Win32:vundo@dll[trj] aidez moi svp

bonjour a tous petit soucis actuellement avec le virus win32:vundo@dll[trj] j'ai donc fais un scan avec GenProc qui m'a donné comme rapport:

apport GenProc 1.968 [1] effectué le 04/06/2008 à 0:21:49,19 - Windows XP

Dans CCleaner, clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Par la suite, laisse-le avec ses réglages par défaut. C'est tout.

# Etape 1/ Télécharge :

- VundoFix.exe (Atribune) http://www.atribune.org/ccount/click.php?id=4 sur ton Bureau

- combofix.exe (sUBs) http://download.bleepingcomputer.com/sUBs/ComboFix.exe sur ton Bureau

- MSNFix.zip (!aur3n7) http://sosvirus.changelog.fr/MSNFix.zip et décompresse-le sur le Bureau.

***** Copie la suite de la procédure dans un fichier texte et redémarre en mode sans échec comme indiqué ici https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/ (choisis ta session courante "Laëtitia") *****

# Etape 2/

* Double-clique VundoFix.exe afin de le lancer, puis clique sur le bouton "Scan for Vundo". Lorsque le scan est complété, clique sur le bouton "Fix Vundo", une invite te demandera si tu veux supprimer les fichiers, clique YES : le Bureau disparaîtra un moment lors de la suppression des fichiers. Tu verras une invite qui t'annonce que ton PC va redémarrer : clique OK
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo

* Double clique combofix.exe. Tape sur la touche Y (Yes) pour démarrer le scan ; lorsque le scan sera complété, un rapport apparaîtra.

# Etape 3/

Lance le fichier MSNFix.bat qui se trouve dans le dossier MSNfix, sur le bureau.
- Exécute l'option R.
- Si l'infection est détectée, exécute l'option N.
- Sauvegarde ce rapport sur ton bureau.

# Etape 4/

Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.

# Etape 5/

Redémarre normalement et poste, dans la même réponse :
- Un nouveau rapport HijackThis, toutes fenêtres et applications fermées http://www.trendsecure.com/portal/en-US/threat_analytics/HiJackThis.exe ;
- Le contenu du rapport situé dans D:\vundofix.txt ;
- Le contenu du rapport situé dans D:\Combofix.txt ;
- Le contenu du rapport MSNfix situé sur le Bureau ;

Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.

J'ai donc executé VundoFix : qui n'a rien trouvé
puis combofix dont voici le rapport:

ComboFix 08-06-01.6 - Laëtitia 2008-06-04 1:15:17.3 - NTFSx86 MINIMAL
Endroit: D:\Documents and Settings\Laëtitia\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\WINDOWS\system32\awtrPhIb.dll
D:\WINDOWS\system32\bIhPrtwa.ini
D:\WINDOWS\system32\bIhPrtwa.ini2
.
---- Previous Run -------
.
D:\WINDOWS\system32\lUxGNqru.ini
D:\WINDOWS\system32\lUxGNqru.ini2
D:\WINDOWS\system32\mcrh.tmp
D:\WINDOWS\system32\pmnkJccy.dll
D:\WINDOWS\system32\urqNGxUl.dll
D:\WINDOWS\system32\yccJknmp.ini
D:\WINDOWS\system32\yccJknmp.ini2

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-03 to 2008-06-03 ))))))))))))))))))))))))))))))))))))
.

