[RESOLU]...Help! Mon ordi est truffé de virus...

Voici également le rapport Combofix si ça peut aider :

ComboFix 08-11-01.06 - Administrateur 2008-11-02 16:41:19.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.285 [GMT 1:00]
Lancé depuis: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Il y a peut-être des sites infectés -----

hxxp://youtube-special.idoo.com
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-02 au 2008-11-02 ))))))))))))))))))))))))))))))))))))
.

2008-11-02 12:42 . 2008-11-02 12:57 <REP> d-------- C:\MSNFix
2008-11-02 12:20 . 2008-11-02 12:20 <REP> d-------- C:\Program Files\AxBx
2008-11-02 11:49 . 2008-11-02 11:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-11-02 11:23 . 2008-11-02 11:23 <REP> d-------- C:\Program Files\Yahoo!
2008-11-02 11:23 . 2008-11-02 11:23 <REP> d-------- C:\Program Files\CCleaner
2008-11-02 11:20 . 2008-11-02 11:20 <REP> d-------- C:\Program Files\Trend Micro
2008-11-01 13:42 . 2008-11-01 13:42 <REP> d-------- C:\Program Files\Lavasoft
2008-11-01 13:42 . 2008-11-01 13:42 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-11-01 13:42 . 2008-11-01 13:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-30 21:44 . 2008-10-30 21:44 33,792 --a------ C:\WINDOWS\system32\qoMfcDuu.dll
2008-10-30 21:44 . 2008-10-30 21:44 33,792 --a------ C:\WINDOWS\system32\ddcCUlLB.dll
2008-10-23 18:19 . 2008-10-23 18:19 28,616 --a------ C:\RECUP.DOC
2008-10-18 10:43 . 2008-10-18 10:44 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\NewsLeecher
2008-10-15 16:26 . 2008-08-14 14:23 2,191,232 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-15 16:26 . 2008-08-14 14:23 2,147,328 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-15 16:26 . 2008-08-14 14:23 2,068,096 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-15 16:26 . 2008-08-14 14:23 2,025,984 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-10 21:49 . 2008-10-10 21:49 <REP> d-------- C:\Program Files\Xtreme Desktop
2008-10-10 21:49 . 2002-11-22 12:46 554,776 --a------ C:\WINDOWS\system32\olelib.tlb
2008-10-10 21:49 . 1998-06-17 23:00 89,360 --------- C:\WINDOWS\system32\VB5DB.DLL

