Virus mal effacer, Rundll introuvable

Voici mon log Hijackthis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:18:27, on 04/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {14d5521a-15d4-4513-8543-a36b62c1b596} - C:\WINDOWS\system32\hemodizi.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [dawuravafi] Rundll32.exe "C:\WINDOWS\system32\lewiyidi.dll",s
O4 - HKLM\..\Run: [CPM9345cf09] Rundll32.exe "C:\WINDOWS\system32\zebeduwi.dll",a
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [dawuravafi] Rundll32.exe "C:\WINDOWS\system32\lewiyidi.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [dawuravafi] Rundll32.exe "C:\WINDOWS\system32\lewiyidi.dll",s (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O20 - AppInit_DLLs: c:\windows\system32\ c:\windows\system32\ c:\windows\system32\hulasinu.dll C:\WINDOWS\system32\bigivete.dll c:\windows\system32\ c:\windows\system32\vufewuta.dll c:\windows\system32\fimijole.dll c:\windows\system32\zebeduwi.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\zebeduwi.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\zebeduwi.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7132 bytes

Bonjour,

[#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.

Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.

Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer

Salut, voilà j'ai fais ce que tu m'as demandé, la première fois j'ai lancé combofix bêtement et il a planté (normal je n'avais pas la console de restauration d'installer)

J'ai donc fermer, et supprimer tout ce que comboxfix avais crée comme dossier dans C:\

J'ai télécharger ma console de restauration, j'ai pratiqué le glisser/déposer.

Mais malheureusement aucune console c'est ouverte, j'ai redémarrer, recommencer, supprimer les fichiers télécharger par combofix.
Redéplacer la console windows vers combofix pour que ça installe.

Cette fois ci la console bleu c'est ouverte, mais un message d'erreur l'accompagnait.



Je ne sais pas si ce problème est du à mes manipulations de maniaque à vouloir toujours supprimer et recommencé pour pas avoir d'erreur ni dégueulasser le PC.

Voilà je reposte un log HJT et j'attends vos instructions.
Merci beaucoup et désolé encore  

On va essayer autre chose.

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".

Afin de lancer la recherche, clic sur"Rechercher".

Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

AIDE : Tuto en images sur MBAM

Voila j'ai fais le scan complet de tout mes HD il à prit toute la nuit

Voici le rapport

Malwarebytes' Anti-Malware 1.32
Version de la base de données: 1618
Windows 5.1.2600 Service Pack 3

06/01/2009 09:19:40
mbam-log-2009-01-06 (09-19-40).txt

Type de recherche: Examen complet (C:\|D:\|G:\|)
Eléments examinés: 601819
Temps écoulé: 10 hour(s), 58 minute(s), 14 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 5
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 24

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\bigivete.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\pafigewi.dll (Trojan.Vundo.H) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14d5521a-15d4-4513-8543-a36b62c1b596} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{14d5521a-15d4-4513-8543-a36b62c1b596} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{14d5521a-15d4-4513-8543-a36b62c1b596} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\9076fc95 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dawuravafi (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm9345cf09 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\bigivete.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\bigivete.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\bigivete.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\pafigewi.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\pafigewi.dll -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\bofayoti.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\itoyafob.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\memovovo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ovovomem.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\suyetebo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\obeteyus.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wegahuwe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ewuhagew.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\pafigewi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\hemodizi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bigivete.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\System Volume Information\_restore{62409CDB-25C6-441B-BE8A-79B2A525412D}\RP96\A0030986.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{62409CDB-25C6-441B-BE8A-79B2A525412D}\RP96\A0030987.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{62409CDB-25C6-441B-BE8A-79B2A525412D}\RP97\A0031021.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{62409CDB-25C6-441B-BE8A-79B2A525412D}\RP97\A0031023.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{62409CDB-25C6-441B-BE8A-79B2A525412D}\RP97\A0031024.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{62409CDB-25C6-441B-BE8A-79B2A525412D}\RP97\A0031025.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hezubuti.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jotogeni.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yinazeku.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zebeduwi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Mes Documents\Documents\Documents Liés Aux Jeux\ISO\Battlefield 2\keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\Mes Documents\Documents\Programmes Installation\Video Making\Sony Sound Forge 8\Sound Forge 8 Retail.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{10DBF7A3-E50D-404A-9449-49F75E110623}\RP37\A0012017.exe (Adware.Agent) -> Quarantined and deleted successfully.

On continue.