2008-05-31 11:02 . 2008-05-31 11:03 <REP> d-------- D:\Program Files\OpenOffice.org 2.4
2008-05-30 20:06 . 2008-05-30 20:06 244 --ah----- D:\sqmnoopt08.sqm
2008-05-30 20:06 . 2008-05-30 20:06 232 --ah----- D:\sqmdata08.sqm
2008-05-30 20:05 . 2008-05-30 20:05 244 --ah----- D:\sqmnoopt07.sqm
2008-05-30 20:05 . 2008-05-30 20:05 232 --ah----- D:\sqmdata07.sqm
2008-05-26 21:39 . 2008-05-26 21:39 <REP> d-------- D:\Program Files\Malwarebytes' Anti-Malware
2008-05-26 21:39 . 2008-05-26 21:39 <REP> d-------- D:\Documents and Settings\olivier\Application Data\Malwarebytes
2008-05-26 21:39 . 2008-05-26 21:39 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-26 21:39 . 2008-05-05 20:46 27,048 --a------ D:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-26 21:39 . 2008-05-05 20:46 15,864 --a------ D:\WINDOWS\system32\drivers\mbam.sys
2008-05-26 20:51 . 2008-05-26 20:51 <REP> d-------- D:\WINDOWS\system32\xircom
2008-05-26 20:51 . 2008-05-26 20:51 <REP> d-------- D:\WINDOWS\system32\oobe
2008-05-26 20:51 . 2008-05-26 20:51 <REP> d-------- D:\Program Files\microsoft frontpage
2008-05-26 20:01 . 2008-05-26 20:01 <REP> d-------- D:\VundoFix Backups
2008-05-26 19:54 . 2008-05-26 19:54 <REP> d-------- D:\Documents and Settings\olivier\report
2008-05-26 19:43 . 2008-05-26 19:43 <REP> d-------- D:\Documents and Settings\Documents and Settings
2008-05-26 19:28 . 2008-05-26 19:28 62,714,140 --a------ D:\Sauv.reg
2008-05-26 18:59 . 2008-05-26 18:59 <REP> d-------- D:\WINDOWS\system32\Kaspersky Lab
2008-05-26 16:54 . 2008-05-26 16:54 <REP> d-------- D:\Documents and Settings\olivier\olivier
2008-05-24 14:51 . 2008-05-24 14:51 <REP> d-------- D:\La‰titia
2008-05-23 21:35 . 2008-05-24 12:51 <REP> d-------- D:\WINDOWS\report
2008-05-23 21:35 . 2008-05-23 20:48 36,152,225 --a------ D:\WINDOWS\LPT$VPN.295
2008-05-23 20:48 . 2008-05-23 20:48 <REP> d-------- D:\WINDOWS\AU_Backup
2008-05-23 20:48 . 2008-05-23 20:48 1,954,681 --a------ D:\WINDOWS\tsc.ptn
2008-05-23 20:48 . 2008-05-23 20:48 1,213,784 --a------ D:\WINDOWS\vsapi32.dll
2008-05-23 20:48 . 2008-05-23 20:48 333,576 --a------ D:\WINDOWS\TSC.exe
2008-05-23 20:48 . 2008-05-23 20:48 91,744 --a------ D:\WINDOWS\BPMNT.dll
2008-05-23 20:48 . 2008-05-23 20:48 71,749 --a------ D:\WINDOWS\hcextoutput.dll
2008-05-23 20:48 . 2008-05-24 13:56 823 --a------ D:\WINDOWS\tsc.ini
2008-05-23 20:47 . 2008-05-23 20:48 36,152,225 --a------ D:\WINDOWS\VPTNFILE.295
2008-05-23 20:46 . 2008-05-23 20:48 <REP> d-------- D:\WINDOWS\AU_Temp
2008-05-23 20:46 . 2008-05-23 20:46 <REP> d-------- D:\WINDOWS\AU_Log
2008-05-23 20:46 . 2008-05-23 20:46 507,904 --a------ D:\WINDOWS\TMUPDATE.DLL
2008-05-23 20:46 . 2008-05-23 20:46 286,720 --a------ D:\WINDOWS\PATCH.EXE
2008-05-23 20:46 . 2008-05-23 20:46 69,689 --a------ D:\WINDOWS\UNZIP.DLL
2008-05-23 20:46 . 2008-05-23 20:46 170 --a------ D:\WINDOWS\GetServer.ini
2008-05-23 19:54 . 2008-05-23 19:54 <REP> d-------- D:\Documents and Settings\olivier\Application Data\report
2008-05-23 09:14 . 2008-05-23 09:14 <REP> d-------- D:\Documents and Settings\olivier\SmartShopper
2008-05-23 09:14 . 2008-05-23 09:14 <REP> d-------- D:\cs
2008-05-23 09:03 . 2008-05-23 09:03 <REP> d-------- D:\olivier
2008-05-23 09:03 . 2008-05-23 09:03 <REP> d-------- D:\Documents and Settings\olivier\Application Data\olivier
2008-05-23 08:53 . 2008-05-23 08:53 <REP> d-------- D:\Documents and Settings\olivier\Documents and Settings
2008-05-23 08:53 . 2008-05-23 08:53 <REP> d-------- D:\Documents and Settings\olivier\Application Data\cs
