Probleme virus vbs:malware-gen

me revoilà voici mon rapport monjackLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:08:24, on 20/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\Free Download Manager\fdm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\monjack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {4D1F5679-0BF9-4E11-B558-8B278B751B61} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot

- Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {758F6D53-DCC7-4CCF-9080-4B6F9389F641} - C:\WINDOWS\system32\tuvUnOIy.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: QXK Olive - {88944F77-2355-4E0F-835E-4DE2CC9686B2} - C:\WINDOWS\grfxbanobms.dll
O2 - BHO: (no name) - {8A44841D-5512-4851-949F-E233202AEBD3} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live -

{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft

Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {97749EA3-0E8A-4B92-A4F4-FEC5955A044F} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free

Download Manager\iefdm2.dll
O2 - BHO: (no name) - {F583225C-0154-4177-BD05-59A922D9BF32} - C:\WINDOWS\system32\yayaYssS.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program

Files\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader

8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program

Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft

Office\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program

Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program

Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program

Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager -

file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program

Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program

Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer -

{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows

Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft

Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot -

Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free

Download Manager\FUM\fumiebtn.dll
O20 - AppInit_DLLs: psggry.dll jvogdk.dll
O20 - Winlogon Notify: tuvUnOIy - C:\WINDOWS\SYSTEM32\tuvUnOIy.dll
O21 - SSODL: ngwstxfd - {39C5A2C6-1AAE-4DDE-914F-477D28146814} - C:\WINDOWS\ngwstxfd.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil

Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil

Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil

Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil

Software\Avast4\ashWebSv.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service)

- Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers

communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program

Files\SPAMfighter\sfus.exe

voila le rapport smitfraud SmitFraudFix v2.365

Rapport fait à 21:35:23,34, 20/10/2008
Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\Free Download Manager\fdm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\monjack.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Free Download Manager\SmitfraudFix\Policies.exe
C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

Fichier hosts corrompu !

127.0.0.1 mpa.one.microsoft.com
127.0.0.1 www.legal-at-spybot.info
127.0.0.1 legal-at-spybot.info

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\ngwstxfd.dll PRESENT !
C:\WINDOWS\lomxeqsn.exe PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau



»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
+--------------------------------------------------+
[!] Suspicious: grfxbanobms.dll
BHO: QXK Olive - {88944F77-2355-4E0F-835E-4DE2CC9686B2}
TypeLib: {2809D613-C486-43B2-BC6F-A1B56685D346}
Interface: {580E204A-EF8A-44BC-8139-0EC9BA6C6F67}
Interface: {85567704-3032-4205-88AA-5C79CF57B1F2}


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="psggry.dll jvogdk.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"system"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS



»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

voila les 2 rapports SmitFraudFix v2.365

Rapport fait à 22:18:12,90, 20/10/2008
Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
C:\WINDOWS\grfxbanobms.dll deleted.


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\WINDOWS\ngwstxfd.dll supprimé
Deleting [HKEY_CLASSES_ROOT\CLSID\{39C5A2C6-1AAE-4DDE-914F-477D28146814}]
C:\WINDOWS\lomxeqsn.exe supprimé

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix

AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{F1BA5C5B-663A-48FA-999A-EB4B526E828B}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F1BA5C5B-663A-48FA-999A-EB4B526E828B}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:28:50, on 20/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Trend Micro\HijackThis\monjack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {4D1F5679-0BF9-4E11-B558-8B278B751B61} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {758F6D53-DCC7-4CCF-9080-4B6F9389F641} - C:\WINDOWS\system32\tuvUnOIy.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {869A0FF2-AD80-45BE-A295-6079C9635157} - C:\WINDOWS\system32\yayaYssS.dll
O2 - BHO: QXK Olive - {88944F77-2355-4E0F-835E-4DE2CC9686B2} - C:\WINDOWS\grfxbanobms.dll (file missing)
O2 - BHO: (no name) - {8A44841D-5512-4851-949F-E233202AEBD3} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {97749EA3-0E8A-4B92-A4F4-FEC5955A044F} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O20 - AppInit_DLLs: psggry.dll jvogdk.dll
O20 - Winlogon Notify: tuvUnOIy - C:\WINDOWS\SYSTEM32\tuvUnOIy.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe

voila cela a été un peu long, je te poste les 2 rapport
[10/20/2008, 23:04:17] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Administrateur\Bureau\VirtumundoBeGone.exe" )
[10/20/2008, 23:04:20] - Detected System Information:
[10/20/2008, 23:04:20] - Windows Version: 5.1.2600, Service Pack 3
[10/20/2008, 23:04:20] - Current Username: Administrateur (Admin)
[10/20/2008, 23:04:20] - Windows is in NORMAL mode.
[10/20/2008, 23:04:20] - Searching for Browser Helper Objects:
[10/20/2008, 23:04:20] - BHO 1: {4D1F5679-0BF9-4E11-B558-8B278B751B61} ()
[10/20/2008, 23:04:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/20/2008, 23:04:20] - No filename found. Continuing.
[10/20/2008, 23:04:20] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[10/20/2008, 23:04:20] - BHO 3: {758F6D53-DCC7-4CCF-9080-4B6F9389F641} ()
[10/20/2008, 23:04:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/20/2008, 23:04:20] - Checking for HKLM\...\Winlogon\Notify\tuvUnOIy
[10/20/2008, 23:04:20] - Found: HKLM\...\Winlogon\Notify\tuvUnOIy - This is probably Virtumundo.
[10/20/2008, 23:04:20] - Assigning {758F6D53-DCC7-4CCF-9080-4B6F9389F641} MSEvents Object
[10/20/2008, 23:04:20] - BHO list has been changed! Starting over...
[10/20/2008, 23:04:20] - BHO 1: {4D1F5679-0BF9-4E11-B558-8B278B751B61} ()
[10/20/2008, 23:04:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/20/2008, 23:04:20] - No filename found. Continuing.
[10/20/2008, 23:04:20] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[10/20/2008, 23:04:21] - BHO 3: {758F6D53-DCC7-4CCF-9080-4B6F9389F641} (MSEvents Object)
[10/20/2008, 23:04:21] - ALERT: Found MSEvents Object!
[10/20/2008, 23:04:21] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[10/20/2008, 23:04:21] - BHO 5: {869A0FF2-AD80-45BE-A295-6079C9635157} ()
[10/20/2008, 23:04:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/20/2008, 23:04:21] - Checking for HKLM\...\Winlogon\Notify\yayaYssS
[10/20/2008, 23:04:21] - Key not found: HKLM\...\Winlogon\Notify\yayaYssS, continuing.
[10/20/2008, 23:04:21] - BHO 6: {88944F77-2355-4E0F-835E-4DE2CC9686B2} ()
[10/20/2008, 23:04:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/20/2008, 23:04:21] - No filename found. Continuing.
[10/20/2008, 23:04:21] - BHO 7: {8A44841D-5512-4851-949F-E233202AEBD3} ()
[10/20/2008, 23:04:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/20/2008, 23:04:21] - No filename found. Continuing.
[10/20/2008, 23:04:21] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[10/20/2008, 23:04:21] - BHO 9: {97749EA3-0E8A-4B92-A4F4-FEC5955A044F} ()
[10/20/2008, 23:04:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/20/2008, 23:04:21] - No filename found. Continuing.
[10/20/2008, 23:04:21] - BHO 10: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} ()
[10/20/2008, 23:04:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/20/2008, 23:04:21] - No filename found. Continuing.
[10/20/2008, 23:04:21] - BHO 11: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} (FDMIECookiesBHO Class)
[10/20/2008, 23:04:21] - Finished Searching Browser Helper Objects
[10/20/2008, 23:04:21] - *** Detected MSEvents Object
[10/20/2008, 23:04:21] - Trying to remove MSEvents Object...
[10/20/2008, 23:04:22] - Terminating Process: IEXPLORE.EXE
[10/20/2008, 23:04:22] - Terminating Process: RUNDLL32.EXE
[10/20/2008, 23:04:23] - Disabling Automatic Shell Restart
[10/20/2008, 23:04:23] - Terminating Process: EXPLORER.EXE
[10/20/2008, 23:04:23] - Suspending the NT Session Manager System Service
[10/20/2008, 23:04:23] - Terminating Windows NT Logon/Logoff Manager
[10/20/2008, 23:04:23] - Re-enabling Automatic Shell Restart
[10/20/2008, 23:04:23] - File to disable: C:\WINDOWS\system32\tuvUnOIy.dll
[10/20/2008, 23:04:24] - Renaming C:\WINDOWS\system32\tuvUnOIy.dll -> C:\WINDOWS\system32\tuvUnOIy.dll.vir
[10/20/2008, 23:04:24] - File successfully renamed!
[10/20/2008, 23:04:24] - Removing HKLM\...\Browser Helper Objects\{758F6D53-DCC7-4CCF-9080-4B6F9389F641}
[10/20/2008, 23:04:24] - Removing HKCR\CLSID\{758F6D53-DCC7-4CCF-9080-4B6F9389F641}
[10/20/2008, 23:04:24] - Adding Kill Bit for ActiveX for GUID: {758F6D53-DCC7-4CCF-9080-4B6F9389F641}
[10/20/2008, 23:04:24] - Deleting ATLEvents/MSEvents Registry entries
[10/20/2008, 23:04:24] - Removing HKLM\...\Winlogon\Notify\tuvUnOIy
[10/20/2008, 23:04:24] - Searching for Browser Helper Objects:
[10/20/2008, 23:04:24] - BHO 1: {4D1F5679-0BF9-4E11-B558-8B278B751B61} ()
[10/20/2008, 23:04:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/20/2008, 23:04:24] - No filename found. Continuing.
[10/20/2008, 23:04:24] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[10/20/2008, 23:04:24] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[10/20/2008, 23:04:25] - BHO 4: {869A0FF2-AD80-45BE-A295-6079C9635157} ()
[10/20/2008, 23:04:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/20/2008, 23:04:25] - Checking for HKLM\...\Winlogon\Notify\yayaYssS
[10/20/2008, 23:04:25] - Key not found: HKLM\...\Winlogon\Notify\yayaYssS, continuing.
[10/20/2008, 23:04:25] - BHO 5: {88944F77-2355-4E0F-835E-4DE2CC9686B2} ()
[10/20/2008, 23:04:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/20/2008, 23:04:25] - No filename found. Continuing.
[10/20/2008, 23:04:25] - BHO 6: {8A44841D-5512-4851-949F-E233202AEBD3} ()
[10/20/2008, 23:04:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/20/2008, 23:04:25] - No filename found. Continuing.
[10/20/2008, 23:04:25] - BHO 7: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[10/20/2008, 23:04:25] - BHO 8: {97749EA3-0E8A-4B92-A4F4-FEC5955A044F} ()
[10/20/2008, 23:04:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/20/2008, 23:04:25] - No filename found. Continuing.
[10/20/2008, 23:04:25] - BHO 9: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} ()
[10/20/2008, 23:04:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/20/2008, 23:04:25] - No filename found. Continuing.
[10/20/2008, 23:04:25] - BHO 10: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} (FDMIECookiesBHO Class)
[10/20/2008, 23:04:25] - Finished Searching Browser Helper Objects
[10/20/2008, 23:04:25] - Finishing up...
[10/20/2008, 23:04:25] - A restart is needed.
[10/20/2008, 23:04:25] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
[10/20/2008, 23:04:31] - Attempting to Restart via STOP error (Blue Screen!)

je te poste maintenant le rapport hijackLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:21:35, on 20/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\monjack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {4D1F5679-0BF9-4E11-B558-8B278B751B61} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {88944F77-2355-4E0F-835E-4DE2CC9686B2} - (no file)
O2 - BHO: (no name) - {8A44841D-5512-4851-949F-E233202AEBD3} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {97749EA3-0E8A-4B92-A4F4-FEC5955A044F} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: (no name) - {BC1BB0C7-C015-4E3C-8509-78797A2FFD58} - C:\WINDOWS\system32\yayaYssS.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O20 - AppInit_DLLs: psggry.dll jvogdk.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe

voici le rapport hijackLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:07:25, on 21/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\monjack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {4D1F5679-0BF9-4E11-B558-8B278B751B61} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {88944F77-2355-4E0F-835E-4DE2CC9686B2} - (no file)
O2 - BHO: (no name) - {8A44841D-5512-4851-949F-E233202AEBD3} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {97749EA3-0E8A-4B92-A4F4-FEC5955A044F} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O20 - AppInit_DLLs: psggry.dll jvogdk.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe

merci a toi je lance tout ca et si je fini trop tard je t'envoie le tout demain ,encore merci pour ton aide et bonne nuit

bonjour comme prevu je te poste le rapport MalwareByte's et le rapport hijack en suivant, je part au boulot et me reconnecteré enfin d'apres midi , bonne journée et encore merçiMalwarebytes' Anti-Malware 1.29
Version de la base de données: 1298
Windows 5.1.2600 Service Pack 3

21/10/2008 06:27:03
mbam-log-2008-10-21 (06-27-03).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 102802
Temps écoulé: 2 hour(s), 3 minute(s), 15 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 31
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 6
Fichier(s) infecté(s): 159

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\yayaYssS.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\psggry.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\jvogdk.dll (Trojan.Vundo) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fe0a5349-7788-4d2d-bdbb-b9e2fc3335cd} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{fe0a5349-7788-4d2d-bdbb-b9e2fc3335cd} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6ed87bb9-6204-4292-aa03-629672af8655} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9fcf63b4-8c52-417c-b538-225013f29ff4} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fe254929-949f-4615-a1fe-2d32518b2820} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{812ff14f-e17b-4f8a-b6a5-f39dbb2e29f0} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{db6633ad-12a9-4aa5-a33a-2f9aed6078d5} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f1ebacef-d6bf-4d1d-851a-90895eca9448} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{85134ee0-0f54-4d88-a9f2-b58cbbfcb2b2} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{b8438c60-53fc-4988-be0a-6d1493c44597} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3ee73149-fd0a-4c42-9e2e-9d8447921004} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{71415d43-91b6-405f-8a71-1ebc6d0fb14e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Evidence Eliminator (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Evidence Eliminator Safe Recycle (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Evidence Eliminator Quick Mode (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Evidence Eliminator Safe Restart (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Evidence Eliminator Safe Shutdown (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Eeshellx.ShellExt (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\Evidence Eliminator (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Evidence Eliminator (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{1f576f3f-11b0-4be6-94e2-612d51f26222} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ffdd8945-97e3-41e5-a4f0-bae3dc1b9f2b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df2dfebe-5e53-4414-9456-6361d7777639} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\rosqxvmn.bsov (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\rosqxvmn.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\yayaysss -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\yayaysss -> Delete on reboot.

