Virtumonde , Malware.trace

Bonsoir
Désolé de ne pas avoir pu te remercier d'abord et effectuer ce que tu m'as conseillé. Mais c'est fait et voici le rapport :


ComboFix 08-07-05.1 - ROSELINE GUENO 2008-07-06 17:50:50.1 - NTFSx86
Endroit: C:\Documents and Settings\ROSELINE GUENO\Mes documents\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\system32\aHkQXyay.ini
C:\WINDOWS\system32\aHkQXyay.ini2
C:\WINDOWS\system32\EKTDeMoq.ini
C:\WINDOWS\system32\EKTDeMoq.ini2
C:\WINDOWS\system32\fukgqnvg.ini
C:\WINDOWS\system32\MabryObj.dll
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\QYbdcccf.ini
C:\WINDOWS\system32\QYbdcccf.ini2
C:\WINDOWS\system32\tcafjxxo.ini
C:\WINDOWS\system32\zlib.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-06 to 2008-07-06 ))))))))))))))))))))))))))))))))))))
.

2008-07-06 17:31 . 2008-07-06 17:42 3,284 --a------ C:\WINDOWS\system32\ANIWZCS{F417B992-35A1-4149-AA17-A0A3B5BEA691}
2008-07-06 17:28 . 2008-07-06 17:42 15 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME{F417B992-35A1-4149-AA17-A0A3B5BEA691}
2008-07-06 17:27 . 2008-07-06 17:27 <REP> d-------- C:\Program Files\ANI
2008-07-06 17:26 . 2008-07-06 17:26 <REP> d-------- C:\Program Files\D-Link
2008-07-06 17:26 . 2008-07-06 17:26 <REP> d-------- C:\Documents and Settings\ROSELINE GUENO\Application Data\InstallShield
2008-07-06 01:55 . 2008-07-06 01:55 <REP> d-------- C:\Documents and Settings\ROSELINE GUENO\Application Data\EPSON
2008-07-06 01:54 . 2008-07-06 01:54 <REP> d-------- C:\Program Files\Fichiers communs\BitDefender
2008-07-06 01:17 . 2008-07-06 01:17 <REP> d-------- C:\WINDOWS\system32\ActiveScan
2008-07-06 01:17 . 2008-07-06 01:35 <REP> d-------- C:\Program Files\Enigma Software Group
2008-07-03 17:57 . 2008-07-03 17:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\UDL
2008-07-03 17:46 . 2008-07-06 01:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\EPSON
2008-07-03 17:45 . 2006-12-08 04:04 76,800 --a------ C:\WINDOWS\system32\E_FLBCAE.DLL
2008-07-03 17:45 . 2006-04-19 04:00 62,976 --a------ C:\WINDOWS\system32\E_FD4BCAE.DLL
2008-07-03 17:45 . 2004-09-10 22:12 49,152 --a------ C:\WINDOWS\system32\E_DCINST.DLL
2008-07-03 17:21 . 2008-07-06 01:33 <REP> d-------- C:\Program Files\epson
2008-07-03 17:21 . 2006-12-28 00:00 208,896 --a------ C:\WINDOWS\system32\esint7e.dll
2008-07-03 17:21 . 2006-12-28 00:00 66,560 --a------ C:\WINDOWS\system32\eswia7e.dll
2008-07-03 17:21 . 2006-03-10 00:00 3,584 --a------ C:\WINDOWS\system32\eswiaml.dll
2008-07-03 17:20 . 2008-07-03 17:20 27 --a------ C:\WINDOWS\CDE DX4400DEFGIPS.ini
2008-06-30 21:40 . 2008-06-30 21:40 3,284 --a------ C:\WINDOWS\system32\ANIWZCS{A6101D9F-0E4F-4622-B89F-04FD8BD59B20}
2008-06-30 21:37 . 2008-07-05 14:46 15 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME{A6101D9F-0E4F-4622-B89F-04FD8BD59B20}
2008-06-29 02:03 . 2008-07-06 17:54 121 --a------ C:\WINDOWS\bdagent.INI
2008-06-29 01:23 . 2008-06-29 01:23 <REP> d-------- C:\Documents and Settings\ROSELINE GUENO\Application Data\Bitdefender
2008-06-29 01:22 . 2008-06-29 01:22 <REP> d-------- C:\Program Files\BitDefender
2008-06-29 01:22 . 2008-06-29 01:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-06-25 00:31 . 2008-06-25 00:31 250 --a------ C:\WINDOWS\gmer.ini
2008-06-16 15:38 . 2008-07-06 01:54 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-16 15:38 . 2008-06-16 15:38 <REP> d-------- C:\Documents and Settings\ROSELINE GUENO\Application Data\Malwarebytes
2008-06-16 15:38 . 2008-06-16 15:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-16 15:38 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-16 15:38 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-15 22:27 . 2008-06-16 15:26 109,842 --a------ C:\WINDOWS\BMa7aaf44a.xml
2008-06-15 02:27 . 2008-07-04 00:24 269 --a------ C:\WINDOWS\wininit.ini
2008-06-15 01:05 . 2008-07-06 01:17 <REP> d-------- C:\WINDOWS\system32\RI
2008-06-15 01:05 . 2008-07-06 01:53 <REP> d-------- C:\WINDOWS\system32\cPT
2008-06-15 01:04 . 2008-06-15 03:20 <REP> d-------- C:\WINDOWS\system32\oprt
2008-06-15 01:04 . 2008-06-15 01:04 <REP> d-------- C:\temp\itmp4
2008-06-08 23:22 . 2008-06-12 22:02 <REP> d-------- C:\Program Files\a-squared Anti-Malware