2008-05-23 08:53 . 2008-05-23 08:53 <REP> d-------- D:\Documents and Settings\olivier\Application Data\Application Data
2008-05-22 13:29 . 2008-05-22 13:29 <REP> d-------- D:\SmartShopper
2008-05-22 13:29 . 2008-05-22 13:29 <REP> d-------- D:\Documents and Settings\Application Data
2008-05-22 11:12 . 2008-05-22 11:13 <REP> d-------- D:\Program Files\Spybot - Search & Destroy
2008-05-22 11:12 . 2008-05-22 12:47 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-22 11:02 . 2008-05-22 11:02 <REP> d-------- D:\Documents and Settings\SmartShopper
2008-05-22 11:01 . 2008-05-22 11:01 <REP> d-------- D:\Documents and Settings\olivier\Application Data\Documents and Settings
2008-05-22 10:58 . 2008-05-22 10:58 <REP> d-------- D:\Documents and Settings\olivier\cs
2008-05-22 10:58 . 2008-05-22 10:58 <REP> d-------- D:\Application Data
2008-05-22 06:32 . 2008-05-22 06:32 <REP> d-------- D:\Documents and Settings\cs
2008-05-22 06:25 . 2008-05-22 06:25 <REP> d-------- D:\report
2008-05-22 06:25 . 2008-05-22 06:25 <REP> d-------- D:\Documents and Settings\report
2008-05-22 00:19 . 2008-05-22 00:19 29,312 --------- D:\WINDOWS\system32\fccdeCSK.dll
2008-05-22 00:18 . 2008-05-21 17:43 94,208 --a------ D:\WINDOWS\elsq.exe
2008-05-18 23:58 . 2008-05-18 23:58 <REP> d-------- D:\Program Files\Wondershare
2008-05-18 23:58 . 2007-12-13 18:28 5,504 --a------ D:\WINDOWS\system32\drivers\StarOpen.sys
2008-05-18 23:50 . 2008-05-18 23:50 <REP> d-------- D:\Program Files\Acoolsoft
2008-05-18 12:48 . 2008-05-18 12:48 <REP> d-------- D:\Program Files\Nuclear Coffee
2008-05-15 17:16 . 2008-05-15 17:16 <REP> d-------- D:\Program Files\SmartShopper
2008-05-15 17:16 . 2008-05-23 09:24 <REP> d-------- D:\Documents and Settings\olivier\Application Data\SmartShopper
2008-05-10 18:35 . 2008-05-10 18:35 <REP> d--h----- D:\WINDOWS\PIF
2008-05-07 23:42 . 2008-05-07 23:42 <REP> d-------- D:\Program Files\Inventel
2008-05-07 23:42 . 2008-05-07 23:42 278,528 --a------ D:\Program Files\Fichiers communs\FDEUnInstaller.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-03 22:37 --------- d-----w D:\Program Files\LogMeIn
2008-05-31 16:28 --------- d-----w D:\Program Files\eMule
2008-05-31 09:01 --------- d-----w D:\Program Files\Java
2008-05-25 18:13 --------- d-----w D:\Program Files\K-Lite Codec Pack
2008-05-25 18:04 --------- d-----w D:\Program Files\CCleaner
2008-04-29 14:04 --------- d-----w D:\Program Files\Cuisine Astuce
2008-04-25 08:29 --------- d-----w D:\Documents and Settings\olivier\Application Data\Autodesk
2008-04-25 08:29 --------- d-----w D:\Documents and Settings\All Users\Application Data\Autodesk
2008-04-21 07:09 --------- d-----w D:\Program Files\Fichiers communs\Autodesk Shared
2008-04-21 07:09 --------- d-----w D:\Program Files\AutoCAD 2008
2008-04-21 07:03 --------- d-----w D:\Program Files\Fichiers communs\InstallShield
2008-04-21 07:02 --------- d-----w D:\Program Files\Autodesk
2008-04-20 18:07 --------- d-----w D:\Program Files\ReaConverter 5.0 Pro
2008-04-11 19:58 --------- d-----w D:\Documents and Settings\olivier\Application Data\RCP 5
2008-04-07 10:03 3,026 ----a-w D:\WINDOWS\system32\drivers\hwinterface.sys
2008-04-07 09:59 8,480 ----a-w D:\WINDOWS\system32\drivers\ddnt.sys
2008-04-06 12:18 --------- d-----w D:\Documents and Settings\olivier\Application Data\ACD Systems
2008-04-06 12:11 --------- d-----w D:\Documents and Settings\olivier\Application Data\Corel
2007-08-09 12:08 8,784 ----a-w D:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-08-09 12:10 245,408 ----a-w D:\Program Files\mozilla firefox\plugins\unicows.dll
.