Dossier(s) infecté(s):
C:\Program Files\SmartVideoCodec (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\MediaVideoCodec (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Help (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\yayaYssS.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\SssYayay.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SssYayay.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\avmygonl.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lnogymva.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gbbpajoc.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cojapbbg.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kcdsjiji.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ijijsdck.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psggry.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\jvogdk.dll (Trojan.Vundo) -> Delete on reboot.
C:\System Volume Information\_restore{54B61D26-4FC8-429D-B011-7847C18A6D8F}\RP1\A0000130.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\qrbgltos.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hgGwXonL.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jhccxmix.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ljJDSIcb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lzowtv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oomrxgbr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tjdbdbpn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tuvUnOIy.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yayaBSmM.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\programmes\Pack validation wga définitif\Windows XP Keygen.exe (Malware.Tool) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Ee.exe (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\INSTALL.LOG (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\License.txt (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\ReadMe.txt (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\UNWISE.EXE (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\UNWISE.INI (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Config.dat (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Drives.dat (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Files.dat (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\FilesContents.dat (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Folders.dat (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\FolderScans.dat (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\IECookiesKeep.dat (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\IEDownloadedKeep.dat (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\NSN4CookiesKeep.dat (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\OE5ChoiceList.dat (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\PlugInSelections.dat (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\ScanMasks.dat (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\TBChoiceList.dat (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\AbsoluteFTP.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\ACDSEE Photo Viewer v3.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Adaptec Easy CD Creator v4.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat Reader v3.0.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat Reader v3.1.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat Reader v4.0.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat Reader v5.0.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat Reader v5.1.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat Reader v6.0.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat Reader v7.0.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat v6.0.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Adobe Photoshop v5.0 LE.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Adobe Photoshop v5.5.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Adobe Photoshop v5.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Adobe Photoshop v6.0.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Adobe Photoshop v7.0.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Adobe Photoshop v8.0.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Adobe Photoshop v9.0.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\ASPack.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Avant Browser.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Cabinet Manager.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Copernic 2000 Pro.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Copernic 2000.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Copernic Agent.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Corel Paintshop Pro v10.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Cute FTP v3.0.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Cute FTP v4.0.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Cute FTP v7.0.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Delphi v3.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Delphi v4.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Delphi v5.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\DiskKeeper v5.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\DivXPlayer.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Download Accelerator.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Eudora Mail.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\EventLog.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\FTP Explorer.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\GetRight ExplorerBar.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\GetRight v4.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\GoogleBar.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\GoogleDesktop.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\GoogleNavigation.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\GoZilla.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Helios TextPad v3.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Helios TextPad v4.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\HelpWriter.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Icon Extractor.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\ICQ 2000a.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\InstallShield Express.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\J2 Messenger.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\JASC Paintshop Pro v5.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\JASC Paintshop Pro v6.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\JASC Paintshop Pro v7.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\JASC Paintshop Pro v8.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Jet PhotoShell v1.2.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Kazaa.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Limewire v4.0.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Macromedia Flash v4.0.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\MasterSplitter v2.1.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\McAfee Virus Scan v4.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Microangelo 98.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Micrografx Picture Publisher v7.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Micrografx Picture Publisher v8.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Microsoft FrontPage Express.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Microsoft FrontPage.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Microsoft Help Workshop.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Microsoft HTML Help.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Microsoft Office.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Microsoft Publisher 2000.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Microsoft Send-To Extensions.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Microsoft Windows Paint.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Microsoft Windows WordPad.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\My Network Places.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Napster Music Community.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\NEATO Labels.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\NeoPlanet v5.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Norton AntiVirus 2000 (v6).eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Norton Antivirus 2003.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Norton File Manager.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Norton Internet Security 2004.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Norton Personal Firewall.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Norton Utilities 2000.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\NoteTab Pro.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Opera Browser v4.02 Final.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Opera Browser.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\PackageForTheWeb.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Personal Ancestral File.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Quicktime.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Real Audio Player v6 v7 v8.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Real Download v4.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Real Player v10.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\RealOne Player.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Roxio Easy CD Creator v6.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\SureThing CD Labeler.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Telnet.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Ulead Gif Animator v4.0.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Ulead Photo Explorer v4.2.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Ulead Photo Viewer v4.0.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Ulead PhotoImpact v10.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Ulead PhotoImpact v5.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Ulead PhotoImpact Viewer v4.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\UltraEdit v4.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\UltraEdit v7.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Web Ferret v3.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\WinOnCD.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\WinRar v2.6.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\WinRar v2.70.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\WinRar v3.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\WinZip v7.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\WinZip v8.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Wise Installer.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Yahoo Player.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\YahooMessenger.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\ZipMagic 2000.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Zone Alarm.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Help\ee.chm (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\rosqxvmn.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

bonjour comme convenue je te poste le rapport combo fix et un nouveau hijack ComboFix 08-10-19.04 - Administrateur 2008-10-21 19:18:02.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.243 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\Administrateur\Bureau\WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrateur\Application Data\inst.exe
C:\install\install.exe
C:\WINDOWS\etln.exe
C:\WINDOWS\system32\nsjuydjg.ini

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-21 au 2008-10-21 ))))))))))))))))))))))))))))))))))))
.