[#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.

Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.

Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer

Toujours le même message d'erreur lors de l'ajout de la console windows xp pro sp2.


32788R22FWJFW\nircmd.com

Windows ne trouve pas '32788R22FWJF\nircmd.com'. Vérifiez que vous avez entré le nom correctement et essayez à nouveau.
Pour rechercher un fichier, cliquez sur le bouton Démarrer, puis sur Rechercher.

Pourtant combofix veux bien se lancé seul et il m'a même proposé de se mettre à jour chose que j'ai faite.

Je fais quoi? j'ignore l'étape de l'ajout de la console windows

J'ai oublié ça c'est vrai. Yep ignore.

Voila, j'ai ignorer, d'ailleur il m'a proposé de télécharger la console windows, j'ai dit oui, il me la télécharger et installé  

Voici le log au complet Angel

ComboFix 09-01-05.05 - Administrateur 2009-01-06 23:37:56.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.3326.2783 [GMT 1:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\eponegef.ini
c:\windows\system32\ewonosej.ini

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-06 au 2009-01-06 ))))))))))))))))))))))))))))))))))))
.

2009-01-05 19:06 . 2009-01-05 19:06 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-05 19:06 . 2009-01-05 19:06 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-05 19:06 . 2009-01-05 19:06 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2009-01-05 19:06 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-05 19:06 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-04 15:17 . 2009-01-04 15:17 <REP> d-------- c:\program files\Trend Micro
2009-01-02 16:27 . 2009-01-02 16:27 <REP> d-------- c:\program files\Lavasoft
2009-01-02 16:27 . 2009-01-02 16:27 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Lavasoft
2009-01-02 03:47 . 2009-01-02 03:47 <REP> d-------- c:\documents and settings\Administrateur\Application Data\DivX
2009-01-02 03:46 . 2009-01-02 03:46 <REP> d-------- c:\program files\DivX
2009-01-02 03:44 . 2009-01-02 03:44 <REP> d-------- c:\program files\Xvid
2009-01-02 03:44 . 2008-12-04 21:42 815,104 --a------ c:\windows\system32\xvidcore.dll
2009-01-02 03:44 . 2008-12-04 21:46 180,224 --a------ c:\windows\system32\xvidvfw.dll
2009-01-02 03:44 . 2008-12-13 20:01 77,824 --a------ c:\windows\system32\xvid.ax
2009-01-02 03:38 . 2009-01-02 03:38 <REP> d-------- c:\program files\WinAVI MP4 Converter
2009-01-01 23:17 . 2009-01-01 23:18 <REP> d-------- c:\program files\Spybot - Search & Destroy
2009-01-01 23:17 . 2009-01-01 23:36 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-28 19:26 . 2008-12-28 19:28 139,264 --a------ c:\windows\War3Unin.exe
2008-12-28 19:26 . 2008-12-28 19:33 106,840 --a------ c:\windows\War3Unin.dat
2008-12-28 19:26 . 2008-12-28 19:28 2,829 --a------ c:\windows\War3Unin.pif
2008-12-28 19:03 . 2009-01-03 09:22 <REP> d-------- c:\program files\Warcraft III
2008-12-28 16:37 . 2008-04-14 04:33 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-12-28 16:37 . 2008-04-13 20:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-12-28 16:37 . 2008-04-13 20:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-12-28 16:37 . 2001-08-23 17:47 5,632 --a------ c:\windows\system32\ptpusb.dll
2008-12-27 17:06 . 2009-01-02 17:26 <REP> d-------- c:\program files\UsbFix
2008-12-21 18:34 . 2008-12-21 18:40 8 --a------ c:\windows\system32\nvModes.dat
2008-12-21 07:45 . 2008-12-21 07:45 <REP> d-------- c:\documents and settings\Administrateur\Application Data\dvdcss
2008-12-21 06:52 . 2008-12-21 06:52 <REP> d-------- c:\program files\DVD Flick
2008-12-21 06:52 . 2008-12-21 06:53 <REP> d-------- c:\documents and settings\Administrateur\Application Data\DVD Flick
2008-12-21 06:52 . 2004-03-09 00:00 662,288 --a------ c:\windows\system32\mscomct2.ocx
2008-12-21 06:52 . 2004-03-09 00:00 609,824 --a------ c:\windows\system32\comctl32.ocx
2008-12-21 06:52 . 2004-03-09 00:00 212,240 --a------ c:\windows\system32\richtx32.ocx
2008-12-21 06:52 . 1998-06-24 00:00 164,144 --a------ c:\windows\system32\comct232.ocx
2008-12-21 06:52 . 2003-01-26 13:41 40,960 --a------ c:\windows\system32\ssubtmr6.dll
