enlever antispywareexpert

Un bonjour ?

Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2

voila j'espere que ca va aider-merci


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:16:59, on 30/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Lexmark 6300 Series\lxcdmon.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\lxcdcoms.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Bat Wave Base Dale] C:\Documents and Settings\All Users\Application Data\Link Axis Bat Wave\SCR SLOW.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LXCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcdmon.exe] "C:\Program Files\Lexmark 6300 Series\lxcdmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [28a2f2bf] rundll32.exe "C:\WINDOWS\system32\sntettmv.dll",b
O4 - HKLM\..\Run: [AntiSpywareExpert] C:\Program Files\AntiSpywareExpert\ase.exe
O4 - HKLM\..\Run: [BM2b91c123] Rundll32.exe "C:\WINDOWS\system32\xxwnftyi.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BM2b91c123] Rundll32.exe "C:\WINDOWS\system32\xxwnftyi.dll",s
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Eric Chevalier\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUpload...
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcd_device - Unknown owner - C:\WINDOWS\system32\lxcdcoms.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 10344 bytes

Oups desole
Bonjour et merci, c'est la 1ere fois que suis sur 1 forum et n'y connait pas grand chose en PC...
que dois je faire maintenant ?
merci de m'aider

Commence par être patient  

[#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.

Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.

Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer

ouf ....
voici le rapport
Merci

ComboFix 08-10-30.09 - Eric Chevalier 2008-10-30 19:59:55.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.145 [GMT 1:00]
Running from: C:\Documents and Settings\Eric Chevalier\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Eric Chevalier\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Programs\AntiSpywareExpert
C:\Documents and Settings\All Users\Start Menu\Programs\AntiSpywareExpert\AntiSpywareExpert.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\AntiSpywareExpert\Uninstall AntiSpywareExpert.lnk
C:\Documents and Settings\Eric Chevalier\Desktop\AntiSpywareExpert.lnk
C:\Program Files\AntiSpywareExpert
C:\Program Files\AntiSpywareExpert\ase.exe
C:\Program Files\AntiSpywareExpert\ASEFreeUpdate_fr.exe
C:\Program Files\AntiSpywareExpert\BL.dat
C:\Program Files\AntiSpywareExpert\WL.dat
C:\WINDOWS\BM2b91c123.txt
C:\WINDOWS\BM2b91c123.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\abhfxdge.dll
C:\WINDOWS\system32\aepeutqd.dll
C:\WINDOWS\system32\afwcyqtd.dll
C:\WINDOWS\system32\akmedpff.dll
C:\WINDOWS\system32\alcmyz.dll
C:\WINDOWS\system32\apdluudi.dll
C:\WINDOWS\system32\apvhmd.dll
C:\WINDOWS\system32\atnsewqo.ini
C:\WINDOWS\system32\aylmosxp.ini
C:\WINDOWS\system32\ayplpxmx.dll
C:\WINDOWS\system32\aypqhgwr.ini
C:\WINDOWS\system32\btftuhbu.dll
C:\WINDOWS\system32\byewuame.dll
C:\WINDOWS\system32\cvrintre.dll
C:\WINDOWS\system32\cvyiydat.ini
C:\WINDOWS\system32\daoclf.dll
C:\WINDOWS\system32\dgxxsmgg.dll
C:\WINDOWS\system32\dhqkqshm.ini
C:\WINDOWS\system32\DJRuFfhk.ini
C:\WINDOWS\system32\dshgrz.dll
C:\WINDOWS\system32\durmsj.dll
C:\WINDOWS\system32\eagmaefe.dll
C:\WINDOWS\system32\ejvowd.dll
C:\WINDOWS\system32\emauweyb.ini
C:\WINDOWS\system32\engnwxia.ini
C:\WINDOWS\system32\ersiyh.dll
C:\WINDOWS\system32\euwhuuvf.dll
C:\WINDOWS\system32\eyvpkecv.ini
C:\WINDOWS\system32\fjnfix.dll
C:\WINDOWS\system32\fvbonxrn.dll
C:\WINDOWS\system32\fwbseogp.dll
C:\WINDOWS\system32\fwumjo.dll
C:\WINDOWS\system32\gdsmbi.dll
C:\WINDOWS\system32\goglpp.dll
C:\WINDOWS\system32\gohoflpo.ini
C:\WINDOWS\system32\gtieos.dll
C:\WINDOWS\system32\gwdkdoqv.ini
C:\WINDOWS\system32\gydqpmpv.dll
C:\WINDOWS\system32\hbhfcg.dll
C:\WINDOWS\system32\hdfjna.dll
C:\WINDOWS\system32\hgpqivou.ini
C:\WINDOWS\system32\hvtpuouh.ini
C:\WINDOWS\system32\hxrkeiey.ini
C:\WINDOWS\system32\iupnhhrd.dll
C:\WINDOWS\system32\jdmootkv.dll
C:\WINDOWS\system32\jiwxlbah.dll
C:\WINDOWS\system32\jkqeth.dll
C:\WINDOWS\system32\jmocrkth.ini
C:\WINDOWS\system32\joteklyw.dll
C:\WINDOWS\system32\jovjijjv.ini
C:\WINDOWS\system32\jttidxaj.dll
C:\WINDOWS\system32\kbmnef.dll
C:\WINDOWS\system32\kbppjswt.ini
C:\WINDOWS\system32\kncfpa.dll
C:\WINDOWS\system32\koeggwas.dll
C:\WINDOWS\system32\krmriqeh.dll
C:\WINDOWS\system32\kvlymz.dll
C:\WINDOWS\system32\kxesijqd.dll
C:\WINDOWS\system32\kxgwvgbc.dll
C:\WINDOWS\system32\lkSAaccf.ini
C:\WINDOWS\system32\ltgaxg.dll
C:\WINDOWS\system32\mapycssd.dll
C:\WINDOWS\system32\mbkranmn.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mfnehrgq.ini
C:\WINDOWS\system32\mhkunkmr.ini
C:\WINDOWS\system32\mnryuofv.ini
C:\WINDOWS\system32\mpcysawp.ini
C:\WINDOWS\system32\mqgfqj.dll
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\njfnyqbs.dll
C:\WINDOWS\system32\nmoxefao.ini
C:\WINDOWS\system32\nqxkvp.dll
C:\WINDOWS\system32\nslmxtea.ini
C:\WINDOWS\system32\ntahmbbr.dll
C:\WINDOWS\system32\obcsnwiv.ini
C:\WINDOWS\system32\obqrohur.dll
C:\WINDOWS\system32\okacjykq.dll
C:\WINDOWS\system32\ophvbrxr.dll
C:\WINDOWS\system32\oycigwpr.dll
C:\WINDOWS\system32\pckxpj.dll
C:\WINDOWS\system32\pdaaxagn.ini
C:\WINDOWS\system32\pgoesbwf.ini
C:\WINDOWS\system32\pltvhpfn.dll
C:\WINDOWS\system32\psjaas.dll
C:\WINDOWS\system32\qcjltvvq.ini
C:\WINDOWS\system32\qkkvrr.dll
C:\WINDOWS\system32\qleeipkn.ini
C:\WINDOWS\system32\qnmmgh.dll
C:\WINDOWS\system32\qqxxzc.dll
C:\WINDOWS\system32\qtoxfncd.dll
C:\WINDOWS\system32\rpwgicyo.ini
C:\WINDOWS\system32\rqufuyjq.dll
C:\WINDOWS\system32\RsCfOqru.ini
C:\WINDOWS\system32\RsCfOqru.ini2
C:\WINDOWS\system32\rtoklxbx.ini
C:\WINDOWS\system32\rvmlmjbf.ini
C:\WINDOWS\system32\sescxiev.exe
C:\WINDOWS\system32\sfehlats.dll
C:\WINDOWS\system32\skkkqjtr.dll
C:\WINDOWS\system32\sntettmv.dll
C:\WINDOWS\system32\spghdmqi.ini
C:\WINDOWS\system32\sxbxfj.dll
C:\WINDOWS\system32\sydfve.dll
C:\WINDOWS\system32\taxssjsl.dll
C:\WINDOWS\system32\tepscdlc.dll
C:\WINDOWS\system32\tgsmqxbn.dll
C:\WINDOWS\system32\tjgptpbq.ini
C:\WINDOWS\system32\tlncyvxh.dll
C:\WINDOWS\system32\tmewanpe.dll
C:\WINDOWS\system32\tuvUMeBu.dll
C:\WINDOWS\system32\twsjppbk.dll
C:\WINDOWS\system32\txucyajc.ini
C:\WINDOWS\system32\uBeMUvut.ini
C:\WINDOWS\system32\uBeMUvut.ini2
C:\WINDOWS\system32\ucxnfl.dll
C:\WINDOWS\system32\ujckbwgw.dll
C:\WINDOWS\system32\ulitnfao.dll
C:\WINDOWS\system32\uoviqpgh.dll
C:\WINDOWS\system32\UwHikUtv.ini
C:\WINDOWS\system32\uwpddmya.ini
C:\WINDOWS\system32\uxnugr.dll
C:\WINDOWS\system32\uxogfgan.dll
C:\WINDOWS\system32\vbaryosh.ini
C:\WINDOWS\system32\vcekpvye.dll
C:\WINDOWS\system32\vmttetns.ini
C:\WINDOWS\system32\vpjvyijp.dll
C:\WINDOWS\system32\vpmpqdyg.ini
C:\WINDOWS\system32\WDdJRqss.ini
C:\WINDOWS\system32\weheqhle.ini
C:\WINDOWS\system32\wfnthxds.dll
C:\WINDOWS\system32\wgurwj.dll
C:\WINDOWS\system32\wgwbkcju.ini
C:\WINDOWS\system32\wmafuyai.dll
C:\WINDOWS\system32\wmlhgruc.ini
C:\WINDOWS\system32\wvUoMeFX.dll
C:\WINDOWS\system32\wynpkc.dll
C:\WINDOWS\system32\xbwoxvgr.dll
C:\WINDOWS\system32\xbxlkotr.dll
C:\WINDOWS\system32\xcgnsp.dll
C:\WINDOWS\system32\xeibjduu.ini
C:\WINDOWS\system32\xjnjnqlm.ini
C:\WINDOWS\system32\xmwxisau.dll
C:\WINDOWS\system32\xwrwmpjx.dll
C:\WINDOWS\system32\xxwnftyi.dll
C:\WINDOWS\system32\yeiekrxh.dll
C:\WINDOWS\system32\ykmvco.dll
C:\WINDOWS\system32\yuhqhosx.ini
C:\WINDOWS\system32\yxegsoil.dll
C:\WINDOWS\system32\yxjsnive.dll
C:\WINDOWS\system32\zedkcq.dll