2008-10-20 23:41 . 2008-10-20 23:41 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-20 23:41 . 2008-10-20 23:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-20 23:41 . 2008-10-20 23:41 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-10-20 23:41 . 2008-10-16 20:25 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-20 23:41 . 2008-10-16 20:25 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-20 22:55 . 2008-10-20 22:55 <REP> d-------- C:\Program Files\CCleaner
2008-10-20 20:51 . 2008-10-20 20:51 <REP> d-------- C:\Program Files\Trend Micro
2008-10-19 19:23 . 2002-03-22 00:20 204,849 --a------ C:\WINDOWS\system32\DLL32.DLL
2008-10-19 19:23 . 2002-03-31 19:35 6,144 --a------ C:\WINDOWS\system32\DLL16.DLL
2008-10-19 14:32 . 2008-10-19 14:32 218 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-10-19 14:30 . 2008-10-19 14:49 <REP> d-------- C:\WINDOWS\SxsCaPendDel
2008-10-19 14:14 . 2008-10-19 14:14 <REP> dr-h----- C:\AHCache
2008-10-19 13:48 . 2008-10-19 13:48 4,096 --a------ C:\WINDOWS\system32\Run32.dll
2008-10-19 13:40 . 2008-10-19 14:56 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Uniblue
2008-10-19 13:39 . 2008-10-19 19:21 <REP> d-------- C:\Program Files\Uniblue
2008-10-19 12:47 . 2008-10-21 19:20 <REP> d-------- C:\WINDOWS\system32\CatRoot2
2008-10-19 12:35 . 2008-10-19 12:35 1,529,619 --a------ C:\upload_moi_TITANIUM.tar.gz
2008-10-19 08:57 . 2008-10-19 08:57 <REP> d--hs---- C:\Documents and Settings\Administrateur\PrivacIE
2008-10-19 08:45 . 2008-04-14 04:33 81,920 --a------ C:\WINDOWS\system32\ieencode.dll
2008-10-13 15:51 . 2008-10-13 15:51 <REP> d-------- C:\Program Files\MSBuild
2008-10-13 15:46 . 2008-10-19 14:40 <REP> d-------- C:\WINDOWS\system32\XPSViewer
2008-10-13 15:45 . 2008-10-13 15:45 <REP> d-------- C:\Program Files\Reference Assemblies
2008-10-13 15:44 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-10-13 02:02 . 2008-10-13 15:42 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Nero
2008-10-13 01:34 . 2008-10-13 01:34 4,767 --a------ C:\WINDOWS\Irremote.ini
2008-10-13 01:31 . 2008-10-13 01:31 <REP> d-------- C:\Program Files\Windows Sidebar
2008-10-12 23:02 . 2008-10-13 01:50 <REP> d-------- C:\Program Files\Fichiers communs\Nero
2008-10-12 21:55 . 2008-10-13 01:33 <REP> d-------- C:\Program Files\Nero
2008-10-12 21:55 . 2008-10-13 02:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-10-12 20:38 . 2008-10-12 20:38 <REP> d-------- C:\WINDOWS\system32\fr
2008-10-12 20:38 . 2008-10-12 20:38 <REP> d-------- C:\WINDOWS\system32\bits
2008-10-12 20:38 . 2008-10-12 20:38 <REP> d-------- C:\WINDOWS\l2schemas
2008-10-12 20:35 . 2008-10-12 20:39 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-10-03 19:19 . 2008-10-03 19:19 <REP> d-------- C:\Program Files\K!TV
2008-10-03 18:27 . 2008-10-03 18:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-10-01 07:14 . 2008-10-01 07:14 <REP> d-------- C:\Program Files\AVSMedia
2008-09-29 21:01 . 2008-09-29 21:01 674,816 --a------ C:\WINDOWS\is-E3JQV.exe
2008-09-29 21:01 . 2008-09-29 21:01 13,788 --a------ C:\WINDOWS\is-E3JQV.msg
2008-09-29 21:01 . 2008-09-29 21:01 3,103 --a------ C:\WINDOWS\is-E3JQV.lst
2008-09-29 19:41 . 2007-02-27 19:36 638,976 --a------ C:\WINDOWS\system32\divx.dll
2008-09-29 19:41 . 2007-02-27 19:36 221,215 --a------ C:\WINDOWS\system32\divxdec.ax

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-21 17:14 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Free Download Manager
2008-10-21 15:51 --------- d-----w C:\Program Files\SPAMfighter
2008-10-20 21:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-20 19:33 --------- d-----w C:\Program Files\Free Download Manager
2008-10-19 13:00 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\AVS Video Converter
2008-10-18 07:35 --------- d-----w C:\Program Files\Navilog1
2008-10-12 19:59 --------- d-----w C:\Program Files\Ahead
2008-10-12 17:10 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Ahead
2008-10-10 11:35 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Vso
2008-10-01 05:15 --------- d-----w C:\Program Files\Fichiers communs\AVSMedia
2008-09-29 18:16 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\AVSMedia
2008-09-20 13:34 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\GrabIt
2008-09-16 07:56 --------- d-----w C:\Program Files\iWizz
2008-09-14 07:50 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\SPAMfighter
2008-09-14 07:49 --------- d-----w C:\Program Files\Fichiers communs\Application
2008-09-14 07:49 --------- d-----w C:\Program Files\Fichiers communs\Ankiro
2008-09-14 07:44 --------- d-----w C:\Program Files\Goto Software
2008-09-14 07:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\VadeRetro
2008-09-14 06:46 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\VadeRetro
2008-09-06 08:27 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-06 07:55 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-09-06 07:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-28 19:40 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Software Informer
2008-08-28 19:38 --------- d-----w C:\Program Files\Software Informer
2007-11-30 18:59 47,360 -c--a-w C:\Documents and Settings\Administrateur\Application Data\pcouffin.sys
2007-02-20 15:53 56 -csh--r C:\WINDOWS\system32\4E1C7529FE.sys
2007-03-01 09:46 8 -csh--r C:\WINDOWS\system32\B2D2434362.sys
2008-01-29 09:18 10,022 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-02-24 5537792]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-02-24 86016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-07-29 321672]
"nwiz"="nwiz.exe" [2005-02-24 C:\WINDOWS\system32\nwiz.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=psggry.dll jvogdk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm

[HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^Yahoo! Widget Engine.lnk]
path=C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Yahoo! Widget Engine.lnk
backup=C:\WINDOWS\pss\Yahoo! Widget Engine.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashGet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
--a------ 2008-05-20 17:27 2474031 C:\Program Files\Free Download Manager\fdm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Upload Manager]
--a------ 2007-12-31 00:14 253952 C:\Program Files\Free Download Manager\FUM\fum.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a--c--- 2003-08-04 18:28 49152 C:\Program Files\HP\HP Software Update\hpwuSchd.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Evidence Eliminator"=C:\Program Files\Evidence Eliminator\ee.exe /m
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" -autorun
"Free Uploader Oe Integration"=C:\Program Files\Free Download Manager\FUM\fumoei.exe
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mshta.exe"=
"C:\\Program Files\\Freeplayer\\vlc\\vlc.exe"=
"C:\\Program Files\\Java\\j2re1.4.2_05\\bin\\javaw.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\eMule\\eMule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Free Download Manager\\fdm.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SopCast\\sopvod.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\Pinnacle\\Pinnacle PCTV\\TeleText\\WebServer.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\French\\setup.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7561:TCP"= 7561:TCP:emule
"7571:UDP"= 7571:UDP:emule
"7195:TCP"= 7195:TCP:emule
"7222:UDP"= 7222:UDP:emule
"7185:TCP"= 7185:TCP:emule

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
R2 SPAMfighter Update Service;SPAMfighter Update Service;C:\Program Files\SPAMfighter\sfus.exe [2008-07-29 184968]
R3 Camdrv30;Philips ToUcam XS;C:\WINDOWS\system32\Drivers\camdrv30.sys [2001-08-17 171264]
R3 pctvvbi;PCTVVBI;C:\WINDOWS\system32\DRIVERS\pctvvbi.sys [2002-04-02 6369]
S3 dz2kscsi;dz2kscsi;C:\WINDOWS\system32\DRIVERS\dz2kscsi.sys [2003-07-09 10624]
S3 dz2kusb;dz2kusb;C:\WINDOWS\system32\DRIVERS\dz2kusb.sys [2002-07-29 11392]
S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\system32\DRIVERS\fbxusb.sys [2003-12-31 18848]
.
Contenu du dossier 'Tâches planifiées'