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-02 15:37 --------- d-----w C:\Program Files\SuperCopier2
2008-11-02 15:25 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\MegauploadToolbar
2008-11-02 11:57 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\OpenOffice.org2
2008-11-02 10:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-01 12:13 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-25 20:01 --------- d-----w C:\Program Files\MediaCoder
2008-10-23 12:04 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\U3
2008-10-18 14:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-10-17 20:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-10 20:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-27 18:52 --------- d-----w C:\Program Files\WinTV
2008-09-24 19:47 --------- d-----w C:\Program Files\vtplus
2008-09-24 19:47 --------- d-----w C:\Program Files\Fichiers communs\IviSDK
2008-09-18 16:10 --------- d-----w C:\Program Files\Picasa2
2008-09-15 20:18 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\DivX
2008-09-15 20:16 36,734 ----a-w C:\WINDOWS\system32\OggDSuninst.exe
2008-09-15 20:16 --------- d-----w C:\Program Files\AC3Filter
2008-09-15 20:15 21,764 ----a-w C:\WINDOWS\system32\CoreAAC-uninstall.exe
2008-09-15 20:13 --------- d-----w C:\Program Files\DivX
2008-09-15 20:12 --------- d-----w C:\Program Files\Ripp-It Codec Pack
2008-09-15 19:55 --------- d-----w C:\Program Files\Ripp-it_AM
2008-09-15 19:34 --------- d-----w C:\Program Files\AviSynth 2.5
2008-09-15 15:26 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-13 21:32 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\FileZilla
2008-09-13 21:05 --------- d-----w C:\Program Files\LeechFTP
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-26 08:11 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 13:23 2,191,232 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:23 2,068,096 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9F7FF51E-FD7C-498C-BAEF-603257FE4475}]
2008-10-30 21:44 33792 --a------ C:\WINDOWS\system32\ddcCUlLB.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-07-01 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"EnvyHFCPL"="C:\Program Files\Gamesurround Fortissimo 4 mixer\EnMixCPL.exe" [2004-10-14 3893248]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-19 266497]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 36352]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"RemoteControl8"="C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-02-18 77824]
"PDVD8LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="C:\Program Files\Cyberlink\Shared Files\brs.exe" [2007-11-14 91432]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2007-03-14 3770024]
"PC Auto Shutdown"="C:\Program Files\PC Auto Shutdown\AutoShutdown.exe" [2007-09-15 1392728]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"OODefragTray"="C:\WINDOWS\system32\oodtray.exe" [2007-06-28 2512128]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"VaCtrl"="C:\Program Files\VoiceAge\Common\VaCtrl.exe" [2003-08-28 90112]
"EPGServiceTool"="C:\PROGRA~1\WinTV\EPG Services\System\EPGClient.exe" [2008-05-15 688128]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
AutoStart IR.lnk - C:\Program Files\WinTV\Ir.exe [2008-09-24 110647]
D‚marrage rapide de HP Photosmart Premier.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 73728]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-06-01 805392]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{9F7FF51E-FD7C-498C-BAEF-603257FE4475}"= "C:\WINDOWS\system32\ddcCUlLB.dll" [2008-10-30 33792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 c:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcCUlLB]
2008-10-30 21:44 33792 C:\WINDOWS\system32\ddcCUlLB.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.VaAcelpNet"= VaAcelpNet.acm
"msacm.VaAmrNbF"= VaAmrNbF.acm
"msacm.VaAmrNbV"= VaAmrNbV.acm
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Codemasters\\Worms 4 Mayhem\\WORMS 4 MAYHEM.EXE"=
"C:\\WINDOWS\\system32\\HPZipm12.exe"=
"C:\\WINDOWS\\system32\\HPZinw12.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqthb08.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\LeechFTP\\Leechftp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 9728]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 11264]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};C:\Program Files\CyberLink\PowerDVD8\000.fcl [2008-02-01 16:24 41456]
R2 EPGService;EPGService;C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe [2008-05-30 437248]
R2 PCAutoShutdown_Service;PCAutoShutdown_Service;C:\Program Files\PC Auto Shutdown\ShutdownService.exe [2007-09-14 461928]
R3 Envy24HFS;Gamesurround Fortissimo 4 Audio Controller WDM;C:\WINDOWS\system32\drivers\Envy24HF.sys [2004-10-15 575424]
S3 USB28xxBGA;WinTV HVR-900;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2007-10-03 484736]
S3 USB28xxOEM;WinTV OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2007-10-03 38656]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60f64147-4421-11dd-99c0-0018f3a76fdf}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe nar.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b32f6cab-6c49-11dd-9a11-0018f3a76fdf}]
\Shell\AutoRun\command - L:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1b20df4-4785-11dd-99c8-0018f3a76fdf}]
\Shell\AutoRun\command - L:\WD_Windows_Tools\Setup.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\wa06dmpl.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.Fr
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-02 16:43:29
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mc22.tmp"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

PROCESSUS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\ddcCUlLB.dll
.
Heure de fin: 2008-11-02 16:44:35
ComboFix-quarantined-files.txt 2008-11-02 15:44:32
ComboFix2.txt 2008-11-02 12:23:24

Avant-CF: 24 922 140 672 octets libres
Après-CF: 24,912,195,584 octets libres

211 --- E O F --- 2008-10-25 21:34:23

Bonjour,

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".

Afin de lancer la recherche, clic sur"Rechercher".

Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

AIDE : Tuto en images sur MBAM

Bonjour et merci pour ta réponse,

Voici le rapport malwarebyte :

Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1357
Windows 5.1.2600 Service Pack 3

03/11/2008 17:47:15
mbam-log-2008-11-03 (17-47-15).txt

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Eléments examinés: 135218
Temps écoulé: 5 hour(s), 31 minute(s), 43 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 5

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\ddcCUlLB.dll (Trojan.Vundo.H) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9f7ff51e-fd7c-498c-baef-603257fe4475} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddccullb (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9f7ff51e-fd7c-498c-baef-603257fe4475} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9f7ff51e-fd7c-498c-baef-603257fe4475} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{9f7ff51e-fd7c-498c-baef-603257fe4475} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\ddcCUlLB.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\qoMfcDuu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
E:\LOGS\change key windows\Windows XP Keygen.exe (Malware.Tool) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{A6619D12-6DC7-447E-811E-ECE218927249}\RP3\A0000102.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
I:\PILOTES\nero\keygen Nero-8.3.2.1.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Refais un scan Combofix  

Merci de ton aide!

Juste un truc, pdt le scan antivir me trouve "Eicar-Test-Signature [virus]" dans c:\combofix... c'est normal?

Voici le scan combofix :

ComboFix 08-11-02.05 - Administrateur 2008-11-03 18:59:00.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.437 [GMT 1:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-10-03 au 2008-11-03 ))))))))))))))))))))))))))))))))))))
.

2008-11-03 18:57 . 2008-11-03 18:57 401,408 --a------ c:\windows\system32\CF25499.exe.vir
2008-11-02 19:53 . 2008-11-02 19:53 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-02 19:53 . 2008-11-02 19:53 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-02 19:53 . 2008-11-02 19:53 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2008-11-02 19:53 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-02 19:53 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-02 12:42 . 2008-11-02 12:57 <REP> d-------- C:\MSNFix
2008-11-02 12:20 . 2008-11-02 12:20 <REP> d-------- c:\program files\AxBx
2008-11-02 11:49 . 2008-11-02 11:49 <REP> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-11-02 11:23 . 2008-11-02 11:23 <REP> d-------- c:\program files\Yahoo!
2008-11-02 11:23 . 2008-11-02 11:23 <REP> d-------- c:\program files\CCleaner
2008-11-02 11:20 . 2008-11-02 11:20 <REP> d-------- c:\program files\Trend Micro
2008-11-01 13:42 . 2008-11-01 13:42 <REP> d-------- c:\program files\Lavasoft
2008-11-01 13:42 . 2008-11-01 13:42 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
2008-11-01 13:42 . 2008-11-01 13:47 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-10-23 18:19 . 2008-10-23 18:19 28,616 --a------ C:\RECUP.DOC
2008-10-18 10:43 . 2008-10-18 10:44 <REP> d-------- c:\documents and settings\Administrateur\Application Data\NewsLeecher
2008-10-15 16:26 . 2008-08-14 14:23 2,191,232 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-15 16:26 . 2008-08-14 14:23 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-15 16:26 . 2008-08-14 14:23 2,068,096 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-15 16:26 . 2008-08-14 14:23 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-10 21:49 . 2008-10-10 21:49 <REP> d-------- c:\program files\Xtreme Desktop
2008-10-10 21:49 . 2002-11-22 12:46 554,776 --a------ c:\windows\system32\olelib.tlb
2008-10-10 21:49 . 1998-06-17 23:00 89,360 --------- c:\windows\system32\VB5DB.DLL

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-03 17:56 --------- d-----w c:\program files\SuperCopier2
2008-11-03 17:49 --------- d-----w c:\documents and settings\Administrateur\Application Data\MegauploadToolbar
2008-11-03 16:52 --------- d-----w c:\documents and settings\Administrateur\Application Data\OpenOffice.org2
2008-11-02 18:36 --------- d-----w c:\program files\MediaCoder
2008-11-02 10:27 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-01 12:13 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-10-23 12:04 --------- d-----w c:\documents and settings\Administrateur\Application Data\U3
2008-10-18 14:18 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2008-10-17 20:39 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-10-10 20:49 --------- d--h--w c:\program files\InstallShield Installation Information
2008-09-27 18:52 --------- d-----w c:\program files\WinTV
2008-09-24 19:47 --------- d-----w c:\program files\vtplus
2008-09-24 19:47 --------- d-----w c:\program files\Fichiers communs\IviSDK
2008-09-18 16:10 --------- d-----w c:\program files\Picasa2
2008-09-15 20:18 --------- d-----w c:\documents and settings\Administrateur\Application Data\DivX
2008-09-15 20:16 36,734 ----a-w c:\windows\system32\OggDSuninst.exe

