antinul.vbe

J'ai moi aussi chopper ce virus.
j'ai fix à l'aide de hijackthis les lignes suivantes :
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Travaillez plus.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Au travail !Arrêtez de surfer!
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wscript.exe C:\WINDOWS\system32\antinul.vbe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

quand je rescan avec hijack, elles ne réapparaissent plus, pourtant je n'ai toujours pas accès aux options des dossiers, ni à la base de registre.
Pouvez vous m'aider? svp

oui excuse moi Bonjour, enfin re.
désolé de répondre si tard mais je travaillais pendant toute l'après midi.
Voilà mon rapport hijachthis:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:50:41, on 31/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SearchInOneStep\searchin1.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Movie Maker\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Navis\Bureau\bzker.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.fr/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll
R3 - URLSearchHook: (no name) - {d9c9a8c9-460d-4343-888e-ae02bcc3ce57} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {185060A5-65B5-4E2B-A5D9-0C568652F6BC} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {22691D83-B4A5-454B-BD1B-08D712ED4425} - (no file)
O2 - BHO: (no name) - {47AE2127-E6AC-43CB-92DF-0F9593998AE2} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {6F790782-0FC8-4DDE-BB15-4EFF77DDFEC9} - (no file)
O2 - BHO: (no name) - {73D6C42A-4B8B-4A49-A79F-A7C498ED3372} - (no file)
O2 - BHO: (no name) - {75F8A2EC-E41B-428D-90DE-8B60CFADD7E4} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll
O2 - BHO: (no name) - {B5AD7EFF-8082-4EAE-908B-9A4680475788} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {d9c9a8c9-460d-4343-888e-ae02bcc3ce57} - (no file)
O3 - Toolbar: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {d9c9a8c9-460d-4343-888e-ae02bcc3ce57} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [internet_explorer] C:\Program Files\Movie Maker\explorer.exe
O4 - HKCU\..\Run: [msn] C:\Program Files\Movie Maker\explorer.exe
O4 - HKCU\..\Run: [anti-virus 2007] D:\explorer.exe
O4 - HKCU\..\Run: [Mp3 player] C:\Documents and Settings\All Users\Favorites\explorer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{37E6705E-7710-4252-BD98-E7C65731FC7A}: NameServer = 81.253.149.1 80.10.246.3
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: tuvSjHYr - tuvSjHYr.dll (file missing)
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SearchIn1Step Service - SearchInOneStep.com, Inc. - C:\Program Files\SearchIn1Step\searchin1.exe
O23 - Service: SearchInOneStep Service - SearchInOneStep.com, Inc. - C:\Program Files\SearchInOneStep\searchin1.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe (file missing)

--
End of file - 10727 bytes

j'ai suivi vos instructions et voilà le rapport ComboFix :

ComboFix 08-10-30.13 - Navis 2008-10-31 20:40:48.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.653 [GMT 1:00]
Lancé depuis: C:\Documents and Settings\Navis\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Internet Explorer\explorer.exe
.
---- Previous Run -------
.
C:\Program Files\Internet Explorer\explorer.exe
C:\Program Files\windows
C:\Program Files\windows\system\vsinit.dll
C:\Program Files\windows\system32\vsinit.dll
C:\WINDOWS\system32\aGQrAccf.ini
C:\WINDOWS\system32\aGQrAccf.ini2
C:\WINDOWS\system32\CKkjQXbc.ini
C:\WINDOWS\system32\CKkjQXbc.ini2
C:\WINDOWS\system32\GMorBcfe.ini
C:\WINDOWS\system32\GMorBcfe.ini2
C:\WINDOWS\system32\MmmSYJjl.ini
C:\WINDOWS\system32\MmmSYJjl.ini2
C:\WINDOWS\system32\MWDMUvut.ini
C:\WINDOWS\system32\MWDMUvut.ini2
C:\WINDOWS\system32\oUDMnnnn.ini
C:\WINDOWS\system32\oUDMnnnn.ini2
C:\WINDOWS\system32\winubg32.dll

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_new_drv


((((((((((((((((((((((((((((( Fichiers créés du 2008-09-28 au 2008-10-31 ))))))))))))))))))))))))))))))))))))
.

2008-10-31 20:25 . 2008-10-31 20:25 <REP> d-------- C:\WINDOWS\LastGood
2008-10-30 18:29 . 2008-10-30 18:31 <REP> d-------- C:\Program Files\EMCO MoveOnBoot
2008-10-28 19:13 . 2008-10-28 19:13 13,036 -rahs---- C:\WINDOWS\system32\antinul.vbe
2008-10-26 12:12 . 2008-10-30 20:07 <REP> d-------- C:\Documents and Settings\Navis\Application Data\skypePM
2008-10-26 12:12 . 2008-10-26 12:12 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-10-26 12:11 . 2008-10-30 21:32 <REP> d-------- C:\Documents and Settings\Navis\Application Data\Skype
2008-10-26 12:10 . 2008-10-26 12:10 <REP> d-------- C:\Program Files\Skype
2008-10-26 12:10 . 2008-10-26 12:10 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2008-10-26 12:10 . 2008-10-26 12:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-10-25 11:50 . 2008-10-25 11:50 <REP> d-------- C:\Program Files\SearchIn1Step
2008-10-13 22:38 . 2008-10-30 22:46 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-10-13 22:38 . 2008-10-13 22:38 1,409 --a------ C:\WINDOWS\QTFont.for
2008-10-12 12:09 . 2008-10-12 12:09 <REP> d-------- C:\Program Files\Free Audio Pack
2008-10-12 12:09 . 2005-02-24 13:10 2,084,864 --a------ C:\WINDOWS\system32\AudDesign.dll
2008-10-12 12:09 . 2005-03-11 18:37 1,986,560 --a------ C:\WINDOWS\system32\AudFile.dll
2008-10-12 12:09 . 2005-02-24 13:11 1,212,416 --a------ C:\WINDOWS\system32\AudioInfos.dll
2008-10-12 12:09 . 2005-02-24 13:11 479,232 --a------ C:\WINDOWS\system32\AudioVisu.dll
2008-10-12 12:09 . 2005-02-24 16:21 458,752 --a------ C:\WINDOWS\system32\AudPlayer.dll
2008-10-12 12:09 . 2005-03-10 17:00 454,656 --a------ C:\WINDOWS\system32\AudioRecord.dll
2008-10-12 12:09 . 2005-02-24 13:10 417,792 --a------ C:\WINDOWS\system32\AudDisplay.dll
2008-10-12 12:09 . 2005-02-24 12:51 348,160 --a------ C:\WINDOWS\system32\WMAFile.dll
2008-10-12 12:09 . 2003-08-07 16:01 237,568 --a------ C:\WINDOWS\system32\lame_enc.dll
2008-10-12 12:09 . 2005-01-10 13:54 116,296 --a------ C:\WINDOWS\system32\NCTWMAProfiles.prx
2008-10-12 12:03 . 2008-10-14 16:53 <REP> d-------- C:\Program Files\SearchInOneStep
2008-09-18 19:40 . 2008-10-30 21:58 <REP> d-------- C:\Documents and Settings\Navis\Application Data\foobar2000
2008-09-18 19:39 . 2008-09-18 19:40 <REP> d-------- C:\Program Files\foobar2000