------- Sigcheck -------

2007-12-18 04:04 507904 fb66744d525ea5df9a719f1db9b2dff4 D:\WINDOWS\system32\winlogon.exe

2007-12-18 04:04 182656 bc84c4f67d0e880b0c46dc0ce2b8cbaa D:\WINDOWS\system32\drivers\ndis.sys

2007-12-18 04:04 2479872 37cf5612cd0b972a6a9e5a1ec4219e47 D:\WINDOWS\system32\ntkrnlpa.exe

2007-12-18 04:04 2347392 c23532a465a0b2ea4fc35b494bff5524 D:\WINDOWS\system32\ntoskrnl.exe

2007-12-18 04:04 1789952 addc47dfd517f2143d71e9310e414b50 D:\WINDOWS\explorer.exe

2007-12-18 04:04 25088 43836cffabac8d6779e8ee55e308df2c D:\WINDOWS\system32\ctfmon.exe
.
((((((((((((((((((((((((((((( snapshot@2008-05-26_21.12.53.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-31 09:03:47 12,288 ----a-w D:\WINDOWS\assembly\GAC\cli_basetypes\1.0.9.0__ce2cb7e279207b9e\cli_basetypes.dll
+ 2008-05-31 09:03:47 32,256 ----a-w D:\WINDOWS\assembly\GAC\cli_cppuhelper\1.0.12.0__ce2cb7e279207b9e\cli_cppuhelper.dll
+ 2008-05-31 09:03:48 847,872 ----a-w D:\WINDOWS\assembly\GAC\cli_types\1.1.12.0__ce2cb7e279207b9e\cli_types.dll
+ 2008-05-31 09:03:48 8,192 ----a-w D:\WINDOWS\assembly\GAC\cli_ure\1.0.12.0__ce2cb7e279207b9e\cli_ure.dll
+ 2008-05-31 09:03:07 3,072 ----a-w D:\WINDOWS\assembly\GAC\policy.1.0.cli_basetypes\9.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_basetypes.dll
+ 2008-05-31 09:03:07 3,072 ----a-w D:\WINDOWS\assembly\GAC\policy.1.0.cli_cppuhelper\12.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_cppuhelper.dll
+ 2008-05-31 09:03:07 3,072 ----a-w D:\WINDOWS\assembly\GAC\policy.1.0.cli_ure\12.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_ure.dll
+ 2008-05-31 09:03:58 3,072 ----a-w D:\WINDOWS\assembly\GAC\policy.1.1.cli_types\12.0.0.0__ce2cb7e279207b9e\policy.1.1.cli_types.dll
- 2008-05-26 18:51:56 2,048 --s-a-w D:\WINDOWS\bootstat.dat
+ 2008-06-03 23:28:02 2,048 --s-a-w D:\WINDOWS\bootstat.dat
+ 2008-05-31 09:06:58 2,363,392 ----a-r D:\WINDOWS\Installer\{1E0FF527-971B-4BBF-83D1-987E8DEE437D}\soffice.exe
- 2008-04-22 09:56:01 892,664 ----a-w D:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-06-02 12:14:38 910,176 ----a-w D:\WINDOWS\system32\FNTCACHE.DAT
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{09A78B33-C7F6-465D-9CCA-98D5B98B78CB}]
2008-05-22 00:19 29312 --------- D:\WINDOWS\system32\fccdeCSK.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2BA1C226-EC1B-4471-A65F-D0688AC6EE3A}]
2008-02-05 19:20 1173024 --a------ D:\Program Files\SmartShopper\Bin\2.5.0\SmrtShpr.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="D:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2007-12-18 04:04 25088]
"Sidebar"="D:\Program Files\Windows Sidebar\sidebar.exe" [2007-01-10 22:59 1235456]
"ccleaner"="D:\Program Files\CCleaner\CCleaner.exe" [2008-04-23 18:19 1189104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 D:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="D:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"ISUSPM Startup"="D:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856]
"ISUSScheduler"="D:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]
"Corel Photo Downloader"="D:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-02 18:59 106496]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"EPSON Stylus CX3600 Series"="D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe" [2004-03-04 04:00 98304]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"LogMeIn GUI"="D:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 16:09 63048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="D:\WINDOWS\system32\sti_ci.dll" [2007-12-18 04:04 678912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="D:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="cmd.exe" [2007-12-18 04:04 403968 D:\WINDOWS\system32\cmd.exe]
"tscuninstall"="D:\WINDOWS\system32\tscupgrd.exe" [2007-12-18 04:04 44544]
"nltide3"="cmd.exe" [2007-12-18 04:04 403968 D:\WINDOWS\system32\cmd.exe]
"nltide_2"="regsvr32 /s /n /i:U shell32" []
"nltide_3"="advpack.dll" [2007-12-07 03:42 124928 D:\WINDOWS\system32\advpack.dll]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 1 (0x1)
"NoSMHelp"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 1 (0x1)
"NoSMHelp"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{09A78B33-C7F6-465D-9CCA-98D5B98B78CB}"= D:\WINDOWS\system32\fccdeCSK.dll [2008-05-22 00:19 29312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccdeCSK]
fccdeCSK.dll 2008-05-22 00:19 29312 D:\WINDOWS\system32\fccdeCSK.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-11-15 19:46 87352 D:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"D:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"D:\\Program Files\\eMule\\emule.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56927:TCP"= 56927:TCP:Pando P2P TCP Listening Port
"56927:UDP"= 56927:UDP:Pando P2P UDP Listening Port