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-06 15:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-05 23:55 --------- d-----w C:\Program Files\Canon
2008-07-05 23:55 --------- d-----w C:\Documents and Settings\ROSELINE GUENO\Application Data\uTorrent
2008-07-03 16:04 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-06-16 13:33 --------- d-----w C:\Program Files\eMule
2008-06-16 11:43 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 23:36 --------- d-----w C:\Program Files\CCleaner
2008-06-02 22:23 --------- d-----w C:\Program Files\Pando Networks
2008-05-17 22:18 --------- d-----w C:\Program Files\uTorrent
2008-05-14 18:02 --------- d-----w C:\Program Files\Neuf
2008-05-14 17:58 --------- d-----w C:\Program Files\MSN Messenger
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2006-09-09 13:30 278,528 -c--a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55 5674352]
"Pando"="C:\Program Files\Pando Networks\Pando\pando.exe" [2008-05-28 18:50 6210888]
"EPSON Stylus DX4400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 08:01 180736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-07-01 22:42 6731312]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00 49152]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-12-14 19:19 221184]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-12-14 19:51 217088]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-12-14 19:57 458752]
"EM_EXEC"="C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-01-28 09:43 35328]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 15:46 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-06-29 01:26 368640]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 11:49 49152]
"D-Link D-Link Wireless N DWA-140"="C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe" [2007-03-14 18:29 1388544]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm

[HKLM\~\startupfolder\C:^Documents and Settings^ROSELINE GUENO^Menu Démarrer^Programmes^Démarrage^Personal Player.lnk]
path=C:\Documents and Settings\ROSELINE GUENO\Menu Démarrer\Programmes\Démarrage\Personal Player.lnk
backup=C:\WINDOWS\pss\Personal Player.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\APPS\\ActivSurf\\4448364\\Program\\backWeb-4448364.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Pando Networks\\Pando\\pando.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4672:UDP"= 4672:UDP:emule
"6346:TCP"= 6346:TCP:*:Disabled:Shareaza
"6346:UDP"= 6346:UDP:*:Disabled:Shareaza
"6881:TCP"= 6881:TCP:*:Disabled:Tipiak
"6881:UDP"= 6881:UDP:*:Disabled:Tipiak
"4661:TCP"= 4661:TCP:emule
"4672:TCP"= 4672:TCP:emule
"4661:UDP"= 4661:UDP:emule
"57069:TCP"= 57069:TCP:pando
"57069:UDP"= 57069:UDP:pando
"56065:TCP"= 56065:TCP:pando
"56065:UDP"= 56065:UDP:pando
"61869:TCP"= 61869:TCP:µtorrent
"61869:UDP"= 61869:UDP:µtorrent
"17736:TCP"= 17736:TCP:µtorrent
"17736:UDP"= 17736:UDP:µtorrent
"57464:TCP"= 57464:TCP:Pando P2P TCP Listening Port
"57464:UDP"= 57464:UDP:Pando P2P UDP Listening Port

R0 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2001-08-17 21:52]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2001-12-20 09:02]
R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys [2002-06-07 12:38]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\rt2870.sys [2007-03-13 12:35]
S3 V90drv;v90drv;C:\WINDOWS\system32\DRIVERS\v90drv.sys [2001-11-29 16:09]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