2008-12-21 06:52 . 2007-08-31 18:36 36,864 --a------ c:\windows\system32\trayicon_handler.ocx
2008-12-21 06:52 . 2008-08-31 13:27 28,672 --a------ c:\windows\system32\mousewheel.ocx
2008-12-21 04:59 . 2008-12-21 04:59 <REP> d-------- c:\program files\Freeplayer
2008-12-21 03:14 . 2008-12-21 03:14 <REP> d-------- c:\documents and settings\Administrateur\Application Data\fretsonfire
2008-12-20 23:30 . 2009-01-02 17:37 <REP> d-------- c:\program files\uTorrent
2008-12-20 23:30 . 2009-01-02 19:08 <REP> d-------- c:\documents and settings\Administrateur\Application Data\uTorrent
2008-12-20 06:50 . 2008-12-20 06:50 <REP> d-------- c:\documents and settings\Administrateur\Application Data\NetDrive
2008-12-13 17:07 . 2008-12-13 17:07 1,700,352 --a------ c:\windows\system32\gdiplus.dll
2008-12-13 01:22 . 2008-12-02 23:11 205,413 --a------ c:\windows\system32\nvapps.nvb
2008-12-06 20:56 . 2008-12-06 20:56 107,888 --a------ c:\windows\system32\CmdLineExt.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-06 22:04 --------- d-----w c:\documents and settings\Administrateur\Application Data\DMCache
2009-01-06 21:24 --------- d-----w c:\program files\Steam
2009-01-06 15:48 --------- d-----w c:\program files\PokerStars
2008-12-30 16:30 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-12-26 23:13 --------- d-----w c:\documents and settings\Administrateur\Application Data\teamspeak2
2008-12-26 00:24 --------- d-----w c:\documents and settings\Administrateur\Application Data\Apple Computer
2008-12-21 04:00 --------- d-----w c:\documents and settings\Administrateur\Application Data\vlc
2008-12-20 22:31 --------- d-----w c:\documents and settings\Administrateur\Application Data\Azureus
2008-12-13 00:23 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2008-12-13 00:22 --------- d-----w c:\program files\AGEIA Technologies
2008-12-12 18:07 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-06 19:30 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-06 19:28 --------- d-----w c:\program files\Rockstar Games
2008-12-05 22:41 --------- d-----w c:\documents and settings\Administrateur\Application Data\HLSW
2008-12-05 00:07 --------- d-----w c:\program files\PokerRoom.com
2008-12-04 08:28 --------- d--h--r c:\documents and settings\Administrateur\Application Data\SecuROM
2008-12-04 08:08 --------- d-----w c:\program files\Microsoft Games for Windows - LIVE
2008-12-04 07:35 --------- d-----w c:\program files\MSBuild
2008-12-04 07:34 --------- d-----w c:\program files\Reference Assemblies
2008-12-02 22:11 6,209,536 ----a-w c:\windows\system32\drivers\nv4_mini.sys
2008-11-24 23:02 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-11-22 12:30 --------- d-----w c:\program files\Adobe Media Player
2008-11-22 12:29 --------- d-----w c:\program files\Fichiers communs\Adobe AIR
2008-11-11 16:02 --------- d-----w c:\program files\Icemat Siberia USB Soundcard
2008-11-10 13:56 --------- d-----w c:\program files\FLV Player
2008-11-06 17:13 --------- d-----w c:\program files\SnadBoy's Revelation v2
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-02 13680640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-11-03 19:31 1410296 c:\program files\Steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\steamapps\\kopax@espace-design.net\\counter-strike\\hl.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"d:\\Mes Documents\\Programmes\\mIRC\\mirc.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\quake 3 arena\\quake3.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Fichiers communs\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"d:\\Mes Documents\\Programmes\\HLSW\\hlsw.exe"=
"d:\\Mes Documents\\Documents\\Programmes Installation\\MyFreeTv\\MyFreeTV.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\kopax@espace-design.net\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Freeplayer\\vlc\\vlc.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\UsbFix\\Tools\\swreg.exe"=
"c:\\WINDOWS\\system32\\cmd.exe"=
"c:\\Program Files\\Fichiers communs\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"6112:TCP"= 6112:TCP:war3serv
"6112:UDP"= 6112:UDP:war3servudp

