Erreur de chargement rundll

oufff voila mon rapport je pense pas etre au bout de mes peine ... bien de la misere a me connecter sur internet ...

j'ai aussi plein de fenetre qui s'ouvre


############################## [ UsbFix V3.024 # Scan ]


############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\S3trayp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\AshEvtSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
c:\program Files\ThunMail\testabd.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\LocalService\Application Data\916653139.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
\\?\globalroot\systemroot\system32\rundll32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Registre # Startup ]

HKCU_Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
HKCU_Main: "Search Page"="https://www.google.com/?gws_rd=ssl"
HKCU_Main: "Start Page"="https://www.google.ca/?gws_rd=ssl"
HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"="Owner"
HKLM_logon: "AltDefaultUserName"="Owner"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: NeroFilterCheck=C:\WINDOWS\system32\NeroCheck.exe
HKLM_Run: SunKistEM="C:\Program Files\Digital Media Reader\shwiconem.exe"
HKLM_Run: RemoteControl="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
HKLM_Run: High Definition Audio Property Page Shortcut=HDAShCut.exe
HKLM_Run: Recguard=%WINDIR%\SMINST\RECGUARD.EXE
HKLM_Run: CHotkey=zHotkey.exe
HKLM_Run: OpwareSE2="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
HKLM_Run: QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
HKLM_Run: SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
HKLM_Run: REGSHAVE="C:\Program Files\REGSHAVE\REGSHAVE.EXE" /AUTORUN
HKLM_Run: NvCplDaemon="RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM_Run: nwiz="nwiz.exe" /install
HKLM_Run: NvMediaCenter="RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM_Run: VTTimer=VTTimer.exe
HKLM_Run: S3Trayp=S3trayp.exe
HKLM_Run: RTHDCPL=RTHDCPL.EXE
HKLM_Run: SkyTel=SkyTel.EXE
HKLM_Run: Alcmtr=ALCMTR.EXE
HKLM_Run: snpstd=C:\WINDOWS\vsnpstd.exe
HKLM_Run: IntelliPoint="C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
HKLM_Run: itype="C:\Program Files\Microsoft IntelliType Pro\itype.exe"
HKLM_Run: CTCheck="C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe"
HKLM_Run: KernelFaultCheck=%systemroot%\system32\dumprep 0 -k
HKLM_Run: autochk=rundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16
HKLM_Run: Malware Doctor=C:\Documents and Settings\LocalService\Application Data\916653139.exe
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: msnmsgr="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
HKCU_Run: ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
HKCU_Run: updateMgr="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
HKCU_Run: WMPNSCFG="C:\Program Files\Windows Media Player\WMPNSCFG.exe"
HKCU_Run: CTSyncU.exe="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
HKCU_Run: autochk=rundll32.exe C:\DOCUME~1\LOCALS~1\protect.dll,_IWMPEvents@16
HKCU_Run: Malware Doctor=C:\Documents and Settings\LocalService\Application Data\916653139.exe

################## [ Fichiers # Dossiers infectieux ]

Found ! C:\WINDOWS\Temp\msb.dll
Found ! C:\WINDOWS\Temp\nsrbgxod.bak
Found ! C:\WINDOWS\system32\autochk.dll
Found ! C:\WINDOWS\system32\lmn_setup.exe
Found ! C:\WINDOWS\system32\tmp.reg
Found ! C:\WINDOWS\system32\win32hlp.cnf
Found ! "C:\WINDOWS\system32\config\SystemProfile\protect.dll"
Found ! "C:\Documents and Settings\Owner\protect.dll"
Found ! "C:\Documents and Settings\LocalService\protect.dll"
Found ! C:\DOCUME~1\Owner\LOCALS~1\Temp\nsrbgxod.bak
Found ! D:\autorun.inf

################## [ Registre # Clés Run infectieuses ]

Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "autochk"
Found ! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "autochk"
Found ! HKU\S-1-5-21-2373350148-3644784697-2068114026-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "autochk"
Found ! HKUS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\ "autochk"
Found ! HKCU\SOFTWARE\...\CurrentVersion\Policies\System\\ "DisableRegistryTools"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
Found ! HKCU\SOFTWARE\...\CurrentVersion\Policies\System\\ "DisableTaskMgr"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )

################## [ Registre # Mountpoints2 ]

HKCU\...\Explorer\MountPoints2\F\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{d65eb5d5-c163-11dc-a202-0018f30cba10}\Shell\AutoRun\Command

################## [ Informations ]


################## [ Cracks / Keygens / Serials ]

# -> Nothing found !

################## [ ! Fin du rapport # UsbFix V3.024 ! ]

allo chiquatine,


... tu pense que tout est ok pour moi ...

si oui merci ... a la prochaine ... j'espere pas pour un autre probleme oufff ...

voila le rapport ! j'ai encore malware doctor qui ouvre a droite :(

Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2143
Windows 5.1.2600 Service Pack 3

2009-05-21 21:59:32
mbam-log-2009-05-21 (21-59-32).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 203913
Temps écoulé: 2 hour(s), 22 minute(s), 22 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 4
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 11

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\autochk.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\Temp\msb.dll (Trojan.FakeAlert) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{56bb6d01-7bd5-4458-a4ae-f03df643d6ee} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{39fc2065-c9c7-49cd-8942-44cc2dedc844} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f30b5e7e-cfbb-44fb-a947-226e5a7a4290} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f30b5e7e-cfbb-44fb-a947-226e5a7a4290} (Trojan.BHO) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svc (Spyware.OnlineGamer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Malware Doctor (Rogue.MalwareDoc) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Malware Doctor (Rogue.MalwareDoc) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Dropper) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Spyware.OnlineGamer) -> Data: c:\progra~1\thunmail\testabd.dll -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\ThunMail (Spyware.OnlineGamer) -> Delete on reboot.