*Newly Created Service* - ANIWZCSDSERVICE
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-07-06 15:48:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"


1000 mercis pour ton aide.
Gunostash

Bonsoir
Désolé de ne pas avoir pu te remercier d'abord et effectuer ce que tu m'as conseillé. Mais c'est fait et voici le rapport :


ComboFix 08-07-05.1 - ROSELINE GUENO 2008-07-06 17:50:50.1 - NTFSx86
Endroit: C:\Documents and Settings\ROSELINE GUENO\Mes documents\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\system32\aHkQXyay.ini
C:\WINDOWS\system32\aHkQXyay.ini2
C:\WINDOWS\system32\EKTDeMoq.ini
C:\WINDOWS\system32\EKTDeMoq.ini2
C:\WINDOWS\system32\fukgqnvg.ini
C:\WINDOWS\system32\MabryObj.dll
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\QYbdcccf.ini
C:\WINDOWS\system32\QYbdcccf.ini2
C:\WINDOWS\system32\tcafjxxo.ini
C:\WINDOWS\system32\zlib.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-06 to 2008-07-06 ))))))))))))))))))))))))))))))))))))
.

2008-07-06 17:31 . 2008-07-06 17:42 3,284 --a------ C:\WINDOWS\system32\ANIWZCS{F417B992-35A1-4149-AA17-A0A3B5BEA691}
2008-07-06 17:28 . 2008-07-06 17:42 15 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME{F417B992-35A1-4149-AA17-A0A3B5BEA691}
2008-07-06 17:27 . 2008-07-06 17:27 <REP> d-------- C:\Program Files\ANI
2008-07-06 17:26 . 2008-07-06 17:26 <REP> d-------- C:\Program Files\D-Link
2008-07-06 17:26 . 2008-07-06 17:26 <REP> d-------- C:\Documents and Settings\ROSELINE GUENO\Application Data\InstallShield
2008-07-06 01:55 . 2008-07-06 01:55 <REP> d-------- C:\Documents and Settings\ROSELINE GUENO\Application Data\EPSON
2008-07-06 01:54 . 2008-07-06 01:54 <REP> d-------- C:\Program Files\Fichiers communs\BitDefender
2008-07-06 01:17 . 2008-07-06 01:17 <REP> d-------- C:\WINDOWS\system32\ActiveScan
2008-07-06 01:17 . 2008-07-06 01:35 <REP> d-------- C:\Program Files\Enigma Software Group
2008-07-03 17:57 . 2008-07-03 17:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\UDL
2008-07-03 17:46 . 2008-07-06 01:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\EPSON
2008-07-03 17:45 . 2006-12-08 04:04 76,800 --a------ C:\WINDOWS\system32\E_FLBCAE.DLL
2008-07-03 17:45 . 2006-04-19 04:00 62,976 --a------ C:\WINDOWS\system32\E_FD4BCAE.DLL
2008-07-03 17:45 . 2004-09-10 22:12 49,152 --a------ C:\WINDOWS\system32\E_DCINST.DLL
2008-07-03 17:21 . 2008-07-06 01:33 <REP> d-------- C:\Program Files\epson
2008-07-03 17:21 . 2006-12-28 00:00 208,896 --a------ C:\WINDOWS\system32\esint7e.dll
2008-07-03 17:21 . 2006-12-28 00:00 66,560 --a------ C:\WINDOWS\system32\eswia7e.dll
2008-07-03 17:21 . 2006-03-10 00:00 3,584 --a------ C:\WINDOWS\system32\eswiaml.dll
2008-07-03 17:20 . 2008-07-03 17:20 27 --a------ C:\WINDOWS\CDE DX4400DEFGIPS.ini
2008-06-30 21:40 . 2008-06-30 21:40 3,284 --a------ C:\WINDOWS\system32\ANIWZCS{A6101D9F-0E4F-4622-B89F-04FD8BD59B20}
2008-06-30 21:37 . 2008-07-05 14:46 15 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME{A6101D9F-0E4F-4622-B89F-04FD8BD59B20}
2008-06-29 02:03 . 2008-07-06 17:54 121 --a------ C:\WINDOWS\bdagent.INI
2008-06-29 01:23 . 2008-06-29 01:23 <REP> d-------- C:\Documents and Settings\ROSELINE GUENO\Application Data\Bitdefender
2008-06-29 01:22 . 2008-06-29 01:22 <REP> d-------- C:\Program Files\BitDefender
2008-06-29 01:22 . 2008-06-29 01:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-06-25 00:31 . 2008-06-25 00:31 250 --a------ C:\WINDOWS\gmer.ini
2008-06-16 15:38 . 2008-07-06 01:54 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-16 15:38 . 2008-06-16 15:38 <REP> d-------- C:\Documents and Settings\ROSELINE GUENO\Application Data\Malwarebytes
2008-06-16 15:38 . 2008-06-16 15:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-16 15:38 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-16 15:38 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-15 22:27 . 2008-06-16 15:26 109,842 --a------ C:\WINDOWS\BMa7aaf44a.xml
2008-06-15 02:27 . 2008-07-04 00:24 269 --a------ C:\WINDOWS\wininit.ini
2008-06-15 01:05 . 2008-07-06 01:17 <REP> d-------- C:\WINDOWS\system32\RI
2008-06-15 01:05 . 2008-07-06 01:53 <REP> d-------- C:\WINDOWS\system32\cPT
2008-06-15 01:04 . 2008-06-15 03:20 <REP> d-------- C:\WINDOWS\system32\oprt
2008-06-15 01:04 . 2008-06-15 01:04 <REP> d-------- C:\temp\itmp4
2008-06-08 23:22 . 2008-06-12 22:02 <REP> d-------- C:\Program Files\a-squared Anti-Malware

