Toujours trojan

désolée, je ne suis pas allée jusqu'au bout. je suis pas blonde mais....
SmitFraudFix v2.387

Rapport fait à 12:00:57,59, 30/12/2008
Executé à partir de E:\Program Files\FlashGet\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashDisp.exe
E:\WINDOWS\system32\rundll32.exe
E:\Program Files\Windows Live\Messenger\msnmsgr.exe
E:\WINDOWS\system32\ctfmon.exe
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\Program Files\Wireless\IEEE802.11g WLAN USB Adapter\OdHost.exe
E:\Program Files\Wireless\IEEE802.11g WLAN USB Adapter\WLUSBCfg.exe
E:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Applications\Microsoft Office\Office10\OUTLOOK.EXE
C:\Applications\Microsoft Office\Office10\WINWORD.EXE
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Program Files\FlashGet\flashget.exe
E:\Program Files\FlashGet\SmitfraudFix\Policies.exe
E:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» E:\


»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» E:\Documents and Settings\Administrateur


»»»»»»»»»»»»»»»»»»»»»»»» E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» E:\Documents and Settings\Administrateur\Application Data

E:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» E:\DOCUME~1\ADMINI~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau

E:\DOCUME~1\ADMINI~1\Bureau\Antivirus 2009.lnk PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» E:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="eovrpb.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="E:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: IEEE 802.11g USB Adapter - Odyssey Network Services Miniport
DNS Server Search Order: 212.27.40.240
DNS Server Search Order: 212.27.40.241

HKLM\SYSTEM\CCS\Services\Tcpip\..\{256508EC-4B3B-48EB-BD86-85AA920EFC87}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\..\{256508EC-4B3B-48EB-BD86-85AA920EFC87}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS2\Services\Tcpip\..\{256508EC-4B3B-48EB-BD86-85AA920EFC87}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

voici le nouveau rapport

maintenant j'ai des fenetres qui s'ouvrent en anglais (pub)


SmitFraudFix v2.387

Rapport fait à 16:51:10,00, 30/12/2008
Executé à partir de E:\Documents and Settings\Administrateur\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: IEEE 802.11g USB Adapter - Odyssey Network Services Miniport
DNS Server Search Order: 212.27.40.240
DNS Server Search Order: 212.27.40.241

HKLM\SYSTEM\CCS\Services\Tcpip\..\{256508EC-4B3B-48EB-BD86-85AA920EFC87}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\..\{256508EC-4B3B-48EB-BD86-85AA920EFC87}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS2\Services\Tcpip\..\{256508EC-4B3B-48EB-BD86-85AA920EFC87}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

Logfile of random's system information tool 1.05 (written by random/random)
Run by Administrateur at 2008-12-30 17:29:03
Microsoft Windows XP Professionnel Service Pack 2
System drive E: has 12 GB (40%) free of 31 GB
Total RAM: 511 MB (25% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:29:12, on 30/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\Program Files\Alwil Software\Avast4\ashDisp.exe
E:\WINDOWS\system32\rundll32.exe
E:\Program Files\Windows Live\Messenger\msnmsgr.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Wireless\IEEE802.11g WLAN USB Adapter\OdHost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Wireless\IEEE802.11g WLAN USB Adapter\WLUSBCfg.exe
E:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\Program Files\Windows Live\Messenger\usnsvc.exe
E:\WINDOWS\explorer.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Program Files\FlashGet\flashget.exe
C:\Downloads\RSIT.exe
C:\Downloads\Administrateur.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2A03942E-87EF-4BCC-B529-7C126185373E} - E:\WINDOWS\system32\urqolKBu.dll (file missing)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - E:\WINDOWS\system32\awtsTNFw.dll
O2 - BHO: {b83dcfe6-d2ba-4bd9-7bd4-aa06ebf7f54a} - {a45f7fbe-60aa-4db7-9db4-ab2d6efcd38b} - E:\WINDOWS\system32\eovrpb.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {C8F3F067-79C3-4757-A705-C52042BA6972} - E:\WINDOWS\system32\mlJDSjiH.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] "E:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [401ae2ab] rundll32.exe "E:\WINDOWS\system32\fghbrpfp.dll",b
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [84110605906631516267167190579841] E:\Program Files\Antivirus 2009\av2009.exe
O4 - Global Startup: IEEE 802.11g USB Adapter Utility.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\Applications\Microsoft Office\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec FlashGet - E:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Télécharger avec FlashGet - E:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\system32\msjava.dll
O9 - Extra button: MrB Poker - {1DAA624F-A7AB-4b31-97A4-67205FF6963C} - C:\Applications\Poker\mrbookmakerfrMPP\MPPoker.exe (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe
O10 - Unknown file in Winsock LSP: e:\windows\system32\nwprovau.dll
O20 - AppInit_DLLs: eovrpb.dll
O20 - Winlogon Notify: awtsTNFw - E:\WINDOWS\SYSTEM32\awtsTNFw.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - E:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - E:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe

Logfile of random's system information tool 1.05 (written by random/random)
Run by Administrateur at 2008-12-30 17:29:03
Microsoft Windows XP Professionnel Service Pack 2
System drive E: has 12 GB (40%) free of 31 GB
Total RAM: 511 MB (25% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:29:12, on 30/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\Program Files\Alwil Software\Avast4\ashDisp.exe
E:\WINDOWS\system32\rundll32.exe
E:\Program Files\Windows Live\Messenger\msnmsgr.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Wireless\IEEE802.11g WLAN USB Adapter\OdHost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Wireless\IEEE802.11g WLAN USB Adapter\WLUSBCfg.exe
E:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\Program Files\Windows Live\Messenger\usnsvc.exe
E:\WINDOWS\explorer.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Program Files\FlashGet\flashget.exe
C:\Downloads\RSIT.exe
C:\Downloads\Administrateur.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2A03942E-87EF-4BCC-B529-7C126185373E} - E:\WINDOWS\system32\urqolKBu.dll (file missing)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - E:\WINDOWS\system32\awtsTNFw.dll
O2 - BHO: {b83dcfe6-d2ba-4bd9-7bd4-aa06ebf7f54a} - {a45f7fbe-60aa-4db7-9db4-ab2d6efcd38b} - E:\WINDOWS\system32\eovrpb.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {C8F3F067-79C3-4757-A705-C52042BA6972} - E:\WINDOWS\system32\mlJDSjiH.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] "E:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [401ae2ab] rundll32.exe "E:\WINDOWS\system32\fghbrpfp.dll",b
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [84110605906631516267167190579841] E:\Program Files\Antivirus 2009\av2009.exe
O4 - Global Startup: IEEE 802.11g USB Adapter Utility.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\Applications\Microsoft Office\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec FlashGet - E:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Télécharger avec FlashGet - E:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\system32\msjava.dll
O9 - Extra button: MrB Poker - {1DAA624F-A7AB-4b31-97A4-67205FF6963C} - C:\Applications\Poker\mrbookmakerfrMPP\MPPoker.exe (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe
O10 - Unknown file in Winsock LSP: e:\windows\system32\nwprovau.dll
O20 - AppInit_DLLs: eovrpb.dll
O20 - Winlogon Notify: awtsTNFw - E:\WINDOWS\SYSTEM32\awtsTNFw.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - E:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - E:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe

je crois que pour ce soir c'est rapé j'ai pas de disquette ni le cd sur place

a plus tard bonne soirée

Merci beaucoup pour ton aide, mon système semble de plus en plus stable :)
Voici le contenu du fichier combofix.txt:

ComboFix 08-12-30.02 - Administrateur 2008-12-31 12:08:30.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.511.181 [GMT 1:00]
Lancé depuis: e:\documents and settings\Administrateur\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

e:\windows\system32\lxlmqenh.ini
e:\windows\system32\prahbghr.ini
e:\windows\system32\tmp.reg
e:\windows\system32\uBKloqru.ini
e:\windows\system32\uBKloqru.ini2
e:\windows\system32\upsmegdv.ini

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games


((((((((((((((((((((((((((((( Fichiers créés du 2008-11-28 au 2008-12-31 ))))))))))))))))))))))))))))))))))))
.

2008-12-30 18:27 . 2008-12-30 18:27 <REP> d-------- e:\documents and settings\Administrateur\Application Data\Malwarebytes
2008-12-30 18:26 . 2008-12-30 18:26 <REP> d-------- E:\Malwarebytes' Anti-Malware
2008-12-30 18:26 . 2008-12-30 18:26 <REP> d-------- e:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-30 18:26 . 2008-12-03 19:52 38,496 --a------ e:\windows\system32\drivers\mbamswissarmy.sys
2008-12-30 18:26 . 2008-12-03 19:52 15,504 --a------ e:\windows\system32\drivers\mbam.sys
2008-12-30 17:29 . 2008-12-30 17:29 <REP> d-------- E:\rsit
2008-12-27 19:00 . 2008-12-29 16:14 <REP> d-------- E:\MSNFix
2008-12-27 19:00 . 2008-12-27 19:00 1,695,738 --a------ E:\MSNFix.7z
2008-12-16 14:43 . 2008-12-16 14:43 <REP> d-------- e:\documents and settings\Administrateur\Application Data\Eyeblaster
2008-12-02 15:48 . 2008-12-02 15:48 <REP> d-------- e:\documents and settings\All Users\Application Data\GameHouse
2008-11-26 17:20 . 2008-11-26 17:20 <REP> d-------- e:\documents and settings\Administrateur\Application Data\Playrix Entertainment
2008-11-26 15:57 . 2008-11-26 16:01 <REP> d-------- e:\documents and settings\Administrateur\Application Data\Ancient Quest of Saqqarah__gamehouse
2008-11-18 13:03 . 2008-11-18 13:03 <REP> d-------- e:\program files\uTorrent
2008-11-18 13:03 . 2008-12-24 06:44 <REP> d-------- e:\documents and settings\Administrateur\Application Data\uTorrent
2008-11-18 09:45 . 2008-11-18 09:45 <REP> d-------- e:\documents and settings\All Users\Application Data\NVIDIA
2008-11-07 12:41 . 2008-12-22 17:51 81,262 --a------ e:\windows\SGTBox.INI

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-30 20:18 --------- d-----w e:\program files\FlashGet
2008-12-25 18:09 --------- d-----w e:\program files\eMule
2008-12-23 11:15 --------- d-----w e:\program files\PCStitch 7
2008-12-16 13:42 --------- d-----w e:\program files\Zylom Games
2008-12-14 08:34 --------- d-----w e:\program files\Windows Live Safety Center
2008-11-26 16:20 --------- d-----w e:\documents and settings\Administrateur\Application Data\Zylom
2008-11-08 20:44 --------- d--h--w e:\program files\InstallShield Installation Information
2008-11-08 20:44 --------- d-----w e:\program files\Micro Application
2008-11-05 19:50 --------- d-----w e:\program files\PCStitch Pro
2008-09-13 15:20 23,352 ----a-w e:\documents and settings\Administrateur\Application Data\GDIPFONTCACHEV1.DAT
2007-02-07 18:53 81,920 ----a-w e:\documents and settings\Administrateur\Application Data\ezpinst.exe
2007-02-07 18:53 47,360 ----a-w e:\documents and settings\Administrateur\Application Data\pcouffin.sys
2007-01-17 09:50 774,144 ----a-w e:\program files\RngInterstitial.dll
2007-01-08 18:29 54 ----a-w e:\program files\delir.gio
2004-08-09 21:30 40,960 ----a-w e:\program files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="e:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"ctfmon.exe"="e:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2006-10-22 7700480]

e:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
IEEE 802.11g USB Adapter Utility.lnk - e:\program files\Wireless\IEEE802.11g WLAN USB Adapter\Startup.EXE [2007-05-25 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=eovrpb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.iac2"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Intel\iac25_32.ax
"VIDC.VP40"= vp4vfw.dll
"vidc.avrn"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\avidavicodec.dll
"vidc.advj"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\avidavicodec.dll
"vidc.mszh"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\avimszh.dll
"vidc.zlib"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\avizlib.dll
"vidc.cscd"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\camcodec.dll
"vidc.cvid"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\iccvid.dll
"msacm.trspch"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\tssoft32.acm
"vidc.em2v"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\etxcodec.dll
"vidc.mkvc"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\kmvidc32.dll
"vidc.hfyu"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\huffyuv.dll
"msacm.lameacm"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\lameacm.acm
"msacm.lhacm"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\lhacm.acm
"msacm.l3acm"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\l3codecp.acm
"vidc.sjpg"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\pmjpeg32.dll
"vidc.dmb2"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\pmjpeg32.dll
"vidc.gepj"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\pmjpeg32.dll
"vidc.qpeg"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Qpeg32.dll
"vidc.q1.0"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Qpeg32.dll
"msacm.sl_anet"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\sl_anet.acm
"vidc.vifp"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\vfcodec.dll
"vidc.wrpr"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\aviwrap.dll
"vidc.wnv1"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\wnvplay1.dll
"vidc.advs"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Adaptec\Dvc.dll
"vidc.aflc"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Autodesk\flccodec32.dll
"vidc.afli"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Autodesk\flccodec32.dll
"vidc.aasc"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Autodesk\Aasc32.dll
"vidc.aas4"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Autodesk\Aasc32.dll
"vidc.asv1"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\ASUS\asusasv1.dll
"vidc.asv2"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\ASUS\asusasv2.dll
"vidc.asvx"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\ASUS\asusasv2.dll
"vidc.vcr1"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\ATI\ativcr1.dll
"vidc.vcr2"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\ATI\ativcr2.dll
"vidc.yv12"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\ATI\atiyuv12.DLL
"vidc.mwv1"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Aware\icmw_32.dll
"vidc.bt20"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Brooktree\btvvc32.drv
"vidc.y41p"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Brooktree\btvvc32.drv
"msacm.pcdv"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Canopus\pcdv.acm
"vidc.cdvc"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Canopus\CSCCDVC.DLL
"vidc.ddvc"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Canopus\CSCdvsd.DLL
"vidc.png1"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Core\CorePNG_vfw.dll
"msacm.CoreFLAC_ACM"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Core\CoreFLAC_ACM.acm
"vidc.davc"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\dicas\davcvfw.dll
"vidc.div3"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\DivX\DivXc32.dll
"vidc.div5"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\DivX\DivXc32.dll
"vidc.mpg3"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\DivX\DivXc32.dll
"vidc.div4"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\DivX\DivXc32f.dll
"vidc.div6"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\DivX\DivXc32f.dll
"vidc.ap41"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\DivX\DivXc32f.dll
"vidc.dvx4"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\DivX\divx4.dll
"msacm.divxa32"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\DivX\divxa32.acm
"vidc.frwd"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Forward\frwd.dll
"vidc.frwt"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Forward\frwd.dll
"vidc.frwa"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Forward\frwt.dll
"vidc.frwu"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Forward\frwu.dll
"vidc.glzw"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Gabest\GLZW.dll
"vidc.gpeg"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Gabest\GPEG.dll
"vidc.i263"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Intel\i263_32.drv
"vidc.iv30"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll
"vidc.iv31"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll
"vidc.iv32"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll
"vidc.iv33"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll
"vidc.iv34"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll
"vidc.iv35"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll
"vidc.iv36"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll
"vidc.iv37"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll
"vidc.iv38"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll
"vidc.iv39"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll
"vidc.iv40"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll
"vidc.iv41"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll
"vidc.iv42"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll
"vidc.iv43"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll
"vidc.iv44"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll
"vidc.iv45"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll
"vidc.iv46"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll
"vidc.iv47"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll
"vidc.iv48"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll
"vidc.iv49"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll
"vidc.iv50"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Intel\ir50_32.dll
"vidc.iyuv"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Intel\iyuv_32.dll
"vidc.yvu9"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Intel\Iyvu9_32.dll
"vidc.ir21"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Intel\IR21_R.DLL
"vidc.rt21"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Intel\IR21_R.DLL
"msacm.imc"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Intel\IMC32.ACM
"vidc.lead"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\LEAD\LCODCCMP.DLL
"vidc.dvsd"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\MainConcept\MCDVD_32.DLL
"vidc.dvc"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\MainConcept\MCDVD_32.DLL
"vidc.dvcs"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\MainConcept\MCDVD_32.DLL
"vidc.dcmj"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\MainConcept\MCMJPG32.DLL
"vidc.avi1"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\MainConcept\MCMJPG32.DLL
"vidc.avi2"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\MainConcept\MCMJPG32.DLL
"vidc.dv25"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
"vidc.dv50"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
"vidc.msmc"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
"vidc.mmjp"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
"vidc.mtx1"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
"vidc.mtx2"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
"vidc.mtx3"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
"vidc.mtx4"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
"vidc.mtx5"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
"vidc.mtx6"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
"vidc.mtx7"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
"vidc.mtx8"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
"vidc.mtx9"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
"vidc.mmes"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
"msacm.msadpcm"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Microsoft\msadp32.acm
"msacm.imaadpcm"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Microsoft\imaadp32.acm
"msacm.msg711"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Microsoft\msg711.acm
"msacm.msg723"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Microsoft\msg723.acm
"msacm.msgsm610"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Microsoft\msgsm32.acm
"vidc.m261"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Microsoft\msh261.drv
"vidc.m263"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Microsoft\msh263.drv
"vidc.i420"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Microsoft\msh263.drv
"vidc.mrle"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Microsoft\msrle32.dll
"vidc.uyvy"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Microsoft\msyuv.dll
"vidc.yuy2"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Microsoft\msyuv.dll
"vidc.yvyu"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Microsoft\msyuv.dll
"vidc.msvc"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Microsoft\msvidc32.dll
"vidc.cram"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Microsoft\msvidc32.dll
"vidc.mp41"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Microsoft\mpg4c32.dll
"vidc.mp43"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Microsoft\mpg4c32.dll
"vidc.mp4s"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Microsoft\mpg4c32.dll
"vidc.mp4v"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Microsoft\mpg4c32.dll
"vidc.wmv3"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Microsoft\WMV9VCM.dll
"msacm.msaudio1"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Microsoft\msaud32.acm
"vidc.vixl"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Miro\miroxl32.dll
"vidc.nt00"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Newtek\ntcodec.dll
"msacm.vorbis"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\OGG\vorbis.acm
"vidc.vp30"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\On2 Technologies\vp31vfw.dll
"vidc.vp31"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\On2 Technologies\vp31vfw.dll
"vidc.vp60"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\On2 Technologies\vp6vfw.dll
"vidc.vp61"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\On2 Technologies\vp6vfw.dll
"vidc.pdvc"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Panasonic\idvcodec.dll
"vidc.ipdv"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Panasonic\idvcodec.dll
"vidc.pvw2"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Pegasus\pvwv220.dll
"vidc.pimj"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Pegasus\pvljpg20.dll
"vidc.mjpx"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Pegasus\pvmjpg21.dll
"vidc.miro"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Pinnacle\mirodv2avi.dll
"vidc.dcap"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Pinnacle\mirodv2avi.dll
"vidc.mjpa"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Pinnacle\rtmjpgcdc.dll
"vidc.gpjm"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Pinnacle\rtmjpgcdc.dll
"vidc.pim1"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Pinnacle\pclepim1.dll
"msacm.qmpeg"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\QDesign\qmpeg.acm
"vidc.rmp4"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\REALmagic\rmp4.dll
"vidc.rud0"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Rududu\rududu.dll
"msacm.at3"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\SONY\atrac3.acm
"vidc.sony"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\SONY\sonydv.dll
"vidc.dvcp"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\SONY\sonydv.dll
"vidc.s422"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Tekram\tekyuv.dll
"vidc.t420"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Toshiba\tsbyuv.dll
"vidc.y411"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Toshiba\tsbyuv.dll
"vidc.vssv"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\Vanguard Software Sollutions\vsscodec.dll
"msacm.voxacm160"= c:\applications\Utilitaires\ACE Mega CoDecS Pack\SystemS\VoxWare\vct3216.acm