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-31 11:41 --------- d-----w C:\Program Files\eMule
2008-10-31 10:18 --------- d-----w C:\Program Files\WinamaxPoker
2008-10-30 20:08 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-10-29 19:03 43,356,421 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-10-28 20:19 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-10-14 08:46 --------- d-----w C:\Program Files\Java
2008-10-12 10:49 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-10-09 20:44 --------- d-----w C:\Documents and Settings\Navis\Application Data\OpenOffice.org2
2008-08-29 11:24 --------- d-----w C:\Program Files\Ludiclub
2008-07-13 08:53 25,600 ----a-w C:\WINDOWS\system32\vtUmJcDv.dll
2008-07-13 08:53 25,600 ----a-w C:\WINDOWS\system32\ssqRkLdB.dll
2008-07-13 08:53 25,600 ----a-w C:\WINDOWS\system32\geBtSIcC.dll
2008-07-13 08:53 25,600 ----a-w C:\WINDOWS\system32\geBrrQiJ.dll
2008-07-13 08:53 25,600 ----a-w C:\WINDOWS\system32\efcBtrpm.dll
2006-10-28 11:05 119 -c--a-w C:\Program Files\satsukidecodersettings.ini
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 202088]
"internet_explorer"="C:\Program Files\Movie Maker\explorer.exe" [2008-10-10 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-14 7323648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 413696]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2001-03-23 995328]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2006-02-09 106496]
"BigDogPath"="C:\WINDOWS\VM_STI.EXE" [2004-06-09 40960]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 C:\WINDOWS\stsystra.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VP40"= vp4vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\AlertInfo\\AlertInfo.exe"=
"C:\\WINDOWS\\system32\\winver.exe"=

R0 d346bus;d346bus;C:\WINDOWS\system32\DRIVERS\d346bus.sys [2004-03-12 156800]
R0 d346prt;d346prt;C:\WINDOWS\system32\Drivers\d346prt.sys [2004-03-12 5248]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 SearchInOneStep Service;SearchInOneStep Service;C:\Program Files\SearchInOneStep\searchin1.exe C:\Program Files\SearchInOneStep\searchin1.dll Service [ ]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2005-09-05 44160]
S2 ADSLAutoconnect;ADSLAutoconnect;C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe [2007-03-17 446464]
S2 FILESpy;FILESpy;C:\Program Files\Softwin\BitDefender9\filespy.sys [ ]
S2 SearchIn1Step Service;SearchIn1Step Service;C:\Program Files\SearchIn1Step\searchin1.exe C:\Program Files\SearchIn1Step\searchin1.dll Service [ ]
S3 ids00026;ids00026;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys [ ]
S3 klstm;klstm;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\klstm.sys [ ]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f7b3873-6dc0-11db-ac3a-0090d03f028a}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{428bdb67-c2d1-11dc-adbb-0090d03f028a}]
\Shell\AutoRun\command - G:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91618563-bd37-11db-acac-0090d03f028a}]
\Shell\AutoRun\command - F:\autorun.exe
.
Contenu du dossier 'Tâches planifiées'

2008-10-29 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

2008-10-31 C:\WINDOWS\Tasks\Maintenance en 1 clic.job
- C:\Program Files\TuneUp Utilities 2004\SystemOptimizer.exe [2004-12-10 16:26]

2006-06-02 C:\WINDOWS\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job
- C:\WINDOWS\system32\OOBE\oobebaln.exe [2004-08-05 12:00]

2008-10-31 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 17:39]
.
- - - - ORPHELINS SUPPRIMES - - - -

URLSearchHooks-{d9c9a8c9-460d-4343-888e-ae02bcc3ce57} - (no file)
BHO-{22691D83-B4A5-454B-BD1B-08D712ED4425} - (no file)
BHO-{47AE2127-E6AC-43CB-92DF-0F9593998AE2} - (no file)
BHO-{6F790782-0FC8-4DDE-BB15-4EFF77DDFEC9} - (no file)
BHO-{73D6C42A-4B8B-4A49-A79F-A7C498ED3372} - (no file)
BHO-{75F8A2EC-E41B-428D-90DE-8B60CFADD7E4} - (no file)
BHO-{B5AD7EFF-8082-4EAE-908B-9A4680475788} - (no file)
BHO-{d9c9a8c9-460d-4343-888e-ae02bcc3ce57} - (no file)
Toolbar-{d9c9a8c9-460d-4343-888e-ae02bcc3ce57} - (no file)
WebBrowser-{D9C9A8C9-460D-4343-888E-AE02BCC3CE57} - (no file)
HKCU-Run-anti-virus 2007 - D:\explorer.exe
HKCU-Run-Mp3 player - C:\Documents and Settings\All Users\Favorites\explorer.exe
Notify-tuvSjHYr - tuvSjHYr.dll


.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Navis\Application Data\Mozilla\Firefox\Profiles\4f0ba18a.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - about:blank
FF -: plugin - C:\Program Files\Adobe\Acrobat 5.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npqtplugin8.dll
FF -: plugin - C:\Program Files\QuickTime\Plugins\npqtplugin8.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-31 20:41:56
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


**************************************************************************
.
Heure de fin: 2008-10-31 20:42:40
ComboFix-quarantined-files.txt 2008-10-31 19:42:37

Avant-CF: 30,899,777,536 octets libres
Après-CF: 30,888,116,224 octets libres

182 --- E O F --- 2008-07-12 09:10:00

voilà le rapport hijack :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:44:01, on 01/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Movie Maker\explorer.exe
C:\Program Files\SearchInOneStep\searchin1.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\SearchInOneStep\searchin1.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Satsuki Decoder Pack\mpc\mplayerc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Navis\Bureau\bzker.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.fr/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [internet_explorer] C:\Program Files\Movie Maker\explorer.exe
O4 - HKCU\..\Run: [msn] C:\Program Files\Movie Maker\explorer.exe
O4 - HKCU\..\Run: [anti-virus 2007] D:\explorer.exe
O4 - HKCU\..\Run: [Mp3 player] C:\Documents and Settings\All Users\Favorites\explorer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{37E6705E-7710-4252-BD98-E7C65731FC7A}: NameServer = 80.10.246.1 81.253.149.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SearchIn1Step Service - SearchInOneStep.com, Inc. - C:\Program Files\SearchIn1Step\searchin1.exe
O23 - Service: SearchInOneStep Service - SearchInOneStep.com, Inc. - C:\Program Files\SearchInOneStep\searchin1.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe (file missing)

--
End of file - 10044 bytes

je n'ai qu'un anitvirus : avats.

j'ai suivi vos instructions, voilà le rapport Combofix :

ComboFix 08-10-31.02 - Navis 2008-11-01 15:14:53.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.677 [GMT 1:00]
Lancé depuis: C:\Documents and Settings\Navis\Bureau\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\Navis\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé

FILE ::
C:\Program Files\Movie Maker\explorer.exe
C:\WINDOWS\system32\efcBtrpm.dll
C:\WINDOWS\system32\geBrrQiJ.dll
C:\WINDOWS\system32\geBtSIcC.dll
C:\WINDOWS\system32\ssqRkLdB.dll
C:\WINDOWS\system32\vtUmJcDv.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Internet Explorer\explorer.exe
C:\Program Files\Movie Maker\explorer.exe
C:\WINDOWS\system32\antinul.vbe

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-01 au 2008-11-01 ))))))))))))))))))))))))))))))))))))
.

2008-10-31 21:09 . 2008-11-01 00:48 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-10-30 18:29 . 2008-10-30 18:31 <REP> d-------- C:\Program Files\EMCO MoveOnBoot
2008-10-26 12:12 . 2008-10-30 20:07 <REP> d-------- C:\Documents and Settings\Navis\Application Data\skypePM
2008-10-26 12:12 . 2008-10-26 12:12 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-10-26 12:11 . 2008-10-30 21:32 <REP> d-------- C:\Documents and Settings\Navis\Application Data\Skype
2008-10-26 12:10 . 2008-10-26 12:10 <REP> d-------- C:\Program Files\Skype
2008-10-26 12:10 . 2008-10-26 12:10 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2008-10-26 12:10 . 2008-10-26 12:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-10-25 11:50 . 2008-10-25 11:50 <REP> d-------- C:\Program Files\SearchIn1Step
2008-10-13 22:38 . 2008-11-01 14:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-10-13 22:38 . 2008-10-13 22:38 1,409 --a------ C:\WINDOWS\QTFont.for
2008-10-12 12:09 . 2008-10-12 12:09 <REP> d-------- C:\Program Files\Free Audio Pack
2008-10-12 12:09 . 2005-02-24 13:10 2,084,864 --a------ C:\WINDOWS\system32\AudDesign.dll
2008-10-12 12:09 . 2005-03-11 18:37 1,986,560 --a------ C:\WINDOWS\system32\AudFile.dll
2008-10-12 12:09 . 2005-02-24 13:11 1,212,416 --a------ C:\WINDOWS\system32\AudioInfos.dll
2008-10-12 12:09 . 2005-02-24 13:11 479,232 --a------ C:\WINDOWS\system32\AudioVisu.dll
2008-10-12 12:09 . 2005-02-24 16:21 458,752 --a------ C:\WINDOWS\system32\AudPlayer.dll
2008-10-12 12:09 . 2005-03-10 17:00 454,656 --a------ C:\WINDOWS\system32\AudioRecord.dll
2008-10-12 12:09 . 2005-02-24 13:10 417,792 --a------ C:\WINDOWS\system32\AudDisplay.dll
2008-10-12 12:09 . 2005-02-24 12:51 348,160 --a------ C:\WINDOWS\system32\WMAFile.dll
2008-10-12 12:09 . 2003-08-07 16:01 237,568 --a------ C:\WINDOWS\system32\lame_enc.dll
2008-10-12 12:09 . 2005-01-10 13:54 116,296 --a------ C:\WINDOWS\system32\NCTWMAProfiles.prx
2008-10-12 12:03 . 2008-10-14 16:53 <REP> d-------- C:\Program Files\SearchInOneStep

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-01 13:00 --------- d-----w C:\Program Files\WinamaxPoker
2008-10-31 22:43 --------- d-----w C:\Program Files\eMule
2008-10-30 20:58 --------- d-----w C:\Documents and Settings\Navis\Application Data\foobar2000
2008-10-30 20:08 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-10-28 20:19 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-10-14 08:46 --------- d-----w C:\Program Files\Java
2008-10-09 20:44 --------- d-----w C:\Documents and Settings\Navis\Application Data\OpenOffice.org2
2008-09-18 18:40 --------- d-----w C:\Program Files\foobar2000
2006-10-28 11:05 119 -c--a-w C:\Program Files\satsukidecodersettings.ini
.

((((((((((((((((((((((((((((( snapshot@2008-10-31_20.42.19.90 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-28 11:00:41 10,213,404 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat
+ 2008-11-01 11:00:56 10,244,586 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat
+ 2008-11-01 14:18:37 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_70c.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 202088]
"anti-virus 2007"="D:\explorer.exe" [BU]
"Mp3 player"="C:\Documents and Settings\All Users\Favorites\explorer.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-14 7323648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 413696]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2001-03-23 995328]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2006-02-09 106496]
"BigDogPath"="C:\WINDOWS\VM_STI.EXE" [2004-06-09 40960]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 C:\WINDOWS\stsystra.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VP40"= vp4vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\AlertInfo\\AlertInfo.exe"=
"C:\\WINDOWS\\system32\\winver.exe"=

R0 d346bus;d346bus;C:\WINDOWS\system32\DRIVERS\d346bus.sys [2004-03-12 156800]
R0 d346prt;d346prt;C:\WINDOWS\system32\Drivers\d346prt.sys [2004-03-12 5248]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 ADSLAutoconnect;ADSLAutoconnect;C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe [2007-03-17 446464]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 SearchInOneStep Service;SearchInOneStep Service;C:\Program Files\SearchInOneStep\searchin1.exe C:\Program Files\SearchInOneStep\searchin1.dll Service [ ]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2005-09-05 44160]
S2 FILESpy;FILESpy;C:\Program Files\Softwin\BitDefender9\filespy.sys [ ]
S2 SearchIn1Step Service;SearchIn1Step Service;C:\Program Files\SearchIn1Step\searchin1.exe C:\Program Files\SearchIn1Step\searchin1.dll Service [ ]
S3 ids00026;ids00026;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys [ ]
S3 klstm;klstm;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\klstm.sys [ ]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f7b3873-6dc0-11db-ac3a-0090d03f028a}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{428bdb67-c2d1-11dc-adbb-0090d03f028a}]
\Shell\AutoRun\command - G:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91618563-bd37-11db-acac-0090d03f028a}]
\Shell\AutoRun\command - F:\autorun.exe
.
Contenu du dossier 'Tâches planifiées'

2008-10-29 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

2008-10-31 C:\WINDOWS\Tasks\Maintenance en 1 clic.job
- C:\Program Files\TuneUp Utilities 2004\SystemOptimizer.exe [2004-12-10 16:26]

2006-06-02 C:\WINDOWS\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job
- C:\WINDOWS\system32\OOBE\oobebaln.exe [2004-08-05 12:00]

2008-11-01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 17:39]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-01 15:19:07
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SearchInOneStep\searchin1.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\SearchInOneStep\searchin1.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Heure de fin: 2008-11-01 15:26:19 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-11-01 14:26:15
ComboFix2.txt 2008-10-31 19:42:41

Avant-CF: 28 366 999 552 octets libres
Après-CF: 28,353,855,488 octets libres

161 --- E O F --- 2008-07-12 09:10:00


et voilà le rapport hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:31:08, on 01/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SearchInOneStep\searchin1.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\SearchInOneStep\searchin1.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Navis\Bureau\bzker.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.fr/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [anti-virus 2007] D:\explorer.exe
O4 - HKCU\..\Run: [Mp3 player] C:\Documents and Settings\All Users\Favorites\explorer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{37E6705E-7710-4252-BD98-E7C65731FC7A}: NameServer = 81.253.149.9 80.10.246.132
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SearchIn1Step Service - SearchInOneStep.com, Inc. - C:\Program Files\SearchIn1Step\searchin1.exe
O23 - Service: SearchInOneStep Service - SearchInOneStep.com, Inc. - C:\Program Files\SearchInOneStep\searchin1.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe (file missing)