2008-10-13 C:\WINDOWS\Tasks\NeroLiveEpgUpdate-TITANIUM_Administrateur.job
- C:\Program Files\Nero\Nero 9\Nero Live\NeroLive.exe [2008-09-18 13:51]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{4D1F5679-0BF9-4E11-B558-8B278B751B61} - (no file)
BHO-{88944F77-2355-4E0F-835E-4DE2CC9686B2} - (no file)
BHO-{8A44841D-5512-4851-949F-E233202AEBD3} - (no file)
BHO-{97749EA3-0E8A-4B92-A4F4-FEC5955A044F} - (no file)
ShellExecuteHooks-{758F6D53-DCC7-4CCF-9080-4B6F9389F641} - (no file)
MSConfigStartUp-Evidence Eliminator - C:\PROGRA~1\Evidence Eliminator\ee.exe
MSConfigStartUp-MsnMsgr - C:\Program Files\MSN Messenger\msnmsgr.exe


.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\qxj9jqbi.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://google.fr
FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-21 19:21:50
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\msiexec.exe
.
**************************************************************************
.
Heure de fin: 2008-10-21 19:23:19 - La machine a redémarré [Administrateur]
ComboFix-quarantined-files.txt 2008-10-21 17:23:15

Avant-CF: 29,217,701,888 octets libres
Après-CF: 29,109,030,912 octets libres

209 --- E O F --- 2008-10-14 01:01:11

VOICI LE RAPPORT HIJACK Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:36:50, on 21/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\monjack.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O20 - AppInit_DLLs: psggry.dll jvogdk.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe

C:\WINDOWS\is-e3jqv.exe rapport: Fichier is-E3JQV.exe reçu le 2008.10.21 20:33:39 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 0/36 (0%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: ___.
L'heure estimée de démarrage est entre ___ et ___ .
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Formaté
Impression des résultats Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.18.0 2008.10.21 -
AntiVir 7.9.0.5 2008.10.21 -
Authentium 5.1.0.4 2008.10.21 -
Avast 4.8.1248.0 2008.10.21 -
AVG 8.0.0.161 2008.10.21 -
BitDefender 7.2 2008.10.21 -
CAT-QuickHeal 9.50 2008.10.21 -
ClamAV 0.93.1 2008.10.21 -
DrWeb 4.44.0.09170 2008.10.21 -
eSafe 7.0.17.0 2008.10.19 -
eTrust-Vet 31.6.6161 2008.10.21 -
Ewido 4.0 2008.10.21 -
F-Prot 4.4.4.56 2008.10.21 -
F-Secure 8.0.14332.0 2008.10.21 -
Fortinet 3.113.0.0 2008.10.21 -
GData 19 2008.10.21 -
Ikarus T3.1.1.44.0 2008.10.21 -
K7AntiVirus 7.10.501 2008.10.21 -
Kaspersky 7.0.0.125 2008.10.21 -
McAfee 5409 2008.10.21 -
Microsoft 1.4005 2008.10.21 -
NOD32 3543 2008.10.21 -
Norman 5.80.02 2008.10.21 -
Panda 9.0.0.4 2008.10.21 -
PCTools 4.4.2.0 2008.10.21 -
Prevx1 V2 2008.10.21 -
Rising 20.67.12.00 2008.10.21 -
SecureWeb-Gateway 6.7.6 2008.10.21 -
Sophos 4.34.0 2008.10.21 -
Sunbelt 3.1.1741.1 2008.10.21 -
Symantec 10 2008.10.21 -
TheHacker 6.3.1.0.121 2008.10.21 -
TrendMicro 8.700.0.1004 2008.10.21 -
VBA32 3.12.8.8 2008.10.21 -
ViRobot 2008.10.21.1430 2008.10.21 -
VirusBuster 4.5.11.0 2008.10.21 -
Information additionnelle
File size: 674816 bytes
MD5...: 0caa20daaf9a87e23619dc7f65d1f3ed
SHA1..: 00caa8c935810bc5f03a3483086951f0a3760213
SHA256: 2654249d6c2f93897d30890614ed0664f6bd36ca9d5ef6f3eb3e7620d0e1e394
SHA512: 513989dcd524bf8d2093c6ba4b55e70bbe25877ae682a4587014a33353e1a051
a64892ce9e3f38157ee19e07cee5524563f5b9c03261292a4aaa5c18c7ccc230
PEiD..: -
TrID..: File type identification
Windows OCX File (86.8%)
Win32 Executable Delphi generic (10.3%)
Generic Win/DOS Executable (1.4%)
DOS Executable Generic (1.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x48dc1c
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)

( 8 sections )
name viradd virsiz rawdsiz ntrpy md5
CODE 0x1000 0x8ce48 0x8d000 6.58 9d68ea4cb75db17f74b821434e184b09
DATA 0x8e000 0xf40 0x1000 4.32 3f997a7e74972798a948f7a2691e137b
BSS 0x8f000 0x135c 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0x91000 0x253c 0x2600 5.00 6fce904ca80cb833702afa99b2721f0f
.tls 0x94000 0x8 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0x95000 0x18 0x200 0.21 f86754efe5fa890325ad6119f20442ae
.reloc 0x96000 0x80e0 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x9f000 0x14000 0x14000 4.96 fc312eb834180a60886e77f3adc948dd