[HKLM\~\startupfolder\E:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^Pense-bête.lnk]
path=e:\documents and settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Pense-bête.lnk
backup=e:\windows\pss\Pense-bête.lnkStartup

[HKLM\~\startupfolder\E:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^Personal Player.lnk]
path=e:\documents and settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Personal Player.lnk
backup=e:\windows\pss\Personal Player.lnkStartup

[HKLM\~\startupfolder\E:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^Trillian.lnk]
path=e:\documents and settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Trillian.lnk
backup=e:\windows\pss\Trillian.lnkStartup

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=e:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=e:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=e:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=e:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=e:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=e:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 01:54 15360 e:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2002-12-05 13:43 188416 e:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--------- 2004-07-26 18:14 1867776 e:\program files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
-ra------ 2001-07-09 10:50 155648 e:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-10-22 12:22 7700480 e:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-10-22 12:22 86016 e:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2008-02-26 02:23 443968 e:\program files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-06-28 20:29 32768 e:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2004-06-03 22:05 32881 e:\program files\Java\j2re1.4.2_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2006-06-21 18:14 35328 e:\program files\WINAMP\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-10-22 12:22 1622016 e:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 2005-06-08 01:31 77824 e:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
-ra------ 2005-05-13 05:57 53248 e:\windows\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
-ra------ 2005-05-13 05:57 143360 e:\windows\system32\VTTrayp.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"e:\\WINDOWS\\system32\\sessmgr.exe"=
"e:\\Program Files\\InstantTouch\\bin\\CmCenterV2.exe"=
"e:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\utilitaire\\Applications\\Emule\\emule.exe"=
"e:\\Program Files\\eMule\\emule.exe"=
"e:\\Program Files\\uTorrent\\uTorrent.exe"=