2008-09-15 20:16 --------- d-----w c:\program files\AC3Filter
2008-09-15 20:15 21,764 ----a-w c:\windows\system32\CoreAAC-uninstall.exe
2008-09-15 20:13 --------- d-----w c:\program files\DivX
2008-09-15 20:12 --------- d-----w c:\program files\Ripp-It Codec Pack
2008-09-15 19:55 --------- d-----w c:\program files\Ripp-it_AM
2008-09-15 19:34 --------- d-----w c:\program files\AviSynth 2.5
2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys
2008-09-13 21:32 --------- d-----w c:\documents and settings\Administrateur\Application Data\FileZilla
2008-09-13 21:05 --------- d-----w c:\program files\LeechFTP
2008-09-08 10:41 333,824 ----a-w c:\windows\system32\drivers\srv.sys
2008-08-26 08:11 826,368 ----a-w c:\windows\system32\wininet.dll
2008-08-14 13:23 2,191,232 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 13:23 2,068,096 ----a-w c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((( snapshot@2008-11-02_13.22.31,82 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-05 21:30:06 1,480,232 ----a-w c:\windows\system32\LegitCheckControl.dll
+ 2008-03-21 05:44:25 1,488,688 ----a-w c:\windows\system32\LegitCheckControl.dll
- 2008-09-05 21:30:46 267,304 ----a-w c:\windows\system32\WgaLogon.dll
+ 2008-03-20 16:45:09 200,064 ----a-w c:\windows\system32\WgaLogon.dll
- 2008-09-05 21:30:04 952,360 ----a-w c:\windows\system32\WgaTray.exe
+ 2008-03-20 16:45:38 332,672 ----a-w c:\windows\system32\WgaTray.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-07-01 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"EnvyHFCPL"="c:\program files\Gamesurround Fortissimo 4 mixer\EnMixCPL.exe" [2004-10-14 3893248]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-19 266497]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-04-01 36352]
"NeroFilterCheck"="c:\program files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-02-18 77824]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2007-11-14 91432]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"TomTomHOME.exe"="c:\program files\TomTom HOME\TomTomHOME.exe" [2007-03-14 3770024]
"PC Auto Shutdown"="c:\program files\PC Auto Shutdown\AutoShutdown.exe" [2007-09-15 1392728]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-06-28 2512128]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"VaCtrl"="c:\program files\VoiceAge\Common\VaCtrl.exe" [2003-08-28 90112]
"EPGServiceTool"="c:\progra~1\WinTV\EPG Services\System\EPGClient.exe" [2008-05-15 688128]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2008-09-24 110647]
D‚marrage rapide de HP Photosmart Premier.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 73728]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-06-01 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 c:\program files\Fichiers communs\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.VaAcelpNet"= VaAcelpNet.acm
"msacm.VaAmrNbF"= VaAmrNbF.acm
"msacm.VaAmrNbV"= VaAmrNbV.acm
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Codemasters\\Worms 4 Mayhem\\WORMS 4 MAYHEM.EXE"=
"c:\\WINDOWS\\system32\\HPZipm12.exe"=
"c:\\WINDOWS\\system32\\HPZinw12.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqthb08.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LeechFTP\\Leechftp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 videX32;videX32;c:\windows\system32\DRIVERS\videX32.sys [2006-02-23 9728]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\DRIVERS\xfilt.sys [2006-02-23 11264]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [2008-02-01 16:24 41456]
R2 EPGService;EPGService;c:\progra~1\WinTV\EPG Services\System\EPGService.exe [2008-05-30 437248]
R2 PCAutoShutdown_Service;PCAutoShutdown_Service;c:\program files\PC Auto Shutdown\ShutdownService.exe [2007-09-14 461928]
R3 Envy24HFS;Gamesurround Fortissimo 4 Audio Controller WDM;c:\windows\system32\drivers\Envy24HF.sys [2004-10-15 575424]
S3 USB28xxBGA;WinTV HVR-900;c:\windows\system32\DRIVERS\emBDA.sys [2007-10-03 484736]
S3 USB28xxOEM;WinTV OEM Filter;c:\windows\system32\DRIVERS\emOEM.sys [2007-10-03 38656]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60f64147-4421-11dd-99c0-0018f3a76fdf}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe nar.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b32f6cab-6c49-11dd-9a11-0018f3a76fdf}]
\Shell\AutoRun\command - L:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1b20df4-4785-11dd-99c8-0018f3a76fdf}]
\Shell\AutoRun\command - l:\wd_windows_tools\Setup.exe
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{9F7FF51E-FD7C-498C-BAEF-603257FE4475} - (no file)