.
((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-30 )))))))))))))))))))))))))))))))
.

2008-10-30 13:15 . 2008-10-30 13:15 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-30 09:55 . 2008-10-30 09:55 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-10-29 09:27 . 2008-10-29 09:27 <DIR> d-------- C:\Program Files\Symantec
2008-10-29 09:27 . 2008-10-29 09:27 124,464 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-10-29 09:27 . 2008-10-29 09:27 60,808 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-10-29 09:27 . 2008-10-29 09:25 35,888 -ra------ C:\WINDOWS\system32\drivers\SymIM.sys
2008-10-29 09:24 . 2008-10-29 09:24 <DIR> d-------- C:\WINDOWS\system32\drivers\NIS
2008-10-29 09:24 . 2008-10-29 09:24 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-10-29 09:24 . 2008-10-29 09:24 <DIR> d-------- C:\Program Files\Norton Internet Security
2008-10-29 08:59 . 2008-10-29 08:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PCSettings
2008-10-29 08:59 . 2008-10-29 09:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Norton
2008-10-29 08:58 . 2008-10-29 08:58 <DIR> d-------- C:\Program Files\NortonInstaller
2008-10-29 08:58 . 2008-10-29 08:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-10-29 08:52 . 2008-10-29 08:52 <DIR> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2008-10-21 18:19 . 2008-10-21 18:19 268 --ah----- C:\sqmdata12.sqm
2008-10-21 18:19 . 2008-10-21 18:19 244 --ah----- C:\sqmnoopt11.sqm
2008-10-21 16:30 . 2008-10-21 16:30 268 --ah----- C:\sqmdata11.sqm
2008-10-21 16:30 . 2008-10-21 16:30 244 --ah----- C:\sqmnoopt10.sqm
2008-10-21 06:02 . 2008-10-21 06:02 268 --ah----- C:\sqmdata10.sqm
2008-10-21 06:02 . 2008-10-21 06:02 244 --ah----- C:\sqmnoopt09.sqm
2008-10-04 10:35 . 2008-10-04 10:37 <DIR> d-------- C:\Need4Video files
2008-10-04 10:22 . 2008-10-04 10:27 <DIR> d-------- C:\Documents and Settings\Eric Chevalier\Application Data\vlc
2008-10-04 10:20 . 2008-10-04 10:20 <DIR> d-------- C:\Program Files\VideoLAN
2008-09-20 06:06 . 2008-09-20 06:06 221,184 --a------ C:\WINDOWS\system32\lsfmbphk.dll
2008-09-20 06:06 . 2008-09-20 06:06 108,544 --a------ C:\WINDOWS\system32\yayyAQhg.dll
2008-09-20 06:04 . 2008-09-20 06:04 115,200 --a------ C:\WINDOWS\system32\qybjocww.dll
2008-09-20 06:04 . 2008-09-20 06:04 115,200 --a------ C:\WINDOWS\system32\bgtsho.dll
2008-09-20 06:04 . 2008-09-20 06:04 95,744 --a------ C:\WINDOWS\system32\jyrwifew.dll
2008-09-19 06:09 . 2008-09-19 06:09 115,200 --a------ C:\WINDOWS\system32\ttkamd.dll
2008-09-19 06:09 . 2008-09-19 06:09 115,200 --a------ C:\WINDOWS\system32\ksptlwtp.dll
2008-09-19 06:06 . 2008-09-19 06:06 221,184 --a------ C:\WINDOWS\system32\pnsrbkts.dll
2008-09-19 06:06 . 2008-09-19 06:06 108,544 --a------ C:\WINDOWS\system32\iifcYSJd.dll
2008-09-19 06:03 . 2008-09-19 06:03 95,744 --a------ C:\WINDOWS\system32\moxpuwwr.dll
2008-09-19 06:03 . 2008-09-19 06:03 95,744 --a------ C:\WINDOWS\system32\csvrfnph.dll
2008-09-18 06:09 . 2008-09-18 06:09 221,184 --a------ C:\WINDOWS\system32\dipmoljs.dll
2008-09-18 06:09 . 2008-09-18 06:09 108,544 --a------ C:\WINDOWS\system32\awttsPFv.dll
2008-09-18 06:06 . 2008-09-18 06:06 115,200 --a------ C:\WINDOWS\system32\kglnwd.dll
2008-09-18 06:06 . 2008-09-18 06:06 115,200 --a------ C:\WINDOWS\system32\dfwodcui.dll
2008-09-18 06:03 . 2008-09-18 06:03 95,744 --a------ C:\WINDOWS\system32\swfgjgsn.dll
2008-09-17 10:26 . 2008-09-17 10:26 115,200 --a------ C:\WINDOWS\system32\kyxnqk.dll
2008-09-17 10:26 . 2008-09-17 10:26 115,200 --a------ C:\WINDOWS\system32\kmgcrogq.dll
2008-09-16 06:01 . 2008-09-16 06:01 95,232 --a------ C:\WINDOWS\system32\qfhbmnol.dll
2008-09-16 06:01 . 2008-09-16 06:01 85,504 --a------ C:\WINDOWS\system32\mhsqkqhd.dll
2008-09-15 06:03 . 2008-09-15 06:03 115,200 --a------ C:\WINDOWS\system32\xjasmqdv.dll
2008-09-15 06:03 . 2008-09-15 06:03 115,200 --a------ C:\WINDOWS\system32\rfqrul.dll
2008-09-15 06:01 . 2008-09-15 06:01 95,744 --a------ C:\WINDOWS\system32\cirnncvu.dll
2008-09-10 19:12 . 2008-09-10 19:12 115,712 --a------ C:\WINDOWS\system32\qjwdfgeb.dll
2008-09-10 11:36 . 2008-09-10 11:36 115,712 --a------ C:\WINDOWS\system32\ufueicrp.dll
2008-09-10 11:36 . 2008-09-10 11:36 67,984 --a------ C:\WINDOWS\system32\ewvxiige.dll
2008-09-10 00:51 . 2008-09-10 00:51 69,436 --a------ C:\WINDOWS\system32\mhybxbvu.dll
2008-09-09 21:43 . 2008-09-09 21:43 66,532 --a------ C:\WINDOWS\system32\qfhepmcf.dll
2008-09-09 21:42 . 2008-09-09 21:42 284,672 --a------ C:\WINDOWS\system32\urqOfCsR.dll
2008-09-09 19:45 . 2008-09-09 19:45 <DIR> d-------- C:\WINDOWS\system32\wTR02
2008-09-09 19:45 . 2008-09-09 19:45 <DIR> d-------- C:\Temp\dax41
2008-09-09 19:45 . 2008-09-09 19:45 34,816 --a------ C:\WINDOWS\system32\ssqNDsQj.dll
