008-04-16 19:27 . 2008-04-16 19:30 <REP> d-------- C:\TELL ME MORE NV DEMO
2008-04-16 19:21 . 1998-08-27 06:51 182,032 --a------ C:\WINDOWS\system32\dxtmsft3.dll
2008-04-16 19:21 . 1998-08-20 13:02 140,800 --a------ C:\WINDOWS\system32\tm20dec.ax
2008-04-16 19:21 . 1998-09-02 10:28 63,488 --a------ C:\WINDOWS\system32\unam4ie.exe
2008-04-16 19:21 . 1998-09-02 10:28 38,160 --a------ C:\WINDOWS\system32\LMRTREND.dll
2008-04-16 19:20 . 1998-09-02 10:02 194,320 --a------ C:\WINDOWS\system32\qcut.dll
2008-04-16 19:20 . 1998-08-17 11:21 11,776 --a------ C:\WINDOWS\system32\mciqtz.drv
2008-04-16 19:20 . 1998-08-17 11:21 10,240 --a------ C:\WINDOWS\system32\vidx16.dll
2008-04-16 19:20 . 1998-08-17 11:21 5,672 --a------ C:\WINDOWS\system32\quartz.vxd
2008-04-16 19:20 . 2008-04-16 19:20 4,608 --a------ C:\WINDOWS\system32\w95inf32.dll
2008-04-16 19:20 . 2008-04-16 19:20 2,272 --a------ C:\WINDOWS\system32\w95inf16.dll
2008-04-16 16:23 . 2008-04-16 16:23 <REP> d-------- C:\Program Files\Amadis Software
2008-04-16 16:23 . 2006-11-07 11:22 719,872 --a------ C:\WINDOWS\system32\devil.dll
2008-04-16 16:23 . 2007-05-17 23:30 318,976 --a------ C:\WINDOWS\system32\avisynth.dll
2008-04-16 15:03 . 2008-04-22 13:14 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\Apple Computer
2008-04-16 03:28 . 2008-04-16 03:28 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\X10 Commander
2008-04-15 21:53 . 2008-04-15 21:53 <REP> d-------- C:\Program Files\KONAMI
2008-04-14 21:01 . 2008-04-14 21:01 <REP> dr-h----- C:\Documents and Settings\Selçuk\Application Data\SecuROM
2008-04-14 21:01 . 2008-04-14 21:01 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-04-14 17:24 . 2008-04-14 17:24 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\Media Player Classic
2008-04-14 15:18 . 2008-04-14 15:18 <REP> d-------- C:\Program Files\QuickTime
2008-04-14 15:18 . 2008-04-22 13:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-13 23:50 . 2008-04-17 17:20 <REP> d-------- C:\Program Files\Zards software
2008-04-13 22:12 . 2008-04-13 22:12 <REP> d-------- C:\Program Files\Alcohol Soft
2008-04-13 03:01 . 2008-04-13 03:01 <REP> d-------- C:\Program Files\MSXML 4.0
2008-04-13 03:01 . 2008-04-13 03:01 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-12 15:55 . 2008-04-12 15:55 <REP> d-------- C:\Program Files\TeamViewer3
2008-04-12 15:55 . 2008-04-12 16:04 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\TeamViewer
2008-04-12 15:54 . 2008-04-12 15:54 <REP> d-------- C:\Documents and Settings\Selçuk\temp
2008-04-12 15:54 . 2008-04-12 15:54 <REP> d-------- C:\Documents and Settings\Selçuk\temp
2008-04-12 13:23 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-12 13:23 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-12 11:19 . 2008-04-12 11:21 <REP> d-------- C:\Program Files\MuralPix
2008-04-12 11:19 . 2008-04-12 11:21 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\MuralPix
2008-04-12 11:19 . 2008-04-12 11:19 160 --a------ C:\WINDOWS\LearsyShare.dat
2008-04-12 11:03 . 2008-04-12 11:03 <REP> d-------- C:\Program Files\Auslogics
2008-04-12 11:03 . 2008-04-12 11:03 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\Auslogics
2008-04-12 10:53 . 2008-04-12 10:53 <REP> d-------- C:\Program Files\inKline Global
2008-04-12 10:04 . 2008-03-01 14:58 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-12 10:04 . 2007-07-01 05:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-12 10:04 . 2007-07-01 05:36 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-12 10:04 . 2008-03-01 14:58 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-12 10:04 . 2008-03-01 14:58 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-12 10:04 . 2008-03-01 14:58 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-12 10:04 . 2008-03-01 14:58 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-12 10:04 . 2008-03-01 14:58 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-12 10:04 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-12 10:03 . 2008-04-12 10:04 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-04-12 00:06 . 2008-04-12 00:06 <REP> d-------- C:\WINDOWS\Sun
2008-04-12 00:06 . 2008-04-12 00:06 <REP> d-------- C:\Program Files\SystemRequirementsLab
2008-04-12 00:06 . 2008-04-12 00:06 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\SystemRequirementsLab
2008-04-11 23:37 . 2008-04-11 23:37 <REP> d-------- C:\Program Files\Microsoft Plus! Digital Media Edition
2008-04-11 23:00 . 2008-04-21 22:43 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-04-11 22:42 . 2008-04-11 22:44 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\F-Secure
2008-04-11 22:41 . 2008-04-11 22:41 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\ispnews
2008-04-11 22:38 . 2008-04-11 22:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-04-11 22:38 . 2005-11-18 17:04 70,896 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2008-04-11 22:38 . 2005-11-18 17:04 33,584 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2008-04-11 22:33 . 2008-04-11 22:38 <REP> d-------- C:\Program Files\AntivirusFirewall
2008-04-11 22:33 . 2008-04-11 22:33 118,842 -r------- C:\WINDOWS\bwUnin-6.3.2.123-6588780L.exe
2008-04-11 22:26 . 2008-04-11 22:40 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-04-11 22:22 . 2008-04-11 22:22 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\DAEMON Tools
2008-04-11 22:22 . 2008-04-11 22:22 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-11 22:09 . 2008-04-11 22:09 <REP> d-------- C:\Program Files\NeroInstall.bak
2008-04-11 22:08 . 2008-04-11 22:08 <REP> d-------- C:\Documents and Settings\Selçuk\Application Data\Nero
2008-04-11 22:06 . 2008-04-11 22:06 <REP> d-------- C:\Program Files\Nero
2008-04-11 22:06 . 2008-04-11 22:07 <REP> d-------- C:\Program Files\Fichiers communs\Nero
2008-04-11 22:06 . 2008-04-11 22:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-04-11 21:57 . 2008-04-11 21:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-04-11 21:41 . 2008-04-18 20:58 1,350 --a------ C:\WINDOWS\mozver.dat
2008-04-11 21:33 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-21 12:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-21 12:59 --------- d-----w C:\Program Files\ATI Technologies
2008-04-21 12:55 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-04-11 20:35 --------- d-----w C:\Program Files\CA
2008-04-11 20:13 --------- d-----w C:\Program Files\Java
2008-04-11 18:52 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-11 17:52 --------- d-----w C:\Program Files\Fichiers communs\AOL
2008-04-11 17:51 --------- d-----w C:\Program Files\Fichiers communs\aolshare
2008-04-11 17:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-03-29 06:21 2,873,856 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-03-29 04:04 299,008 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-03-29 03:56 172,032 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-03-29 03:56 126,976 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-03-29 03:55 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-03-29 03:55 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-03-29 03:55 126,976 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-03-29 03:54 536,576 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-03-29 03:52 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-03-29 03:43 3,176,480 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-03-29 03:39 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-03-29 03:36 1,765,120 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-03-29 03:23 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-03-29 03:21 393,216 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-03-29 03:19 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-03-29 03:18 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-03-29 03:12 520,192 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-28 15:38 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2008-02-26 14:14 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-18 14:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
2008-01-29 10:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
.