Fichier(s) infecté(s):
C:\Program Files\ThunMail\testabd.dll (Spyware.OnlineGamer) -> Delete on reboot.
C:\Program Files\ThunMail\testabd.exe (Spyware.OnlineGamer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\autochk.dll (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Owner\protect.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sft.res (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\win32hlp.cnf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\nsrbgxod.bak (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\Temp\nsrbgxod.bak (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\Temp\msb.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\LocalService\Application Data\916653139.exe (Rogue.MalwareDoc) -> Delete on reboot.
C:\WINDOWS\system32\lmn_setup.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

voici mon rapport !!

Merci de m'aider ...

ComboFix 09-05-21.01 - Owner 2009-05-22 6:56.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.2.1036.18.447.189 [GMT -4:00]
Lancé depuis: c:\documents and settings\Owner\Bureau\ComboFix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall Plus *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\LocalService\Application Data\916653139.exe
c:\documents and settings\LocalService\Application Data\971313497.exe
c:\documents and settings\LocalService\protect.dll
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\fbk.sts
c:\documents and settings\Owner\protect.dll
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\ansie.exe
c:\windows\system32\AshEvtSvc.exe
c:\windows\system32\autochk.dll
c:\windows\system32\config\systemprofile\protect.dll
c:\windows\system32\drivers\ovfstheiisjbawdmteyfulvbgxjixfqjssrsip.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\glsetup.exe
c:\windows\system32\hahonuhe.dll
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\lmn_setup.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\ovfsthgvrqjxtqdjjlcyeghcovylhlncciqhor.dll
c:\windows\system32\ovfsthmfrewpstgdinxhoobtxobogwrrpohwme.dll
c:\windows\system32\ovfsthngjquvfoenunxmlvntognnfddaomtkmu.dat
c:\windows\system32\ovfsthqwtlnjkwnvdmtbaoowcuvinkccxjjega.dat
c:\windows\system32\ovfsthtulqmgjrpsblqppvusdhhhaolwgrfbpb.dll
c:\windows\system32\Process.exe
c:\windows\system32\service-466.exe
c:\windows\system32\sft.res
c:\windows\system32\SrchSTS.exe
c:\windows\system32\uniq.tll
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\win32hlp.cnf
c:\windows\system32\WS2Fix.exe
C:\xcrashdump.dat
D:\Desktop.ini

[color=blue]Une copie infectée de c:\windows\system32\userinit.exe a été trouvée et désinfectée
opie restaurée à partir de - c:\windows\$NtServicePackUninstall$\userinit.exe/COLOR

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ovfsthkltardbabwwxsirlxymyrjbpjrlquqiv
-------\Legacy_ASHEVTSVC
-------\Legacy_MSISERVERMCTSKSHD.EXE
-------\Service_AshEvtSvc
-------\Service_MSIServerMcTskshd.exe


((((((((((((((((((((((((((((( Fichiers créés du 2009-04-22 au 2009-05-22 ))))))))))))))))))))))))))))))))))))
.

2009-05-22 10:50 . 2009-05-22 10:50 32768 ----a-w c:\windows\system32\avast!Antivirus.exe
2009-05-22 02:06 . 2009-05-22 02:06 29184 ----a-w c:\windows\system32\lklf32.dll
2009-05-22 02:05 . 2009-05-22 10:54 0 ----a-w c:\windows\system32\advapi32h.sys
2009-05-21 20:15 . 2009-05-21 21:35 -------- d-----w C:\UsbFix
2009-05-21 19:39 . 2009-05-21 19:39 29184 ----a-w c:\windows\system32\jhxm32.dll
2009-05-21 19:37 . 2009-05-21 19:37 136 ----a-w c:\windows\system32\vp_setup.exe.bat
2009-05-21 19:37 . 2009-05-21 19:37 61440 ----a-w c:\windows\system32\vp_setup.exe
2009-05-21 19:14 . 2001-08-23 21:04 12288 ----a-w c:\windows\system32\drivers\mouhid.sys
2009-05-21 19:14 . 2001-08-23 21:04 12288 ----a-w c:\windows\system32\dllcache\mouhid.sys
2009-05-21 19:14 . 2009-05-22 10:43 9060193 --sha-w c:\windows\system32\1041n.sys
2009-05-21 00:14 . 2009-05-21 00:14 -------- d-----w c:\documents and settings\Administrateur\Application Data\Malwarebytes
2009-05-19 19:59 . 2009-05-19 19:59 23552 --sha-w c:\windows\system32\Agent.OMZ.Fixy.dll
2009-05-19 19:59 . 2009-05-19 19:59 16384 --sha-w c:\windows\system32\advapi32hk.dll
2009-05-19 19:59 . 2009-05-19 19:59 21504 --sha-w c:\windows\system32\activedsx.dll
2009-05-19 19:56 . 2009-05-22 02:12 813 --s-a-w c:\windows\system32\3930434656.dat
2009-05-17 01:13 . 2009-05-17 01:13 1078 ----a-r c:\documents and settings\Owner\Application Data\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe
2009-05-16 23:58 . 2009-05-16 23:58 -------- d-----w c:\documents and settings\Owner\Application Data\Malwarebytes
2009-05-16 23:58 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-16 23:58 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-16 23:58 . 2009-05-16 23:58 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-16 23:58 . 2009-05-16 23:58 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-16 23:52 . 2009-05-16 23:52 -------- d-----w c:\documents and settings\NetworkService\Application Data\Webroot
2009-05-16 22:58 . 2009-05-16 22:58 -------- d-----w c:\program files\Trend Micro
2009-05-16 22:15 . 2009-05-16 22:15 -------- d-----w c:\program files\SDHelper (Spybot - Search & Destroy)
2009-05-16 22:15 . 2009-05-16 22:15 -------- d-----w c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-05-16 22:14 . 2009-05-16 22:15 -------- d-----w c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-05-16 22:14 . 2009-05-16 22:15 -------- d-----w c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-05-16 22:00 . 2009-05-16 22:00 -------- d-----w c:\documents and settings\All Users\Application Data\U3