2008-09-09 19:45 . 2008-09-09 19:45 34,816 --a------ C:\WINDOWS\system32\ljJDWPfd.dll
2008-09-06 13:15 . 2008-09-06 13:15 <DIR> d-------- C:\Documents and Settings\Eric Chevalier\Application Data\ViquaSoft
2008-09-06 12:29 . 2008-09-06 12:29 268 --ah----- C:\sqmdata09.sqm
2008-09-06 12:29 . 2008-09-06 12:29 244 --ah----- C:\sqmnoopt08.sqm
2008-09-06 12:17 . 2008-09-06 12:28 <DIR> d-------- C:\Documents and Settings\Eric Chevalier\Application Data\FUJIFILM
2008-09-06 12:15 . 2008-10-26 20:30 <DIR> d-------- C:\Program Files\FinePixViewer
2008-09-06 12:15 . 2003-09-03 15:45 274,432 --a------ C:\WINDOWS\system32\FFTIFF16.dll
2008-09-06 12:15 . 2006-07-12 13:39 208,896 --a------ C:\WINDOWS\system32\FFRafShellEx.dll
2008-09-06 12:15 . 2004-07-24 20:28 155,648 --a------ C:\WINDOWS\system32\FFRAFLIB.DLL
2008-09-06 12:14 . 2008-09-06 12:14 <DIR> d-------- C:\Program Files\REGSHAVE
2008-09-06 12:14 . 2001-11-25 12:11 81,924 --a------ C:\WINDOWS\system32\drivers\VC4CB104.SYS
2008-09-06 12:14 . 2002-02-27 12:27 65,536 --a------ C:\WINDOWS\system32\FINFCHECK.dll
2008-09-06 12:14 . 2002-06-25 09:06 45,056 --a------ C:\WINDOWS\system32\FINFCOPY.dll
2008-09-06 12:13 . 2002-02-05 17:33 69,632 --a------ C:\WINDOWS\system32\FREGSHEX.DLL
2008-09-06 12:13 . 2002-02-13 11:00 45,056 --a------ C:\WINDOWS\system32\FCLKBTN.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-30 19:16 --------- d-----w C:\Documents and Settings\Eric Chevalier\Application Data\skypePM
2008-10-30 19:16 --------- d-----w C:\Documents and Settings\Eric Chevalier\Application Data\Skype
2008-10-30 19:15 --------- d-----w C:\Documents and Settings\Eric Chevalier\Application Data\LimeWire
2008-10-30 19:14 --------- d-----w C:\Program Files\Lx_cats
2008-10-29 08:33 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-29 08:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-29 08:27 806 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-10-29 08:27 10,635 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-10-29 07:38 --------- d-----w C:\Program Files\MSN Games
2008-10-28 06:22 --------- d-----w C:\Program Files\Zylom Games
2008-10-27 18:51 --------- d-----w C:\Program Files\LimeWire
2008-10-18 19:01 --------- d-----w C:\Documents and Settings\Eric Chevalier\Application Data\AdobeUM
2008-09-07 18:36 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-06 11:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-03 11:39 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2008-09-03 11:39 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
2008-08-31 21:48 --------- d-----w C:\Documents and Settings\Eric Chevalier\Application Data\Gamelab
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{47836122-9D2E-476C-9763-B1D366F704E1}]
2008-09-09 19:45 34816 --a------ C:\WINDOWS\system32\ljJDWPfd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7BA6D27A-E1CB-41F6-8BD0-15E38064704B}]
2008-09-09 21:42 284672 --a------ C:\WINDOWS\system32\urqOfCsR.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ABDB597C-0677-4C39-B9AF-CA3382030190}]
2008-10-30 20:19 281600 --a------ C:\WINDOWS\system32\cbXOFxvT.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-14 68856]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 401491]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 21718312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bat Wave Base Dale"="C:\Documents and Settings\All Users\Application Data\Link Axis Bat Wave\SCR SLOW.exe" [2008-07-18 4784640]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"LXCDCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCDtime.dll" [2005-07-11 69632]
"lxcdmon.exe"="C:\Program Files\Lexmark 6300 Series\lxcdmon.exe" [2005-06-24 200704]
"EzPrint"="C:\Program Files\Lexmark 6300 Series\ezprint.exe" [2005-07-05 94208]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 299008]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-05-28 528384]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"28a2f2bf"="C:\WINDOWS\system32\qpdrxbes.dll" [2008-10-30 71680]
"SiSPower"="SiSPower.dll" [2005-02-16 C:\WINDOWS\system32\SiSPower.dll]
"SoundMan"="SOUNDMAN.EXE" [2005-01-20 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\Belkin\Bluetooth Software\BTTray.exe [2006-06-07 553021]
ExifLauncher2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe [2008-09-06 303104]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2008-04-13 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{47836122-9D2E-476C-9763-B1D366F704E1}"= "C:\WINDOWS\system32\ljJDWPfd.dll" [2008-09-09 34816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljJDWPfd]
2008-09-09 19:45 34816 C:\WINDOWS\system32\ljJDWPfd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=kvlymz.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\cbXOFxvT

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 SymEFA;Symantec Extended File Attributes;C:\WINDOWS\system32\drivers\NIS\1000000.07D\SYMEFA.SYS [2008-10-29 309296]
R1 BHDrvx86;Symantec Heuristics Driver;C:\WINDOWS\system32\drivers\NIS\1000000.07D\BHDrvx86.sys [2008-10-29 254512]
R1 ccHP;Symantec Hash Provider;C:\WINDOWS\system32\drivers\NIS\1000000.07D\ccHPx86.sys [2008-10-29 362544]
R1 IDSxpx86;IDSxpx86;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20081029.001\IDSxpx86.sys [2008-10-29 274808]
R2 Norton Internet Security;Norton Internet Security;C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe /s Norton Internet Security /m C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\diMaster.dll [ ]
.
Contents of the 'Scheduled Tasks' folder

2008-10-28 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

2008-10-24 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Eric Chevalier.job
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe []

2008-10-30 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
- - - - ORPHANS REMOVED - - - -

BHO-{142f5552-4cf4-4113-9298-0e87ca7fd52d} - C:\WINDOWS\system32\ejvowd.dll
BHO-{8717A3F7-549A-4BED-A201-E8D01D3EF4EB} - C:\WINDOWS\system32\tuvUMeBu.dll
HKCU-Run-BM2b91c123 - C:\WINDOWS\system32\xxwnftyi.dll
HKLM-Run-AntiSpywareExpert - C:\Program Files\AntiSpywareExpert\ase.exe
HKLM-Run-BM2b91c123 - C:\WINDOWS\system32\xxwnftyi.dll


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page =
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: Send to &Bluetooth Device... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 -: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Eric Chevalier\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 -: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Eric Chevalier\Start Menu\Programs\IMVU\Run IMVU.lnk -
O18 -: WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - C:\Program Files\Microsoft ActiveSync\CENETFLT.DLL
O18 -: WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - C:\Program Files\Microsoft ActiveSync\CENETFLT.DLL
O18 -: WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - C:\Program Files\Microsoft ActiveSync\CENETFLT.DLL
O18 -: WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - C:\Program Files\Microsoft ActiveSync\CENETFLT.DLL
O18 -: WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - C:\Program Files\Microsoft ActiveSync\CENETFLT.DLL
O18 -: WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - C:\Program Files\Microsoft ActiveSync\CENETFLT.DLL
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-30 20:14:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Norton Internet Security]
"ImagePath"="\"C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\qpdrxbes.dll
-> C:\WINDOWS\system32\cbXOFxvT.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\lxcdcoms.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\update\update.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-10-30 20:24:19 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-30 19:23:55

Pre-Run: 35 105 710 080 bytes free
Post-Run: 35,649,474,560 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

435 --- E O F --- 2008-08-27 09:08:49

Re,

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".

Afin de lancer la recherche, clic sur"Rechercher".

Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

AIDE : Tuto en images sur MBAM

Bonjour,
me revoila
Voici le rapport
Merci pour votre aide....

Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1306
Windows 5.1.2600 Service Pack 2

31/10/2008 09:41:10
mbam-log-2008-10-31 (09-41-10).txt

Type de recherche: Examen complet (C:\|E:\|)
Eléments examinés: 240292
Temps écoulé: 7 hour(s), 44 minute(s), 19 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 12
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 148

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\cbXOFxvT.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ljJDWPfd.dll (Trojan.Vundo) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{47836122-9d2e-476c-9763-b1d366f704e1} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ljjdwpfd (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{47836122-9d2e-476c-9763-b1d366f704e1} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9b5fe86c-d207-4ca9-8dbc-85ca51a144a0} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{9b5fe86c-d207-4ca9-8dbc-85ca51a144a0} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{7ba6d27a-e1cb-41f6-8bd0-15e38064704b} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7ba6d27a-e1cb-41f6-8bd0-15e38064704b} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\28a2f2bf (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{47836122-9d2e-476c-9763-b1d366f704e1} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bat wave base dale (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\cbxofxvt -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\cbxofxvt -> Delete on reboot.