( 17 imports )
> kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, WideCharToMultiByte, TlsSetValue, TlsGetValue, MultiByteToWideChar, GetModuleHandleA, GetLastError, GetCommandLineA, WriteFile, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetSystemTime, GetFileType, ExitProcess, CreateFileA, CloseHandle
> user32.dll: MessageBoxA
> oleaut32.dll: SafeArrayPutElement, SafeArrayCreate, VariantChangeTypeEx, VariantCopyInd, VariantClear, SysStringLen, SysAllocStringLen
> advapi32.dll: RegSetValueExA, RegQueryValueExA, RegQueryInfoKeyA, RegOpenKeyExA, RegEnumValueA, RegEnumKeyExA, RegDeleteValueA, RegDeleteKeyA, RegCreateKeyExA, RegCloseKey, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueA, GetUserNameA, GetTokenInformation, FreeSid, EqualSid, AllocateAndInitializeSid
> kernel32.dll: lstrcmpA, WriteProfileStringA, WritePrivateProfileStringA, WriteFile, WaitForSingleObject, VirtualFree, VirtualAlloc, UnmapViewOfFile, TransactNamedPipe, TerminateThread, TerminateProcess, Sleep, SizeofResource, SetNamedPipeHandleState, SetLastError, SetFileTime, SetFilePointer, SetFileAttributesA, SetErrorMode, SetEndOfFile, SetCurrentDirectoryA, RemoveDirectoryA, ReleaseMutex, ReadFile, QueryPerformanceCounter, OpenProcess, OpenMutexA, MultiByteToWideChar, MulDiv, MoveFileExA, MoveFileA, MapViewOfFile, LockResource, LocalFree, LocalFileTimeToFileTime, LoadResource, LoadLibraryA, IsDBCSLeadByte, IsBadWritePtr, GlobalUnlock, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetWindowsDirectoryA, GetVersionExA, GetVersion, GetUserDefaultLangID, GetTickCount, GetSystemTimeAsFileTime, GetSystemInfo, GetSystemDirectoryA, GetSystemDefaultLCID, GetShortPathNameA, GetProfileStringA, GetProcAddress, GetPrivateProfileStringA, GetOverlappedResult, GetModuleHandleA, GetModuleFileNameA, GetLogicalDrives, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetFileSize, GetFileAttributesA, GetExitCodeProcess, GetEnvironmentVariableA, GetDriveTypeA, GetDiskFreeSpaceA, GetCurrentThreadId, GetCurrentThread, GetCurrentProcessId, GetCurrentProcess, GetCurrentDirectoryA, GetComputerNameA, GetCommandLineA, GetACP, FreeResource, InterlockedExchange, FreeLibrary, FormatMessageA, FlushFileBuffers, FindResourceA, FindNextFileA, FindFirstFileA, FindClose, FileTimeToSystemTime, FileTimeToLocalFileTime, DeleteFileA, CreateThread, CreateProcessA, CreateNamedPipeA, CreateMutexA, CreateFileMappingA, CreateFileA, CreateEventA, CreateDirectoryA, CopyFileA, CompareStringA, CompareFileTime, CloseHandle
> mpr.dll: WNetOpenEnumA, WNetGetUniversalNameA, WNetGetConnectionA, WNetEnumResourceA, WNetCloseEnum
> version.dll: VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
> gdi32.dll: UnrealizeObject, TextOutA, StretchDIBits, StretchBlt, SetWindowOrgEx, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RoundRect, RestoreDC, RemoveFontResourceA, Rectangle, RectVisible, RealizePalette, Polyline, Pie, PatBlt, MoveToEx, LineTo, LineDDA, IntersectClipRect, GetWindowOrgEx, GetTextMetricsA, GetTextExtentPointA, GetTextExtentPoint32A, GetTextColor, GetSystemPaletteEntries, GetStockObject, GetPixel, GetPaletteEntries, GetObjectA, GetDeviceCaps, GetDIBits, GetCurrentPositionEx, GetClipBox, GetBitmapBits, ExtFloodFill, ExcludeClipRect, EnumFontsA, Ellipse, DeleteObject, DeleteDC, CreateSolidBrush, CreateRectRgn, CreatePenIndirect, CreatePalette, CreateFontIndirectA, CreateDIBitmap, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, Chord, BitBlt, Arc, AddFontResourceA
> user32.dll: WindowFromPoint, WinHelpA, WaitMessage, WaitForInputIdle, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowOwnedPopups, ShowCursor, SetWindowRgn, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongW, SetWindowLongA, SetTimer, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetCapture, SetActiveWindow, SendNotifyMessageA, SendMessageTimeoutA, SendMessageW, SendMessageA, ScrollWindowEx, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClassA, PtInRect, PostQuitMessage, PostMessageA, PeekMessageA, OffsetRect, OemToCharBuffA, OemToCharA, MsgWaitForMultipleObjects, MessageBoxA, MessageBeep, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRgn, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetSystemMetrics, GetSystemMenu, GetSysColor, GetSubMenu, GetScrollPos, GetPropA, GetParent, GetWindow, GetMessagePos, GetMessageA, GetMenuStringA, GetMenuState, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClientRect, GetClassInfoW, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, ExitWindowsEx, EqualRect, EnumWindows, EnumThreadWindows, EndPaint, EnableWindow, EnableMenuItem, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreateWindowExA, CreatePopupMenu, CreateMenu, CreateIcon, ClientToScreen, CheckMenuItem, CallWindowProcW, CallWindowProcA, CallNextHookEx, BringWindowToTop, BeginPaint, AppendMenuA, CharPrevA, CharNextA, CharLowerBuffA, CharLowerA, CharUpperBuffA, CharToOemBuffA, AdjustWindowRectEx
> comctl32.dll: ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Destroy, ImageList_Create, InitCommonControls
> ole32.dll: CoTaskMemFree, CLSIDFromProgID, CoCreateInstance, CoFreeUnusedLibraries, CoUninitialize, CoInitialize, IsEqualGUID
> oleaut32.dll: GetActiveObject, RegisterTypeLib, LoadTypeLib, SysFreeString
> shell32.dll: ShellExecuteExA, ShellExecuteA, SHGetFileInfoA, ExtractIconA
> shell32.dll: SHChangeNotify, SHBrowseForFolder, SHGetPathFromIDList, SHGetMalloc
> comdlg32.dll: GetOpenFileNameA
> ole32.dll: CoDisconnectObject
> advapi32.dll: AdjustTokenPrivileges

rapport:C:\WINDOWS\is-E3JQV.lst : Fichier is-E3JQV.lst reçu le 2008.10.21 20:40:10 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 0/36 (0%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: ___.
L'heure estimée de démarrage est entre ___ et ___ .
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Formaté
Impression des résultats Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.18.0 2008.10.21 -
AntiVir 7.9.0.5 2008.10.21 -
Authentium 5.1.0.4 2008.10.21 -
Avast 4.8.1248.0 2008.10.21 -
AVG 8.0.0.161 2008.10.21 -
BitDefender 7.2 2008.10.21 -
CAT-QuickHeal 9.50 2008.10.21 -
ClamAV 0.93.1 2008.10.21 -
DrWeb 4.44.0.09170 2008.10.21 -
eSafe 7.0.17.0 2008.10.19 -
eTrust-Vet 31.6.6161 2008.10.21 -
Ewido 4.0 2008.10.21 -
F-Prot 4.4.4.56 2008.10.21 -
F-Secure 8.0.14332.0 2008.10.21 -
Fortinet 3.113.0.0 2008.10.21 -
GData 19 2008.10.21 -
Ikarus T3.1.1.44.0 2008.10.21 -
K7AntiVirus 7.10.501 2008.10.21 -
Kaspersky 7.0.0.125 2008.10.21 -
McAfee 5409 2008.10.21 -
Microsoft 1.4005 2008.10.21 -
NOD32 3543 2008.10.21 -
Norman 5.80.02 2008.10.21 -
Panda 9.0.0.4 2008.10.21 -
PCTools 4.4.2.0 2008.10.21 -
Prevx1 V2 2008.10.21 -
Rising 20.67.12.00 2008.10.21 -
SecureWeb-Gateway 6.7.6 2008.10.21 -
Sophos 4.34.0 2008.10.21 -
Sunbelt 3.1.1741.1 2008.10.21 -
Symantec 10 2008.10.21 -
TheHacker 6.3.1.0.121 2008.10.21 -
TrendMicro 8.700.0.1004 2008.10.21 -
VBA32 3.12.8.8 2008.10.21 -
ViRobot 2008.10.21.1430 2008.10.21 -
VirusBuster 4.5.11.0 2008.10.21 -
Information additionnelle
File size: 3103 bytes
MD5...: ecd96d1196a82973fd3b3e9a8105badf
SHA1..: 46343966421f0cf79185ff9a863829009e44e521
SHA256: 56fb925e75b5734cf185568d85e72e6f0d31b14c5f161271c8501619d458092e
SHA512: 7d3204e55788b68f6cbe84c2d6d7787518ac60933c662a2b429da37ff3e238d2
ade4dec9273b14a1c72d14a1524100e87cdddb3c61d169602df009442b049f4e
PEiD..: -
TrID..: File type identification
file seems to be plain text/ASCII (0.0%)
PEInfo: -

finalement me revoilà:ComboFix 08-10-19.04 - Administrateur 2008-10-21 23:53:42.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.236 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\Administrateur\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé

FILE ::
C:\Program Files\Evidence Eliminator\ee.exe
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-09-21 au 2008-10-21 ))))))))))))))))))))))))))))))))))))
.

2008-10-20 23:41 . 2008-10-20 23:41 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-20 23:41 . 2008-10-20 23:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-20 23:41 . 2008-10-20 23:41 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-10-20 23:41 . 2008-10-16 20:25 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-20 23:41 . 2008-10-16 20:25 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-20 22:55 . 2008-10-20 22:55 <REP> d-------- C:\Program Files\CCleaner
2008-10-20 20:51 . 2008-10-20 20:51 <REP> d-------- C:\Program Files\Trend Micro
2008-10-19 19:23 . 2002-03-22 00:20 204,849 --a------ C:\WINDOWS\system32\DLL32.DLL
2008-10-19 19:23 . 2002-03-31 19:35 6,144 --a------ C:\WINDOWS\system32\DLL16.DLL
2008-10-19 14:32 . 2008-10-19 14:32 218 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-10-19 14:30 . 2008-10-19 14:49 <REP> d-------- C:\WINDOWS\SxsCaPendDel
2008-10-19 14:14 . 2008-10-19 14:14 <REP> dr-h----- C:\AHCache
2008-10-19 13:48 . 2008-10-19 13:48 4,096 --a------ C:\WINDOWS\system32\Run32.dll
2008-10-19 13:40 . 2008-10-19 14:56 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Uniblue
2008-10-19 13:39 . 2008-10-19 19:21 <REP> d-------- C:\Program Files\Uniblue
2008-10-19 12:47 . 2008-10-21 23:52 <REP> d-------- C:\WINDOWS\system32\CatRoot2
2008-10-19 12:35 . 2008-10-19 12:35 1,529,619 --a------ C:\upload_moi_TITANIUM.tar.gz
2008-10-19 08:57 . 2008-10-19 08:57 <REP> d--hs---- C:\Documents and Settings\Administrateur\PrivacIE
2008-10-19 08:45 . 2008-04-14 04:33 81,920 --a------ C:\WINDOWS\system32\ieencode.dll
2008-10-13 15:51 . 2008-10-13 15:51 <REP> d-------- C:\Program Files\MSBuild
2008-10-13 15:46 . 2008-10-19 14:40 <REP> d-------- C:\WINDOWS\system32\XPSViewer
2008-10-13 15:45 . 2008-10-13 15:45 <REP> d-------- C:\Program Files\Reference Assemblies
2008-10-13 15:44 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-10-13 02:02 . 2008-10-13 15:42 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Nero
2008-10-13 01:34 . 2008-10-13 01:34 4,767 --a------ C:\WINDOWS\Irremote.ini
2008-10-13 01:31 . 2008-10-13 01:31 <REP> d-------- C:\Program Files\Windows Sidebar
2008-10-12 23:02 . 2008-10-13 01:50 <REP> d-------- C:\Program Files\Fichiers communs\Nero
2008-10-12 21:55 . 2008-10-13 01:33 <REP> d-------- C:\Program Files\Nero
2008-10-12 21:55 . 2008-10-13 02:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-10-12 20:38 . 2008-10-12 20:38 <REP> d-------- C:\WINDOWS\system32\fr
2008-10-12 20:38 . 2008-10-12 20:38 <REP> d-------- C:\WINDOWS\system32\bits
2008-10-12 20:38 . 2008-10-12 20:38 <REP> d-------- C:\WINDOWS\l2schemas
2008-10-12 20:35 . 2008-10-12 20:39 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-10-03 19:19 . 2008-10-03 19:19 <REP> d-------- C:\Program Files\K!TV
2008-10-03 18:27 . 2008-10-03 18:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-10-01 07:14 . 2008-10-01 07:14 <REP> d-------- C:\Program Files\AVSMedia
2008-09-29 21:01 . 2008-09-29 21:01 674,816 --a------ C:\WINDOWS\is-E3JQV.exe
2008-09-29 21:01 . 2008-09-29 21:01 13,788 --a------ C:\WINDOWS\is-E3JQV.msg
2008-09-29 21:01 . 2008-09-29 21:01 3,103 --a------ C:\WINDOWS\is-E3JQV.lst
2008-09-29 19:41 . 2007-02-27 19:36 638,976 --a------ C:\WINDOWS\system32\divx.dll
2008-09-29 19:41 . 2007-02-27 19:36 221,215 --a------ C:\WINDOWS\system32\divxdec.ax

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-21 21:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-21 21:46 --------- d-----w C:\Program Files\Navilog1
2008-10-21 21:40 --------- d-----w C:\Program Files\SPAMfighter
2008-10-21 17:14 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Free Download Manager
2008-10-20 20:19 2,362 ----a-w C:\WINDOWS\system32\tmp.reg
2008-10-20 19:33 --------- d-----w C:\Program Files\Free Download Manager
2008-10-19 13:00 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\AVS Video Converter
2008-10-12 19:59 --------- d-----w C:\Program Files\Ahead
2008-10-12 17:10 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Ahead
2008-10-10 11:35 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Vso
2008-10-10 06:58 82,944 ----a-w C:\WINDOWS\system32\o4Patch.exe
2008-10-10 06:58 82,944 ----a-w C:\WINDOWS\system32\IEDFix.C.exe
2008-10-01 13:51 87,552 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-10-01 05:15 --------- d-----w C:\Program Files\Fichiers communs\AVSMedia
2008-09-29 18:16 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\AVSMedia
2008-09-20 13:34 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\GrabIt
2008-09-16 07:56 --------- d-----w C:\Program Files\iWizz
2008-09-14 07:50 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\SPAMfighter
2008-09-14 07:49 --------- d-----w C:\Program Files\Fichiers communs\Application
2008-09-14 07:49 --------- d-----w C:\Program Files\Fichiers communs\Ankiro
2008-09-14 07:44 --------- d-----w C:\Program Files\Goto Software
2008-09-14 07:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\VadeRetro
2008-09-14 06:46 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\VadeRetro
2008-09-08 21:38 88,576 ----a-w C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-09-06 08:27 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-06 07:55 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-09-06 07:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-28 19:40 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Software Informer
2008-08-28 19:38 --------- d-----w C:\Program Files\Software Informer
2008-08-18 10:19 82,432 ----a-w C:\WINDOWS\system32\404Fix.exe
2008-08-05 15:55 265,720 ----a-w C:\WINDOWS\system32\msdbg2.dll
2008-07-29 19:10 73,720 ----a-w C:\WINDOWS\system32\dxva2.dll
2008-07-29 19:10 493,048 ----a-w C:\WINDOWS\system32\evr.dll
2008-07-29 19:10 26,112 ----a-w C:\WINDOWS\system32\TsWpfWrp.exe
2008-07-29 18:35 326,160 ----a-w C:\WINDOWS\system32\PresentationHost.exe
2008-07-29 17:59 781,344 ----a-w C:\WINDOWS\system32\PresentationNative_v0300.dll
2008-07-29 17:59 43,544 ----a-w C:\WINDOWS\system32\PresentationHostProxy.dll
2008-07-29 17:59 161,296 ----a-w C:\WINDOWS\system32\UIAutomationCore.dll
2008-07-29 17:59 105,016 ----a-w C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2008-07-29 17:24 97,800 ----a-w C:\WINDOWS\system32\infocardapi.dll
2008-07-29 17:24 622,080 ----a-w C:\WINDOWS\system32\icardagt.exe
2008-07-29 17:24 11,264 ----a-w C:\WINDOWS\system32\icardres.dll
2008-07-25 09:16 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll
2008-07-25 09:16 83,968 ----a-w C:\WINDOWS\system32\mscories.dll
2008-07-25 09:16 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll
2008-07-25 09:16 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll
2007-11-30 18:59 47,360 -c--a-w C:\Documents and Settings\Administrateur\Application Data\pcouffin.sys
2007-02-20 15:53 56 -csh--r C:\WINDOWS\system32\4E1C7529FE.sys
2007-03-01 09:46 8 -csh--r C:\WINDOWS\system32\B2D2434362.sys
2008-01-29 09:18 10,022 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-10-21_19.22.44.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-21 21:39:52 16,384 ------w C:\WINDOWS\Temp\Perflib_Perfdata_570.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-02-24 5537792]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-02-24 86016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-07-29 321672]
"nwiz"="nwiz.exe" [2005-02-24 C:\WINDOWS\system32\nwiz.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm

[HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^Yahoo! Widget Engine.lnk]
path=C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Yahoo! Widget Engine.lnk
backup=C:\WINDOWS\pss\Yahoo! Widget Engine.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashGet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
--a------ 2008-05-20 17:27 2474031 C:\Program Files\Free Download Manager\fdm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Upload Manager]
--a------ 2007-12-31 00:14 253952 C:\Program Files\Free Download Manager\FUM\fum.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a--c--- 2003-08-04 18:28 49152 C:\Program Files\HP\HP Software Update\hpwuSchd.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" -autorun
"Free Uploader Oe Integration"=C:\Program Files\Free Download Manager\FUM\fumoei.exe
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mshta.exe"=
"C:\\Program Files\\Freeplayer\\vlc\\vlc.exe"=
"C:\\Program Files\\Java\\j2re1.4.2_05\\bin\\javaw.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\eMule\\eMule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Free Download Manager\\fdm.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Pinnacle\\Pinnacle PCTV\\TeleText\\WebServer.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\French\\setup.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7561:TCP"= 7561:TCP:emule
"7571:UDP"= 7571:UDP:emule
"7195:TCP"= 7195:TCP:emule
"7222:UDP"= 7222:UDP:emule
"7185:TCP"= 7185:TCP:emule

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
R2 SPAMfighter Update Service;SPAMfighter Update Service;C:\Program Files\SPAMfighter\sfus.exe [2008-07-29 184968]
R3 Camdrv30;Philips ToUcam XS;C:\WINDOWS\system32\Drivers\camdrv30.sys [2001-08-17 171264]
R3 pctvvbi;PCTVVBI;C:\WINDOWS\system32\DRIVERS\pctvvbi.sys [2002-04-02 6369]
S3 dz2kscsi;dz2kscsi;C:\WINDOWS\system32\DRIVERS\dz2kscsi.sys [2003-07-09 10624]
S3 dz2kusb;dz2kusb;C:\WINDOWS\system32\DRIVERS\dz2kusb.sys [2002-07-29 11392]
S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\system32\DRIVERS\fbxusb.sys [2003-12-31 18848]
.
Contenu du dossier 'Tâches planifiées'

2008-10-13 C:\WINDOWS\Tasks\NeroLiveEpgUpdate-TITANIUM_Administrateur.job
- C:\Program Files\Nero\Nero 9\Nero Live\NeroLive.exe [2008-09-18 13:51]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-21 23:55:39
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-10-21 23:56:34
ComboFix-quarantined-files.txt 2008-10-21 21:56:27
ComboFix2.txt 2008-10-21 17:23:20

Avant-CF: 29 104 164 864 octets libres
Après-CF: 29,088,649,216 octets libres

198 --- E O F --- 2008-10-14 01:01:11

bonjours ske69 cela a été un peu long mais j'ai enfin réussi a faire le scan en ligne avec kaspersky je te poste le rapport ainsi que celui de tcleanner, de plus le logo avast en bas a droite disparait a chaque démarrage,je suis obligé de le remettre a chaque fois en allant sur C:\Program Files\Alwil Software\Avast4\ashDisp. j'ai aussi un souci avec les alertes de sécurité windows impossible de réactiver les mise a jours automatiques. je me reconnecterai en fin d'après midi ,bonne journée à toi.[ Rapport ToolsCleaner version 2.2.4 (par A.Rothstein & dj QUIOU) ]

-->- Recherche:

C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe: ERREUR DE SUPPRESSION !!
KASPERSKY ON-LINE SCANNER REPORT
Thursday, October 23, 2008 6:55:07 AM
Système d'exploitation : Microsoft Windows XP Professional, Service Pack 3 (Build 2600)
Kaspersky On-line Scanner version : 5.0.84.2
Dernière mise à jour de la base antivirus Kaspersky : 22/10/2008
Enregistrements dans la base antivirus Kaspersky : 1195371
Paramètres d'analyse
Analyser avec la base antivirus suivante standard
Analyser les archives vrai
Analyser les bases de messagerie vrai
Cible de l'analyse Poste de travail
A:\
C:\
D:\
E:\
Statistiques de l'analyse
Total d'objets analysés 60599
Nombre de virus trouvés 0
Nombre d'objets infectés 0 / 0
Nombre d'objets suspects 0
Durée de l'analyse 02:06:57

Nom de l'objet infecté Nom du virus Dernière action
C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\qxj9jqbi.default\cert8.db L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\qxj9jqbi.default\content-prefs.sqlite L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Application Data\SPAMfighter\Logs\Agent.log.txt L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\Historique\History.IE5\MSHist012008102220081023\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\temp\Free Download Manager\tic1F0A.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Nero\Nero BackItUp 4\Cache\BIU1.txt L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\selfdef.log L'objet est verrouillé ignoré
C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
C:\System Volume Information\_restore{54B61D26-4FC8-429D-B011-7847C18A6D8F}\RP2\change.log L'objet est verrouillé ignoré
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Antivirus.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
C:\WINDOWS\Temp\Perflib_Perfdata_59c.dat L'objet est verrouillé ignoré
C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
D:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
D:\System Volume Information\_restore{54B61D26-4FC8-429D-B011-7847C18A6D8F}\RP2\change.log L'objet est verrouillé ignoré
Analyse terminée.

salut ;problèmes résolu pour avast et mise a jours automatiques pour conbo fix il me dit que windows ne trouve pas combofix.je te poste aussi un rapport hijack:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:20:29, on 23/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\Free Download Manager\fdm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe

voila je te poste le dernier rapport t cleaner ,j'ai suivi toutes tes autres recommandations et et apparemment tout a l'air de fonctionner parfaitement ;dois je faire autre chose? est-il nécessaire de faire une image ghost de mon ordinateur pour le sauvegarder maintenant qu' il fonctionne normalement.,et si oui avec quel programme .merci une fois de plus pour ton aide précieuse et le temps que tu à passé pour solutionner mon problème . bonne soirée a toi.

excuse moi j'ai oublié de te poster le rapport t cleaner :le voici et encore merci pour tes conseilles avisée [ Rapport ToolsCleaner version 2.2.4 (par A.Rothstein & dj QUIOU) ]

-->- Recherche:

C:\Documents and Settings\Administrateur\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\Administrateur\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !