VIRUS

salut j ai des applications qui s ouvrent tout seul
j ai du, faire une restauration complete du systeme car je n arrivais plus a demarer toutes des lignes sur l 'ecran
ca va un peu mieux j ai une application que je n'arrive pas a supprimer meme en mode sans echec c est dans dossier and setting ca s apelle NUSER.DATfilm video cd et il fait 3.5mo il me dit qu il est utilise par un autre processus
merci

je n arrive pas a le supprimer meme en mode sans echec

salut je t envoie rapport de combofix merci a toi de m'aider c est tres sympa la actuellement avnt combofix j avais outlock qui s ouvrait seul msn aussi
ComboFix 08-07-13.14 - patrice 2008-07-15 22:54:14.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.638 [GMT 2:00]
Endroit: C:\Documents and Settings\patrice\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\ccaaeccafa_z.dll
C:\WINDOWS\system32\MabryObj.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2008-06-15 to 2008-07-15 ))))))))))))))))))))))))))))))))))))
.

2008-07-14 21:28 . 2008-07-14 21:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-14 21:28 . 2008-07-14 21:28 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-13 13:00 . 2008-07-13 13:00 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-13 13:00 . 2008-07-13 13:00 <REP> d-------- C:\Documents and Settings\patrice\Application Data\Malwarebytes
2008-07-13 13:00 . 2008-07-13 13:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-13 13:00 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-13 13:00 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-13 12:47 . 2008-06-26 23:55 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
2008-07-13 12:47 . 2008-06-26 23:55 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-07-13 12:47 . 2008-06-26 23:55 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-07-13 12:47 . 2008-07-13 12:47 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-07-13 12:47 . 2008-06-26 23:55 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-07-13 12:47 . 2008-06-26 23:55 <REP> d-------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-07-13 12:47 . 2008-06-26 23:55 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-07-13 12:47 . 2008-06-26 23:55 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-07-13 12:47 . 2008-07-15 04:51 <REP> d-------- C:\Documents and Settings\Administrateur
2008-07-13 09:18 . 2008-07-13 09:18 <REP> d-------- C:\Program Files\anti virus
2008-07-12 16:31 . 2008-07-12 16:49 1,868 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-12 16:31 . 2008-07-12 16:49 0 --a------ C:\WINDOWS\system32\tmp.MSNFix
2008-07-12 16:30 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-12 16:30 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-12 16:30 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-12 16:30 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-07-12 16:30 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-12 16:30 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-07-12 16:30 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-07-12 16:30 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-12 16:30 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-12 15:57 . 2008-07-12 21:50 <REP> d-a------ C:\MSNFix virus sur msn
2008-07-12 13:31 . 2008-07-12 13:31 <REP> d-------- C:\Program Files\aMSN
2008-07-12 13:31 . 2008-07-13 21:48 <REP> d-------- C:\Documents and Settings\patrice\amsn
2008-07-12 13:24 . 2008-07-12 13:25 <REP> d-------- C:\Program Files\OpenOffice.org 2.4
2008-07-12 10:32 . 2008-07-12 10:32 <REP> d-------- C:\WINDOWS\system32\fr
2008-07-12 10:32 . 2008-07-12 10:32 <REP> d-------- C:\WINDOWS\l2schemas
2008-07-12 10:09 . 2008-04-14 04:33 1,306,624 --------- C:\WINDOWS\system32\msxml6.dll
2008-07-12 10:08 . 2008-04-14 04:31 848,922 --------- C:\WINDOWS\system32\dllcache\msdxm.ocx
2008-07-12 10:07 . 2008-04-14 04:34 695,808 --------- C:\WINDOWS\system32\dllcache\drmv2clt.dll
2008-07-12 10:06 . 2008-04-14 04:33 136,192 --------- C:\WINDOWS\system32\aaclient.dll
2008-07-12 10:06 . 2008-04-14 03:55 8,704 --------- C:\WINDOWS\system32\dllcache\asferror.dll
2008-07-09 22:38 . 2008-07-09 22:38 <REP> d-------- C:\Program Files\Alwil Software
2008-07-08 16:54 . 2008-07-08 16:54 <REP> d-------- C:\Documents and Settings\patrice\Application Data\Grisoft
2008-07-08 16:54 . 2008-07-08 16:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-07-08 16:54 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-07-08 16:51 . 2008-07-08 23:57 <REP> d-------- C:\Program Files\Yahoo!
2008-07-08 16:50 . 2008-07-08 16:51 <REP> d-------- C:\Program Files\CCleaner
2008-07-08 10:46 . 2008-07-08 10:46 <REP> d-------- C:\WINDOWS\17BB7031B6D94D27A3A1B0E672A0972C.TMP