Dossier(s) infecté(s):
C:\Documents and Settings\All Users\Application Data\Link Axis Bat Wave (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wTR02 (Trojan.Agent) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\ljJDWPfd.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\cbXOFxvT.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\TvxFOXbc.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TvxFOXbc.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qpdrxbes.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sebxrdpq.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\aepeutqd.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\apdluudi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ayplpxmx.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\byewuame.dll.vir (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\cvrintre.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\daoclf.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ersiyh.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\euwhuuvf.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\fjnfix.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\gdsmbi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\goglpp.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\gtieos.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\hbhfcg.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\iupnhhrd.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\jdmootkv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\kncfpa.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\kxgwvgbc.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\mapycssd.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\obqrohur.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\pckxpj.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\qkkvrr.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\qnmmgh.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\qqxxzc.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\qtoxfncd.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\sescxiev.exe.vir (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\sfehlats.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\skkkqjtr.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\sydfve.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\tgsmqxbn.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\tlncyvxh.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ujckbwgw.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ulitnfao.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\wgurwj.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\wynpkc.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\xcgnsp.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\xmwxisau.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP194\A0072296.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP197\A0075307.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP197\A0075308.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP201\A0078365.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP202\A0080365.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP202\A0081374.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP203\A0081380.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP207\A0086401.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP208\A0087401.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP208\A0088410.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP208\A0088411.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP208\A0088413.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP208\A0088414.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP208\A0088418.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP209\A0088441.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP210\A0088464.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP210\A0088465.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP210\A0088466.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP210\A0088467.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP210\A0089414.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP210\A0089415.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP212\A0093413.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP213\A0097413.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP214\A0097474.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP214\A0098468.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP215\A0099468.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP215\A0099469.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP215\A0099470.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP218\A0102484.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP218\A0102485.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP218\A0102486.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP218\A0102487.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP218\A0102488.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP218\A0102489.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP218\A0102490.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP223\A0110468.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP225\A0113468.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP228\A0118483.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP228\A0118484.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP229\A0123512.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP230\A0123530.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP230\A0124493.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP230\A0124504.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP231\A0126492.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP232\A0127492.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP232\A0128499.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP232\A0128502.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP232\A0128503.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP232\A0128505.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP232\A0128506.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP232\A0128507.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP235\A0134541.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP235\A0134542.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166202.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166206.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166210.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166213.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166215.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166224.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166225.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166227.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166231.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166232.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166234.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166237.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166242.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166243.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166252.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166257.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166260.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166273.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166277.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166283.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166285.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166286.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166287.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166293.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166294.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166295.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166299.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166302.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166304.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166310.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166311.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166325.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166330.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166333.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166336.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bgtsho.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dfwodcui.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kglnwd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kmgcrogq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ksptlwtp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kyxnqk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mhsqkqhd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qfhbmnol.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qjwdfgeb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qybjocww.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rfqrul.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqNDsQj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ttkamd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ufueicrp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\urqOfCsR.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xjasmqdv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Link Axis Bat Wave\SCR SLOW.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Eric Chevalier\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiSpywareExpert.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully.

Refais un scan Combofix  

Hello
Voici le raport
Merci

ComboFix 08-10-30.12 - Eric Chevalier 2008-10-31 14:00:50.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.53 [GMT 1:00]
Running from: C:\Documents and Settings\Eric Chevalier\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\gyubbmng.dll
C:\WINDOWS\system32\nfmdff.dll

.
((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-31 )))))))))))))))))))))))))))))))
.