R2 NwSapAgent;Agent SAP;e:\windows\system32\svchost.exe -k netsvcs [2004-08-04 14336]
R3 ZD1211U(Wireless);IEEE 802.11g USB Adapter Driver(Wireless);e:\windows\system32\DRIVERS\zd1211u.sys [2006-09-18 259584]
S3 maconfservice;Ma-Config Service;"e:\program files\ma-config.com\maconfservice.exe" [2008-07-25 191656]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\Setup.exe
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{2A03942E-87EF-4BCC-B529-7C126185373E} - e:\windows\system32\urqolKBu.dll
MSConfigStartUp-DAEMON Tools - c:\applications\Utilitaires\DAEMON Tools\daemon.exe
MSConfigStartUp-ReJf5vH - e:\windows\wulhk.exe
MSConfigStartUp-SDR6V_Check - e:\program files\Fichiers communs\DriveCleaner 2006 Free\SDRmon.exe
MSConfigStartUp-SurfAccuracy - e:\program files\SurfAccuracy\SAcc.exe
MSConfigStartUp-swg - e:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
MSConfigStartUp-Uniblue RegistryBooster 2 - e:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
MSConfigStartUp-WindowsServicesStartup - e:\docume~1\ADMINI~1\LOCALS~1\Temp\svchost.exe


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
IE: E&xporter vers Microsoft Excel - c:\applications\Microsoft Office\Office10\EXCEL.EXE/3000
IE: Tout télécharger avec FlashGet - e:\program files\FlashGet\jc_all.htm
IE: Télécharger avec FlashGet - e:\program files\FlashGet\jc_link.htm
IE: {{1DAA624F-A7AB-4b31-97A4-67205FF6963C} - c:\applications\Poker\mrbookmakerfrMPP\MPPoker.exe