R3 USB_FPRd;FingerPrinterReader;c:\windows\system32\drivers\UT_FPRd.sys [2008-09-22 16000]
S3 ndfs;ndfs;\??\c:\program files\Netdrive\ndfs.sys --> c:\program files\Netdrive\ndfs.sys [?]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2008-09-22 194304]
S4 SampleScanner;USB-Flachbettscanner;c:\windows\system32\drivers\ArtecGT.sys [2008-09-22 18120]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57a6b46b-c00c-11dd-a7b6-00301bbd5e98}]
\Shell\AutoRun\command - J:\RavMon.exe
\Shell\explore\Command - J:\RavMon.exe -e
\Shell\open\Command - J:\RavMon.exe
.
- - - - ORPHELINS SUPPRIMES - - - -

MSConfigStartUp-9076fc95 - c:\windows\system32\suyetebo.dll
MSConfigStartUp-CPM9345cf09 - c:\windows\system32\zebeduwi.dll
MSConfigStartUp-dawuravafi - c:\windows\system32\lewiyidi.dll


.
------- Examen supplémentaire -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Ajouter à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\yrdeqr91.default\
FF - prefs.js: browser.search.selectedEngine - Dailymotion
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig?hl=fr&source=iglk
FF - component: c:\documents and settings\Administrateur\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJPI150_07.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPOJI610.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-06 23:39:23
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\Administrator\Software\SecuROM\License information*NULL*]
"datasecu"=hex:a8,4d,7b,84,f2,1a,5a,5b,4b,02,04,bb,49,e6,fb,47,dd,33,b3,cd,1d,\
92,19,91,15,d9,43,7b,69,c9,8f,b4,c6,f7,c2,1c,6d,62,7b,05,d8,01,12,21,bc,1e,\
fe,c7,85,a4,67,9e,90,63,5b,29,87,cf,64,21,f1,d8,b8,85,4c,db,b0,a5,e9,8d,d7,\
23,26,79,10,82,4e,8a,6f,b8,73,2e,07,68,9d,5e,e9,1b,73,b5,a3,85,5a,59,9a,06,\
4d,c9,c9,4a,60,f4,b7,44,56,f2,7a,7a,aa,3f,42,a6,f2,48,fa,a8,af,24,cd,52,c3,\
20,10,61,76,3a,c2,35,41,71,04,c7,a9,76,cc,90,9a,a9,6d,6c,19,fb,fc,39,8e,d9,\
e4,a1,1d,d0,27,a1,6a,a9,58,ee,6a,4b,6a,a7,8f,77,1e,0e,26,0d,fa,be,14,86,aa,\
03,b9,bf,6b,96,b8,22,78,9e,21,88,15,5d,87,a1,cb,7e,d9,cc,c4,6f,7d,9e,92,b7,\
a6,ab,b8,dc,03,d1,fa,0a,c0,19,0d,d2,43,bf,1f,48,70,bb,90,f6,7d,b1,d2,0b,0f,\
04,7f,08,70,39,90,35,1c,1c,b8,c6,7c,29,2d,2b,e5,d0,68,63,0b,eb,be,ce,b7,e0,\
25,72,7e,95,44,d6,b6,24,4c,2a,0a,de,34,00,c2,10,52,b1,8d,0a,59,8d,53,7b,fc,\
76,44,de,45,d6,ff,b5,19,da,ec,e6,a2,1a,f8,1b,5f,82,a7,fc,99,19,63,d0,50,36,\
d9,6b,23,48,09,48,59,c8,97,49,f4,ec,91,e6,5c,68,ef,24,e4,63,a7,12,db,17,7c,\
0c,c5,4a,15,cf,d3,0c,91,a3,1b,1f,06,48,60,35,69,61,f1,e1,aa,e2,68,6c,04,ba,\
69,51,43,b6,d1,01,1e,ad,78,88,9e,6b,9a,22,14,37,17,a7,fc,d7,90,ee,08,32,96,\
2f,05,67,03,a7,30,5b,c7,1c,75,1c,9a,08,4a,dc,8e,43,05,c2,91,87,d9,21,0a,e3,\
31,01,41,f8,75,1c,0c,db,20,38,6e,39,c9,6d,33,5b,e0,7c,4b,c5,a9,c8,f5,27,d8,\
88,13,3e,40,c6,01,b2,ae,69,2d,e1,3d,66,fe,77,eb,85,65,db,e6,e8,8c,09,10,7f,\
20,b3,c0,d2,4f,43,41,c5,f3,a5,8b,e5,16,c7,6b,ec,de,86,81,1b,ad,6c,dd,5d,9a,\
8c,a6,b1,c6,19,83,f8,d2,b9,e8,26,f9,7a,69,cb,8d,47,20,a6,37,0d,16,00,af,a8,\
58,29,dd,94,41,ab,93,81,96,f4,2e,ad,4f,44,b8,90,87,c8,ee,03,9e,6b,8e,f9,31,\
56,4e,df,59,83,15,4c,89,e5,4f,69,97,2f,0b,e4,7e,6e,23,ef,8b,4a,05,f8,18,c3,\
a9,20,e6,2c,1a,24,28,ad,92,f8,0e,01,38,13,d0,90,9c,35,53,68,bc,5e,71,e6,d6,\
57,89,8e,b2,65,d3,bb,65,dc,67,dd,c3,f5,65,77,4e,a0,4c,2e,17,d3,82,e3,7c,bb,\
a2,c0,f5,e5,f3,a8,5a,36,1f,3d,93,22,82,e7,d8,aa,6f,b4,34,3e,b0,a0,21,b3,a2,\
98,4b,fe,b3,da,43,3c,fd,a0,9c,0b,05,b7,90,80,2b,87,18,04,5c,fd,b6,b5,3e,bd,\
1f,2a,3a,54,b1,6d,44,63,53,8c,e9,bd,da,10,b5,be,30,f3,e7,14,6e,46,8c,73,ba,\
8d,bd,9c,7d,1c,12,46,14,d6,e0,5f,c5,c2,cc,d8,a0,85,d9,a5,07,c1,68,75,69,67,\
c5,15,e5,12,11,00,3b,ec,35,c2,35,18,34,0a,e0,c5,23,d1,da,c6,c2,70,26,84,bc,\
e2,27,a1,85,19,96,27,7d,c4,39,20,f3,c9,ed,ff,fe,60,b5,87,f4,4d,b9,fc,76,8e,\
1f,d5,3a,ce,8b,52,ad,37,aa,43,d2,7e,a9,1c,4b,4a,06,8a,b2,4b,18,91,ed,86,6e,\
2f,e9,78,aa,ce,9b,9f,36,a7,96,a0,88,34,99,ca,11,b5,51,3d,84,6c,7b,53,66,e2,\
35,ce,b7,d5,8e,eb,72,93,43,d6,01,02,d7,b3,46,3e,0e,b3,3b,e8,4d,f7,b9,03,cb,\
67,f7,fa,75,ea,fb,0e,18,d4,23,a9,26,2b,97,bd,91,80,df,10,4d,43,5c,57,0c,28,\
fe,fd,8c,ff,6a,8f,59,a8,ce,aa,1d,94,bc,20,2d,09,c9,83,40,5c,c2,af,52,bb,6a,\
92,35,90,08,d4,c5,0b,fd,a2,d5,40,2f,d5,ec,a2,40,8b,30,af,ea,4d,f3,77,a3,a2,\
ca,8d,98,bd,c1,9b,8a,ae,67,5e,03,79,5b,04,c8,ae,9b,96,2c,9c,77,37,dd,45,a8,\
fb,17,ec,c7,15,4f,a5,ac,33,1d,60,f9,09,41,69,03,bc,63,aa,14,2f,cf,b9,c6,fc,\
6c,bf,8f,d0,e5,39,c9,2d,3d,74,54,99,c0,3e,93,c7,01,2f,65,1e,ef,21,4a,aa,e1,\
86,2f,7c,41,91,81,63,e6,7b,b8,79,6f,e3,7b,ac,83,39,8d,2f,8a,79,95,cd,c0,7c,\
7e,0c,2b,c7,b5,0a,9e,06,54,87,28,8c,67,9b,6b,80,ad,60,37,21,89,61,46,80,24,\
f0,46,8e,e3,77,2d,cd,10,42,d6,b3,83,b7,4f,57,da,3e,73,27,ec,85,b6,d9,7a,5a,\
0d,f9,ba,16,16,a2,67,23,a7,7d,c7,8f,b4,61,39,42,56,ba,c5,eb,f8,d5,c5,ce,d8,\
68,6f,7d,eb,1a,05,f6,8f,d0,cb,01,a0,43,bb,4f,ee,30,4a,75,e8,0c,2b,e4,e6,63,\
41,f5,a1,78,45,fd,a8,3b,70,a8,1d,d7,a5,79,13,5b,e7,04,f1,a2,24,1d,c8,b1,b2,\
88,1a,69,5b,f2,d0,f3,c1,1a,2a,c5,4c,80,be,a6,2e,86,6b,ab,08,e8,52,9e,c9,af,\
8c,ce,75,f8,88,5d,cf,ce,b5,7b,79,38,d1,22,fa,4c,3f,3f,9d,25,41,1b,aa,6f,98,\
3b,f1,97,12,aa,2e,76,fb,cf,45,28,8e,7b,98,74,5d,0a,46,3a,e0,27,12,a4,90,de,\
59,e1,58,e6,ef,c7,1d,ab,cf,44,5e,60,b4,ed,79,c2,77,95,34,44,8b,85,8d,b8,eb,\
68,4d,8c,2d,90,ac,86,76,cb,9f,d2,32,39,22,cf,58,3c,06,40,5b,79,0b,7d,a6,d9,\
1b,29,63,de,d0,82,e7,d8,f8,dd,92,93,3a,37,ab,08,86,4a,50,f6,48,23,88,50,79,\
6f,d5,cc,18,c3,87,d8,2f,ed,ca,40,8c,39,fa,48,05,bf,5e,89,81,7c,fb,bf,75,c2,\
cc,03,84,af,db,41,e2,65,e8,8d,ce,30,60,ed,ce,35,2a,d1,19,9c,6e,6b,fe,ff,a5,\
90,3d,52,13,8b,21,47,7b,9b,5a,a1,47,08,62,43,ac,83,62,dd,2c,6f,3e,7a,74,3b,\
ee,78,34,74,74,f2,33,eb,06,13,3b,33,35,7c,f4,b7,f4,74,11,34,78,40,6d,1a,48,\
f7,36,d5,25,9a,88,7f,23,3b,03,4b,6b,79,bc,ff,55,60,89,fa,61,37,36,58,bd,ff,\
19,62,57,f2,83,7f,b8,43,80,3e,e4,83,48,43,55,d6,b4,52,68,bd,7c,ac,ed,36,94,\
15,ca,bb,19,32,47,39,d3,88,10,a4,ba,06,b3,ff,e6,3e,0a,d4,a3,da,af,b5,8b,23,\
06,30,ac,12,10,4f,b2,01,d3,4d,d9,8a,50,b9,85,3c,aa,2f,f7,52,d2,de,8b,48,a9,\
75,fc,d6,85,f9,9c,86,c4,00,7b,e7,ee,bd,af,7a,74,c8,bd,b1,98,df,ea,ae,d3,8b,\
99,66,f3,7b,e2,e9,b7,b0,75,84,af,e7,02,76,ee,61,c6,35,ee,82,9a,5b,1f,6f,fb,\
8e,4c,fc,a5,9c,f9,a8,18,dc,36,08,15,d8,c3,7c,a5,1d,7a,a3,f3,2b,b1,98,1a,48,\
c3,9b,f3,a1,03,74,6e,f9,80,2f,b2,b5,1f,0d,56,df,44,11,5e,81,d5,bf,76,6c,ba,\
59,9d,9f,ef,44,5c,1b,48,d1,0d,8f,78,8f,1f,9f,95,32,81,a7,34,ad,17,a6,70,3e,\
ae,31,43,1a,2a,66,7e,a2,3c,cf,6c,76,85,55,21,6a,00,da,71,fc,cf,3c,9b,28,99,\
87,ed,a1,e1,63,c1,21,20,39,a7,36,5f,81,7f,23,82,67,c5,93,a7,f6,1e,b4,03,9f,\
dc,d2,8f,e2,e9,87,e1,e5,a5,da,f8,8a,14,0f,f6,45,5a,a6,93,a2,f5,6a,04,b4,b1,\
75,1b,95,1e,c9,4d,8a,1c,35,51,77,8f,13,3e,22,a3,50,be,29,71,0f,83,bb,44,a0,\
b6,05,d0,68,d5,af,54,bf,33,dc,fc,4e,2f,fc,ed,a9,0a,36,58,b0,ca,dc,d3,4b,db,\
55,e2,a5,1e,86,d4,8a,a8,bc,ac,ab,26,01,ed,dc,c0,72,84,75,89,dd,c7,38,24,cc,\
99,86,d7,e9,02,5f,55,2e,3a,d6,88,66,ba,d4,df,4a,3d,14,a8,bf,94,8a,44,a9,4c,\
89,43,df,a5,39,ed,df,b5,46,24,ca,29,45,0b,16,9f,2f,85,05,24,36,58,cb,3b,d1,\
bd,8d,e3,42,d4,be,1e,f1,cf,ac,2e,67,15,30,28,2d,44,80,3b,c0,1c,61,71,6f,e9,\
df,c6,f7,c0,34,7a,56,f0,e3,a7,9a,26,48,59,20,73,dd,26,01,6a,04,d8,fb,1f,54,\