2008-10-31 10:19 . 2008-10-31 10:19 <DIR> d-------- C:\WINDOWS\LastGood
2008-10-30 21:03 . 2008-10-30 21:03 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-30 21:03 . 2008-10-30 21:03 <DIR> d-------- C:\Documents and Settings\Eric Chevalier\Application Data\Malwarebytes
2008-10-30 21:03 . 2008-10-30 21:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-30 21:03 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-30 21:03 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-30 13:15 . 2008-10-30 13:15 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-30 09:55 . 2008-10-30 09:55 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-10-29 09:27 . 2008-10-29 09:27 <DIR> d-------- C:\Program Files\Symantec
2008-10-29 09:27 . 2008-10-29 09:27 124,464 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-10-29 09:27 . 2008-10-29 09:27 60,808 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-10-29 09:27 . 2008-10-29 09:25 35,888 -ra------ C:\WINDOWS\system32\drivers\SymIM.sys
2008-10-29 09:24 . 2008-10-29 09:24 <DIR> d-------- C:\WINDOWS\system32\drivers\NIS
2008-10-29 09:24 . 2008-10-29 09:24 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-10-29 09:24 . 2008-10-29 09:24 <DIR> d-------- C:\Program Files\Norton Internet Security
2008-10-29 08:59 . 2008-10-29 08:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PCSettings
2008-10-29 08:59 . 2008-10-29 09:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Norton
2008-10-29 08:58 . 2008-10-29 08:58 <DIR> d-------- C:\Program Files\NortonInstaller
2008-10-29 08:58 . 2008-10-29 08:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-10-29 08:52 . 2008-10-29 08:52 <DIR> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2008-10-21 18:19 . 2008-10-21 18:19 268 --ah----- C:\sqmdata12.sqm
2008-10-21 18:19 . 2008-10-21 18:19 244 --ah----- C:\sqmnoopt11.sqm
2008-10-21 16:30 . 2008-10-21 16:30 268 --ah----- C:\sqmdata11.sqm
2008-10-21 16:30 . 2008-10-21 16:30 244 --ah----- C:\sqmnoopt10.sqm
2008-10-21 06:02 . 2008-10-21 06:02 268 --ah----- C:\sqmdata10.sqm
2008-10-21 06:02 . 2008-10-21 06:02 244 --ah----- C:\sqmnoopt09.sqm
2008-10-04 10:35 . 2008-10-04 10:37 <DIR> d-------- C:\Need4Video files
2008-10-04 10:22 . 2008-10-04 10:27 <DIR> d-------- C:\Documents and Settings\Eric Chevalier\Application Data\vlc
2008-10-04 10:20 . 2008-10-04 10:20 <DIR> d-------- C:\Program Files\VideoLAN
2008-09-20 06:06 . 2008-09-20 06:06 221,184 --a------ C:\WINDOWS\system32\lsfmbphk.dll
2008-09-20 06:06 . 2008-09-20 06:06 108,544 --a------ C:\WINDOWS\system32\yayyAQhg.dll
2008-09-20 06:04 . 2008-09-20 06:04 95,744 --a------ C:\WINDOWS\system32\jyrwifew.dll
2008-09-19 06:06 . 2008-09-19 06:06 221,184 --a------ C:\WINDOWS\system32\pnsrbkts.dll
2008-09-19 06:06 . 2008-09-19 06:06 108,544 --a------ C:\WINDOWS\system32\iifcYSJd.dll
2008-09-19 06:03 . 2008-09-19 06:03 95,744 --a------ C:\WINDOWS\system32\moxpuwwr.dll
2008-09-19 06:03 . 2008-09-19 06:03 95,744 --a------ C:\WINDOWS\system32\csvrfnph.dll
2008-09-18 06:09 . 2008-09-18 06:09 221,184 --a------ C:\WINDOWS\system32\dipmoljs.dll
2008-09-18 06:09 . 2008-09-18 06:09 108,544 --a------ C:\WINDOWS\system32\awttsPFv.dll
2008-09-18 06:03 . 2008-09-18 06:03 95,744 --a------ C:\WINDOWS\system32\swfgjgsn.dll
2008-09-15 06:01 . 2008-09-15 06:01 95,744 --a------ C:\WINDOWS\system32\cirnncvu.dll
2008-09-10 11:36 . 2008-09-10 11:36 67,984 --a------ C:\WINDOWS\system32\ewvxiige.dll
2008-09-10 00:51 . 2008-09-10 00:51 69,436 --a------ C:\WINDOWS\system32\mhybxbvu.dll
2008-09-09 21:43 . 2008-09-09 21:43 66,532 --a------ C:\WINDOWS\system32\qfhepmcf.dll
2008-09-09 19:45 . 2008-09-09 19:45 <DIR> d-------- C:\Temp\dax41
2008-09-06 13:15 . 2008-09-06 13:15 <DIR> d-------- C:\Documents and Settings\Eric Chevalier\Application Data\ViquaSoft
2008-09-06 12:29 . 2008-09-06 12:29 268 --ah----- C:\sqmdata09.sqm
2008-09-06 12:29 . 2008-09-06 12:29 244 --ah----- C:\sqmnoopt08.sqm
2008-09-06 12:17 . 2008-09-06 12:28 <DIR> d-------- C:\Documents and Settings\Eric Chevalier\Application Data\FUJIFILM
2008-09-06 12:15 . 2008-10-26 20:30 <DIR> d-------- C:\Program Files\FinePixViewer
2008-09-06 12:15 . 2003-09-03 15:45 274,432 --a------ C:\WINDOWS\system32\FFTIFF16.dll
2008-09-06 12:15 . 2006-07-12 13:39 208,896 --a------ C:\WINDOWS\system32\FFRafShellEx.dll
2008-09-06 12:15 . 2004-07-24 20:28 155,648 --a------ C:\WINDOWS\system32\FFRAFLIB.DLL
2008-09-06 12:14 . 2008-09-06 12:14 <DIR> d-------- C:\Program Files\REGSHAVE
2008-09-06 12:14 . 2001-11-25 12:11 81,924 --a------ C:\WINDOWS\system32\drivers\VC4CB104.SYS
2008-09-06 12:14 . 2002-02-27 12:27 65,536 --a------ C:\WINDOWS\system32\FINFCHECK.dll
2008-09-06 12:14 . 2002-06-25 09:06 45,056 --a------ C:\WINDOWS\system32\FINFCOPY.dll
2008-09-06 12:13 . 2002-02-05 17:33 69,632 --a------ C:\WINDOWS\system32\FREGSHEX.DLL
2008-09-06 12:13 . 2002-02-13 11:00 45,056 --a------ C:\WINDOWS\system32\FCLKBTN.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-31 13:04 --------- d-----w C:\Documents and Settings\Eric Chevalier\Application Data\Skype
2008-10-31 08:47 --------- d-----w C:\Documents and Settings\Eric Chevalier\Application Data\LimeWire
2008-10-31 08:45 --------- d-----w C:\Program Files\Lx_cats
2008-10-31 08:45 --------- d-----w C:\Documents and Settings\Eric Chevalier\Application Data\skypePM
2008-10-29 08:33 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-29 08:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-29 08:27 806 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-10-29 08:27 10,635 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-10-29 07:38 --------- d-----w C:\Program Files\MSN Games
2008-10-28 06:22 --------- d-----w C:\Program Files\Zylom Games
2008-10-27 18:51 --------- d-----w C:\Program Files\LimeWire
2008-10-18 19:01 --------- d-----w C:\Documents and Settings\Eric Chevalier\Application Data\AdobeUM
2008-09-07 18:36 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-06 11:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-03 11:39 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2008-09-03 11:39 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
2008-08-31 21:48 --------- d-----w C:\Documents and Settings\Eric Chevalier\Application Data\Gamelab
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
.

((((((((((((((((((((((((((((( snapshot@2008-10-30_20.22.36.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-31 08:46:08 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_428.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-14 68856]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 401491]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 21718312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"LXCDCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCDtime.dll" [2005-07-11 69632]
"lxcdmon.exe"="C:\Program Files\Lexmark 6300 Series\lxcdmon.exe" [2005-06-24 200704]
"EzPrint"="C:\Program Files\Lexmark 6300 Series\ezprint.exe" [2005-07-05 94208]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 299008]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-05-28 528384]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"SiSPower"="SiSPower.dll" [2005-02-16 C:\WINDOWS\system32\SiSPower.dll]
"SoundMan"="SOUNDMAN.EXE" [2005-01-20 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\Belkin\Bluetooth Software\BTTray.exe [2006-06-07 553021]
ExifLauncher2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe [2008-09-06 303104]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2008-04-13 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=kvlymz.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 SymEFA;Symantec Extended File Attributes;C:\WINDOWS\system32\drivers\NIS\1000000.07D\SYMEFA.SYS [2008-10-29 309296]
R1 BHDrvx86;Symantec Heuristics Driver;C:\WINDOWS\system32\drivers\NIS\1000000.07D\BHDrvx86.sys [2008-10-29 254512]
R1 ccHP;Symantec Hash Provider;C:\WINDOWS\system32\drivers\NIS\1000000.07D\ccHPx86.sys [2008-10-29 362544]
R1 IDSxpx86;IDSxpx86;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20081029.001\IDSxpx86.sys [2008-10-29 274808]
R2 Norton Internet Security;Norton Internet Security;C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe /s Norton Internet Security /m C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\diMaster.dll [ ]
.
Contents of the 'Scheduled Tasks' folder