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-21 18:42 . 2006-12-24 20:23 -------- d-----w c:\documents and settings\Owner\Application Data\U3
2009-05-17 01:50 . 2006-11-14 18:16 -------- d-----w c:\program files\Google
2009-05-16 22:19 . 2007-06-22 21:01 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-11 20:53 . 2009-04-13 16:05 152576 ----a-w c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-27 18:50 . 2006-08-29 23:06 602112 ----a-w c:\documents and settings\Owner\Application Data\LANCITE\EPhoto\EPhotoWin.dll
2009-04-21 05:43 . 2006-06-26 17:35 -------- d-----w c:\program files\Messenger Plus! Live
2009-04-17 23:30 . 2004-08-11 18:21 445346 ----a-w c:\windows\system32\perfh00C.dat
2009-04-17 23:30 . 2004-08-11 18:21 63818 ----a-w c:\windows\system32\perfc00C.dat
2009-03-19 15:17 . 2009-03-19 15:17 152576 ----a-w c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_12\lzma.dll
2009-03-06 14:20 . 2004-08-11 18:21 286720 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:13 . 2004-08-11 18:21 826368 ----a-w c:\windows\system32\wininet.dll
.

------- Sigcheck -------

[-] 2005-05-25 19:07 359936 63FDFEA54EB53DE2D863EE454937CE1E c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2005-05-25 19:04 359808 88763A98A4C26C409741B4AA162720C9 c:\windows\$NtUninstallKB913446$\tcpip.sys
[-] 2006-01-13 02:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2008-04-13 19:20 361344 ACCF5A9A1FFAA490F33DBA1C632B95E1 c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2008-06-20 11:51 361600 9425B72F40257B45D45D24773273DAD0 c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 11:51 361600 9425B72F40257B45D45D24773273DAD0 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F30B5E7E-CFBB-44fb-A947-226E5A7A4290}]
2009-05-22 02:06 29184 ----a-w c:\windows\system32\lklf32.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-01-28 77824]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-17 136600]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-19 86016]
"snpstd"="c:\windows\vsnpstd.exe" [2003-12-31 40960]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584]
"CTCheck"="c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]
"CHotkey"="zHotkey.exe" - c:\windows\zHotkey.exe [2005-05-03 543232]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-04-19 1626112]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2005-03-08 53248]
"S3Trayp"="S3trayp.exe" - c:\windows\system32\S3Trayp.exe [2005-04-05 159744]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-09-11 16264192]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-15 2879488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Owner\Menu D‚marrer\Programmes\D‚marrage\
ChkDisk.dll [2009-5-17 23552]
ChkDisk.lnk - c:\windows\system32\rundll32.exe [2004-8-11 33792]

c:\documents and settings\Owner\Menu D‚marrer\Programmes\D‚marrage\
ChkDisk.dll [2009-5-17 23552]
ChkDisk.lnk - c:\windows\system32\rundll32.exe [2004-8-11 33792]

c:\documents and settings\Owner\Menu D‚marrer\Programmes\D‚marrage\
ChkDisk.dll [2009-5-17 23552]
ChkDisk.lnk - c:\windows\system32\rundll32.exe [2004-8-11 33792]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/uSsiEfr.e

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mcupdmgr.exe"=3 (0x3)
"McTskshd.exe"=2 (0x2)
"McDetect.exe"=2 (0x2)
"MskService"=2 (0x2)
"McShield"=2 (0x2)
"MpfService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe"=

R2 avast!Antivirus;avast!Antivirus;c:\windows\System32\avast!Antivirus.exe -k netsvcs --> c:\windows\System32\avast!Antivirus.exe -k netsvcs [?]
R3 S3G700;S3G700;c:\windows\system32\drivers\S3G700m.sys [2007-06-23 792576]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKU-Default-Run-uidenhiufgsduiazghs - c:\windows\TEMP\oxnlv.exe
HKU-Default-Run-Diagnostic Manager - c:\windows\TEMP\1942333456.exe
HKU-Default-Run-autochk - c:\windows\system32\config\SYSTEM~1\protect.dll


.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/yme/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/yme/*https://fr.yahoo.com/?p=us
IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-22 07:00
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(664)
c:\windows\system32\WRLogonNTF.dll
c:\windows\system32\NavLogon.dll

- - - - - - - > 'explorer.exe'(608)
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\lklf32.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\avast!Antivirus.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\NavNT\defwatch.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Microsoft IntelliPoint\dpupdchk.exe
.
**************************************************************************
.
Heure de fin: 2009-05-22 7:07 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-05-22 11:06

Avant-CF: 57 996 013 568 octets libres
Après-CF: 57 957 736 448 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

252 --- E O F --- 2009-05-13 20:03

voila le rapport ...