O16 -: Microsoft XML Parser for Java - file://e:\windows\Java\classes\xmldso.cab
e:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - e:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\69bkcgby.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA2&q=
FF - plugin: e:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\69bkcgby.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
FF - plugin: e:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: e:\program files\Java\j2re1.4.2_05\bin\NPJava11.dll
FF - plugin: e:\program files\Java\j2re1.4.2_05\bin\NPJava12.dll
FF - plugin: e:\program files\Java\j2re1.4.2_05\bin\NPJava13.dll
FF - plugin: e:\program files\Java\j2re1.4.2_05\bin\NPJava14.dll
FF - plugin: e:\program files\Java\j2re1.4.2_05\bin\NPJava32.dll
FF - plugin: e:\program files\Java\j2re1.4.2_05\bin\NPJPI142_05.dll
FF - plugin: e:\program files\Java\j2re1.4.2_05\bin\NPOJI610.dll
FF - plugin: e:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: e:\program files\Mozilla Firefox\plugins\npgcplug.dll
FF - plugin: e:\program files\Mozilla Firefox\plugins\npornap.dll
FF - plugin: e:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: e:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: e:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: e:\program files\Virtools\3D Life Player\npvirtools.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-31 12:13:55
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\Administrator\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*NULL*]
@Security="Inherited"
"??"=hex:78,c8,53,b4,23,12,41,4e,e5,30,09,d1,77,37,42,36,23,39,d7,f7,a2,23,1d,\
4a,ad,e1,22,db,28,28,ee,fc,0c,e1,f1,6a,23,7a,11,1e,85,4b,cb,a6,0a,d8,e6,85,\
86,3d,97,2a,8a,61,bb,85,7e,a9,8f,12,03,9c,fd,94,73,2d,ee,e3,ee,ff,0e,54,68,\
92,0c,cc,68,fd,b5,d8,83,b4,ba,9d,5d,06,67,55,56,19,53,5b,d0,c8,d6,43,c5,fc,\
e5,a6,ef,9b,de,93,18,1f,d6,3e,b6,0b,55,53,10,3f,26,30,24,2e,a4,7f,aa,82,6d,\
4b,35,4a,ba,41,a2,70,d5,5f,b3,e4,af,8a,4b,15,da,63,5c,68,be,86,98,01,c8,16,\
df,e8,da,ef,5f,90,23,4f,d2,26,24,0e,ee,40,20,d3,f0,34,fe,46,7e,33,79,00,19,\
a9,73,97,f3,66,a7,14,3a,48,64,98,11,aa,f3,58,2b,17,d2,bc,fb,19,9d,ab,72,b3,\
0d,37,71,7f,d4,40,55,4f,24,84,87,80,0c,06,08,f3,c5,5f,71,df,46,b5,77,e4,4b,\
7a,4c,cc,f2,bc,40,ac,30,1a,5b,c4,20,b1,16,a9,f1,9f,8b,8a,99,ac,e4,08,04,77,\
27,e4,c8,fb,29,60,8f,bc,8e,42,35,f2,dd,55,0a,5f,96,0d,65,72,92,0a,8d,d0,2f,\
1d,c4,b0,d1,6f,c4,94,26,96,b2,c0,b7,0f,75,99,8c,e3,30,74,f5,3e,cc,27,53,74,\
57,97,48,ad,ad,86,de,6a,a2,cf,b3,8d,9f,a8,f0,bd,c5,ea,0c,e5,6f,04,c6,8b,70,\
69,a9,fb,22,82,bf,2d,1b,0c,eb,f4,d4,7d,24,2a,8c,0a,fa,6a,86,dd,66,3f,95,bb,\
ba,b2,5a,4e,1d,09,1d,ce,9f,49,c3,60,dc,e1,b7,56,ca,52,00,c9,99,ee,45,25,2b,\
ff,c2,c6,73,69,98,7e,4a,d8,1a,13,d8,f2,52,81,ea,b1,f4,b1,90,2b,1c,0b,a7,e2,\
1c,c2,44,e1,5f,ee,49,60,6d,c4,5d,80,0c,0a,8a,75,66,48,15,52,f7,34,e5,ed,6f,\
5c,82,40,10,6c,eb,3e,31,28,e2,a5,60,a9,aa,17,5d,d3,b6,1d,03,2c,85,3b,f3,6b,\
8d,f3,6a,16,f9,0e,69,40,b3,aa,58,51,4c,ae,5d,3c,cd,b0,c0,79,90,79,a1,78,07,\
88,de,a0,37,6b,39,d9,b9,cb,60,c3,db,c4,03,b0,7d,2f,a6,cf,e5,32,37,f9,a2,60,\
58,e9,4d,04,04,95,5c,9b,e6,0b,b5,07,9b,d1,ad,07,bc,26,43,2c,97,9e,8c,3d,a5,\
bc,fe,5a,02,38,e8,58,ac,89,99,07,f1,e8,e9,eb,e9,96,fc,ad,5a,3d,8c,09,fe,ec,\
b3,23,1d,e5,5d,4b,e3,68,1d,8b,bf,a3,90,61,e6,7a,f7,7a,2b,77,ee,ab,e1,30,09,\
8b,8e,10,b3,c3,2b,50,02,91,68,3d,65,e4,40,75,d4,e6,13,f0,c6,38,48,00,5a,9c,\
c5,be,78,fc,bc,ac,03,db,db,b6,67,f0,b4,75,f7,b6,d7,76,1f,5b,f9,52,46,b2,92,\
3e,5c,84,dd,82,f0,b8,d0,22,0a,5e,a0,6d,0a,10,cd,0b,82,54,1d,5d,ad,3a,36,12,\
f1,56,22,40,f3,be,23,65,72,11,21,e1,8f,e0,b5,fe,bf,c6,64,09,d7,b3,b4,d8,c8,\
72,e5,46,7f,5a,35,3c,03,80,88,ee,24,c5,2b,2b,4f,3a,43,d3,60,37,78,b5,3f,d5,\