.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\wa06dmpl.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.Fr
FF -: plugin - c:\program files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Yahoo!\Common\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-03 19:00:40
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\mc22.tmp"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
Heure de fin: 2008-11-03 19:01:35
ComboFix-quarantined-files.txt 2008-11-03 18:01:29
ComboFix2.txt 2008-11-02 15:44:36
ComboFix3.txt 2008-11-02 12:23:24

Avant-CF: 24 861 245 440 octets libres
Après-CF: 24,854,564,864 octets libres

208 --- E O F --- 2008-10-25 21:34:23

Passe à Linux, ya pas d'virus !!!
faut arreter Windaube

Ce genre de post, tu peux te les garder  

Re,

[#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :



Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précédemment copié.
Sauvegarde ce fichier sous le nom de "CFScript.txt" [#ff0000](les guillemets sont importantes)[/#f].

Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme dans l'image ci-dessous :


Cela va relancer ComboFix. Après redémarrage, poste le contenu du rapport (C:\combofix.txt*) accompagné d'un rapport HijackThis.
[#ff0000]NOTE : S'il n'y a pas de redémarrage, poste quand même les rapports demandés.[/#f]
* le nom de la partition peut changer

Re!

Voici les rapports combofix et HijackThis :

COMBOFIX :

ComboFix 08-11-02.05 - Administrateur 2008-11-03 20:19:48.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.304 [GMT 1:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Administrateur\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé

FILE ::
c:\docume~1\ADMINI~1\LOCALS~1\Temp\mc22.tmp
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MCHINJDRV
-------\Service_mchInjDrv


((((((((((((((((((((((((((((( Fichiers créés du 2008-10-03 au 2008-11-03 ))))))))))))))))))))))))))))))))))))
.

2008-11-02 19:53 . 2008-11-02 19:53 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-02 19:53 . 2008-11-02 19:53 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-02 19:53 . 2008-11-02 19:53 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2008-11-02 19:53 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-02 19:53 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-02 12:42 . 2008-11-02 12:57 <REP> d-------- C:\MSNFix
2008-11-02 12:20 . 2008-11-02 12:20 <REP> d-------- c:\program files\AxBx
2008-11-02 11:49 . 2008-11-02 11:49 <REP> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-11-02 11:23 . 2008-11-02 11:23 <REP> d-------- c:\program files\Yahoo!
2008-11-02 11:23 . 2008-11-02 11:23 <REP> d-------- c:\program files\CCleaner
2008-11-02 11:20 . 2008-11-02 11:20 <REP> d-------- c:\program files\Trend Micro
2008-11-01 13:42 . 2008-11-01 13:42 <REP> d-------- c:\program files\Lavasoft
2008-11-01 13:42 . 2008-11-01 13:42 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
2008-11-01 13:42 . 2008-11-01 13:47 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-10-23 18:19 . 2008-10-23 18:19 28,616 --a------ C:\RECUP.DOC
2008-10-18 10:43 . 2008-10-18 10:44 <REP> d-------- c:\documents and settings\Administrateur\Application Data\NewsLeecher
2008-10-15 16:26 . 2008-08-14 14:23 2,191,232 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-15 16:26 . 2008-08-14 14:23 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-15 16:26 . 2008-08-14 14:23 2,068,096 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-15 16:26 . 2008-08-14 14:23 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-10 21:49 . 2008-10-10 21:49 <REP> d-------- c:\program files\Xtreme Desktop
2008-10-10 21:49 . 2002-11-22 12:46 554,776 --a------ c:\windows\system32\olelib.tlb
2008-10-10 21:49 . 1998-06-17 23:00 89,360 --------- c:\windows\system32\VB5DB.DLL

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-03 19:24 --------- d-----w c:\documents and settings\Administrateur\Application Data\OpenOffice.org2
2008-11-03 19:22 --------- d-----w c:\program files\SuperCopier2
2008-11-03 17:49 --------- d-----w c:\documents and settings\Administrateur\Application Data\MegauploadToolbar
2008-11-02 18:36 --------- d-----w c:\program files\MediaCoder
2008-11-02 10:27 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-01 12:13 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-10-23 12:04 --------- d-----w c:\documents and settings\Administrateur\Application Data\U3
2008-10-18 14:18 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2008-10-17 20:39 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-10-10 20:49 --------- d--h--w c:\program files\InstallShield Installation Information
2008-09-27 18:52 --------- d-----w c:\program files\WinTV
2008-09-24 19:47 --------- d-----w c:\program files\vtplus
2008-09-24 19:47 --------- d-----w c:\program files\Fichiers communs\IviSDK
2008-09-18 16:10 --------- d-----w c:\program files\Picasa2
2008-09-15 20:18 --------- d-----w c:\documents and settings\Administrateur\Application Data\DivX
2008-09-15 20:16 36,734 ----a-w c:\windows\system32\OggDSuninst.exe
2008-09-15 20:16 --------- d-----w c:\program files\AC3Filter
2008-09-15 20:15 21,764 ----a-w c:\windows\system32\CoreAAC-uninstall.exe
2008-09-15 20:13 --------- d-----w c:\program files\DivX
2008-09-15 20:12 --------- d-----w c:\program files\Ripp-It Codec Pack
2008-09-15 19:55 --------- d-----w c:\program files\Ripp-it_AM
2008-09-15 19:34 --------- d-----w c:\program files\AviSynth 2.5
2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys
2008-09-13 21:32 --------- d-----w c:\documents and settings\Administrateur\Application Data\FileZilla
2008-09-13 21:05 --------- d-----w c:\program files\LeechFTP
2008-09-08 10:41 333,824 ----a-w c:\windows\system32\drivers\srv.sys
2008-08-26 08:11 826,368 ----a-w c:\windows\system32\wininet.dll
2008-08-14 13:23 2,191,232 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 13:23 2,068,096 ----a-w c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((( snapshot@2008-11-02_13.22.31,82 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
- 2008-09-05 21:30:06 1,480,232 ----a-w c:\windows\system32\LegitCheckControl.dll
+ 2008-03-21 05:44:25 1,488,688 ----a-w c:\windows\system32\LegitCheckControl.dll
- 2008-09-05 21:30:46 267,304 ----a-w c:\windows\system32\WgaLogon.dll
+ 2008-03-20 16:45:09 200,064 ----a-w c:\windows\system32\WgaLogon.dll
- 2008-09-05 21:30:04 952,360 ----a-w c:\windows\system32\WgaTray.exe
+ 2008-03-20 16:45:38 332,672 ----a-w c:\windows\system32\WgaTray.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-07-01 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"EnvyHFCPL"="c:\program files\Gamesurround Fortissimo 4 mixer\EnMixCPL.exe" [2004-10-14 3893248]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-19 266497]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-04-01 36352]
"NeroFilterCheck"="c:\program files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-02-18 77824]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2007-11-14 91432]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"TomTomHOME.exe"="c:\program files\TomTom HOME\TomTomHOME.exe" [2007-03-14 3770024]
"PC Auto Shutdown"="c:\program files\PC Auto Shutdown\AutoShutdown.exe" [2007-09-15 1392728]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-06-28 2512128]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"VaCtrl"="c:\program files\VoiceAge\Common\VaCtrl.exe" [2003-08-28 90112]
"EPGServiceTool"="c:\progra~1\WinTV\EPG Services\System\EPGClient.exe" [2008-05-15 688128]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2008-09-24 110647]
D‚marrage rapide de HP Photosmart Premier.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 73728]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-06-01 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 c:\program files\Fichiers communs\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.VaAcelpNet"= VaAcelpNet.acm
"msacm.VaAmrNbF"= VaAmrNbF.acm
"msacm.VaAmrNbV"= VaAmrNbV.acm
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Codemasters\\Worms 4 Mayhem\\WORMS 4 MAYHEM.EXE"=
"c:\\WINDOWS\\system32\\HPZipm12.exe"=
"c:\\WINDOWS\\system32\\HPZinw12.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqthb08.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LeechFTP\\Leechftp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 videX32;videX32;c:\windows\system32\DRIVERS\videX32.sys [2006-02-23 9728]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\DRIVERS\xfilt.sys [2006-02-23 11264]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [2008-02-01 16:24 41456]
R2 EPGService;EPGService;c:\progra~1\WinTV\EPG Services\System\EPGService.exe [2008-05-30 437248]
R2 PCAutoShutdown_Service;PCAutoShutdown_Service;c:\program files\PC Auto Shutdown\ShutdownService.exe [2007-09-14 461928]
R3 Envy24HFS;Gamesurround Fortissimo 4 Audio Controller WDM;c:\windows\system32\drivers\Envy24HF.sys [2004-10-15 575424]
S3 USB28xxBGA;WinTV HVR-900;c:\windows\system32\DRIVERS\emBDA.sys [2007-10-03 484736]
S3 USB28xxOEM;WinTV OEM Filter;c:\windows\system32\DRIVERS\emOEM.sys [2007-10-03 38656]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60f64147-4421-11dd-99c0-0018f3a76fdf}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe nar.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b32f6cab-6c49-11dd-9a11-0018f3a76fdf}]
\Shell\AutoRun\command - L:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1b20df4-4785-11dd-99c8-0018f3a76fdf}]
\Shell\AutoRun\command - l:\wd_windows_tools\Setup.exe