2008-10-28 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

2008-10-24 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Eric Chevalier.job
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe []

2008-10-31 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
- - - - ORPHANS REMOVED - - - -

BHO-{10a76f59-30e4-4a4c-a434-a7c3161d730a} - C:\WINDOWS\system32\nfmdff.dll


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page =
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: Send to &Bluetooth Device... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 -: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Eric Chevalier\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 -: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Eric Chevalier\Start Menu\Programs\IMVU\Run IMVU.lnk -
O18 -: WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - C:\Program Files\Microsoft ActiveSync\CENETFLT.DLL
O18 -: WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - C:\Program Files\Microsoft ActiveSync\CENETFLT.DLL
O18 -: WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - C:\Program Files\Microsoft ActiveSync\CENETFLT.DLL
O18 -: WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - C:\Program Files\Microsoft ActiveSync\CENETFLT.DLL
O18 -: WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - C:\Program Files\Microsoft ActiveSync\CENETFLT.DLL
O18 -: WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - C:\Program Files\Microsoft ActiveSync\CENETFLT.DLL
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-31 14:04:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet004\Services\Norton Internet Security]
"ImagePath"="\"C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
Completion time: 2008-10-31 14:06:44
ComboFix-quarantined-files.txt 2008-10-31 13:06:40
ComboFix2.txt 2008-10-30 19:24:26

Pre-Run: 35 984 961 536 bytes free
Post-Run: 36,028,293,120 bytes free

213 --- E O F --- 2008-08-27 09:08:49

Re,

[#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :



Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précédemment copié.
Sauvegarde ce fichier sous le nom de "CFScript.txt" [#ff0000](les guillemets sont importantes)[/#f].

Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme dans l'image ci-dessous :


Cela va relancer ComboFix. Après redémarrage, poste le contenu du rapport (C:\combofix.txt*) accompagné d'un rapport HijackThis.
[#ff0000]NOTE : S'il n'y a pas de redémarrage, poste quand même les rapports demandés.[/#f]
* le nom de la partition peut changer

Hello
voici les 2 rapports
CONBOFIX:

ComboFix 08-10-30.13 - Eric Chevalier 2008-10-31 17:13:24.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.117 [GMT 1:00]
Running from: C:\Documents and Settings\Eric Chevalier\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Eric Chevalier\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\system32\awttsPFv.dll
C:\WINDOWS\system32\cirnncvu.dll
C:\WINDOWS\system32\csvrfnph.dll
C:\WINDOWS\system32\dipmoljs.dll
C:\WINDOWS\system32\ewvxiige.dll
C:\WINDOWS\system32\iifcYSJd.dll
C:\WINDOWS\system32\jyrwifew.dll
C:\WINDOWS\system32\lsfmbphk.dll
C:\WINDOWS\system32\mhybxbvu.dll
C:\WINDOWS\system32\moxpuwwr.dll
C:\WINDOWS\system32\pnsrbkts.dll
C:\WINDOWS\system32\qfhepmcf.dll
C:\WINDOWS\system32\swfgjgsn.dll
C:\WINDOWS\system32\yayyAQhg.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\awttsPFv.dll
C:\WINDOWS\system32\cirnncvu.dll
C:\WINDOWS\system32\csvrfnph.dll
C:\WINDOWS\system32\dipmoljs.dll
C:\WINDOWS\system32\ewvxiige.dll
C:\WINDOWS\system32\iifcYSJd.dll
C:\WINDOWS\system32\jyrwifew.dll
C:\WINDOWS\system32\lsfmbphk.dll
C:\WINDOWS\system32\mhybxbvu.dll
C:\WINDOWS\system32\moxpuwwr.dll
C:\WINDOWS\system32\pnsrbkts.dll
C:\WINDOWS\system32\qfhepmcf.dll
C:\WINDOWS\system32\swfgjgsn.dll
C:\WINDOWS\system32\yayyAQhg.dll

.
((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-31 )))))))))))))))))))))))))))))))
.

2008-10-30 21:03 . 2008-10-30 21:03 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-30 21:03 . 2008-10-30 21:03 <DIR> d-------- C:\Documents and Settings\Eric Chevalier\Application Data\Malwarebytes
2008-10-30 21:03 . 2008-10-30 21:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-30 21:03 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-30 21:03 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-30 13:15 . 2008-10-30 13:15 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-30 09:55 . 2008-10-30 09:55 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-10-29 09:27 . 2008-10-29 09:27 <DIR> d-------- C:\Program Files\Symantec
2008-10-29 09:27 . 2008-10-29 09:27 124,464 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-10-29 09:27 . 2008-10-29 09:27 60,808 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-10-29 09:27 . 2008-10-29 09:25 35,888 -ra------ C:\WINDOWS\system32\drivers\SymIM.sys
2008-10-29 09:24 . 2008-10-29 09:24 <DIR> d-------- C:\WINDOWS\system32\drivers\NIS
2008-10-29 09:24 . 2008-10-29 09:24 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-10-29 09:24 . 2008-10-29 09:24 <DIR> d-------- C:\Program Files\Norton Internet Security
2008-10-29 08:59 . 2008-10-29 08:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PCSettings
2008-10-29 08:59 . 2008-10-29 09:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Norton
2008-10-29 08:58 . 2008-10-29 08:58 <DIR> d-------- C:\Program Files\NortonInstaller
2008-10-29 08:58 . 2008-10-29 08:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-10-29 08:52 . 2008-10-29 08:52 <DIR> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2008-10-21 18:19 . 2008-10-21 18:19 268 --ah----- C:\sqmdata12.sqm
2008-10-21 18:19 . 2008-10-21 18:19 244 --ah----- C:\sqmnoopt11.sqm
2008-10-21 16:30 . 2008-10-21 16:30 268 --ah----- C:\sqmdata11.sqm
2008-10-21 16:30 . 2008-10-21 16:30 244 --ah----- C:\sqmnoopt10.sqm
2008-10-21 06:02 . 2008-10-21 06:02 268 --ah----- C:\sqmdata10.sqm
2008-10-21 06:02 . 2008-10-21 06:02 244 --ah----- C:\sqmnoopt09.sqm
2008-10-04 10:35 . 2008-10-04 10:37 <DIR> d-------- C:\Need4Video files
2008-10-04 10:22 . 2008-10-04 10:27 <DIR> d-------- C:\Documents and Settings\Eric Chevalier\Application Data\vlc
2008-10-04 10:20 . 2008-10-04 10:20 <DIR> d-------- C:\Program Files\VideoLAN
2008-09-09 19:45 . 2008-09-09 19:45 <DIR> d-------- C:\Temp\dax41
2008-09-06 13:15 . 2008-09-06 13:15 <DIR> d-------- C:\Documents and Settings\Eric Chevalier\Application Data\ViquaSoft
2008-09-06 12:29 . 2008-09-06 12:29 268 --ah----- C:\sqmdata09.sqm
2008-09-06 12:29 . 2008-09-06 12:29 244 --ah----- C:\sqmnoopt08.sqm
2008-09-06 12:17 . 2008-09-06 12:28 <DIR> d-------- C:\Documents and Settings\Eric Chevalier\Application Data\FUJIFILM
2008-09-06 12:15 . 2008-10-26 20:30 <DIR> d-------- C:\Program Files\FinePixViewer
2008-09-06 12:15 . 2003-09-03 15:45 274,432 --a------ C:\WINDOWS\system32\FFTIFF16.dll
2008-09-06 12:15 . 2006-07-12 13:39 208,896 --a------ C:\WINDOWS\system32\FFRafShellEx.dll
2008-09-06 12:15 . 2004-07-24 20:28 155,648 --a------ C:\WINDOWS\system32\FFRAFLIB.DLL
2008-09-06 12:14 . 2008-09-06 12:14 <DIR> d-------- C:\Program Files\REGSHAVE
2008-09-06 12:14 . 2001-11-25 12:11 81,924 --a------ C:\WINDOWS\system32\drivers\VC4CB104.SYS
2008-09-06 12:14 . 2002-02-27 12:27 65,536 --a------ C:\WINDOWS\system32\FINFCHECK.dll
2008-09-06 12:14 . 2002-06-25 09:06 45,056 --a------ C:\WINDOWS\system32\FINFCOPY.dll
2008-09-06 12:13 . 2002-02-05 17:33 69,632 --a------ C:\WINDOWS\system32\FREGSHEX.DLL
2008-09-06 12:13 . 2002-02-13 11:00 45,056 --a------ C:\WINDOWS\system32\FCLKBTN.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-31 16:12 --------- d-----w C:\Documents and Settings\Eric Chevalier\Application Data\Skype
2008-10-31 15:03 --------- d-----w C:\Documents and Settings\Eric Chevalier\Application Data\skypePM
2008-10-31 13:13 --------- d-----w C:\Documents and Settings\Eric Chevalier\Application Data\LimeWire
2008-10-31 13:11 --------- d-----w C:\Program Files\Lx_cats
2008-10-29 08:33 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-29 08:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-29 08:27 806 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-10-29 08:27 10,635 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-10-29 07:38 --------- d-----w C:\Program Files\MSN Games
2008-10-28 06:22 --------- d-----w C:\Program Files\Zylom Games
2008-10-27 18:51 --------- d-----w C:\Program Files\LimeWire
2008-10-18 19:01 --------- d-----w C:\Documents and Settings\Eric Chevalier\Application Data\AdobeUM
2008-09-07 18:36 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-06 11:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-03 11:39 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2008-09-03 11:39 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
2008-08-31 21:48 --------- d-----w C:\Documents and Settings\Eric Chevalier\Application Data\Gamelab
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
.

((((((((((((((((((((((((((((( snapshot@2008-10-30_20.22.36.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-31 13:12:05 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_340.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-14 68856]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 401491]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 21718312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"LXCDCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCDtime.dll" [2005-07-11 69632]
"lxcdmon.exe"="C:\Program Files\Lexmark 6300 Series\lxcdmon.exe" [2005-06-24 200704]
"EzPrint"="C:\Program Files\Lexmark 6300 Series\ezprint.exe" [2005-07-05 94208]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 299008]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-05-28 528384]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"SiSPower"="SiSPower.dll" [2005-02-16 C:\WINDOWS\system32\SiSPower.dll]
"SoundMan"="SOUNDMAN.EXE" [2005-01-20 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\Belkin\Bluetooth Software\BTTray.exe [2006-06-07 553021]
ExifLauncher2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe [2008-09-06 303104]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2008-04-13 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 SymEFA;Symantec Extended File Attributes;C:\WINDOWS\system32\drivers\NIS\1000000.07D\SYMEFA.SYS [2008-10-29 309296]
R1 BHDrvx86;Symantec Heuristics Driver;C:\WINDOWS\system32\drivers\NIS\1000000.07D\BHDrvx86.sys [2008-10-29 254512]
R1 ccHP;Symantec Hash Provider;C:\WINDOWS\system32\drivers\NIS\1000000.07D\ccHPx86.sys [2008-10-29 362544]
R1 IDSxpx86;IDSxpx86;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20081029.001\IDSxpx86.sys [2008-10-29 274808]
R2 Norton Internet Security;Norton Internet Security;C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe /s Norton Internet Security /m C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\diMaster.dll [ ]
.
Contents of the 'Scheduled Tasks' folder

2008-10-28 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

2008-10-24 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Eric Chevalier.job
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe []

2008-10-31 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-31 17:15:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet004\Services\Norton Internet Security]
"ImagePath"="\"C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
Completion time: 2008-10-31 17:18:06
ComboFix-quarantined-files.txt 2008-10-31 16:18:03
ComboFix2.txt 2008-10-31 13:06:46
ComboFix3.txt 2008-10-30 19:24:26

Pre-Run: 35 964 059 648 bytes free
Post-Run: 35,988,561,920 bytes free

203 --- E O F --- 2008-08-27 09:08:49



et le HIJACKTHIS ( Merci)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:21:05, on 31/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Lexmark 6300 Series\lxcdmon.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\lxcdcoms.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LXCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcdmon.exe] "C:\Program Files\Lexmark 6300 Series\lxcdmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Eric Chevalier\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUpload...
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcd_device - Unknown owner - C:\WINDOWS\system32\lxcdcoms.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 10743 bytes

Encore des soucis ?

Non ca a l'air de bien aller, plus d'icone de 3 antispywareexpert et le PC a l'ai + rapide
Est ce ok de votre coté ?
En tout cas mille merci pour votre bon boulot
Dois-je supprimer les differents software installés ?
merci

Apparemment ok  

Mille merci et tres bon boulot
Bonne continuation
Bravo
Bonsoir

Bon surf.