--
End of file - 9457 bytes

bonjour,
désolé de répondre si tard mais j'ai été pas mal occupé en ce moment. J'ai effectué un examen complet avec MalwareByte's Anti-malware, il a supprimé des infections et voilà le rapport :

Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1368
Windows 5.1.2600 Service Pack 2

05/11/2008 17:53:31
mbam-log-2008-11-05 (17-53-31).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 127076
Temps écoulé: 48 minute(s), 14 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 5

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP1089\A0427966.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP1089\A0427967.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP1089\A0427968.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP1089\A0427969.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP1089\A0427970.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

Voilà le rapport hijack this :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:35:16, on 05/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SearchInOneStep\searchin1.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SearchInOneStep\searchin1.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Navis\Bureau\bzker.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.fr/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [anti-virus 2007] D:\explorer.exe
O4 - HKCU\..\Run: [Mp3 player] C:\Documents and Settings\All Users\Favorites\explorer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{37E6705E-7710-4252-BD98-E7C65731FC7A}: NameServer = 80.10.246.1 81.253.149.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SearchIn1Step Service - SearchInOneStep.com, Inc. - C:\Program Files\SearchIn1Step\searchin1.exe
O23 - Service: SearchInOneStep Service - SearchInOneStep.com, Inc. - C:\Program Files\SearchInOneStep\searchin1.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe (file missing)

--
End of file - 9601 bytes

Re,
j'ai suivi les instructions et voilà le rapport combofix :

ComboFix 08-11-05.02 - Navis 2008-11-06 19:11:01.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.634 [GMT 1:00]
Lancé depuis: c:\documents and settings\Navis\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Navis\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé

FILE ::
c:\documents and settings\All Users\Favorites\explorer.exe
D:\explorer.exe
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-10-06 au 2008-11-06 ))))))))))))))))))))))))))))))))))))
.

2008-11-05 16:59 . 2008-11-05 16:59 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-05 16:59 . 2008-11-05 16:59 <REP> d-------- c:\documents and settings\Navis\Application Data\Malwarebytes
2008-11-05 16:59 . 2008-11-05 16:59 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-05 16:59 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-05 16:59 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-10-31 21:09 . 2008-11-01 00:48 <REP> d-------- c:\windows\system32\CatRoot_bak
2008-10-31 20:26 . 2008-05-01 15:31 331,776 --------- c:\windows\system32\dllcache\msadce.dll
2008-10-30 18:29 . 2008-10-30 18:31 <REP> d-------- c:\program files\EMCO MoveOnBoot
2008-10-26 12:12 . 2008-10-30 20:07 <REP> d-------- c:\documents and settings\Navis\Application Data\skypePM
2008-10-26 12:12 . 2008-10-26 12:12 56 --ah----- c:\windows\system32\ezsidmv.dat
2008-10-26 12:11 . 2008-10-30 21:32 <REP> d-------- c:\documents and settings\Navis\Application Data\Skype
2008-10-26 12:10 . 2008-10-26 12:10 <REP> d-------- c:\program files\Skype
2008-10-26 12:10 . 2008-10-26 12:10 <REP> d-------- c:\program files\Fichiers communs\Skype
2008-10-26 12:10 . 2008-10-26 12:10 <REP> d-------- c:\documents and settings\All Users\Application Data\Skype
2008-10-25 11:50 . 2008-10-25 11:50 <REP> d-------- c:\program files\SearchIn1Step
2008-10-13 22:38 . 2008-11-04 00:58 54,156 --ah----- c:\windows\QTFont.qfn
2008-10-13 22:38 . 2008-10-13 22:38 1,409 --a------ c:\windows\QTFont.for
2008-10-12 12:09 . 2008-10-12 12:09 <REP> d-------- c:\program files\Free Audio Pack
2008-10-12 12:09 . 2005-02-24 13:10 2,084,864 --a------ c:\windows\system32\AudDesign.dll
2008-10-12 12:09 . 2005-03-11 18:37 1,986,560 --a------ c:\windows\system32\AudFile.dll
2008-10-12 12:09 . 2005-02-24 13:11 1,212,416 --a------ c:\windows\system32\AudioInfos.dll
2008-10-12 12:09 . 2005-02-24 13:11 479,232 --a------ c:\windows\system32\AudioVisu.dll
2008-10-12 12:09 . 2005-02-24 16:21 458,752 --a------ c:\windows\system32\AudPlayer.dll
2008-10-12 12:09 . 2005-03-10 17:00 454,656 --a------ c:\windows\system32\AudioRecord.dll
2008-10-12 12:09 . 2005-02-24 13:10 417,792 --a------ c:\windows\system32\AudDisplay.dll
2008-10-12 12:09 . 2005-02-24 12:51 348,160 --a------ c:\windows\system32\WMAFile.dll
2008-10-12 12:09 . 2003-08-07 16:01 237,568 --a------ c:\windows\system32\lame_enc.dll
2008-10-12 12:09 . 2005-01-10 13:54 116,296 --a------ c:\windows\system32\NCTWMAProfiles.prx
2008-10-12 12:03 . 2008-10-14 16:53 <REP> d-------- c:\program files\SearchInOneStep

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-06 07:53 --------- d-----w c:\program files\eMule
2008-11-05 18:30 --------- d-----w c:\program files\WinamaxPoker
2008-11-01 15:10 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-10-30 20:58 --------- d-----w c:\documents and settings\Navis\Application Data\foobar2000
2008-10-30 20:08 --------- d-----w c:\program files\Mozilla Thunderbird
2008-10-29 19:03 43,356,421 ----a-w c:\windows\Internet Logs\tvDebug.zip
2008-10-28 20:19 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-10-15 16:59 332,800 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-14 08:46 --------- d-----w c:\program files\Java
2008-10-12 10:49 5,852 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-10-09 20:44 --------- d-----w c:\documents and settings\Navis\Application Data\OpenOffice.org2
2008-09-18 18:40 --------- d-----w c:\program files\foobar2000
2008-09-15 15:39 1,846,144 ----a-w c:\windows\system32\win32k.sys
2008-09-15 15:39 1,846,144 ------w c:\windows\system32\dllcache\win32k.sys
2008-08-28 10:04 333,056 ------w c:\windows\system32\dllcache\srv.sys
2008-08-19 09:38 18,432 ------w c:\windows\system32\dllcache\iedw.exe
2008-08-14 13:39 2,188,032 ------w c:\windows\system32\dllcache\ntoskrnl.exe
2008-08-14 13:39 2,144,768 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 13:39 2,144,768 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
2008-08-14 13:39 2,065,024 ------w c:\windows\system32\dllcache\ntkrnlpa.exe
2008-08-14 13:39 2,022,912 ----a-w c:\windows\system32\ntkrnlpa.exe
2008-08-14 13:39 2,022,912 ------w c:\windows\system32\dllcache\ntkrpamp.exe
2008-08-14 09:51 138,368 ------w c:\windows\system32\dllcache\afd.sys
2006-10-28 11:05 119 -c--a-w c:\program files\satsukidecodersettings.ini
.