R0 Si3112;Si3112;D:\WINDOWS\system32\drivers\Si3112.sys [2007-12-18 04:04]
R0 Si3124;Si3124;D:\WINDOWS\system32\drivers\Si3124.sys [2007-12-18 04:04]
R0 Si3132r5;Si3132r5;D:\WINDOWS\system32\drivers\Si3132r5.sys [2007-12-18 04:04]
R0 Si3531;Si3531;D:\WINDOWS\system32\drivers\Si3531.sys [2007-12-18 04:04]
R0 videX32;videX32;D:\WINDOWS\system32\DRIVERS\videX32.sys [2004-08-28 15:00]
R3 usbstor;Pilote de stockage de masse USB;D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-12-29 01:58]
S1 aswSP;avast! Self Protection;D:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
S1 hwinterface;hwinterface;D:\WINDOWS\system32\Drivers\hwinterface.sys [2008-04-07 12:03]
S2 aswFsBlk;aswFsBlk;D:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
S2 ddnt;ddnt;D:\WINDOWS\system32\drivers\ddnt.sys [2008-04-07 11:59]
S2 LMIInfo;LogMeIn Kernel Information Provider;D:\Program Files\LogMeIn\x86\RaInfo.sys [2007-08-03 16:09]
S2 LMIRfsDriver;LogMeIn Remote File System Driver;D:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-08-03 16:09]
S2 SOFTLOK;SOFTLOK;D:\WINDOWS\system32\drivers\SOFTLOK.sys [2000-03-06 14:18]
S3 MBAMCatchMe;MBAMCatchMe;D:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-05 20:46]
S3 rcp_service;ReaConverter scheduler service;D:\Program Files\ReaConverter 5.0 Pro\rcp_scheduler.exe [2007-10-15 17:11]
S3 usbscan;Pilote de scanneur USB;D:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-06-03 23:31:50 D:\WINDOWS\Tasks\MP Scheduled Scan.job"
- D:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-04 01:29:20
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: D:\WINDOWS\system32\winlogon.exe
-> D:\WINDOWS\system32\fccdeCSK.dll
.
------------------------ Other Running Processes ------------------------
.
D:\Program Files\Windows Defender\MsMpEng.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-04 1:35:13 - machine was rebooted [La‰titia]
ComboFix-quarantined-files.txt 2008-06-03 23:35:07
ComboFix2.txt 2008-05-26 19:13:31

Pre-Run: 57,614,888,960 octets libres
Post-Run: 57,603,788,800 octets libres

246 --- E O F --- 2008-05-10 04:40:54

puis MSNfix qui n'a rien trouvé.
puis CCleaner.

et me voici a l'étape 5
le rapport de HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:05:14, on 04/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20733)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Windows Defender\MsMpEng.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\LogMeIn\x86\RaMaint.exe
D:\WINDOWS\system32\RunDll32.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
D:\Program Files\LogMeIn\x86\LogMeIn.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\Program Files\LogMeIn\x86\LogMeInSystray.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\OpenOffice.org 2.4\program\soffice.exe
D:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Documents and Settings\Laëtitia\Bureau\Sanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {09A78B33-C7F6-465D-9CCA-98D5B98B78CB} - D:\WINDOWS\system32\fccdeCSK.dll
O2 - BHO: SmartShopper - {2BA1C226-EC1B-4471-A65F-D0688AC6EE3A} - D:\Program Files\SmartShopper\Bin\2.5.0\SmrtShpr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: (no name) - {AE7C2D7A-58B4-4DDD-904F-E089A9514E0F} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] "D:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "D:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Corel Photo Downloader] D:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "D:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE D:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sidebar] D:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ccleaner] "D:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = D:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - D:\Program Files\SmartShopper\Bin\2.5.0\SmrtShpr.dll
O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - D:\Program Files\SmartShopper\Bin\2.5.0\SmrtShpr.dll
O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - D:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - D:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - Winlogon Notify: fccdeCSK - D:\WINDOWS\SYSTEM32\fccdeCSK.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - D:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - D:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - D:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - D:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ReaConverter scheduler service (rcp_service) - ReaSoft - D:\Program Files\ReaConverter 5.0 Pro\rcp_scheduler.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - D:\Program Files\Windows Live\installer\WLSetupSvc.exe