((((((((((((((((((((((((((((( snapshot@2008-04-22_22.01.32.75 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-22 19:59:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-23 13:07:21 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-04-20 09:57 847872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 16:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"Cmaudio"="cmicnfg.cpl" []
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 12:30 139264]
"VX3000"="C:\WINDOWS\vVX3000.exe" [2006-04-26 05:09 994080]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 00:14 155648]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 13:19 69632]
"F-Secure Manager"="C:\Program Files\AntivirusFirewall\Common\FSM32.exe" [2005-10-26 03:51 122929]
"F-Secure TNB"="C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" [2005-07-18 16:51 700416]
"F-Secure Startup Wizard"="C:\Program Files\AntivirusFirewall\FSGUI\FSSW.exe" [2005-10-18 10:29 372736]
"News Service"="C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe" [2005-05-31 14:45 356352]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-03-22 09:39 167936]
"DataLayer"="C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe" [2005-03-31 09:30 1106944]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 14:00 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Antivirus Firewall.lnk - C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe [2008-04-11 22:33:33 32807]
Run Google Web Accelerator.lnk - C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe [2007-07-09 22:24:38 1134592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3acm"= ac3acm.acm
"msacm.lameacm"= lameACM.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2008-02-22 17:58 217544 C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-04-01 11:39 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-02-28 17:07 1828136 C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
--a------ 2006-04-28 02:36 260896 C:\Program Files\Microsoft LifeCam\LifeExp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-02-18 16:29 2221352 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2008-02-28 09:59 570664 C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-11-03 09:59 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\Program Files\\NetMeeting\\Conf.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Program Files\\Fichiers communs\\Nero\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\AntivirusFirewall\\backweb\\6588780\\Program\\fspex.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3478:UDP"= 3478:UDP:stun
"3479:UDP"= 3479:UDP:stun 2
"6112:UDP"= 6112:UDP:stun 3
"5730:UDP"= 5730:UDP:game
"5739:UDP"= 5739:UDP:game 1
"9001:TCP"= 9001:TCP:game 2
"11881:TCP"= 11881:TCP:game 3