((((((((((((((((((((((((((((( snapshot@2008-10-31_20.42.19.90 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-07 20:18:27 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
+ 2008-07-07 20:28:20 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
+ 2008-07-07 20:24:11 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
+ 2007-11-30 12:39:29 18,296 ----a-w c:\windows\$hf_mig$\KB950974\spmsg.dll
+ 2007-11-30 12:39:29 234,872 ----a-w c:\windows\$hf_mig$\KB950974\spuninst.exe
+ 2007-11-30 12:39:29 26,488 ----a-w c:\windows\$hf_mig$\KB950974\update\spcustom.dll
+ 2007-11-30 12:39:26 767,352 ----a-w c:\windows\$hf_mig$\KB950974\update\update.exe
+ 2007-11-30 12:39:29 406,392 ----a-w c:\windows\$hf_mig$\KB950974\update\updspapi.dll
+ 2008-07-14 11:03:00 62,976 ----a-w c:\windows\$hf_mig$\KB951072-v2\SP2QFE\tzchange.exe
+ 2008-07-11 12:42:28 62,976 ----a-w c:\windows\$hf_mig$\KB951072-v2\SP3GDR\tzchange.exe
+ 2008-07-11 12:51:51 62,976 ----a-w c:\windows\$hf_mig$\KB951072-v2\SP3QFE\tzchange.exe
+ 2007-11-30 11:19:06 18,296 ----a-w c:\windows\$hf_mig$\KB951072-v2\spmsg.dll
+ 2007-11-30 11:19:06 234,872 ----a-w c:\windows\$hf_mig$\KB951072-v2\spuninst.exe
+ 2007-11-30 11:19:06 26,488 ----a-w c:\windows\$hf_mig$\KB951072-v2\update\spcustom.dll
+ 2007-11-30 12:39:29 767,352 ----a-w c:\windows\$hf_mig$\KB951072-v2\update\update.exe
+ 2007-11-30 12:39:31 406,392 ----a-w c:\windows\$hf_mig$\KB951072-v2\update\updspapi.dll
+ 2008-06-24 16:30:27 74,240 ----a-w c:\windows\$hf_mig$\KB952954\SP2QFE\mscms.dll
+ 2008-06-24 16:44:02 74,240 ----a-w c:\windows\$hf_mig$\KB952954\SP3GDR\mscms.dll
+ 2008-06-24 16:53:52 74,240 ----a-w c:\windows\$hf_mig$\KB952954\SP3QFE\mscms.dll
+ 2007-11-30 11:19:06 18,296 ----a-w c:\windows\$hf_mig$\KB952954\spmsg.dll
+ 2007-11-30 11:19:06 234,872 ----a-w c:\windows\$hf_mig$\KB952954\spuninst.exe
+ 2007-11-30 11:19:06 26,488 ----a-w c:\windows\$hf_mig$\KB952954\update\spcustom.dll
+ 2007-11-30 12:39:29 767,352 ----a-w c:\windows\$hf_mig$\KB952954\update\update.exe
+ 2007-11-30 12:39:31 406,392 ----a-w c:\windows\$hf_mig$\KB952954\update\updspapi.dll
+ 2008-08-20 05:10:12 3,088,896 ----a-w c:\windows\$hf_mig$\KB956390\SP3GDR\mshtml.dll
+ 2008-08-20 05:10:11 1,499,648 ----a-w c:\windows\$hf_mig$\KB956390\SP3GDR\shdocvw.dll
+ 2008-08-20 05:10:11 620,544 ----a-w c:\windows\$hf_mig$\KB956390\SP3GDR\urlmon.dll
+ 2008-08-20 05:10:11 670,208 ----a-w c:\windows\$hf_mig$\KB956390\SP3GDR\wininet.dll
+ 2008-08-20 05:07:31 3,088,896 ----a-w c:\windows\$hf_mig$\KB956390\SP3QFE\mshtml.dll
+ 2008-08-20 05:07:27 1,499,648 ----a-w c:\windows\$hf_mig$\KB956390\SP3QFE\shdocvw.dll
+ 2008-08-20 05:07:28 621,056 ----a-w c:\windows\$hf_mig$\KB956390\SP3QFE\urlmon.dll
+ 2008-08-20 05:07:28 670,720 ----a-w c:\windows\$hf_mig$\KB956390\SP3QFE\wininet.dll
+ 2007-11-30 11:19:06 18,296 ----a-w c:\windows\$hf_mig$\KB956390\spmsg.dll
+ 2007-11-30 11:19:06 234,872 ----a-w c:\windows\$hf_mig$\KB956390\spuninst.exe
+ 2007-11-30 11:19:06 26,488 ----a-w c:\windows\$hf_mig$\KB956390\update\spcustom.dll
+ 2007-11-30 12:39:29 767,352 ----a-w c:\windows\$hf_mig$\KB956390\update\update.exe
+ 2007-11-30 12:39:31 406,392 ----a-w c:\windows\$hf_mig$\KB956390\update\updspapi.dll
- 2007-09-27 18:02:31 248,632 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2008-11-01 15:06:23 250,928 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
- 2007-09-27 18:02:31 781,104 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
+ 2008-11-01 15:03:29 783,744 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
- 2007-02-28 16:08:15 2,139,648 -c----w c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-08-14 13:39:07 2,144,768 ------w c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2007-02-28 16:08:25 2,061,440 -c----w c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-08-14 13:39:12 2,065,024 ------w c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2007-02-28 16:08:11 2,019,328 -c----w c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-08-14 13:39:03 2,022,912 ------w c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2007-02-28 16:08:21 2,184,192 -c----w c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-08-14 13:39:11 2,188,032 ------w c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2006-10-26 17:49:48 1,011,488 ----a-r c:\windows\Installer\$PatchCache$\Managed\000021090100C0400000000000F01FEC\12.0.4518\MSDAIPP.DLL
+ 2006-10-26 17:49:46 970,528 ----a-r c:\windows\Installer\$PatchCache$\Managed\000021090100C0400000000000F01FEC\12.0.4518\MSONSEXT.DLL
+ 2006-10-27 14:18:36 1,658,152 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.4518\OGL.DLL
+ 2007-09-14 20:45:58 16,901,168 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6215\MSO.DLL
+ 2007-08-28 23:19:24 1,654,648 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6215\OGL.DLL
+ 2007-08-24 04:00:34 1,767,768 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6215\PPCNV.DLL
+ 2007-08-24 04:00:48 72,096 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6215\PXBCOM.EXE
+ 2006-10-27 13:00:10 576,376 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACACEDAO.DLL
+ 2006-10-26 19:18:12 162,616 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACCWIZ.DLL
+ 2006-10-27 13:00:12 1,751,904 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACECORE.DLL
+ 2006-10-27 13:00:10 576,376 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACEDAO.DLL
+ 2006-10-27 13:00:06 47,976 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACEERR.DLL
+ 2006-10-27 13:00:08 191,360 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACEES.DLL
+ 2006-10-26 18:13:34 338,800 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACEEXCH.DLL
+ 2006-10-26 18:13:44 629,616 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACEEXCL.DLL
+ 2006-10-26 18:13:28 207,736 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACELTS.DLL
+ 2006-10-26 18:13:32 279,352 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACEODBC.DLL
+ 2006-10-26 18:13:08 15,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACEODDBS.DLL
+ 2006-10-26 18:13:08 15,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACEODEXL.DLL
+ 2006-10-26 18:13:08 15,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACEODPDX.DLL
+ 2006-10-26 18:13:12 15,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACEODTXT.DLL
+ 2006-10-27 13:00:06 387,960 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACEOLEDB.DLL
+ 2006-10-26 18:13:38 392,048 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACEPDE.DLL
+ 2006-10-26 18:13:30 260,976 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACER2X.DLL
+ 2006-10-26 18:13:32 289,648 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACER3X.DLL
+ 2006-10-26 18:13:20 56,120 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACERCLR.DLL
+ 2006-10-26 18:13:38 551,800 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACEREP.DLL
+ 2006-10-26 18:13:30 224,104 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACETXT.DLL
+ 2006-10-27 13:40:34 208,760 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACEWSS.DLL
+ 2006-10-26 18:13:34 371,568 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACEXBE.DLL
+ 2006-10-27 13:41:04 399,640 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\CDLMSO.DLL
+ 2006-10-26 17:59:24 205,616 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\CLVIEW.EXE
+ 2006-10-26 19:30:42 65,312 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\COLLIMP.DLL
+ 2006-10-26 18:12:52 189,760 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\CONTACTPICKER.DLL
+ 2006-10-26 17:48:14 439,568 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\DWDCW20.DLL
+ 2006-10-26 12:10:08 1,190,688 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\FM20.DLL
+ 2006-10-26 17:21:24 1,682,232 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\FPSRVUTL.DLL
+ 2006-10-27 13:09:36 983,376 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\FPWEC.DLL
+ 2006-10-26 18:02:12 2,526,520 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\GRAPH.EXE
+ 2006-10-26 18:12:52 173,328 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\IEAWSDC.DLL
+ 2006-10-26 18:55:38 138,024 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\IMPMAIL.DLL