ComboFix 09-05-21.03 - Owner 2009-05-22 7:47.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.2.1036.18.447.134 [GMT -4:00]
Lancé depuis: c:\documents and settings\Owner\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Owner\Bureau\CFScript.txt
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall Plus *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Un nouveau point de restauration a été créé

FILE ::
c:\documents and settings\Owner\Menu D‚marrer\Programmes\D‚marrage\ChkDisk.dll
c:\windows\5888428E699C4E71BF7194EE06B497DA.TMP
c:\windows\7ujkn.exe
c:\windows\system32\advapi32h.sys
c:\windows\system32\avast!Antivirus.exe
c:\windows\system32\blackster.scr
c:\windows\system32\ctfmona.exe_old
c:\windows\system32\ho.ln
c:\windows\system32\jhxm32.dll
c:\windows\system32\kcopt.dll
c:\windows\system32\ko.o
c:\windows\system32\lklf32.dll
c:\windows\system32\ntpl.bin
c:\windows\system32\vp_setup.exe
c:\windows\system32\vp_setup.exe.bat
c:\windows\wininit.ini
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\advapi32h.sys
c:\windows\system32\avast!Antivirus.exe
c:\windows\system32\jhxm32.dll
c:\windows\system32\lklf32.dll
c:\windows\system32\vp_setup.exe
c:\windows\system32\vp_setup.exe.bat
c:\windows\wininit.ini

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AVAST!ANTIVIRUS
-------\Service_avast!Antivirus


((((((((((((((((((((((((((((( Fichiers créés du 2009-04-22 au 2009-05-22 ))))))))))))))))))))))))))))))))))))
.

2009-05-21 20:15 . 2009-05-21 21:35 -------- d-----w C:\UsbFix
2009-05-21 19:14 . 2001-08-23 21:04 12288 ----a-w c:\windows\system32\drivers\mouhid.sys
2009-05-21 19:14 . 2001-08-23 21:04 12288 ----a-w c:\windows\system32\dllcache\mouhid.sys
2009-05-21 19:14 . 2009-05-22 10:43 9060193 --sha-w c:\windows\system32\1041n.sys
2009-05-21 00:14 . 2009-05-21 00:14 -------- d-----w c:\documents and settings\Administrateur\Application Data\Malwarebytes
2009-05-19 19:59 . 2009-05-19 19:59 23552 --sha-w c:\windows\system32\Agent.OMZ.Fixy.dll
2009-05-19 19:59 . 2009-05-19 19:59 16384 --sha-w c:\windows\system32\advapi32hk.dll
2009-05-19 19:59 . 2009-05-19 19:59 21504 --sha-w c:\windows\system32\activedsx.dll
2009-05-19 19:56 . 2009-05-22 02:12 813 --s-a-w c:\windows\system32\3930434656.dat
2009-05-17 01:13 . 2009-05-17 01:13 1078 ----a-r c:\documents and settings\Owner\Application Data\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe
2009-05-16 23:58 . 2009-05-16 23:58 -------- d-----w c:\documents and settings\Owner\Application Data\Malwarebytes
2009-05-16 23:58 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-16 23:58 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-16 23:58 . 2009-05-16 23:58 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-16 23:58 . 2009-05-16 23:58 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-16 23:52 . 2009-05-16 23:52 -------- d-----w c:\documents and settings\NetworkService\Application Data\Webroot
2009-05-16 22:58 . 2009-05-16 22:58 -------- d-----w c:\program files\Trend Micro
2009-05-16 22:15 . 2009-05-16 22:15 -------- d-----w c:\program files\SDHelper (Spybot - Search & Destroy)
2009-05-16 22:15 . 2009-05-16 22:15 -------- d-----w c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-05-16 22:14 . 2009-05-16 22:15 -------- d-----w c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-05-16 22:14 . 2009-05-16 22:15 -------- d-----w c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-05-16 22:00 . 2009-05-16 22:00 -------- d-----w c:\documents and settings\All Users\Application Data\U3

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-21 18:42 . 2006-12-24 20:23 -------- d-----w c:\documents and settings\Owner\Application Data\U3
2009-05-17 01:50 . 2006-11-14 18:16 -------- d-----w c:\program files\Google
2009-05-16 22:19 . 2007-06-22 21:01 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-11 20:53 . 2009-04-13 16:05 152576 ----a-w c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-27 18:50 . 2006-08-29 23:06 602112 ----a-w c:\documents and settings\Owner\Application Data\LANCITE\EPhoto\EPhotoWin.dll
2009-04-21 05:43 . 2006-06-26 17:35 -------- d-----w c:\program files\Messenger Plus! Live
2009-04-17 23:30 . 2004-08-11 18:21 445346 ----a-w c:\windows\system32\perfh00C.dat
2009-04-17 23:30 . 2004-08-11 18:21 63818 ----a-w c:\windows\system32\perfc00C.dat
2009-03-19 15:17 . 2009-03-19 15:17 152576 ----a-w c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_12\lzma.dll
2009-03-06 14:20 . 2004-08-11 18:21 286720 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:13 . 2004-08-11 18:21 826368 ----a-w c:\windows\system32\wininet.dll
.

------- Sigcheck -------

[-] 2005-05-25 19:07 359936 63FDFEA54EB53DE2D863EE454937CE1E c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2005-05-25 19:04 359808 88763A98A4C26C409741B4AA162720C9 c:\windows\$NtUninstallKB913446$\tcpip.sys
[-] 2006-01-13 02:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2008-04-13 19:20 361344 ACCF5A9A1FFAA490F33DBA1C632B95E1 c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2008-06-20 11:51 361600 9425B72F40257B45D45D24773273DAD0 c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 11:51 361600 9425B72F40257B45D45D24773273DAD0 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-05-22_11.01.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-22 11:51 . 2009-05-22 11:51 16384 c:\windows\Temp\Perflib_Perfdata_30c.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-01-28 77824]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-17 136600]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-19 86016]
"snpstd"="c:\windows\vsnpstd.exe" [2003-12-31 40960]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584]
"CTCheck"="c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]
"CHotkey"="zHotkey.exe" - c:\windows\zHotkey.exe [2005-05-03 543232]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-04-19 1626112]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2005-03-08 53248]
"S3Trayp"="S3trayp.exe" - c:\windows\system32\S3Trayp.exe [2005-04-05 159744]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-09-11 16264192]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-15 2879488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Owner\Menu D‚marrer\Programmes\D‚marrage\
ChkDisk.dll [2009-5-17 23552]
ChkDisk.lnk - c:\windows\system32\rundll32.exe [2004-8-11 33792]

c:\documents and settings\Owner\Menu D‚marrer\Programmes\D‚marrage\
ChkDisk.dll [2009-5-17 23552]
ChkDisk.lnk - c:\windows\system32\rundll32.exe [2004-8-11 33792]

c:\documents and settings\Owner\Menu D‚marrer\Programmes\D‚marrage\
ChkDisk.dll [2009-5-17 23552]
ChkDisk.lnk - c:\windows\system32\rundll32.exe [2004-8-11 33792]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/uSsiEfr.e