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 17:04]
R2 BackWeb Plug-in - 6588780;Antivirus Firewall;C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE [2008-04-11 22:37]
R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 17:14]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSgk.sys [2008-04-11 22:47]
R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [2004-06-01 11:03]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamSvc.exe" [2006-04-18 05:32]
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-12-06 12:16]
R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2005-05-12 14:39]
R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-06-13 11:50]
S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-04-07 20:17]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
\Shell\AutoRun\command - M:\autorun_PES2008.exe

*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-22 11:03:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-23 00:00:09 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\ANTIVI~1\ANTI-V~1\fsav.exeZ /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\ANTIVI~1\ANTI-V~1\report.txt
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-23 18:41:42
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-23 18:42:08
ComboFix-quarantined-files.txt 2008-04-23 16:42:03
ComboFix2.txt 2008-04-23 16:11:31
ComboFix3.txt 2008-04-22 20:01:47

Pre-Run: 72,978,587,648 octets libres
Post-Run: 72,958,029,824 octets libres

313 --- E O F --- 2008-04-13 19:48:04




Le rapport Hijachthis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:46:34, on 23/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\AntivirusFirewall\Common\FSM32.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\AntivirusFirewall\Common\FCH32.EXE
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\PROGRA~1\ANTIVI~1\ANTI-S~1\fsaw.exe
C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.carrefour.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Startup Defender.lnk = C:\Program Files\Zards software\Startup Defender\Startup Defender.exe
O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.carrefour.fr/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/micros [...] 6571234203
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/micros [...] 6571226250
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 11928 bytes

Oui oui, on voit la différence entre avant et aprés.
Un grand merci à toi Angeldark, j'aurai jamais réussi sans ton aide.
Je vais refaire une analyse complète du pc et je te tient au courant, mais il ne doit plus rien resté. Je recevais plein de pub CID mais là plus rien.
Merci encore une fois et bravo.

Le rapport ToolsCleaner :


-->- Recherche:

C:\Combofix: trouvé !
C:\Lop SD: trouvé !
C:\Qoobox: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\Selçuk\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\Selçuk\Bureau\Lop S&D.lnk: trouvé !
C:\Documents and Settings\Selçuk\Bureau\LopSD.exe: trouvé !
C:\Documents and Settings\Selçuk\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\Selçuk\Bureau\HJTInstall.exe: trouvé !
C:\Documents and Settings\Selçuk\Menu Démarrer\Programmes\Lop S&D: trouvé !
C:\Lop SD\Lop S&D.lnk: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\Selçuk\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\Selçuk\Bureau\Lop S&D.lnk: supprimé !
C:\Documents and Settings\Selçuk\Bureau\LopSD.exe: supprimé !
C:\Documents and Settings\Selçuk\Bureau\ComboFix.exe: supprimé !
C:\Documents and Settings\Selçuk\Bureau\HJTInstall.exe: supprimé !
C:\Lop SD\Lop S&D.lnk: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Combofix: supprimé !
C:\Lop SD: supprimé !
C:\Qoobox: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\Selçuk\Menu Démarrer\Programmes\Lop S&D: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !




Merci à Toi Angeldark!!