+ 2006-10-27 13:10:08 1,439,032 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\INFOPATH.EXE
+ 2006-10-27 13:10:10 5,456,704 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\IPDESIGN.DLL
+ 2006-10-27 13:10:10 5,281,592 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\IPEDITOR.DLL
+ 2006-10-26 19:42:00 176,976 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\IPOLK.DLL
+ 2006-10-26 17:55:10 828,704 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MEDCAT.DLL
+ 2006-10-27 13:01:34 10,371,880 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSACCESS.EXE
+ 2006-10-26 19:18:06 66,880 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSAEXP30.DLL
+ 2006-10-26 11:58:14 117,552 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSCONV97.DLL
+ 2006-10-27 12:59:06 161,080 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSOCF.DLL
+ 2006-10-26 17:48:12 14,664 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSOCFU.DLL
+ 2006-10-26 18:12:58 428,816 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSODCW.DLL
+ 2006-10-26 19:13:36 26,936 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSOEURO.DLL
+ 2006-10-26 18:00:08 6,635,320 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSORES.DLL
+ 2006-10-26 11:56:36 436,520 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSORUN.DLL
+ 2006-10-26 17:50:04 672,024 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSQRY32.EXE
+ 2006-10-26 11:56:40 505,136 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSSOAP30.DLL
+ 2006-10-26 17:55:12 832,800 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSTORDB.EXE
+ 2006-10-26 17:55:06 538,904 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSTORES.DLL
+ 2006-10-26 18:12:30 65,824 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\NAME.DLL
+ 2006-10-27 13:14:34 14,151,456 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OART.DLL
+ 2006-10-26 18:06:54 232,816 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ODEPLOY.EXE
+ 2006-10-26 18:14:06 7,033,152 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OFFOWC.DLL
+ 2006-10-26 18:00:08 274,744 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OIS.EXE
+ 2006-10-26 18:00:12 998,208 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OISAPP.DLL
+ 2006-10-26 18:00:10 285,008 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OISGRAPH.DLL
+ 2006-10-26 18:07:04 6,536,992 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OSETUP.DLL
+ 2006-07-26 16:53:56 459,080 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OUTLFLTR.DLL
+ 2006-10-27 13:16:36 46,864 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OUTLRPC.DLL
+ 2006-10-26 19:30:44 482,088 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\PORTCONN.DLL
+ 2006-10-27 13:04:06 465,200 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\POWERPNT.EXE
+ 2006-10-27 13:04:06 7,980,848 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\PPCORE.DLL
+ 2007-09-27 18:02:31 248,632 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\PPTPIA.DLL
+ 2006-10-26 17:52:10 2,012,480 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\PPTVIEW.EXE
+ 2006-10-26 19:13:38 38,168 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\REFEDIT.DLL
+ 2006-10-26 19:42:12 744,808 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\REGFORM.EXE
+ 2006-10-26 18:13:00 503,624 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\SELFCERT.EXE
+ 2006-10-26 18:06:58 439,600 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\SETUP.EXE
+ 2006-10-26 19:18:16 502,608 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\SOA.DLL
+ 2006-07-28 13:21:58 277,320 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\SSGEN.DLL
+ 2006-10-27 12:57:08 2,330,968 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\STSLIST.DLL
+ 2006-09-29 22:42:56 2,583,344 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\VBE6.DLL
+ 2006-10-26 20:58:38 3,732,792 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\VVIEWER.DLL
+ 2007-09-27 18:02:31 781,104 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\WORDPIA.DLL
+ 2007-09-14 20:45:58 16,901,168 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6215\MSO.DLL
+ 2007-10-02 18:51:22 8,436,776 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6215\OARTCONV.DLL
+ 2007-08-28 23:19:24 1,654,648 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6215\OGL.DLL
+ 2007-08-28 22:06:16 467,840 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6215\POWERPNT.EXE
+ 2007-08-28 22:06:44 7,990,144 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6215\PPCORE.DLL
+ 2008-11-01 15:03:40 251,272 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6215\PPTPIA.DLL
- 2008-07-09 15:01:33 1,165,584 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-11-01 15:10:04 1,165,584 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
- 2008-07-09 15:01:34 20,240 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-11-01 15:10:04 20,240 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-07-09 15:01:33 159,504 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-11-01 15:10:04 159,504 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
- 2008-07-09 15:01:34 217,864 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
+ 2008-11-01 15:10:04 217,864 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2008-07-09 15:01:34 18,704 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-11-01 15:10:04 18,704 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-07-09 15:01:34 35,088 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-11-01 15:10:04 35,088 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-07-09 15:01:34 845,584 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-11-01 15:10:04 845,584 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2008-07-09 15:01:34 922,384 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-11-01 15:10:04 922,384 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2008-07-09 15:01:34 272,648 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-11-01 15:10:04 272,648 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
- 2008-07-09 15:01:34 888,080 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-11-01 15:10:04 888,080 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-07-09 15:01:33 1,172,240 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-11-01 15:10:04 1,172,240 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-05-14 15:01:09 35,600 ----a-r c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2008-11-01 15:09:07 35,600 ----a-r c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2007-09-27 17:58:44 217,864 ----a-r c:\windows\Installer\{90120000-006E-040C-0000-0000000FF1CE}\misc.exe
+ 2008-11-01 15:05:34 217,864 ----a-r c:\windows\Installer\{90120000-006E-040C-0000-0000000FF1CE}\misc.exe
- 2008-04-21 06:57:16 1,024,512 ----a-w c:\windows\system32\browseui.dll
+ 2008-08-20 05:33:47 1,024,512 ----a-w c:\windows\system32\browseui.dll
- 2008-04-21 06:57:16 152,064 ----a-w c:\windows\system32\cdfview.dll
+ 2008-08-20 05:33:44 152,064 ----a-w c:\windows\system32\cdfview.dll
- 2008-04-21 06:57:17 1,056,768 ----a-w c:\windows\system32\danim.dll
+ 2008-08-20 05:33:44 1,056,768 ----a-w c:\windows\system32\danim.dll
- 2008-04-21 06:57:16 1,024,512 ------w c:\windows\system32\dllcache\browseui.dll
+ 2008-08-20 05:33:47 1,024,512 ------w c:\windows\system32\dllcache\browseui.dll
- 2008-04-21 06:57:16 152,064 ------w c:\windows\system32\dllcache\cdfview.dll
+ 2008-08-20 05:33:44 152,064 ------w c:\windows\system32\dllcache\cdfview.dll
- 2008-04-21 06:57:17 1,056,768 ------w c:\windows\system32\dllcache\danim.dll
+ 2008-08-20 05:33:44 1,056,768 ------w c:\windows\system32\dllcache\danim.dll
- 2008-04-21 06:57:17 357,888 ------w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-08-20 05:33:45 357,888 ------w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-04-21 06:57:18 205,312 ------w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-08-20 05:33:45 205,312 ------w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-07-07 20:31:48 253,952 ------w c:\windows\system32\dllcache\es.dll
- 2008-04-21 06:57:18 55,808 ------w c:\windows\system32\dllcache\extmgr.dll
+ 2008-08-20 05:33:45 55,808 ------w c:\windows\system32\dllcache\extmgr.dll