f4,6b,9f,75,4f,17,e0,7d,6c,9d,43,bd,c3,1c,e6,72,89,e4,de,5c,72,8f,6a,01,5b,\
83,d8,f8,06,90,28,7d,dc,03,0a,88,6a,a8,49,b7,17,37,ce,16,11,f3,5a,a4,5c,2a,\
ca,8f,96,41,5b,41,8b,49,1b,2f,3f,e5,f5,c4,0e,75,ee,04,fe,8c,02,1d,a4,2e,a1,\
0a,8a,47,30,d2,a6,bb,d6,0c,ee,f3,c7,bf,19,50,a9,ca,19,ab,ea,a6,dc,4d,57,77,\
5d,f7,38,7a,5d,62,f9,cf,8e,67,fb,01,ac,86,2f,a8,1a,91,61,67,9e,8f,8f,81,cc,\
fb,c2,4e,43,44,11,06,ea,80,5e,9c,1b,3d,74,16,4c,de,a2,78,7a,f2,bc,e3,af,5b,\
51,ee,23,f5,50,20,55,5d,9a,14,9b,93,73,62,7b,18,d5,a2,da,6d,63,fa,86,79,f2,\
f1,21,fd,be,57,c0,80,ce,c8,25,51,44,62,68,9f,f6,9a,50,4f,b0,44,5c,03,16,dd,\
e9,16,64,58,da,e0,b9,0f,d6,17,80,54,fd,0c,2f,cd,43,c1,a7,92,68,27,85,de,f1,\
90,83,10,2e,9b,72,a9,4c,00,1e,7b,48,81,3e,2a,bc,5e,66,d2,5f,20,58,ee,fe,f6,\
0b,7a,84,b8,93,db,99,2b,87,46,de,99,05,85,cd,78,90,7f,a3,c7,8f,47,64,5b,c7,\
9f,05,73,8e,fb,b6,05,92,36,95,84,81,98,c2,0f,b1,25,a0,62,61,64,29,8f,03,c2,\
0e,01,7a,8f,f6,3a,b9,62,e2,7b,fe,07,52,f3,41,8b,82,bd,b1,d7,42,5f,99,10,89,\
53,d2,74,95,a3,cb,10,d2,19,28,0c,0d,55,89,13,45,ac,f6,22,5a,9a,54,ef,5a,73,\
8c,45,ea,1b,da,ad,03,f5,1a,03,dd,82,53,5a,57,5b,ef,ec,d8,6f,7f,48,6e,61,08,\
99,61,d8,3f,4b,9f,c7,49,92,72,91,3f,e8,d3,2b,30,1d,e1,11,c8,41,20,9e,0e,70,\
54,7f,fd,f9,f7,7d,2b,bb,a3,4c,3e,1b,71,05,93,ba,a9,97,35,f6,96,85,d5,02,a3,\
65,fa,ec,fd,3f,1a,fc,ba,b0,44,1e,ca,3d,93,04,f0,1e,c7,e1,0b,ed,e1,34,e7,04,\
5b,79,17,b1,71,23,d9,67,e8,8d,01,50,d7,be,20,be,fd,83,6e,85,71,49,17,86,73,\
dc,37,91,76,bf,9a,2d,09,2a,31,96,3c,32,46,60,f2,a1,fb,d1,87,13,b1,50,61,d1,\
a8,f1,88,82,11,23,b2,a3,77,45,8d,1c,0e,c2,85,20,cd,30,83,8e,7d,ec,66,2a,97,\
82,36,e7,e9,ae,3e,06,36,88,15,7a,04,96,0e,07,ca,1c,8d,fb,da,73,37,eb,26,80,\
28,ca,93,39,8f,dc,e9,7a,85,08,fc,0c,b9,d4,ae,a3,c8,88,e6,a8,98,8f,8f,a0,98,\
05,0a,79,a6,24,7d,2d,0c,44,03,9d,0c,a8,73,4c,70,c5,65,cb,34,27,ee,b3,19,d0,\
f1,db,21,7c,cf,48,45,0f,e0,5c,25,bb,67,35,78,d3,47,66,a6,6a,e7,67,83,31,21,\
0f,4d,9a,90,3d,62,f2,7a,e4,b9,2e,38,fd,22,e3,b6,44,af,d9,be,0d,ed,e3,35,84,\
b2,1d,44,f2,53,42,c8,6f,8a,dc,ce,6e,96,ad,6f,f8,e9,a1,74,45,30,06,f3,29,8d,\
8d,84,d7,81,27,ba,52,1e,92,5c,f6,e0,f6,7d,68,89,92,22,f1,48,c9,6e,5d,7c,c8,\
96,8c,b7,02,b7,d6,7d,2d,7e,d6,09,da,4b,86,ab,e1,bc,31,34,bc,ab,44,4c,15,e6,\
39,30,31,ad,03,d5,fc,3e,29,42,05,57,6d,f5,3c,76,31,22,30,79,12,a0,7e,b6,da,\
91,e5,1a,9e,6f,bc,2a,e0,4b,bc,96,47,47,cf,a2,e5,b8,10,3d,5d,ed,c1,32,7e,f6,\
b4,60,05,10,fb,0f,bc,a4,e5,d8,e5,aa,b7,70,5f,50,02,d4,79,b1,d9,9d,06,67,fd,\
4f,8e,46,a0,b5,07,07,16,a7,e3,e8,f0,c1,76,b8,48,8d,3c,9b,42,2b,fa,cb,9a,44,\
fb,5e,c9,15,09,08,df,3d,0a,bd,d9,53,f6,c4,64,42,7e,c2,dc,e6,a2,3a,17,81,19,\
f2,69,9c,e6,94,35,13,92,f4,97,e3,54,90,d2,46,35,17,a4,85,54,a6,0f,e9,39,97,\
45,51,2f,c0,39,e0,a1,22,97,c5,a9,2e,f8,33,c9,28,56,91,0f,06,43,45,30,7f,7c,\
81,2c,f5,e8,54,30,64,2d,e4,91,ac,67,1b,cd,54,dc,f4,28,2b,07,3e,95,ec,67,c6,\
27,e1,5f,4c,51,30,69,c6,40,aa,06,69,e7,98,26,bd,08,be,18,5c,1a,cc,e0,95,05,\
d6,8e,ac,2f,6d,9f,c7,ba,ac,74,ec,46,6d,0b,79,e1,ea,7c,ab,6c,7e,2e,01,dc,e9,\
8f,07,f6,78,09,7f,99,f3,9d,f0,46,d9,8f,50,6f,1c,82,97,e1,ba,95,89,7e,5c,9e,\
af,b3,aa,75,e6,c2,6e,98,5d,18,9e,50,1b,85,13,6b,c8,26,2c,a0,7f,2b,1d,9f,c4,\
13,e9,8e,d0,55,9e,2b,5e,80,97,37,92,b8,79,13,d5,94,d8,fa,5a,84,0a,28,44,44,\
03,8d,cd,cb,24,fd,ce,d3,79,e6,8b,53,25,de,f1,6b,15,5b,85,91,fb,ca,92,fe,4b,\
8d,eb,6e,e8,47,89,fe,3c,80,c7,cc,4b,ee,8f,8b,ed,99,95,09,8d,1c,0d,ac,e3,41,\
fc,df,90,d5,9e,9f,c6,9b,71,43,5b,b0,88,ee,c6,97,f8,e8,20,70,65,31,87,1f,68,\
d8,f6,49,62,bf,7a,b6,c0,5c,f3,32,fe,4f,84,e5,a6,71,0c,92,9f,d2,c8,5f,93,37,\
ab,ae,1d,4b,39,33,be,32,06,8e,bb,13,55,53,80,8f,95,c3,6f,5b,c5,e0,45,58,a9,\
68,6a,d2,a9,78,6a,d2,b9
"??"=hex:4e,37,0b,d5,d4,34,ac,6b,ea,a7,71,03,a7,20,38,58