2008-07-08 00:22 . 2005-05-04 10:32 686,080 -ra------ C:\WINDOWS\system32\drivers\Cap713x.sys
2008-07-07 18:07 . 2008-07-07 18:11 4,837 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-07-04 13:46 . 2004-10-14 17:12 347,264 --a------ C:\WINDOWS\system32\drivers\snpstd2.sys
2008-07-04 13:46 . 2004-08-30 16:37 286,720 --a------ C:\WINDOWS\vsnpstd2.exe
2008-07-04 13:46 . 2004-02-16 13:59 61,440 --a------ C:\WINDOWS\system32\csnpstd2.dll
2008-07-04 13:46 . 2004-09-24 16:24 57,344 --a------ C:\WINDOWS\system32\rsnpstd2.dll
2008-07-04 13:46 . 2004-06-08 18:25 53,248 --a------ C:\WINDOWS\system32\dsnpstd2.dll
2008-07-04 13:46 . 2002-07-03 11:44 53,248 --a------ C:\WINDOWS\amcap.exe
2008-07-04 13:46 . 2004-09-24 13:52 36,864 --a------ C:\WINDOWS\system32\vsnpstd2.dll
2008-07-04 13:46 . 2004-09-24 12:14 36,864 --a------ C:\WINDOWS\system32\dsnpstd2.ax
2008-07-04 13:46 . 2003-01-17 17:34 15,541 --a------ C:\WINDOWS\snpstd2.ini
2008-07-04 13:46 . 2003-01-17 17:35 13,023 --a------ C:\WINDOWS\snpstd2.src
2008-07-04 13:45 . 2008-07-04 13:45 <REP> d-------- C:\Program Files\Trust
2008-07-04 13:45 . 2004-06-09 16:00 20,480 --a------ C:\WINDOWS\usnpstd2.exe
2008-07-04 13:43 . 2008-04-13 20:45 60,032 --a------ C:\WINDOWS\system32\drivers\usbaudio.sys
2008-07-04 09:57 . 2005-04-11 05:08 32,768 --a------ C:\WINDOWS\p3xunist.exe
2008-07-04 09:57 . 2005-05-17 14:37 3,063 --a------ C:\WINDOWS\TVP3XDrv.ini
2008-07-04 09:56 . 2004-12-31 08:54 61,056 -ra------ C:\WINDOWS\system32\Prop713x.dll
2008-07-04 09:56 . 2008-04-14 04:33 54,784 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-07-03 23:10 . 2008-07-12 22:57 38 --a------ C:\WINDOWS\BELOTEXP.INI
2008-07-03 22:11 . 2008-07-03 22:11 <REP> d-------- C:\Program Files\Microsoft Silverlight
2008-07-03 17:18 . 2008-07-03 17:18 <REP> d-------- C:\WINDOWS\system32\Epson
2008-07-03 11:55 . 2008-07-03 22:59 <REP> d-------- C:\Program Files\Ludi
2008-07-03 10:09 . 2008-07-03 10:09 <REP> d-------- C:\Documents and Settings\patrice\Application Data\ACD Systems
2008-07-03 10:08 . 2008-07-03 10:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-07-03 10:07 . 2008-07-11 18:02 <REP> d-------- C:\Program Files\Fichiers communs\ACD Systems
2008-07-03 10:07 . 2008-07-03 10:07 <REP> d-------- C:\Program Files\ACD Systems
2008-07-01 15:30 . 2008-07-01 15:30 <REP> d-------- C:\Documents and Settings\patrice\Application Data\Ulead Systems
2008-07-01 15:29 . 2008-07-01 15:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-07-01 12:22 . 2008-07-01 12:22 <REP> d-------- C:\WINDOWS\system\IOSUBSYS
2008-07-01 12:22 . 2008-07-01 12:22 <REP> d-------- C:\Program Files\PENTAX
2008-06-29 09:48 . 2008-07-02 07:37 <REP> d-------- C:\Documents and Settings\patrice\Application Data\Lavasoft
2008-06-27 16:16 . 2008-06-29 10:40 <REP> d-------- C:\Documents and Settings\patrice\Application Data\Smart PC Solutions
2008-06-27 14:03 . 2008-04-23 06:16 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-06-27 14:03 . 2007-04-17 11:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-06-27 14:03 . 2007-03-08 07:10 1,048,576 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-06-27 14:03 . 2008-04-23 06:16 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-06-27 14:03 . 2008-04-23 06:16 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-06-27 14:03 . 2008-04-23 06:16 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-06-27 14:03 . 2008-04-23 06:16 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-06-27 14:03 . 2008-04-23 06:16 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-06-27 14:03 . 2008-04-22 09:39 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-27 13:14 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-06-27 13:14 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-06-27 13:14 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-06-27 11:00 . 2008-06-27 11:00 <REP> d-------- C:\Program Files\Fichiers communs\AOL
2008-06-27 11:00 . 2008-06-27 11:00 203 --ah----- C:\IPH.PH
2008-06-27 07:42 . 2008-07-07 18:11 3,932,214 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-06-27 07:42 . 2008-07-07 18:11 51,244 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-06-27 07:38 . 2008-07-07 18:06 <REP> d-------- C:\WINDOWS\BricoPacks
2008-06-27 07:06 . 2008-07-12 10:33 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-06-27 07:02 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll
2008-06-27 01:00 . 2008-06-14 19:33 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-26 22:17 . 2008-06-26 22:17 23 --a------ C:\WINDOWS\system32\ccfddde4_z.ocx
2008-06-26 22:16 . 2008-06-28 15:07 <REP> d-------- C:\Documents and Settings\patrice\Contacts
2008-06-26 22:14 . 2008-06-26 22:14 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-06-26 22:14 . 2008-06-26 22:14 5 --a------ C:\WINDOWS\system32\SndDrv32b.ini
2008-06-26 22:09 . 2008-06-26 22:14 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-06-26 22:09 . 2008-06-27 00:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-26 21:56 . 2008-06-26 21:56 <REP> d-------- C:\Documents and Settings\LocalService\Menu Démarrer
2008-06-26 21:08 . 2008-06-26 21:08 <REP> d-------- C:\WINDOWS\provisioning
2008-06-26 21:08 . 2008-07-12 10:32 <REP> d-------- C:\WINDOWS\peernet
2008-06-26 20:53 . 2008-07-12 10:33 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-06-26 20:51 . 2008-06-26 20:51 <REP> d-------- C:\Documents and Settings\Propriétaire\Mes documents
2008-06-26 20:51 . 2008-06-26 20:51 <REP> d-------- C:\Documents and Settings\Propriétaire
2008-06-26 20:30 . 2008-07-12 10:20 <REP> d-------- C:\WINDOWS\EHome
2008-06-26 19:19 . 2008-07-05 18:50 <REP> d-------- C:\Documents and Settings\patrice\Application Data\Ahead
2008-06-26 19:19 . 2008-07-15 20:44 116 --a------ C:\WINDOWS\NeroDigital.ini
2008-06-26 18:47 . 2008-06-26 18:49 <REP> d-------- C:\Program Files\Fichiers communs\LightScribe
2008-06-26 18:44 . 2001-07-09 10:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-06-26 18:43 . 2008-06-26 18:43 <REP> d-------- C:\Program Files\Fichiers communs\Nero
2008-06-26 18:42 . 2005-01-04 15:19 2,670,592 --------- C:\WINDOWS\UNNeroVision.exe
2008-06-26 18:42 . 2005-01-17 19:17 169,546 --------- C:\WINDOWS\UNNeroVision.cfg
2008-06-26 18:42 . 2001-03-08 18:30 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
2008-06-26 18:41 . 2008-06-26 18:41 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
2008-06-26 18:41 . 2008-06-26 18:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-06-26 18:41 . 2004-07-26 16:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-06-26 18:41 . 2004-07-26 16:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-06-26 18:41 . 2004-07-26 16:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-08 13:15 --------- d-----w C:\Program Files\Windows Live
2008-07-06 20:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-27 05:42 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll.tmp
2008-06-26 22:33 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-06-26 22:08 --------- d-----w C:\Documents and Settings\patrice\Application Data\MSN6
2008-06-26 22:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
2008-06-26 22:01 --------- d-----w C:\Program Files\VideoLAN
2008-06-26 22:01 --------- d-----w C:\Documents and Settings\patrice\Application Data\vlc
2008-06-26 21:56 --------- d-----w C:\Program Files\Virtual CD v4 SDK
2008-06-26 21:56 --------- d-----w C:\Program Files\Services en ligne
2008-06-26 21:56 --------- d-----w C:\Program Files\Real
2008-06-26 21:56 --------- d-----w C:\Program Files\QuickTime
2008-06-26 21:55 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-26 21:55 --------- d-----w C:\Program Files\Fichiers communs\xing shared
2008-06-26 21:55 --------- d-----w C:\Program Files\Fichiers communs\TVNavigTechnologies Shared
2008-06-26 21:55 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-06-26 21:55 --------- d-----w C:\Program Files\CyberLink
2008-06-26 21:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\SBSI
2008-06-26 21:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2008-06-26 21:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-06-26 15:40 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-06-26 14:19 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-06-20 17:47 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 17:33 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-09 10:55 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:55 90,112 ------w C:\WINDOWS\system32\dllcache\wshext.dll
2008-05-09 10:55 512,000 ------w C:\WINDOWS\system32\dllcache\jscript.dll
2008-05-09 10:55 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:55 430,080 ------w C:\WINDOWS\system32\dllcache\vbscript.dll
2008-05-09 10:55 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:55 180,224 ------w C:\WINDOWS\system32\dllcache\scrobj.dll
2008-05-09 10:55 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-09 10:55 172,032 ------w C:\WINDOWS\system32\dllcache\scrrun.dll
2008-05-08 14:02 203,136 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-08 11:24 155,648 ------w C:\WINDOWS\system32\dllcache\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 09:07 135,168 ------w C:\WINDOWS\system32\dllcache\cscript.exe
2008-05-07 05:11 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:11 1,294,336 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-23 20:16 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:41 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:41 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
.

------- Sigcheck -------

2008-04-23 09:19 827392 78d3d2b0be6ad3e6d82ccb115cf74310 C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
2002-08-30 13:00 603136 cbc50d46257c4a75644230507b488050 C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\wininet.dll
2004-08-20 01:09 660480 4e958b97efc3d801f49283d1820f48b7 C:\WINDOWS\ie7\wininet.dll
2007-08-13 18:54 809472 f284a6225a3057a1e19985e1d4b47ada C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
2008-04-23 06:16 1260544 2288a0fb94319ccbeae49d64f7db00d1 C:\WINDOWS\ServicePackFiles\i386\wininet.dll
2004-08-20 01:09 660480 4e958b97efc3d801f49283d1820f48b7 C:\WINDOWS\SoftwareDistribution\Download\fb19dc20bad2e1b3438b71fff9b569aa\backup\sp2gdr\wininet.dll
2004-08-20 01:09 660480 4e958b97efc3d801f49283d1820f48b7 C:\WINDOWS\SoftwareDistribution\Download\fb19dc20bad2e1b3438b71fff9b569aa\backup\sp2qfe\wininet.dll
2004-08-20 01:09 660480 4e958b97efc3d801f49283d1820f48b7 C:\WINDOWS\SoftwareDistribution\Download\fb19dc20bad2e1b3438b71fff9b569aa\backup\sp3gdr\wininet.dll
2004-08-20 01:09 660480 4e958b97efc3d801f49283d1820f48b7 C:\WINDOWS\SoftwareDistribution\Download\fb19dc20bad2e1b3438b71fff9b569aa\backup\sp3qfe\wininet.dll
2008-04-23 06:16 1260544 2288a0fb94319ccbeae49d64f7db00d1 C:\WINDOWS\system32\wininet.dll
2008-04-23 06:16 826368 02d6aabd5f5a32c61478b5cdfe50e4a8 C:\WINDOWS\system32\dllcache\wininet.dll

2008-04-14 04:34 3200000 5158a1c542a355b3a67e59538bbd894d C:\WINDOWS\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 15:22 3199488 d47db3366ecc9e9de86fb24eaa10b411 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-20 01:09 978432 c2e06cb7cfb5dbd8767ddd5e2e18cf71 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2008-04-14 04:34 3200000 5158a1c542a355b3a67e59538bbd894d C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2008-04-14 04:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd C:\WINDOWS\SoftwareDistribution\Download\bba2f670a60f4e414c2e1208f91a7749\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus DX8400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE" [2007-04-12 08:00 182272]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:33 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VCSPlayer"="C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" [2003-08-13 10:33 299008]
"SNPSTD2"="C:\WINDOWS\vsnpstd2.exe" [2004-08-30 16:37 286720]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2003-10-14 15:36 151597]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 04:33 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCpl"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)
"DisableLockWorkstation"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuPinnedList"= 0 (0x0)
"NoStartMenuMFUprogramsList"= 0 (0x0)
"NoUserNameInStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinterTabs"= 0 (0x0)
"NoDeletePrinter"= 0 (0x0)
"NoAddPrinter"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
"NoChangeKeyboardNavigationIndicators"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Contrôleur de calendrier Ulead.lnk]
backup=C:\WINDOWS\pss\Contrôleur de calendrier Ulead.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^patrice^Menu Démarrer^Programmes^Démarrage^Y'z Toolbar.lnk]
backup=C:\WINDOWS\pss\Y'z Toolbar.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\aMSN\\bin\\wish.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys [2003-06-16 16:07]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 11:17]
R3 Cap713x;Philips Cap713x Video Capture;C:\WINDOWS\system32\DRIVERS\Cap713x.sys [2005-05-04 10:32]
R3 snpstd2;Trust WB-3400T Webcam;C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-10-14 17:12]
R3 STAC97NA;SigmaTel 3D Environmental Audio;C:\WINDOWS\system32\drivers\stac97na.sys [2002-09-20 18:42]
R3 STAC97NH;STAC97NH;C:\WINDOWS\system32\drivers\stac97nh.sys [2002-09-20 18:43]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 20:45]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 20:45]

*Newly Created Service* - CATCHME
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-RegistryMechanic - (no file)


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-15 22:56:18
Windows 5.1.2600 Service Pack 3 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-07-15 22:59:06
ComboFix-quarantined-files.txt 2008-07-15 20:58:55

Pre-Run: 90,150,612,992 octets libres
Post-Run: 90,134,425,600 octets libres

280 --- E O F --- 2008-07-08 20:58:47

[b]SDFix: Version 1.205 [/b]
Run by patrice on 15/07/2008 at 23:41

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

No Trojan Files Found






Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-15 23:49:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\aMSN\\bin\\wish.exe"="C:\\Program Files\\aMSN\\bin\\wish.exe:*:Enabled:Wish Application"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[b]Remaining Files [/b]:



[b]Files with Hidden Attributes [/b]:

Tue 14 Oct 2003 193 A.SHR --- "C:\BOOT.BAK"
Mon 7 Jul 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 27 Jun 2008 1,505,808 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\32a68038cbc8e2f304034165d1cab2e1\BIT37F.tmp"
Fri 27 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\60f98441524da959e4cfd96533bfcea5\BIT37E.tmp"
Fri 27 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7333946973f87a4fdf879a85eeae256b\BIT37C.tmp"
Fri 27 Jun 2008 4,856,848 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f3fd033e4d9140ea4bb2ff5810443583\BIT37D.tmp"
Thu 26 Jun 2008 33,404 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1e10da77e5e1c72d2afe101dc568fb06\download\BIT5.tmp"
Tue 7 Aug 2007 371,538 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f99846289ec5950c569069bbd41e4c8f\download\BIT4F.tmp"
Fri 27 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fb19dc20bad2e1b3438b71fff9b569aa\download\BIT54.tmp"

[b]Finished![/b]

merci a toi

-->- Recherche:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\patrice\Mes documents\Mes fichiers reçus\SdFix.exe: trouvé !
C:\Documents and Settings\patrice\Mes documents\Mes fichiers reçus\Msnfix.zip: trouvé !
C:\Documents and Settings\patrice\Mes documents\Mes fichiers reçus\ComboFix.exe: trouvé !
C:\Documents and Settings\patrice\Mes documents\Mes fichiers reçus\HJTInstall.exe: trouvé !
C:\Documents and Settings\patrice\Mes documents\Mes fichiers reçus\SmitFraudfix: trouvé !
C:\Documents and Settings\patrice\Recent\HijackThis.lnk: trouvé !
C:\Program Files\anti virus\HijackThis: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\patrice\Mes documents\Mes fichiers reçus\SdFix.exe: supprimé !
C:\Documents and Settings\patrice\Mes documents\Mes fichiers reçus\Msnfix.zip: supprimé !
C:\Documents and Settings\patrice\Mes documents\Mes fichiers reçus\ComboFix.exe: supprimé !
C:\Documents and Settings\patrice\Mes documents\Mes fichiers reçus\HJTInstall.exe: supprimé !
C:\Documents and Settings\patrice\Recent\HijackThis.lnk: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\patrice\Mes documents\Mes fichiers reçus\SmitFraudfix: supprimé !
C:\Program Files\anti virus\HijackThis: supprimé !

Corbeille vidée!
Fichiers temporaires nettoyés !
ca y est j ai telechargé derniere version d adobe et java et crée point de restauration
merci de ton aide
patrice

salut
dis j ai encore outlock qui s ouvre seul?