- 2008-04-21 06:57:18 251,904 ------w c:\windows\system32\dllcache\iepeers.dll
+ 2008-08-20 05:33:45 251,904 ------w c:\windows\system32\dllcache\iepeers.dll
- 2007-08-21 06:17:23 683,520 ------w c:\windows\system32\dllcache\inetcomm.dll
+ 2008-04-11 18:51:06 683,520 ------w c:\windows\system32\dllcache\inetcomm.dll
- 2008-04-21 06:57:18 96,768 ------w c:\windows\system32\dllcache\inseng.dll
+ 2008-08-20 05:33:45 96,768 ------w c:\windows\system32\dllcache\inseng.dll
- 2008-04-21 06:57:18 16,384 ------w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-08-20 05:33:46 16,384 ------w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-06-24 16:23:56 74,240 ------w c:\windows\system32\dllcache\mscms.dll
- 2008-04-21 06:57:22 3,087,872 ------w c:\windows\system32\dllcache\mshtml.dll
+ 2008-08-20 05:33:48 3,088,384 ------w c:\windows\system32\dllcache\mshtml.dll
- 2008-04-21 06:57:22 449,024 ------w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-08-20 05:33:46 449,024 ------w c:\windows\system32\dllcache\mshtmled.dll
- 2008-04-21 06:57:23 146,432 ------w c:\windows\system32\dllcache\msrating.dll
+ 2008-08-20 05:33:45 146,432 ------w c:\windows\system32\dllcache\msrating.dll
- 2008-04-21 06:57:23 532,480 ------w c:\windows\system32\dllcache\mstime.dll
+ 2008-08-20 05:33:45 532,480 ------w c:\windows\system32\dllcache\mstime.dll
- 2008-04-21 06:57:23 39,424 ------w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-08-20 05:33:45 39,424 ------w c:\windows\system32\dllcache\pngfilt.dll
- 2008-04-21 06:57:25 1,499,648 ------w c:\windows\system32\dllcache\shdocvw.dll
+ 2008-08-20 05:33:46 1,499,648 ------w c:\windows\system32\dllcache\shdocvw.dll
- 2008-04-21 06:57:26 474,624 ------w c:\windows\system32\dllcache\shlwapi.dll
+ 2008-08-20 05:33:46 474,624 ------w c:\windows\system32\dllcache\shlwapi.dll
- 2008-04-21 06:57:26 620,544 ------w c:\windows\system32\dllcache\urlmon.dll
+ 2008-08-20 05:33:47 621,056 ------w c:\windows\system32\dllcache\urlmon.dll
- 2008-04-21 06:57:27 670,720 ------w c:\windows\system32\dllcache\wininet.dll
+ 2008-08-20 05:33:46 671,744 ------w c:\windows\system32\dllcache\wininet.dll
- 2008-06-20 10:44:38 138,368 ----a-w c:\windows\system32\drivers\afd.sys
+ 2008-08-14 09:51:43 138,368 ----a-w c:\windows\system32\drivers\afd.sys
- 2006-08-14 10:34:41 332,928 ----a-w c:\windows\system32\drivers\srv.sys
+ 2008-08-28 10:04:17 333,056 ----a-w c:\windows\system32\drivers\srv.sys
- 2008-04-21 06:57:17 357,888 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-08-20 05:33:45 357,888 ----a-w c:\windows\system32\dxtmsft.dll
- 2008-04-21 06:57:18 205,312 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-08-20 05:33:45 205,312 ----a-w c:\windows\system32\dxtrans.dll
- 2005-07-26 04:39:57 243,200 ----a-w c:\windows\system32\es.dll
+ 2008-07-07 20:31:48 253,952 ----a-w c:\windows\system32\es.dll
- 2008-04-21 06:57:18 55,808 ----a-w c:\windows\system32\extmgr.dll
+ 2008-08-20 05:33:45 55,808 ----a-w c:\windows\system32\extmgr.dll
- 2006-10-26 12:10:08 1,190,688 ----a-w c:\windows\system32\FM20.DLL
+ 2007-08-23 00:03:38 1,195,888 ----a-w c:\windows\system32\FM20.DLL
- 2008-04-09 16:00:05 298,848 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-11-02 21:45:57 298,848 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2008-04-21 06:57:18 251,904 ----a-w c:\windows\system32\iepeers.dll
+ 2008-08-20 05:33:45 251,904 ----a-w c:\windows\system32\iepeers.dll
- 2007-08-21 06:17:23 683,520 ----a-w c:\windows\system32\inetcomm.dll
+ 2008-04-11 18:51:06 683,520 ----a-w c:\windows\system32\inetcomm.dll
- 2008-04-21 06:57:18 96,768 ----a-w c:\windows\system32\inseng.dll
+ 2008-08-20 05:33:45 96,768 ----a-w c:\windows\system32\inseng.dll
- 2008-04-21 06:57:18 16,384 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-08-20 05:33:46 16,384 ----a-w c:\windows\system32\jsproxy.dll
- 2008-06-25 16:15:46 17,972,344 ----a-w c:\windows\system32\MRT.exe
+ 2008-10-07 11:19:42 16,721,856 ----a-w c:\windows\system32\MRT.exe
- 2005-06-29 01:49:41 74,240 ----a-w c:\windows\system32\mscms.dll
+ 2008-06-24 16:23:56 74,240 ----a-w c:\windows\system32\mscms.dll
- 2008-04-21 06:57:22 3,087,872 ----a-w c:\windows\system32\mshtml.dll
+ 2008-08-20 05:33:48 3,088,384 ----a-w c:\windows\system32\mshtml.dll
- 2008-04-21 06:57:22 449,024 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-08-20 05:33:46 449,024 ----a-w c:\windows\system32\mshtmled.dll
- 2008-04-21 06:57:23 146,432 ----a-w c:\windows\system32\msrating.dll
+ 2008-08-20 05:33:45 146,432 ----a-w c:\windows\system32\msrating.dll
- 2008-04-21 06:57:23 532,480 ----a-w c:\windows\system32\mstime.dll
+ 2008-08-20 05:33:45 532,480 ----a-w c:\windows\system32\mstime.dll
- 2006-08-17 12:29:49 332,288 ----a-w c:\windows\system32\netapi32.dll
+ 2008-10-15 16:59:28 332,800 ----a-w c:\windows\system32\netapi32.dll
- 2008-04-21 06:57:23 39,424 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-08-20 05:33:45 39,424 ----a-w c:\windows\system32\pngfilt.dll
- 2008-04-21 06:57:25 1,499,648 ----a-w c:\windows\system32\shdocvw.dll
+ 2008-08-20 05:33:46 1,499,648 ----a-w c:\windows\system32\shdocvw.dll
- 2008-04-21 06:57:26 474,624 ----a-w c:\windows\system32\shlwapi.dll
+ 2008-08-20 05:33:46 474,624 ----a-w c:\windows\system32\shlwapi.dll
- 2007-11-30 12:39:29 18,296 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 11:19:06 18,296 ------w c:\windows\system32\spmsg.dll
- 2007-11-13 11:31:11 60,416 ------w c:\windows\system32\tzchange.exe
+ 2008-07-14 11:09:18 62,976 ------w c:\windows\system32\tzchange.exe
- 2008-04-21 06:57:26 620,544 ----a-w c:\windows\system32\urlmon.dll
+ 2008-08-20 05:33:47 621,056 ----a-w c:\windows\system32\urlmon.dll
- 2008-04-21 06:57:27 670,720 ----a-w c:\windows\system32\wininet.dll
+ 2008-08-20 05:33:46 671,744 ----a-w c:\windows\system32\wininet.dll
- 2008-04-17 11:03:45 370,176 ----a-w c:\windows\system32\xpsp3res.dll
+ 2008-08-19 09:51:37 370,176 ----a-w c:\windows\system32\xpsp3res.dll
- 2008-10-28 11:00:41 10,213,404 ----a-w c:\windows\system32\ZoneLabs\spyware.dat
+ 2008-11-01 11:00:56 10,244,586 ----a-w c:\windows\system32\ZoneLabs\spyware.dat
- 2008-10-14 15:53:24 23,923,712 ----a-w c:\windows\system32\ZoneLabs\zlqrtdb.dat
+ 2008-11-04 13:32:37 23,944,192 ----a-w c:\windows\system32\ZoneLabs\zlqrtdb.dat
- 2008-10-31 19:18:56 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_714.dat
+ 2008-11-05 16:54:51 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_714.dat
+ 2007-08-22 23:18:08 96,256 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2007-08-22 23:18:08 1,101,824 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2007-08-22 23:18:08 1,093,120 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2007-08-22 23:18:08 69,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2007-08-22 23:18:08 57,856 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2007-08-22 23:18:08 40,960 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2007-08-22 23:18:08 45,056 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2007-08-22 23:18:08 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2007-08-22 23:18:08 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2007-08-22 23:18:08 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2007-08-22 23:18:08 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2007-08-22 23:18:08 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2007-08-22 23:18:08 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2007-08-22 23:18:08 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2008-04-15 17:56:59 1,724,416 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 202088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-14 7323648]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"SpeedTouch USB Diagnostics"="c:\program files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2001-03-23 995328]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2006-02-09 106496]
"BigDogPath"="c:\windows\VM_STI.EXE" [2004-06-09 40960]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 c:\windows\stsystra.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VP40"= vp4vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\AlertInfo\\AlertInfo.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=

R0 d346bus;d346bus;c:\windows\system32\DRIVERS\d346bus.sys [2004-03-12 156800]
R0 d346prt;d346prt;c:\windows\system32\Drivers\d346prt.sys [2004-03-12 5248]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 ADSLAutoconnect;ADSLAutoconnect;c:\program files\ADSL Autoconnect\ADSL Autoconnect.exe [2007-03-17 446464]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 SearchInOneStep Service;SearchInOneStep Service;c:\program files\SearchInOneStep\searchin1.exe c:\program files\SearchInOneStep\searchin1.dll Service [ ]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\bdfndisf.sys [2005-09-05 44160]
S2 FILESpy;FILESpy;c:\program files\Softwin\BitDefender9\filespy.sys [ ]
S2 SearchIn1Step Service;SearchIn1Step Service;c:\program files\SearchIn1Step\searchin1.exe c:\program files\SearchIn1Step\searchin1.dll Service [ ]
S3 ids00026;ids00026;c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys [ ]
S3 klstm;klstm;c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\klstm.sys [ ]
S3 usbscan;Pilote de scanneur USB;c:\windows\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Pilote de stockage de masse USB;c:\windows\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f7b3873-6dc0-11db-ac3a-0090d03f028a}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{428bdb67-c2d1-11dc-adbb-0090d03f028a}]
\Shell\AutoRun\command - G:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91618563-bd37-11db-acac-0090d03f028a}]
\Shell\AutoRun\command - F:\autorun.exe
.
Contenu du dossier 'Tâches planifiées'

2008-10-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

2008-10-31 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2004\SystemOptimizer.exe [2004-12-10 16:26]

2006-06-02 c:\windows\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-05 12:00]

2008-11-06 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 17:39]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-06 19:13:46
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-11-06 19:14:35
ComboFix-quarantined-files.txt 2008-11-06 18:14:20
ComboFix2.txt 2008-11-01 14:26:20
ComboFix3.txt 2008-10-31 19:42:41

Avant-CF: 24 436 502 528 octets libres
Après-CF: 24,423,833,600 octets libres

441 --- E O F --- 2008-11-01 15:10:12


et le rapport hijachthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:18:23, on 06/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SearchInOneStep\searchin1.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SearchInOneStep\searchin1.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Navis\Bureau\bzker.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.fr/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{37E6705E-7710-4252-BD98-E7C65731FC7A}: NameServer = 80.10.246.1 81.253.149.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SearchIn1Step Service - SearchInOneStep.com, Inc. - C:\Program Files\SearchIn1Step\searchin1.exe
O23 - Service: SearchInOneStep Service - SearchInOneStep.com, Inc. - C:\Program Files\SearchInOneStep\searchin1.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe (file missing)

--
End of file - 9268 bytes

dans l'attende de votre réponse, merci pour votre aide.