*Newly Created Service* - MCHINJDRV
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{9F7FF51E-FD7C-498C-BAEF-603257FE4475} - (no file)



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-03 20:23:48
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\mc21.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\OpenOffice.org 2.4\program\soffice.exe
c:\program files\OpenOffice.org 2.4\program\soffice.bin
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.exe
c:\windows\system32\oodag.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\wdfmgr.exe
c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe
c:\program files\Fichiers communs\Nero\Lib\NMIndexingService.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\MSN Messenger\usnsvc.exe
.
**************************************************************************
.
Heure de fin: 2008-11-03 20:26:30 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-11-03 19:26:24
ComboFix2.txt 2008-11-03 18:01:36
ComboFix3.txt 2008-11-02 15:44:36
ComboFix4.txt 2008-11-02 12:23:24

Avant-CF: 24 814 161 920 octets libres
Après-CF: 24,710,610,944 octets libres

240 --- E O F --- 2008-10-25 21:34:23



HijackTHis :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:26:59, on 03/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Gamesurround Fortissimo 4 mixer\EnMixCPL.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\PC Auto Shutdown\AutoShutdown.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\oodtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\WinTV\EPG Services\System\EPGClient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\oodag.exe
C:\Program Files\PC Auto Shutdown\ShutdownService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: IeMonitorBho Class - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [EnvyHFCPL] C:\Program Files\Gamesurround Fortissimo 4 mixer\EnMixCPL.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PC Auto Shutdown] "C:\Program Files\PC Auto Shutdown\AutoShutdown.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VaCtrl] C:\Program Files\VoiceAge\Common\VaCtrl.exe
O4 - HKLM\..\Run: [EPGServiceTool] C:\PROGRA~1\WinTV\EPG Services\System\EPGClient.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{BAF324C5-8E72-4C3C-8DF1-4D1488333FC1}: NameServer = 213.189.21.62
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EPGService - Hauppauge Computer Works - C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PCAutoShutdown_Service - GoldSolution Software, Inc. - C:\Program Files\PC Auto Shutdown\ShutdownService.exe
O23 - Service: PLFlash DeviceIoControl Service - Unknown owner - C:\WINDOWS\system32\IoctlSvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 13025 bytes

Ton pc se comporte mieux ?

Pour l'instant, ça à l'air d'aller!
Je vais attendre demain soir et si j'ai pas de problème je mettrai "RESOLU" dans le titre

Encore merci!

No prob