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
@Owner=Administrator
@Denied: (A 2) (Everyone)
@Denied: (A 2) (S-1-5-7)
@="FlashProp Class"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]
@Owner=Administrator
@="e:\\WINDOWS\\system32\\Macromed\\Flash\\Flash9c.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\Programmable]
@Owner=Administrator
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1020)
e:\program files\Funk Software\Odyssey Client\odLogin.dll
.
------------------------ Autres processus actifs ------------------------
.
e:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
e:\windows\system32\nvsvc32.exe
e:\program files\Wireless\IEEE802.11g WLAN USB Adapter\WLUSBCfg.exe
e:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2008-12-31 12:15:37 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-31 11:15:33

Avant-CF: 12 887 547 904 octets libres
Après-CF: 13,730,983,936 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(3)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

452 --- E O F --- 2008-10-24 19:33:20

Visiblement des personnes dans mon entourage ont attrapé la même bebête, si je suis les mêmes procédures que celles que tu m'a décrites jusque là, est-ce que cela fonctionnera ? Ou mieux-vaut il passer par le forum pour être sur de ne pas faire de bétises ? :)
Encore merci !

Voici le résultat :)

Search Navipromo version 3.7.0 commencé le 31/12/2008 à 13:04:46,95

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis E:\Program Files\navilog1

Mise à jour le 10.12.2008 à 21h00 par IL-MAFIOSO

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Sempron(tm) Processor 3000+ )
BIOS : Award Modular BIOS v6.00PG
USER : Administrateur ( Administrator )
BOOT : Normal boot




C:\ (Local Disk) - NTFS - Total:78 Go (Free:33 Go)
D:\ (Local Disk) - NTFS - Total:78 Go (Free:29 Go)
E:\ (Local Disk) - NTFS - Total:30 Go (Free:12 Go)
F:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)
K:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
L:\ (CD or DVD)


Recherche executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "E:\WINDOWS" ***


*** Recherche dossiers dans "E:\Program Files" ***


*** Recherche dossiers dans "E:\Documents and Settings\All Users\menudm~1\progra~1" ***


*** Recherche dossiers dans "E:\Documents and Settings\All Users\menudm~1" ***


*** Recherche dossiers dans "e:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "E:\Documents and Settings\Administrateur\applic~1" ***


*** Recherche dossiers dans "E:\Documents and Settings\Administrateur\locals~1\applic~1" ***


*** Recherche dossiers dans "E:\Documents and Settings\Administrateur\menudm~1\progra~1" ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "E:\WINDOWS\system32" *

* Recherche dans "E:\Documents and Settings\Administrateur\locals~1\applic~1" *



*** Recherche fichiers ***



*** Recherche clés spécifiques dans le Registre ***
!! Les clés trouvées ne sont pas forcément infectées !!


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "E:\WINDOWS\system32" :


* Dans "E:\Documents and Settings\Administrateur\locals~1\applic~1" :


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche autres dossiers et fichiers connus :



*** Analyse terminée le 31/12/2008 à 13:05:43,18 ***

Re,

petit problème, il ne semble pas reconnaître la commande:

========== FILES ==========
Error: Unable to interpret <:\program files\web hottest videos personal player\atlantis west_web_hottest_videos_personalplayer.exe > in the current context!

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12312008_142153

(j'ai également tenté en préfixant la commande avec la lettre de ma partition Windows mais il indique alors qu'il ne trouve pas le répertoire).

Ai-je manqué quelque chose ?

Voici le rapport:

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
Error: Unable to interpret <:\program files\web hottest videos personal player\atlantis west_web_hottest_videos_personalplayer.exe> in the current context!
========== COMMANDS ==========
File delete failed. E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_32vEg3XoYaZyGX37Ock7 scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. E:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\69bkcgby.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. E:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\69bkcgby.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. E:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\69bkcgby.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. E:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\69bkcgby.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. E:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\69bkcgby.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. E:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\69bkcgby.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12312008_142831

Files moved on Reboot...
File E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_32vEg3XoYaZyGX37Ock7 not found!
File move failed. E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
E:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\69bkcgby.default\Cache\_CACHE_001_ moved successfully.
E:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\69bkcgby.default\Cache\_CACHE_002_ moved successfully.
E:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\69bkcgby.default\Cache\_CACHE_003_ moved successfully.
E:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\69bkcgby.default\Cache\_CACHE_MAP_ moved successfully.
E:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\69bkcgby.default\urlclassifier3.sqlite moved successfully.
E:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\69bkcgby.default\XUL.mfl moved successfully.

Le voici :)

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder E:\program files\web hottest videos personal player\atlantis west_web_hottest_videos_personalplayer.exe not found.
========== COMMANDS ==========
File delete failed. E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_pdj7ITAVnOadTtN0Kshn scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. E:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\69bkcgby.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. E:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\69bkcgby.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. E:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\69bkcgby.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. E:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\69bkcgby.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. E:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\69bkcgby.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12312008_144126

Files moved on Reboot...
File E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_pdj7ITAVnOadTtN0Kshn not found!
File move failed. E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
E:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\69bkcgby.default\Cache\_CACHE_001_ moved successfully.
E:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\69bkcgby.default\Cache\_CACHE_002_ moved successfully.
E:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\69bkcgby.default\Cache\_CACHE_003_ moved successfully.
E:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\69bkcgby.default\Cache\_CACHE_MAP_ moved successfully.
E:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\69bkcgby.default\urlclassifier3.sqlite moved successfully.

Logfile of random's system information tool 1.05 (written by random/random)
Run by Administrateur at 2008-12-31 16:57:35
Microsoft Windows XP Professionnel Service Pack 2
System drive E: has 13 GB (42%) free of 31 GB
Total RAM: 511 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:57:38, on 31/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Windows Live\Messenger\msnmsgr.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\Wireless\IEEE802.11g WLAN USB Adapter\OdHost.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Wireless\IEEE802.11g WLAN USB Adapter\WLUSBCfg.exe
E:\WINDOWS\system32\wscntfy.exe
E:\Documents and Settings\Administrateur\Bureau\RSIT.exe
C:\Downloads\Administrateur.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: IEEE 802.11g USB Adapter Utility.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\Applications\Microsoft Office\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec FlashGet - E:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Télécharger avec FlashGet - E:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\system32\msjava.dll
O9 - Extra button: MrB Poker - {1DAA624F-A7AB-4b31-97A4-67205FF6963C} - C:\Applications\Poker\mrbookmakerfrMPP\MPPoker.exe (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe
O10 - Unknown file in Winsock LSP: e:\windows\system32\nwprovau.dll
O20 - AppInit_DLLs: eovrpb.dll
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - E:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe