gros problèmes de virus

Bonjour,

As tu essayé de redémarrer ton ordinateur en mode sans echec pour lancer HJT ?

Il faut faire F8 au démarrage poru avoir accès au menu démarrage windows et choisir démarrer windows en mode sans échec.

Bonjour,
voilà le fichier result :

Tue Jul 01 11:40:43 2008
EliBagle v11.53 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 27 de Junio del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Tue Jul 01 11:41:34 2008
EliBagle v11.53 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 27 de Junio del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Program Files\Google\GoogleToolbarNotifier\GOOGLETOOLBARNOTIFIER.EXE --> Eliminado Bagle.dldr
C:\Recycled\DC1753.ZIP --> Eliminado Bagle.dldr
C:\Recycled\DC1754.EXE --> Eliminado Bagle.dldr

Nº Total de Directorios: 6032
Nº Total de Ficheros: 74491
Nº de Ficheros Analizados: 14635
Nº de Ficheros Infectados: 3
Nº de Ficheros Limpiados: 3

Impossible de lancer COMBOFIX
j'ai le même message :
combo-fix.exe n'est pas une application win 32 valide

Bonjour,
je n'ai pas eu le temps de m'occuper du problème pour des raisons familliales.

Bref, merci pour votre aide mais je ne peux toujours pas lancer ce combofix.
il m'affiche le meme message : ... n'est pas une application valide

voici le rapport de combofix :

ComboFix 08-07-09.5 - MVanlaeres 2008-07-10 10:22:28.1 - [color=red]FAT32[/color]x86 NETWORK
Endroit: C:\Documents and Settings\mvanlaeres\Bureau\Combo-Fix.exe

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Starware
C:\Documents and Settings\mvanlaeres\Application Data\install.dat
C:\Documents and Settings\mvanlaeres\Bureau\Error Cleaner.url
C:\Documents and Settings\mvanlaeres\Bureau\Privacy Protector.url
C:\Documents and Settings\mvanlaeres\Bureau\Spyware&Malware Protection.url
C:\Documents and Settings\mvanlaeres\Favoris\Error Cleaner.url
C:\Documents and Settings\mvanlaeres\Favoris\Privacy Protector.url
C:\Documents and Settings\mvanlaeres\Favoris\Spyware&Malware Protection.url
C:\Program Files\screensavers.com
C:\Program Files\screensavers.com\Installer\bin\iebyterange.xml
C:\Program Files\screensavers.com\Installer\bin\iebyterange.xml.backup
C:\Program Files\screensavers.com\Installer\bin\ScreensaversInst.dll
C:\Program Files\screensavers.com\Installer\bin\siuninst.exe
C:\Program Files\screensavers.com\Installer\temp\dmB4.tmp
C:\Program Files\screensavers.com\Installer\temp\mstub-pal_ncr_qt_a359_r16934.exe
C:\Program Files\screensavers.com\Installer\temp\pltbinst.exe
C:\Program Files\screensavers.com\Wallpaper\Heidi Klum.jpg
C:\Program Files\screensavers.com\Wallpaper\swpstart.exe
C:\WINDOWS\edla.exe
C:\WINDOWS\ksendlbtrkd.dll
C:\WINDOWS\neltabxw.exe
C:\WINDOWS\system32\_000046_.tmp.dll
C:\WINDOWS\system32\dial32.exe
C:\WINDOWS\system32\drivers\down
C:\WINDOWS\system32\intranet.dll
C:\WINDOWS\system32\mdm.exe
C:\WINDOWS\system32\oeminfo.ini
C:\WINDOWS\system32\regsvr.exe
C:\WINDOWS\system32\svcp.csv
C:\WINDOWS\system32\winsub.xml
C:\WINDOWS\system32\z11.exe
C:\WINDOWS\system32\zlbw.dll
C:\WINDOWS\vrmdtneg.dll
C:\WINDOWS\wpvmqosg.dll
C:\WINDOWS\xvorfwbd.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-10 to 2008-07-10 ))))))))))))))))))))))))))))))))))))
.

2008-07-01 11:02 . 2008-07-01 11:02 <REP> d--hs---- C:\FOUND.000
2008-06-24 15:15 . 2008-06-24 15:15 <REP> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2008-06-24 15:05 . 2008-06-24 15:05 <REP> d-------- C:\$ldcfg$
2008-06-24 14:38 . 2008-06-24 14:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-24 11:51 . 2008-06-24 11:51 <REP> d-------- C:\magicmenu
2008-06-24 11:51 . 2008-06-24 15:50 485,493 --a------ C:\magicmenu.zip
2008-06-13 11:35 . 2008-06-13 11:35 <REP> d-------- C:\SAVMX1
2008-06-13 11:34 . 2008-06-13 11:34 <REP> d-------- C:\SESAM
2008-06-13 11:31 . 2008-06-10 12:39 165,957,935 --a------ C:\FICLHA.LZH

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-04 08:52 --------- d-----w C:\Program Files\MSECache
2008-06-04 08:13 --------- d-----w C:\Program Files\LogMeIn
2008-06-04 07:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogMeIn
2008-06-02 13:30 13,493,760 ----a-w C:\Picard.exe
2008-05-29 07:18 --------- d-----w C:\Program Files\Apache Software Foundation
2008-05-28 10:33 83,288 ----a-w C:\WINDOWS\SYSTEM32\LMIRfsClientNP.dll
2008-05-28 10:33 24,608 ----a-w C:\WINDOWS\SYSTEM32\LMIport.dll
2008-05-28 10:32 87,352 ----a-w C:\WINDOWS\SYSTEM32\LMIinit.dll
2008-05-28 10:32 23,736 ----a-w C:\WINDOWS\SYSTEM32\lmimirr.dll
2008-05-28 10:32 10,040 ----a-w C:\WINDOWS\SYSTEM32\lmimirr2.dll
2008-05-16 07:05 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-04-18 07:52 579 ----a-w C:\Thalwin.bat
2008-03-31 11:08 1,437 ----a-w C:\Program Files\INSTALL.LOG
2004-11-12 07:39 0 ----a-w C:\Documents and Settings\mvanlaeres\FAVORITES.DAT
2004-11-12 07:38 25 ----a-w C:\Documents and Settings\mvanlaeres\RomInfo.dat
2002-07-26 15:02 153,088 ----a-w C:\Program Files\UNWISE.EXE
1999-04-06 12:27 99,840 ----a-w C:\Program Files\Fichiers communs\IRAABOUT.DLL
1998-12-09 02:53 70,144 ----a-w C:\Program Files\Fichiers communs\IRAMDMTR.DLL
1998-12-09 02:53 48,640 ----a-w C:\Program Files\Fichiers communs\IRALPTTR.DLL
1998-12-09 02:53 31,744 ----a-w C:\Program Files\Fichiers communs\IRAWEBTR.DLL
1998-12-09 02:53 186,368 ----a-w C:\Program Files\Fichiers communs\IRAREG.DLL
1998-12-09 02:53 17,920 ----a-w C:\Program Files\Fichiers communs\IRASRIAL.DLL
2004-08-19 14:10 73,728 --sha-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-06-24 14:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-02-10 11:55 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-02-10 11:51 118784]
"CAP3ON"="C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3ONN.EXE" [2002-07-30 09:00 22528]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-06-17 16:04 98304]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-28 09:03 1836544]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 15:31 63048]
"IntelAPMClient"="C:\Program Files\LANDesk\LDClient\amclient.exe" [2007-03-30 05:56 327680]
"SDClientMonitor"="C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe" [2006-11-01 08:06 258048]

[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"1"="http://intradim" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-05-28 12:32 87352 C:\WINDOWS\SYSTEM32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Boot.Bat]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Boot.Bat
backup=C:\WINDOWS\pss\Boot.BatCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Fenêtre d'état de Canon LASER SHOT LBP-1120.LNK]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Fenêtre d'état de Canon LASER SHOT LBP-1120.LNK
backup=C:\WINDOWS\pss\Fenêtre d'état de Canon LASER SHOT LBP-1120.LNKCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^MemTurbo.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\MemTurbo.lnk
backup=C:\WINDOWS\pss\MemTurbo.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^mvanlaeres^Menu Démarrer^Programmes^Démarrage^MemTurbo.lnk]
path=C:\Documents and Settings\mvanlaeres\Menu Démarrer\Programmes\Démarrage\MemTurbo.lnk
backup=C:\WINDOWS\pss\MemTurbo.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IST Service]
C:\Program Files\ISTsvc\ [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\switp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TNFckKXkd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AQ3HelperStartUp]
--a------ 2004-10-01 12:02 253952 C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aupd]
--a------ 2006-02-23 10:47 48678 C:\WINDOWS\SYSTEM32\symsvcsa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-04-04 00:29 165784 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
-ra------ 2002-08-14 13:22 28672 C:\WINDOWS\SYSTEM32\DSentry.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
--a------ 2005-07-12 15:35 473928 C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2004-02-10 11:55 155648 C:\WINDOWS\SYSTEM32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-08-11 16:30 249856 C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-08-11 16:30 81920 C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2005-05-04 17:21 278528 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]
-ra------ 2006-01-30 18:00 98304 C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2005-06-17 16:04 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Realtime Monitor]
--a------ 2008-07-10 08:21 493024 C:\PROGRA~1\CA\ETRUST~1\Realmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
--a------ 2004-08-19 16:09 144384 C:\WINDOWS\SYSTEM32\mobsync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VVSN]
--a------ 2005-10-25 09:56 107520 C:\Program Files\VVSN\VVSN.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2003-12-13 02:50 33792 C:\Program Files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LANDesk\\Shared Files\\residentagent.exe"=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f4dcdb2-6c8f-11da-a38a-000d56c50254}]
\Shell\AutoRun\command - G:\sysclean.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33f5fe91-7eb6-11db-a3ed-000d56c50254}]
\Shell\AutoRun\command - I:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f7b8753-8087-11dc-8cbd-000d56c50254}]
\Shell\AutoRun\command - F:\LaunchU3.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-03-28 07:03:50 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-swg - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKLM-Run-Adobe Photo Downloader - C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
HKLM-Run-MSNSysRestore - C:\WINDOWS\system32\pc32.exe
HKU-Default-Run-CTFMON.EXE - C:\WINDOWS\System32\CTFMON.EXE
MSConfigStartUp-AdaptecDirectCD - C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
MSConfigStartUp-Adobe Photo Downloader - C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
MSConfigStartUp-AutoUpdater - C:\Program Files\AutoUpdate\AutoUpdate.exe
MSConfigStartUp-BO1HelperStartUp - C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE
MSConfigStartUp-CTFMON - C:\WINDOWS\System32\ctfmon.exe
MSConfigStartUp-eBayToolbar - C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
MSConfigStartUp-gw7sRjMFl - hsfxdev.exe
MSConfigStartUp-x7oi3tg - gwfend.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-10 10:28:21
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MySQL]
"ImagePath"="\"C:\WWW\MySQL\bin\mysqld-nt\" --defaults-file=\"C:\WWW\MySQL\my.ini\" MySQL"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\LEXBCES.EXE
C:\WWW\Apache2\bin\httpd.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\Program Files\Quest Software\Toad for DB2 Freeware 3.0\DB2 Client\BIN\db2mgmtsvc.exe
C:\PROGRA~1\LANDesk\LDClient\collector.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\LANDesk\LDClient\tmcsvc.exe
C:\WWW\Apache2\bin\httpd.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\CAP3RSK.EXE
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\WWW\MySQL\bin\mysqld-nt.exe
C:\Program Files\LANDesk\LDClient\softmon.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-10 10:33:35 - machine was rebooted [MVanlaeres]
ComboFix-quarantined-files.txt 2008-07-10 08:33:28

Pre-Run: 2,196,500,480 octets libres
Post-Run: 1,623,859,200 octets libres

245

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:33, on 2008-07-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WWW\Apache2\bin\httpd.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\Program Files\Quest Software\Toad for DB2 Freeware 3.0\DB2 Client\BIN\db2mgmtsvc.exe
C:\PROGRA~1\LANDesk\LDClient\collector.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\LANDesk\LDClient\tmcsvc.exe
C:\WWW\Apache2\bin\httpd.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\CAP3RSK.EXE
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\WWW\MySQL\bin\mysqld-nt.exe
C:\Program Files\LANDesk\LDClient\softmon.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intradim/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy-web.santesurf.com:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.cegedimgroup;*.cegedim.grp;*.cegedim;*.cegedim.fr;*.santesurf.com;*.cegedim-srh;*.teamsweb.org;*.teamsweb.net;*.medexact.fr;128.*;172.*;*.data.fr;*.soltimfm;*.alliadis.net;*.resipfse.net;*.hospitalis.org;*.hospi-marches.com;*.hospi-marches.fr;*.cegedim-srh.com;192.168.*;*.cegedim.com;*.amispharma.fr;*.aclclub.org;*.cegedimstrategicdata.com;*.cegedim-strategic-data.com;*.cam-group.*;*.cam-partners.com;*.cegedimsd.com;*.decisionsresearch.com;*.mscegedim.com;*.reseau;192.168.*;155.94.60.143;10.248.64.242;10.229.245.128;*.*.wyeth.*;*.epartner.wyeth.com;10.0.0.*;*.juniper.*;10.229.*;10.228.*;*.drte.com;cegedim.grp;*.targetsoftware.com;*.targetmm.com;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CAP3ON] C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3ONN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [IntelAPMClient] "C:\Program Files\LANDesk\LDClient\amclient.exe" /apm /s /ro /Retry=2 /Tspan=60 /Rstart
O4 - HKLM\..\Run: [SDClientMonitor] "C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Policies\Explorer\Run: [1] http://intradim
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://intradim
O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://videohd.m6.fr.ipercast.net/installer-hidden.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - http://us.dl1.yimg.com/download.ya [...] st0401.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/down [...] leId=19588
O16 - DPF: {DC811A54-8FE7-4653-9DB6-49CEABCE705A} (MOVEitUpDownWiz Class) - https://teledistrib.cegedim.fr/COM/ [...] d5.1.0.ocx
O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} (NTR ActiveX 1.1.8) - http://inquiero.cegedim.fr/inquier [...] 118_24.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (&Yahoo! Toolbar) - http://us.dl1.yimg.com/download.co [...] 3_18_0.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cegedim.cegedimgroup
O17 - HKLM\Software\..\Telephony: DomainName = cegedim.cegedimgroup
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cegedim.cegedimgroup
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = cegedim.cegedimgroup
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = cegedim.cegedimgroup
O23 - Service: Apache2.2 - Apache Software Foundation - C:\WWW\Apache2\bin\httpd.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: LANDesk(R) Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe
O23 - Service: DB2 Management Service (ToadF30) (DB2MGMTSVC_ToadF30) - International Business Machines Corporation - C:\Program Files\Quest Software\Toad for DB2 Freeware 3.0\DB2 Client\BIN\db2mgmtsvc.exe
O23 - Service: DB2 Security Server (ToadF30) (DB2NTSECSERVER_ToadF30) - International Business Machines Corporation - C:\Program Files\Quest Software\Toad for DB2 Freeware 3.0\DB2 Client\BIN\db2sec.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: Multicast LANDesk ciblé (Intel Targeted Multicast) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\tmcsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LANDesk CBA8 RPC Execute - Unknown owner - C:\WINDOWS\$ldcba8$\ntremoteexec.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: MySQL - Unknown owner - C:\WWW\MySQL\bin\mysqld-nt (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: LANDesk(R) Software Monitoring Service (Softmon) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\softmon.exe

--
End of file - 11458 bytes

Re,
comme c'est bizarre, il n'a rien trouvé comme virus.
pour info : depuis le passage de combofix, j'ai constaté du mieux mais lorsque j'essaie de lancer spyboot par exemple, il me dit toujours que ce nest pas une application win32 valide.

voici le compte rendu de Antivir.
Merci
Avira AntiVir Personal
Report file date: 2008-07-10 15:10

Scanning for 1165085 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: MVanlaeres
Computer name: MVANLAERES

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 2008-04-09 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 2008-03-18 09:02:58
AVSCAN.DLL : 8.1.1.0 53505 Bytes 2008-02-07 08:43:38
LUKE.DLL : 8.1.2.9 151809 Bytes 2008-02-28 08:41:24
LUKERES.DLL : 8.1.2.1 12033 Bytes 2008-02-21 08:28:42
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 10:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 2008-03-07 13:08:58
ANTIVIR2.VDF : 7.0.3.62 337408 Bytes 2008-03-21 19:12:34
ANTIVIR3.VDF : 7.0.3.68 57856 Bytes 2008-03-25 08:27:50
Engineversion : 8.1.0.28
AEVDF.DLL : 8.1.0.5 102772 Bytes 2008-02-25 09:58:22
AESCRIPT.DLL : 8.1.0.19 229754 Bytes 2008-04-07 15:34:46
AESCN.DLL : 8.1.0.12 115060 Bytes 2008-04-07 15:34:46
AERDL.DLL : 8.1.0.19 418164 Bytes 2008-04-07 15:34:46
AEPACK.DLL : 8.1.1.0 364918 Bytes 2008-03-18 11:20:44
AEOFFICE.DLL : 8.1.0.15 192889 Bytes 2008-04-07 15:34:46
AEHEUR.DLL : 8.1.0.15 1147253 Bytes 2008-04-07 15:34:46
AEHELP.DLL : 8.1.0.11 115061 Bytes 2008-04-07 15:34:44
AEGEN.DLL : 8.1.0.15 299379 Bytes 2008-04-07 15:34:44
AEEMU.DLL : 8.1.0.5 430450 Bytes 2008-04-07 15:34:44
AECORE.DLL : 8.1.0.25 168309 Bytes 2008-04-08 09:58:34
AVWINLL.DLL : 1.0.0.7 14593 Bytes 2008-01-23 17:07:54
AVPREF.DLL : 8.0.0.1 25857 Bytes 2008-02-18 10:37:52
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:26:48
AVREG.DLL : 8.0.0.0 30977 Bytes 2008-01-23 17:07:50
AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 08:29:24
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2008-02-28 08:31:32
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-22 17:28:04
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 2008-01-23 17:08:40
NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 12:05:12
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 2008-03-10 14:37:26
RCTEXT.DLL : 8.0.32.0 86273 Bytes 2008-03-06 12:02:12

Configuration settings for the scan:
Jobname..........................: Rootkit search
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\rootkit.avp
Logging..........................: high
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Scan memory......................: off
Process scan.....................: off
Scan registry....................: off
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high
Expanded search settings.........: 0x00300922

Start of the scan: 2008-07-10 15:10

Starting search for hidden objects.
HKEY_LOCAL_MACHINE\Software\ShudderLTD\PSGuard\PSGuard\License\data
[INFO] The registry entry is invisible.
HKEY_USERS\S-1-5-21-449860374-1898712295-1848903544-2994\Software\Microsoft\Protected Storage System Provider\S-1-5-21-449860374-1898712295-1848903544-2994\data
[INFO] The registry entry is invisible.
'453801' objects were checked, '2' hidden objects were found.


End of the scan: 2008-07-10 15:12
Used time: 02:40 min

The scan has been done completely.

0 Scanning directories
0 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
0 Files cannot be scanned
0 Files not concerned
0 Archives were scanned
0 Warnings
0 Notes
453801 Objects were scanned with rootkit scan
2 Hidden objects were found

effectivement le traitement est beaucoup plus long, le traitement n'est pas terminé.
Il reste 20 % et je dois y aller.
pour info il a trouvé 35 détections, je les mets tous en quarantaine.

Bonjour, voici le compte rendu d'antivir :



Avira AntiVir Personal
Report file date: 2008-07-10 16:21

Scanning for 1165085 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: MVanlaeres
Computer name: MVANLAERES

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 2008-04-09 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 2008-03-18 09:02:58
AVSCAN.DLL : 8.1.1.0 53505 Bytes 2008-02-07 08:43:38
LUKE.DLL : 8.1.2.9 151809 Bytes 2008-02-28 08:41:24
LUKERES.DLL : 8.1.2.1 12033 Bytes 2008-02-21 08:28:42
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 10:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 2008-03-07 13:08:58
ANTIVIR2.VDF : 7.0.3.62 337408 Bytes 2008-03-21 19:12:34
ANTIVIR3.VDF : 7.0.3.68 57856 Bytes 2008-03-25 08:27:50
Engineversion : 8.1.0.28
AEVDF.DLL : 8.1.0.5 102772 Bytes 2008-02-25 09:58:22
AESCRIPT.DLL : 8.1.0.19 229754 Bytes 2008-04-07 15:34:46
AESCN.DLL : 8.1.0.12 115060 Bytes 2008-04-07 15:34:46
AERDL.DLL : 8.1.0.19 418164 Bytes 2008-04-07 15:34:46
AEPACK.DLL : 8.1.1.0 364918 Bytes 2008-03-18 11:20:44
AEOFFICE.DLL : 8.1.0.15 192889 Bytes 2008-04-07 15:34:46
AEHEUR.DLL : 8.1.0.15 1147253 Bytes 2008-04-07 15:34:46
AEHELP.DLL : 8.1.0.11 115061 Bytes 2008-04-07 15:34:44
AEGEN.DLL : 8.1.0.15 299379 Bytes 2008-04-07 15:34:44
AEEMU.DLL : 8.1.0.5 430450 Bytes 2008-04-07 15:34:44
AECORE.DLL : 8.1.0.25 168309 Bytes 2008-04-08 09:58:34
AVWINLL.DLL : 1.0.0.7 14593 Bytes 2008-01-23 17:07:54
AVPREF.DLL : 8.0.0.1 25857 Bytes 2008-02-18 10:37:52
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:26:48
AVREG.DLL : 8.0.0.0 30977 Bytes 2008-01-23 17:07:50
AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 08:29:24
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2008-02-28 08:31:32
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-22 17:28:04
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 2008-01-23 17:08:40
NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 12:05:12
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 2008-03-10 14:37:26
RCTEXT.DLL : 8.0.32.0 86273 Bytes 2008-03-06 12:02:12

Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: 2008-07-10 16:21

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'amclient.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'LMIGuardian.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'SDClientMonitor.exe' - '1' Module(s) have been scanned
Scan process 'LogMeInSystray.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'fbserver.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'CAP3SWK.EXE' - '1' Module(s) have been scanned
Scan process 'sqlwriter.exe' - '1' Module(s) have been scanned
Scan process 'sqlbrowser.exe' - '1' Module(s) have been scanned
Scan process 'SoftMon.exe' - '1' Module(s) have been scanned
Scan process 'mysqld-nt.exe' - '1' Module(s) have been scanned
Scan process 'sqlservr.exe' - '1' Module(s) have been scanned
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'LMIGuardian.exe' - '1' Module(s) have been scanned
Scan process 'CAP3RSK.EXE' - '1' Module(s) have been scanned
Scan process 'LogMeIn.exe' - '1' Module(s) have been scanned
Scan process 'RaMaint.exe' - '1' Module(s) have been scanned
Scan process 'httpd.exe' - '1' Module(s) have been scanned
Scan process 'tmcsvc.exe' - '1' Module(s) have been scanned
Scan process 'pds.exe' - '1' Module(s) have been scanned
Scan process 'LocalSch.EXE' - '1' Module(s) have been scanned
Scan process 'Iap.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'fbguard.exe' - '1' Module(s) have been scanned
Scan process 'collector.exe' - '1' Module(s) have been scanned
Scan process 'db2mgmtsvc.exe' - '1' Module(s) have been scanned
Scan process 'residentAgent.exe' - '1' Module(s) have been scanned
Scan process 'ASFAgent.exe' - '1' Module(s) have been scanned
Scan process 'httpd.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'LEXBCES.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
53 processes with 53 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '16' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\boot.inx
[DETECTION] Is the Trojan horse TR/Dldr.Del.aeq.1.A
[NOTE] The file was moved to '48e51c30.qua'!
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\48e51c30.qua
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\48e51c30.qua
[DETECTION] Is the Trojan horse TR/Dldr.Del.aeq.1.A
[NOTE] The file was moved to '48db1c86.qua'!
C:\Documents and Settings\mvanlaeres\Bureau\Combo-Fix.exe
[0] Archive type: RAR SFX (self extracting)
--> 327882R2FWJFW\psexec.cfexe
[DETECTION] Contains detection pattern of the application APPL/Rmadmin.131072
--> 327882R2FWJFW\pv.cfexe
[DETECTION] Contains detection pattern of the SPR/Tool.PV program
[NOTE] The file was moved to '48e31d0b.qua'!
C:\Program Files\Microsoft AntiSpyware\Quarantine\46209807-08D6-47B8-82C7-E6C56B\C495A926-A3D6-4DA3-8D20-12B7D6
[DETECTION] Is the Trojan horse TR/StartPage.VB.FV
[NOTE] The file was moved to '48af1f80.qua'!
C:\Program Files\Microsoft AntiSpyware\Quarantine\46209807-08D6-47B8-82C7-E6C56B\8FE91FEC-97EC-485F-9950-81012B
[DETECTION] Is the Trojan horse TR/StartPage.VB.FV
[NOTE] The file was moved to '48bb1f94.qua'!
C:\Program Files\Microsoft AntiSpyware\Quarantine\301831F7-4C9B-433E-943E-C23B40\19919841-BC08-4FF2-94C4-1D6932
[DETECTION] Contains detection pattern of the dropper DR/Shopper.C.1
[NOTE] The file was moved to '48af1f8a.qua'!
C:\Program Files\Microsoft AntiSpyware\Quarantine\301831F7-4C9B-433E-943E-C23B40\721E471C-1852-4076-816F-7F793E
[DETECTION] Contains detection pattern of the dropper DR/Shopper.C.1
[NOTE] The file was moved to '48a71f85.qua'!
C:\Program Files\Microsoft AntiSpyware\Quarantine\301831F7-4C9B-433E-943E-C23B40\38CCDCD5-FA23-4EAA-8A76-9CA7B7
[DETECTION] Contains detection pattern of the dropper DR/Shopper.C.1
[NOTE] The file was moved to '48b91f8d.qua'!
C:\Program Files\Microsoft AntiSpyware\Quarantine\EBB58AA6-B1DD-4D46-97F7-71F132\87DE35D8-1C84-4304-A127-6FD77E
[DETECTION] Is the Trojan horse TR/Drop.Small.MR.1
[NOTE] The file was moved to '48ba1f8e.qua'!
C:\Program Files\Microsoft AntiSpyware\Quarantine\A955603B-09AC-4D0A-A8A4-CDCB66\7277AD7E-8C94-4904-B072-6162D4
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.AY Backdoor server programs
[NOTE] The file was moved to '48ad1f8b.qua'!
C:\Program Files\Microsoft AntiSpyware\Quarantine\A955603B-09AC-4D0A-A8A4-CDCB66\2AF68EE8-06FB-42BA-A835-9E1168
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.AY Backdoor server programs
[NOTE] The file was moved to '48bc1f9f.qua'!
C:\Program Files\Alcohol Soft\Alcohol 120\Patch1005.exe
[DETECTION] Contains detection pattern of the application APPL/Tpatch.P
[NOTE] The file was moved to '48ea201a.qua'!
C:\Program Files\ZIP PASSWORD FINDER\recover.exe
[DETECTION] Contains detection pattern of the SPR/PSWRecover.A program
[NOTE] The file was moved to '48d9201f.qua'!
C:\WINDOWS\SYSTEM32\z12.exe
[DETECTION] Is the Trojan horse TR/Small.AWA
[NOTE] The file was moved to '48a820c5.qua'!
C:\WINDOWS\SYSTEM32\z13.exe
[DETECTION] Is the Trojan horse TR/Dldr.Del.aco.5.D
[NOTE] The file was moved to '48a920c6.qua'!
C:\WINDOWS\SYSTEM32\z15.exe
[DETECTION] Is the Trojan horse TR/Dldr.Del.aco.5.B
[NOTE] The file was moved to '48ab20c8.qua'!
C:\WINDOWS\SYSTEM32\z16.exe
[DETECTION] Is the Trojan horse TR/Dldr.Small.agq.4
[NOTE] The file was moved to '48ac20c8.qua'!
C:\WINDOWS\SYSTEM32\exeha2.exe
[DETECTION] Is the Trojan horse TR/Dldr.Small.agq.4
[NOTE] The file was moved to '48db2111.qua'!
C:\WINDOWS\SYSTEM32\supd130404.exe
[DETECTION] Is the Trojan horse TR/Dldr.Esepor.m.2
[NOTE] The file was moved to '48e62112.qua'!
C:\WINDOWS\SYSTEM32\exeha3.exe
[DETECTION] Is the Trojan horse TR/Dldr.CWS.ARQ.2
[NOTE] The file was moved to '48db2116.qua'!
C:\WINDOWS\SYSTEM32\symsvcsa.exe
[DETECTION] Is the Trojan horse TR/PCK.Tibs
[NOTE] The file was moved to '48e32118.qua'!
C:\WINDOWS\SYSTEM32\sywsvcs.exe
[DETECTION] Is the Trojan horse TR/Packed.Klone.b.1
[NOTE] The file was moved to '48ed2118.qua'!
C:\WINDOWS\SYSTEM32\comdlj32.dll
[DETECTION] Is the Trojan horse TR/Rkit.Agent.BK
[NOTE] The file was moved to '48e32115.qua'!
C:\WINDOWS\SYSTEM32\paradise.raw.exe
[DETECTION] Is the Trojan horse TR/Packed.Klone.b.1
[NOTE] The file was moved to '48e8210c.qua'!
C:\WINDOWS\SYSTEM32\taskdir.dll
[DETECTION] Is the Trojan horse TR/Agent.BKT.1
[NOTE] The file was moved to '48e92111.qua'!
C:\WINDOWS\SYSTEM32\sysupd1003.exe
[DETECTION] Is the Trojan horse TR/Clicker.Small.AN
[NOTE] The file was moved to '48e9213a.qua'!
C:\WINDOWS\SYSTEM32\DRIVERS\sptd.sys
[WARNING] The file could not be opened!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\dial32.exe.vir
[DETECTION] Is the Trojan horse TR/Dialer.AY.6
[NOTE] The file was moved to '48d72250.qua'!
Begin scan in 'D:\'
D:\prog\Gravure\Alcohol 120% - 1.4.7.1005 - RETAIL.rar
[0] Archive type: RAR
--> Alcohol 120% - 1.4.7.1005 - RETAIL\Patch\Patch1005.exe
[DETECTION] Contains detection pattern of the application APPL/Tpatch.P
[NOTE] The file was moved to '48d92466.qua'!
D:\prog\Gravure\Alcohol 120% - 1.4.7.1005 - RETAIL\Alcohol 120% - 1.4.7.1005 - RETAIL\Patch\Patch1005.exe
[DETECTION] Contains detection pattern of the application APPL/Tpatch.P
[NOTE] The file was moved to '48ea2469.qua'!
D:\prog\crack access\Microsoft_Access_Password_Detection_v2.1.1.0.zip
[0] Archive type: ZIP
--> crack.exe
[DETECTION] Is the Trojan horse TR/Dldr.IstBar.ER.2
[NOTE] The file was moved to '48d92478.qua'!
D:\prog\crack access\Microsoft_Access_Password_Detection_v3.1.zip
[0] Archive type: ZIP
--> crack.exe
[DETECTION] Is the Trojan horse TR/Dldr.IstBar.ER.2
[NOTE] The file was moved to '49a74849.qua'!
D:\prog\crack access\Access_2000_Serial.zip
[0] Archive type: ZIP
--> crack.exe
[DETECTION] Is the Trojan horse TR/Dldr.IstBar.ER.2
[NOTE] The file was moved to '48d92472.qua'!
D:\prog\crack access\Access_Administrator.zip
[0] Archive type: ZIP
--> crack.exe
[DETECTION] Is the Trojan horse TR/Dldr.IstBar.ER.2
[NOTE] The file was moved to '48d92473.qua'!
D:\prog\crack access\Microsoft_Access_Password_Detection_v1.2.zip
[0] Archive type: ZIP
--> crack.exe
[DETECTION] Is the Trojan horse TR/Dldr.IstBar.ER.2
[NOTE] The file was moved to '48d92479.qua'!
D:\truc de mx\calcul\ScreenLock.exe
[DETECTION] Contains detection pattern of the CIH #2c virus
[NOTE] The file was moved to '48e82507.qua'!


End of the scan: 2008-07-10 17:05
Used time: 43:51 min

The scan has been done completely.

5273 Scanning directories
495294 Files were scanned
36 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
35 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
495258 Files not concerned
4755 Archives were scanned
4 Warnings
35 Notes

pour l'heure je ne constate plus de problème, mais un virus peuten cacher un autre alors méfiance.
je souhaite installer un Spyware, pour toi quel est le plus performant et gratuit.
pour l'heure j'ai mis Dcoteur Spyware mais il est payant.
voici le compte rendu de HijackThis.
Bon courage

Tu souhaites installer un Spyware ?

Relance Hijackthis (clique droit -> lancer en tant qu'adminstrateur sous Vista), do a system scan only, coche ces lignes (si toujours présentes) :

Ferme toutes les applications en cours (particulièrement ton navigateur Internet).
Puis Fix Checked !

***********

Télécharge ToolsCleaner2 (de A.Rothstein)

• Installe le sur ton Bureau.
• Clique sur Recherche pour lancer le scan.
• Clique sur Supprimer pour nettoyer les outils utilisés.
• Clique sur Quitter.
• Poste ce rapport ~>C:\TCleaner.txt<~

• Garde Ccleaner, MBAM et AntiVir si nous les avons installés..
• Désactive-réactive la restauration système.
• Rapporte ton infection sur Malware Complaints >Tuto<
• Ton(tes) infection(s) : Bagle, Smitfraud.
• Si tu ne la trouves pas dans la liste, poste dans Autres infections,

• Mets ton ordi correctement à jour >ici<
• Si ce n'est pas fait, assure-toi que les Mises à jour Automatiques Windows soient activées !

Puis regarde ces dossiers :

- Sécurité/Prévention
- Conséquences de la multi-protection
- Toolbars : Inutilité et ralentissements

Bonne journée/soirée

Ouaip

C'est clean; @++