57,4d,af,d7,0c,c5,c7,25,2b,1d,dc,80,9c,b2,95,a2,8c,1f,07,0d,ef,4a,82,f6,bd,\
ec,7d,40,3b,6b,75,d1,e3,a4,20,ff,1e,a9,89,c2,a0,1f,90,52,1e,cd,2a,cf,7c,b7,\
9c,46,00,13,5d,91,81,65,3b,f9,08,fd,22,7c,f4,8a,75,74,b1,bd,3c,80,f1,7e,8b,\
fa,43,57,e8,9b,62,e2,f6,ab,7a,b4,ab,68,4a,05,8e,a0,88,8e,a5,d4,b3,57,8d,74,\
e9,c5,91,3a,c2,f1,7a,d1,5a,55,2b,d6,87,0d,11,5e,0a,10,99,82,0c,f8,6b,2f,ea,\
e1,5b,37,ea,e1,5b
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{21d2e3c2-bcc2-4b24-8ae6-ca91ecde0c43}]
@Denied: (Full) (Everyone)
"Model"=dword:0000014a
"Therad"=dword:00000008
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,\
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,66,28,73,a6,e4,dd,c0,9e,49,f5,68,62,d0,c2,\
21,1f,1e,b4,b8,3c,fb,30,90,91,cb,56,a8,d5,35,31,88,08,a6,a3,7b,59,81,a2,43,\
8a,3f,fb,d7,f0,44,63,e6,df,3b,a8,b3,71,f7,b7,5b,1d,cd,f9,72,ba,47,3b,d1,e9,\
2e,32,1f,e7,18,16,6a,17,5e,aa,1d,ab,92,d7,16,b4,43,e2,84,fb,dc,cb,78,5d,3e,\
99,15,90,64,19,b5,3b,d0,42,1c,3d,7f,6b,10,9f,ba,9f,61,d0,e3,bb,55,c6,3e,49,\
65,b1,70,fa,b1,92,3d,3a,b9,89,83,ff,4f,60,b6,4d,6d,5a,18,2e,18,3d,84,76,e7,\
e8,ba,51,7c,3b,36,5e,cb,04,af,32,3d,9a,1a,6f,95,e7,a5,3a,43,88,d3,ab,2a,3a,\
d9,c8,54,25,66,14,b5,b0,5d,71,5f,c4,43,58,df,d6,ea,44,9b,1e,f9,c4,e3,8e,97,\
ae,d3,9b,2a,b1,f4,d4,34,2c,4d,68,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
3f,ce,f9,a8,11,ff,3a,74,11,fb

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):37,71,8e,3d,90,dc,4f,25,8b,bb,ad,b6,2e,cd,c3,74,73,c1,00,ab,60,\
28,81,45,16,ec,20,dd,42,7e,24,bb,26,14,34,23,d3,ed,e4,75,00,00,00,00,00,00,\
00,00,00,00
.
Heure de fin: 2009-01-06 23:40:56 - La machine a redémarré [Administrateur]
ComboFix-quarantined-files.txt 2009-01-06 22:40:54

Avant-CF: 210,503,163,904 octets libres
Après-CF: 210,393,763,840 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect /noguiboot

307 --- E O F --- 2008-12-18 08:38:42

Reposte un rapport Hijackthis.

Voici  


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:51:51, on 07/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5992 bytes

T'as encore des soucis ?

non mon pc à l'air de mieux tourné qu'avant d'avoir les virus.

Merci beaucoup en tout cas, c'est cool de trouvé des personnes comme toi qui aide bénévolement les types dans notre genre  

Bonne chance et bon courage   Meilleur vœux pour cette année.

Merci beaucoup =)

Passe une bonne année