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mcupdmgr.exe"=3 (0x3)
"McTskshd.exe"=2 (0x2)
"McDetect.exe"=2 (0x2)
"MskService"=2 (0x2)
"McShield"=2 (0x2)
"MpfService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe"=

R3 S3G700;S3G700;c:\windows\system32\drivers\S3G700m.sys [2007-06-23 792576]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.ca/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/yme/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/yme/*https://fr.yahoo.com/?p=us
IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-22 07:51
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(668)
c:\windows\system32\WRLogonNTF.dll
c:\windows\system32\NavLogon.dll

- - - - - - - > 'explorer.exe'(2864)
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\CTSVCCDA.EXE
c:\program files\NavNT\defwatch.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
c:\program files\Microsoft IntelliPoint\dpupdchk.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Heure de fin: 2009-05-22 7:58 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-05-22 11:57
ComboFix2.txt 2009-05-22 11:07

Avant-CF: 57 935 556 608 octets libres
Après-CF: 57 920 483 328 octets libres

222 --- E O F --- 2009-05-13 20:03

merci il va beaucoup mieux ...

j'ai fait http://www.cijoint.fr/cjlink.php?file=cj200905/cij5tqezEo.zip

je part je scan mais je doit aller au boulot ... alors a ce soir ... merci encore

j'ai eu le temps de finir ...

voici le rapport .... merci merci merci ...

Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2166
Windows 5.1.2600 Service Pack 3

2009-05-22 08:24:59
mbam-log-2009-05-22 (08-24-59).txt

Type de recherche: Examen rapide
Eléments examinés: 83424
Temps écoulé: 5 minute(s), 11 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

rapport demander par lyonnaise


ComboFix 09-05-21.03 - Owner 2009-05-22 16:59.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.2.1036.18.447.133 [GMT -4:00]
Lancé depuis: c:\documents and settings\Owner\Bureau\aide virus\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Owner\Bureau\CFScript.txt
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall Plus *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys --> c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-04-22 au 2009-05-22 ))))))))))))))))))))))))))))))))))))
.

2009-05-22 12:12 . 2009-05-22 12:12 1773644 ----a-w C:\Qoobox.zip
2009-05-21 20:15 . 2009-05-21 21:35 -------- d-----w C:\UsbFix
2009-05-21 19:14 . 2001-08-23 21:04 12288 ----a-w c:\windows\system32\drivers\mouhid.sys
2009-05-21 19:14 . 2001-08-23 21:04 12288 ----a-w c:\windows\system32\dllcache\mouhid.sys
2009-05-21 19:14 . 2009-05-22 10:43 9060193 --sha-w c:\windows\system32\1041n.sys
2009-05-21 00:14 . 2009-05-21 00:14 -------- d-----w c:\documents and settings\Administrateur\Application Data\Malwarebytes
2009-05-19 19:59 . 2009-05-19 19:59 23552 --sha-w c:\windows\system32\Agent.OMZ.Fixy.dll
2009-05-19 19:59 . 2009-05-19 19:59 16384 --sha-w c:\windows\system32\advapi32hk.dll
2009-05-19 19:59 . 2009-05-19 19:59 21504 --sha-w c:\windows\system32\activedsx.dll
2009-05-19 19:56 . 2009-05-22 02:12 813 --s-a-w c:\windows\system32\3930434656.dat
2009-05-17 01:13 . 2009-05-17 01:13 1078 ----a-r c:\documents and settings\Owner\Application Data\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe
2009-05-16 23:58 . 2009-05-16 23:58 -------- d-----w c:\documents and settings\Owner\Application Data\Malwarebytes
2009-05-16 23:58 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-16 23:58 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-16 23:58 . 2009-05-16 23:58 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-16 23:58 . 2009-05-16 23:58 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-16 23:52 . 2009-05-16 23:52 -------- d-----w c:\documents and settings\NetworkService\Application Data\Webroot
2009-05-16 22:58 . 2009-05-16 22:58 -------- d-----w c:\program files\Trend Micro
2009-05-16 22:15 . 2009-05-16 22:15 -------- d-----w c:\program files\SDHelper (Spybot - Search & Destroy)
2009-05-16 22:15 . 2009-05-16 22:15 -------- d-----w c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-05-16 22:14 . 2009-05-16 22:15 -------- d-----w c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-05-16 22:14 . 2009-05-16 22:15 -------- d-----w c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-05-16 22:00 . 2009-05-16 22:00 -------- d-----w c:\documents and settings\All Users\Application Data\U3

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-21 18:42 . 2006-12-24 20:23 -------- d-----w c:\documents and settings\Owner\Application Data\U3
2009-05-17 01:50 . 2006-11-14 18:16 -------- d-----w c:\program files\Google
2009-05-16 22:19 . 2007-06-22 21:01 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-11 20:53 . 2009-04-13 16:05 152576 ----a-w c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-27 18:50 . 2006-08-29 23:06 602112 ----a-w c:\documents and settings\Owner\Application Data\LANCITE\EPhoto\EPhotoWin.dll
2009-04-21 05:43 . 2006-06-26 17:35 -------- d-----w c:\program files\Messenger Plus! Live
2009-04-17 23:30 . 2004-08-11 18:21 445346 ----a-w c:\windows\system32\perfh00C.dat
2009-04-17 23:30 . 2004-08-11 18:21 63818 ----a-w c:\windows\system32\perfc00C.dat
2009-03-19 15:17 . 2009-03-19 15:17 152576 ----a-w c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_12\lzma.dll
2009-03-06 14:20 . 2004-08-11 18:21 286720 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:13 . 2004-08-11 18:21 826368 ----a-w c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-05-22_11.01.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-22 21:02 . 2009-05-22 21:02 16384 c:\windows\temp\Perflib_Perfdata_318.dat
+ 2004-08-11 18:21 . 2008-06-20 11:51 361600 c:\windows\system32\dllcache\tcpip.sys
- 2008-06-20 11:51 . 2008-06-20 11:51 361600 c:\windows\system32\dllcache\tcpip.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-01-28 77824]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-17 136600]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-19 86016]
"snpstd"="c:\windows\vsnpstd.exe" [2003-12-31 40960]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584]
"CTCheck"="c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]
"CHotkey"="zHotkey.exe" - c:\windows\zHotkey.exe [2005-05-03 543232]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-04-19 1626112]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2005-03-08 53248]
"S3Trayp"="S3trayp.exe" - c:\windows\system32\S3Trayp.exe [2005-04-05 159744]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-09-11 16264192]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-15 2879488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Owner\Menu D‚marrer\Programmes\D‚marrage\
ChkDisk.dll [2009-5-17 23552]
ChkDisk.lnk - c:\windows\system32\rundll32.exe [2004-8-11 33792]

c:\documents and settings\Owner\Menu D‚marrer\Programmes\D‚marrage\
ChkDisk.dll [2009-5-17 23552]
ChkDisk.lnk - c:\windows\system32\rundll32.exe [2004-8-11 33792]

c:\documents and settings\Owner\Menu D‚marrer\Programmes\D‚marrage\
ChkDisk.dll [2009-5-17 23552]
ChkDisk.lnk - c:\windows\system32\rundll32.exe [2004-8-11 33792]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/uSsiEfr.e

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mcupdmgr.exe"=3 (0x3)
"McTskshd.exe"=2 (0x2)
"McDetect.exe"=2 (0x2)
"MskService"=2 (0x2)
"McShield"=2 (0x2)
"MpfService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe"=

R3 S3G700;S3G700;c:\windows\system32\drivers\S3G700m.sys [2007-06-23 792576]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.ca/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/yme/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/yme/*https://fr.yahoo.com/?p=us
IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-22 17:02
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(668)
c:\windows\system32\WRLogonNTF.dll
c:\windows\system32\NavLogon.dll

- - - - - - - > 'explorer.exe'(2264)
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\CTSVCCDA.EXE
c:\program files\NavNT\defwatch.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft IntelliType Pro\dpupdchk.exe
c:\program files\Fichiers communs\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Heure de fin: 2009-05-22 17:10 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-05-22 21:09
ComboFix2.txt 2009-05-22 11:58
ComboFix3.txt 2009-05-22 11:07

Avant-CF: 57 876 135 936 octets libres
Après-CF: 57 907 245 056 octets libres

180 --- E O F --- 2009-05-13 20:03

voila le rapport ...

ComboFix 09-05-21.03 - Owner 2009-05-22 16:59.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.2.1036.18.447.133 [GMT -4:00]
Lancé depuis: c:\documents and settings\Owner\Bureau\aide virus\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Owner\Bureau\CFScript.txt
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall Plus *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys --> c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-04-22 au 2009-05-22 ))))))))))))))))))))))))))))))))))))
.

2009-05-22 12:12 . 2009-05-22 12:12 1773644 ----a-w C:\Qoobox.zip
2009-05-21 20:15 . 2009-05-21 21:35 -------- d-----w C:\UsbFix
2009-05-21 19:14 . 2001-08-23 21:04 12288 ----a-w c:\windows\system32\drivers\mouhid.sys
2009-05-21 19:14 . 2001-08-23 21:04 12288 ----a-w c:\windows\system32\dllcache\mouhid.sys
2009-05-21 19:14 . 2009-05-22 10:43 9060193 --sha-w c:\windows\system32\1041n.sys
2009-05-21 00:14 . 2009-05-21 00:14 -------- d-----w c:\documents and settings\Administrateur\Application Data\Malwarebytes
2009-05-19 19:59 . 2009-05-19 19:59 23552 --sha-w c:\windows\system32\Agent.OMZ.Fixy.dll
2009-05-19 19:59 . 2009-05-19 19:59 16384 --sha-w c:\windows\system32\advapi32hk.dll
2009-05-19 19:59 . 2009-05-19 19:59 21504 --sha-w c:\windows\system32\activedsx.dll
2009-05-19 19:56 . 2009-05-22 02:12 813 --s-a-w c:\windows\system32\3930434656.dat
2009-05-17 01:13 . 2009-05-17 01:13 1078 ----a-r c:\documents and settings\Owner\Application Data\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe
2009-05-16 23:58 . 2009-05-16 23:58 -------- d-----w c:\documents and settings\Owner\Application Data\Malwarebytes
2009-05-16 23:58 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-16 23:58 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-16 23:58 . 2009-05-16 23:58 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-16 23:58 . 2009-05-16 23:58 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-16 23:52 . 2009-05-16 23:52 -------- d-----w c:\documents and settings\NetworkService\Application Data\Webroot
2009-05-16 22:58 . 2009-05-16 22:58 -------- d-----w c:\program files\Trend Micro
2009-05-16 22:15 . 2009-05-16 22:15 -------- d-----w c:\program files\SDHelper (Spybot - Search & Destroy)
2009-05-16 22:15 . 2009-05-16 22:15 -------- d-----w c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-05-16 22:14 . 2009-05-16 22:15 -------- d-----w c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-05-16 22:14 . 2009-05-16 22:15 -------- d-----w c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-05-16 22:00 . 2009-05-16 22:00 -------- d-----w c:\documents and settings\All Users\Application Data\U3

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-21 18:42 . 2006-12-24 20:23 -------- d-----w c:\documents and settings\Owner\Application Data\U3
2009-05-17 01:50 . 2006-11-14 18:16 -------- d-----w c:\program files\Google
2009-05-16 22:19 . 2007-06-22 21:01 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-11 20:53 . 2009-04-13 16:05 152576 ----a-w c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-27 18:50 . 2006-08-29 23:06 602112 ----a-w c:\documents and settings\Owner\Application Data\LANCITE\EPhoto\EPhotoWin.dll
2009-04-21 05:43 . 2006-06-26 17:35 -------- d-----w c:\program files\Messenger Plus! Live
2009-04-17 23:30 . 2004-08-11 18:21 445346 ----a-w c:\windows\system32\perfh00C.dat
2009-04-17 23:30 . 2004-08-11 18:21 63818 ----a-w c:\windows\system32\perfc00C.dat
2009-03-19 15:17 . 2009-03-19 15:17 152576 ----a-w c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_12\lzma.dll
2009-03-06 14:20 . 2004-08-11 18:21 286720 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:13 . 2004-08-11 18:21 826368 ----a-w c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-05-22_11.01.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-22 21:02 . 2009-05-22 21:02 16384 c:\windows\temp\Perflib_Perfdata_318.dat
+ 2004-08-11 18:21 . 2008-06-20 11:51 361600 c:\windows\system32\dllcache\tcpip.sys
- 2008-06-20 11:51 . 2008-06-20 11:51 361600 c:\windows\system32\dllcache\tcpip.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-01-28 77824]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-17 136600]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-19 86016]
"snpstd"="c:\windows\vsnpstd.exe" [2003-12-31 40960]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584]
"CTCheck"="c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]
"CHotkey"="zHotkey.exe" - c:\windows\zHotkey.exe [2005-05-03 543232]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-04-19 1626112]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2005-03-08 53248]
"S3Trayp"="S3trayp.exe" - c:\windows\system32\S3Trayp.exe [2005-04-05 159744]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-09-11 16264192]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-15 2879488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Owner\Menu D‚marrer\Programmes\D‚marrage\
ChkDisk.dll [2009-5-17 23552]
ChkDisk.lnk - c:\windows\system32\rundll32.exe [2004-8-11 33792]

c:\documents and settings\Owner\Menu D‚marrer\Programmes\D‚marrage\
ChkDisk.dll [2009-5-17 23552]
ChkDisk.lnk - c:\windows\system32\rundll32.exe [2004-8-11 33792]

c:\documents and settings\Owner\Menu D‚marrer\Programmes\D‚marrage\
ChkDisk.dll [2009-5-17 23552]
ChkDisk.lnk - c:\windows\system32\rundll32.exe [2004-8-11 33792]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/uSsiEfr.e

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mcupdmgr.exe"=3 (0x3)
"McTskshd.exe"=2 (0x2)
"McDetect.exe"=2 (0x2)
"MskService"=2 (0x2)
"McShield"=2 (0x2)
"MpfService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe"=

R3 S3G700;S3G700;c:\windows\system32\drivers\S3G700m.sys [2007-06-23 792576]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.ca/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/yme/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/yme/*https://fr.yahoo.com/?p=us
IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-22 17:02
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(668)
c:\windows\system32\WRLogonNTF.dll
c:\windows\system32\NavLogon.dll

- - - - - - - > 'explorer.exe'(2264)
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\CTSVCCDA.EXE
c:\program files\NavNT\defwatch.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft IntelliType Pro\dpupdchk.exe
c:\program files\Fichiers communs\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Heure de fin: 2009-05-22 17:10 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-05-22 21:09
ComboFix2.txt 2009-05-22 11:58
ComboFix3.txt 2009-05-22 11:07

Avant-CF: 57 876 135 936 octets libres
Après-CF: 57 907 245 056 octets libres

180 --- E O F --- 2009-05-13 20:03

non ... dit moi a qu'elle heure ... je suis du Québec ici il est 19h42 ..

parfait ... je vais être la ... merci

mais a 19h chez toi, ici il va être 13h :)

moi je suis ici ...

voila !

[ Rapport ToolsCleaner version 2.3.5 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\Combofix.txt: trouvé !
C:\UsbFix.txt: trouvé !
C:\Qoobox: trouvé !
C:\UsbFix: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\Owner\Bureau\aide virus\ComboFix.exe: trouvé !
C:\Documents and Settings\Owner\Bureau\aide virus\hijackthis.log: trouvé !
C:\Documents and Settings\Owner\Bureau\aide virus\UsbFix.exe: trouvé !
C:\Documents and Settings\Owner\Bureau\aide virus\UsbFix.txt: trouvé !
C:\Documents and Settings\Owner\Menu Démarrer\Programmes\UsbFix: trouvé !
C:\Documents and Settings\Owner\Recent\HijackThis.lnk: trouvé !
C:\Documents and Settings\Owner\Recent\UsbFix.lnk: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !

---------------------------------
--> Suppression:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\Owner\Bureau\aide virus\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Documents and Settings\Owner\Recent\HijackThis.lnk: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\UsbFix.txt: supprimé !
C:\Documents and Settings\Owner\Bureau\aide virus\hijackthis.log: supprimé !
C:\Documents and Settings\Owner\Bureau\aide virus\UsbFix.exe: supprimé !
C:\Documents and Settings\Owner\Bureau\aide virus\UsbFix.txt: supprimé !
C:\Documents and Settings\Owner\Recent\UsbFix.lnk: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Qoobox: supprimé !
C:\UsbFix: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\Owner\Menu Démarrer\Programmes\UsbFix: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !


__________________________________________________________________________

Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2009-05-23 13:05:34
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 55 GB (37%) free of 148 GB
Total RAM: 447 MB (18% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:05:50, on 2009-05-23
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\S3trayp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Bureau\RSIT.exe
C:\Program Files\trend micro\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/yme/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/yme/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunKistEM] "C:\Program Files\Digital Media Reader\shwiconem.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [REGSHAVE] "C:\Program Files\REGSHAVE\REGSHAVE.EXE" /AUTORUN
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [CTCheck] "C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: ChkDisk.dll (User 'SYSTEM')
O4 - S-1-5-18 Startup: ChkDisk.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: ChkDisk.dll (User 'Default user')
O4 - .DEFAULT Startup: ChkDisk.lnk = ? (User 'Default user')
O4 - Startup: ChkDisk.dll
O4 - Startup: ChkDisk.lnk = ?
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gindychat.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://gindychat.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://caebmm.imgag.com/imgag/cp/install/crusher-cae.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe (file missing)
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Fichiers communs\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

et je suis guéri ;)

oh pour l'antivirus ... mcafee je crois ... ya plus qu'un

2009-05-23 ---- 13:33:08,33

----------------------------------
§§§§§§ [ChkDisk] §§§§§§
----------------------------------
[X] Registre

-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete


********************
[Registre]
********************

Aucune entrée détectée

*******************
[Fichier]
*******************

c:\Documents and Settings\Owner\Menu D‚marrer\Programmes\D‚marrage\ChkDisk.dll
c:\Documents and Settings\Owner\Menu D‚marrer\Programmes\D‚marrage\ChkDisk.lnk
c:\WINDOWS\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\ChkDisk.dll
c:\WINDOWS\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\ChkDisk.lnk


*********************
[Même date]
*********************

[2009-05-19 ] ---> C:\WINDOWS\system32\3930434656.dat
[2009-05-19 ] ---> C:\WINDOWS\system32\activedsx.dll
[2009-05-19 ] ---> C:\WINDOWS\system32\advapi32hk.dll
[2009-05-19 ] ---> C:\WINDOWS\system32\Agent.OMZ.Fixy.dll



Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------

je copie quoi au juste !!!

genre !

Fichier 3930434656.dat reçu le 2009.05.23 18:09:56 (UTC)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE


Résultat: 0/40 (0%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 1.
L'heure estimée de démarrage est entre 42 et 60 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:


Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.05.23 -
AhnLab-V3 5.0.0.2 2009.05.23 -
AntiVir 7.9.0.168 2009.05.23 -
Antiy-AVL 2.0.3.1 2009.05.22 -
Authentium 5.1.2.4 2009.05.22 -
Avast 4.8.1335.0 2009.05.23 -
AVG 8.5.0.339 2009.05.23 -
BitDefender 7.2 2009.05.23 -
CAT-QuickHeal 10.00 2009.05.23 -
ClamAV 0.94.1 2009.05.22 -
Comodo 1157 2009.05.08 -
DrWeb 5.0.0.12182 2009.05.23 -
eSafe 7.0.17.0 2009.05.21 -
eTrust-Vet 31.6.6519 2009.05.23 -
F-Prot 4.4.4.56 2009.05.22 -
F-Secure 8.0.14470.0 2009.05.23 -
Fortinet 3.117.0.0 2009.05.23 -
GData 19 2009.05.23 -
Ikarus T3.1.1.49.0 2009.05.23 -
K7AntiVirus 7.10.741 2009.05.21 -
Kaspersky 7.0.0.125 2009.05.23 -
McAfee 5624 2009.05.23 -
McAfee+Artemis 5624 2009.05.23 -
McAfee-GW-Edition 6.7.6 2009.05.23 -
Microsoft 1.4701 2009.05.23 -
NOD32 4098 2009.05.22 -
Norman 6.01.05 2009.05.22 -
nProtect 2009.1.8.0 2009.05.23 -
Panda 10.0.0.14 2009.05.23 -
PCTools 4.4.2.0 2009.05.21 -
Prevx 3.0 2009.05.23 -
Rising 21.30.52.00 2009.05.23 -
Sophos 4.42.0 2009.05.23 -
Sunbelt 3.2.1858.2 2009.05.23 -
Symantec 1.4.4.12 2009.05.23 -
TheHacker 6.3.4.3.331 2009.05.22 -
TrendMicro 8.950.0.1092 2009.05.23 -
VBA32 3.12.10.5 2009.05.23 -
ViRobot 2009.5.23.1749 2009.05.23 -
VirusBuster 4.6.5.0 2009.05.23 -
Information additionnelle
File size: 813 bytes
MD5...: 9c683f577561d8b8fdd0bdf6efef5773
SHA1..: 41ca1690361f19cb794f9baa0c7da220279d6be3
SHA256: 1fffc398036bf095e2f9c136af802ab4ada9d2499588b18bc42a236b18fc5c6c
SHA512: e4c7bcb66fd827e7cfc9356a6a373c2fcfc3445afed08a0353db92fa51c871e8
4a49ddb8fe2bea21a4030b82accb818fff5b52818596919f96b2e1ff35771d33
ssdeep: 24:j4gwCuc3nLtYsJFVyrVJVfsa0FV52FVF8CEaXZVHOjr:jKotlIrj7gLKv3XZ4
/

PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set

je fais quoi maintenant !!!!