Bonjour voila mes problems:
_mon pc redémarre tout seul tous les jours à 9h50!!!
_Internet Explorer m'empeche d'aller sur certains sites(qui sont tout à fait normaux ^^) qui en plus de cela plusieurs publicitées pour des jeux en ligne viennent s'ouvrir. En esperant grace à vous tout va redevenir normal.

Je vais poster mon rapport HijackThis.

Le voici:

Logfile of HijackThis v1.99.1
Scan saved at 10:21:49, on 14/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\Program Files\Hercules\WiFi Station\WifiStation.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\chef\Mes documents\Débarra\logiciels\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3095D50F-F1BA-4BBC-A54D-819EEB7E0898} - C:\WINDOWS\system32\ljJCuTmm.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {D083C3F4-4201-4765-B9B1-792C225AC410} - C:\WINDOWS\system32\mlJcAQiF.dll (file missing)
O2 - BHO: (no name) - {D1811913-FEB4-4342-A24A-763A2E79A3B1} - C:\WINDOWS\system32\rqRKEWMg.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Host Process] C:\Documents and Settings\chef\svchost.exe
O4 - HKLM\..\Run: [c8d4de60] rundll32.exe "C:\WINDOWS\system32\stsvhhnf.dll",b
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BMcbe7edfc] Rundll32.exe "C:\WINDOWS\system32\ynqijnff.dll",s
O4 - HKCU\..\Run: [UberIcon] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: WiFi Station.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\PROGRA~1\ALLOCA~1\allocam.exe (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\PROGRA~1\ALLOCA~1\allocam.exe (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wi [...] 3815331382
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD39/ [...] 586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6004ECB-7DA1-4550-9979-4634711A9F2F}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{E4A14A7A-0C27-4571-A1E0-AB61CD85964D}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: ljJCuTmm - ljJCuTmm.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Planificateur de tâches (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\svchost.exe (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

Bonjour,

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

• Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
• Afin de lancer la recherche, clic sur"Rechercher".
• Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :

-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.

AIDE : Tuto en images sur MBAM

voici le rapport:

Malwarebytes' Anti-Malware 1.17
Version de la base de données: 854

13:32:37 14/06/2008
mbam-log-6-14-2008 (13-32-37).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 171913
Temps écoulé: 1 hour(s), 29 minute(s), 40 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 32
Valeur(s) du Registre infectée(s): 11
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 56

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{81705d67-3f73-4983-859b-97d0922e5abe} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e94eb13e-d78f-0857-7734-5e67a49ffff1} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d9f6ce57-0718-4bd1-916f-5fb1f86911c2} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Installer\Features\9ee2330ae5f4470cac801baac83818c9 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0ec085a8-9818-43b7-b975-ec7555eda4d2} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1a74c41c-0837-4fbe-ba50-621eb70f01ce} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{25297614-1b76-4c2c-82c6-62738aa0e8f0} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{37f89457-1208-4670-9245-58c62bd6d870} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{45477032-abd0-454d-9ce4-ea34c10322f8} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{69e34747-0b27-4b30-ae20-1023bf29e246} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{79be5b3b-80b2-4b77-a042-efc90f6e0de7} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7c0ec6bf-81b9-4fe0-9447-4ed29a36bf5d} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7ebb34cf-1728-4136-a968-48f231dad1b4} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{88daa291-b413-4c46-b378-3be66f65369e} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{936a2f4a-53f8-4d2f-92aa-2f9de889841c} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{afcc3fa7-82a9-42d5-a405-78711e97a5d6} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cc05a4a3-7b28-488f-ab02-6aaedb86accf} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e80114aa-6653-4952-9e97-5f1dc63bee0f} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f9109a2a-432b-4add-a6fa-06ba22dcd2d9} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fca3958a-8d38-4d14-8b81-ccd7f68a8a01} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{cbd02e9b-37ef-47d2-96b0-3abbb2eb92bf} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\NetProject (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Service (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Secure Browsing (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c8d4de60 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{d9f6ce57-0718-4bd1-916f-5fb1f86911c2} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMcbe7edfc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Host Process (Worm.IRCBot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\mysearchnow.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.mysearchnow.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\rdblgsbl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lbsglbdr.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\stsvhhnf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fnhhvsts.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP167\A0565811.exe (Rogue.VirusHeat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP167\A0565825.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP167\A0565826.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP167\A0565827.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP167\A0566067.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP167\A0566080.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP167\A0566081.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP167\A0566257.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP168\A0567828.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP168\A0567829.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP168\A0567830.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP168\A0567874.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP168\A0567875.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP168\A0567900.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP168\A0567901.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP168\A0567902.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP168\A0568040.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP168\A0568187.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP168\A0568198.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP168\A0569102.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP168\A0569192.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP168\A0569451.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP168\A0569452.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP168\A0569453.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP169\A0569479.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP169\A0569480.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP169\A0569481.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP171\A0569980.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP171\A0569981.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP171\A0570017.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP171\A0570018.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP171\A0570019.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP171\A0570020.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP171\A0570021.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP181\A0573474.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP185\A0577642.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP188\A0577945.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP188\A0578295.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP188\A0578296.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP188\A0578307.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP188\A0578310.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP211\A0591904.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP211\A0591926.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP211\A0591937.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP211\A0591967.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP211\A0591976.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP211\A0591989.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ysifwvgi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ynqijnff.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

Re,

Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) !

• Télécharge ComboFix (sUBs) sur ton Bureau.
• Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
• Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer

Re desolé je ne trouve pas où desactiver l'antivirus( AVG free edition). Le d'sinstaller peut-il etre possible?? Vu que je dois changer!

Pas grave, fais sans la désactivation.

voila j'ai fais la desactivaton!!


ComboFix 08-06-12.2 - chef 2008-06-14 16:55:15.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.577 [GMT 2:00]
Endroit: C:\Documents and Settings\chef\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.
ADS - svchost.exe: deleted 100 bytes in 1 streams.
ADS - ntoskrnl.exe: deleted 100 bytes in 1 streams.
ADS - explorer.exe: deleted 36 bytes in 1 streams.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Temp\vtmp2
C:\WINDOWS\BMcbe7edfc.xml
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\Fonts\CALIBRIB.TTF
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\elvmsnmr.ini
C:\WINDOWS\system32\FiQAcJlm.ini
C:\WINDOWS\system32\FiQAcJlm.ini2
C:\WINDOWS\system32\gMWEKRqr.ini
C:\WINDOWS\system32\gMWEKRqr.ini2
C:\WINDOWS\system32\hibcycqs.ini
C:\WINDOWS\system32\ilcgtuht.dll
C:\WINDOWS\system32\iqugpjge.dll
C:\WINDOWS\system32\jybvweys.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\tnmojbae.dll
C:\WINDOWS\system32\umqlwngo.ini

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-14 to 2008-06-14 ))))))))))))))))))))))))))))))))))))
.

2008-06-14 11:57 . 2008-06-14 11:57 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-14 11:57 . 2008-06-14 11:57 <REP> d-------- C:\Documents and Settings\chef\Application Data\Malwarebytes
2008-06-14 11:57 . 2008-06-14 11:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-14 11:57 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-14 11:57 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-14 11:49 . 2008-06-14 11:49 <REP> d-------- C:\Documents and Settings\chef\Application Data\Uniblue
2008-06-12 22:52 . 2008-06-12 22:52 <REP> d-------- C:\Program Files\SystemRequirementsLab
2008-06-11 10:47 . 2008-06-11 10:47 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-06-11 08:39 . 2008-04-14 17:52 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 08:39 . 2008-04-14 17:52 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-06 18:31 . 2008-06-06 18:31 <REP> d-------- C:\Program Files\RomuSoft
2008-06-03 13:53 . 2008-06-03 13:53 192,512 --a------ C:\WINDOWS\off-road-uninst.exe
2008-06-03 13:52 . 2008-06-03 16:51 <REP> d-------- C:\Program Files\M6 Jeux
2008-06-03 13:52 . 2008-06-03 13:52 <REP> d-------- C:\Program Files\Fichiers communs\Oberon Media
2008-06-03 13:32 . 2008-06-03 13:32 <REP> d-------- C:\Documents and Settings\chef\Application Data\THQ
2008-05-27 17:53 . 2008-05-27 17:53 123 --a------ C:\WINDOWS\wininit.ini
2008-05-24 08:18 . 2008-05-24 08:21 <REP> d--hs---- C:\Documents and Settings\chef\!
2008-05-24 08:18 . 2008-05-24 08:18 0 --a------ C:\WINDOWS\system32\taskkill.exe
2008-05-24 08:17 . 2008-05-29 09:18 <REP> d-------- C:\WINDOWS\system32\vntiho05
2008-05-16 17:04 . 2008-05-27 16:36 <REP> d-------- C:\Program Files\LimeWire
2008-05-16 17:04 . 2008-05-27 16:27 <REP> d-------- C:\Documents and Settings\chef\Application Data\LimeWire
2008-05-16 13:57 . 2008-06-11 17:58 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-16 13:57 . 2008-05-16 13:57 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-14 07:12 --------- d-----w C:\Documents and Settings\chef\Application Data\AVG7
2008-06-14 03:41 --------- d-----w C:\Program Files\eMule
2008-06-13 15:02 --------- d-----w C:\Program Files\EA GAMES
2008-06-12 20:56 --------- d-----w C:\Program Files\VisualTaskTips
2008-06-09 19:22 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-06-04 08:22 --------- d-----w C:\Documents and Settings\chef\Application Data\AdobeUM
2008-06-03 11:57 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-03 11:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-29 07:55 --------- d-----w C:\Program Files\SuperMarioPac
2008-05-23 15:27 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-18 13:07 --------- d-----w C:\Program Files\VirtualDJ
2008-05-16 05:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-09 16:56 --------- d-----w C:\Program Files\Java
2008-05-09 16:53 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-02 10:28 --------- d-----w C:\Program Files\Windows Live
2008-05-02 10:28 --------- d-----w C:\Program Files\Fake Webcam
2008-03-14 21:24 74,752 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-03-14 21:24 253,952 ------w C:\WINDOWS\Setup1.exe
2008-03-14 17:53 71,326 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-03-14 17:53 5,368 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-03-14 16:55 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
2008-01-02 17:02 22,328 ----a-w C:\Documents and Settings\chef\Application Data\PnkBstrK.sys
2004-08-05 12:00 60,416 --sha-w C:\WINDOWS\BricoPacks\SysFiles\80_msimn.exe
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3095D50F-F1BA-4BBC-A54D-819EEB7E0898}]
C:\WINDOWS\system32\ljJCuTmm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D083C3F4-4201-4765-B9B1-792C225AC410}]
C:\WINDOWS\system32\mlJcAQiF.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D1811913-FEB4-4342-A24A-763A2E79A3B1}]
C:\WINDOWS\system32\rqRKEWMg.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UberIcon"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe" [ ]
"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"H/PC Connection Agent"="C:\PROGRA~1\MI3AA1~1\wcescomm.exe" [2006-11-13 14:07 1289000]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-10-10 15:49 7286784]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 09:47 579584]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-07-05 00:50 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-19 21:38 219136]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]
"{3095D50F-F1BA-4BBC-A54D-819EEB7E0898}"= C:\WINDOWS\system32\ljJCuTmm.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljJCuTmm]
ljJCuTmm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.VP40"= vp4vfw.dll
"vidc.ffds"= ffdshow.ax
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahm30.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ovc41.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\mcoinstall.exe"=
"C:\\Program Files\\EA GAMES\\MOHDA\\MOHAA.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Call of Duty Game of the Year Edition\\CoDMP.exe"=
"C:\\Program Files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"<NO NAME>"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Documents and Settings\\chef\\Mes documents\\Jeux\\mini jeux\\Volley\\volley.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\EA GAMES\\NFS Underground\\Speed.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 TICalc;TICalc;C:\WINDOWS\system32\drivers\TICalc.sys [2000-02-22 16:46]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-05 14:00]
S0 Ahm30;Ahm30;C:\WINDOWS\system32\Drivers\Ahm30.sys []
S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 16:49]
S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 16:50]
S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 16:50]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys [2006-03-13 16:50]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys [2006-03-13 16:50]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcfbf0e4-d006-11dc-96f4-0015f237590f}]
\Shell\Auto\command - Cn911.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-02-22 16:15:01 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-14 17:00:34
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt\" --defaults-file=\"C:\Program Files\MySQL\MySQL Server 4.1\my.ini\" MySQL"
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\searchindexer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Hercules\WiFi Station\WiFiStation.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-14 17:06:36 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-14 15:06:32

Pre-Run: 73,027,543,040 octets libres
Post-Run: 73,348,734,976 octets libres

214 --- E O F --- 2008-06-11 08:48:16

Re,

Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.