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-06 15:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-05 23:55 --------- d-----w C:\Program Files\Canon
2008-07-05 23:55 --------- d-----w C:\Documents and Settings\ROSELINE GUENO\Application Data\uTorrent
2008-07-03 16:04 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-06-16 13:33 --------- d-----w C:\Program Files\eMule
2008-06-16 11:43 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 23:36 --------- d-----w C:\Program Files\CCleaner
2008-06-02 22:23 --------- d-----w C:\Program Files\Pando Networks
2008-05-17 22:18 --------- d-----w C:\Program Files\uTorrent
2008-05-14 18:02 --------- d-----w C:\Program Files\Neuf
2008-05-14 17:58 --------- d-----w C:\Program Files\MSN Messenger
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2006-09-09 13:30 278,528 -c--a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55 5674352]
"Pando"="C:\Program Files\Pando Networks\Pando\pando.exe" [2008-05-28 18:50 6210888]
"EPSON Stylus DX4400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 08:01 180736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-07-01 22:42 6731312]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00 49152]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-12-14 19:19 221184]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-12-14 19:51 217088]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-12-14 19:57 458752]
"EM_EXEC"="C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-01-28 09:43 35328]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 15:46 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-06-29 01:26 368640]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 11:49 49152]
"D-Link D-Link Wireless N DWA-140"="C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe" [2007-03-14 18:29 1388544]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm

[HKLM\~\startupfolder\C:^Documents and Settings^ROSELINE GUENO^Menu Démarrer^Programmes^Démarrage^Personal Player.lnk]
path=C:\Documents and Settings\ROSELINE GUENO\Menu Démarrer\Programmes\Démarrage\Personal Player.lnk
backup=C:\WINDOWS\pss\Personal Player.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\APPS\\ActivSurf\\4448364\\Program\\backWeb-4448364.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Pando Networks\\Pando\\pando.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4672:UDP"= 4672:UDP:emule
"6346:TCP"= 6346:TCP:*:Disabled:Shareaza
"6346:UDP"= 6346:UDP:*:Disabled:Shareaza
"6881:TCP"= 6881:TCP:*:Disabled:Tipiak
"6881:UDP"= 6881:UDP:*:Disabled:Tipiak
"4661:TCP"= 4661:TCP:emule
"4672:TCP"= 4672:TCP:emule
"4661:UDP"= 4661:UDP:emule
"57069:TCP"= 57069:TCP:pando
"57069:UDP"= 57069:UDP:pando
"56065:TCP"= 56065:TCP:pando
"56065:UDP"= 56065:UDP:pando
"61869:TCP"= 61869:TCP:µtorrent
"61869:UDP"= 61869:UDP:µtorrent
"17736:TCP"= 17736:TCP:µtorrent
"17736:UDP"= 17736:UDP:µtorrent
"57464:TCP"= 57464:TCP:Pando P2P TCP Listening Port
"57464:UDP"= 57464:UDP:Pando P2P UDP Listening Port

R0 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2001-08-17 21:52]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2001-12-20 09:02]
R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys [2002-06-07 12:38]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\rt2870.sys [2007-03-13 12:35]
S3 V90drv;v90drv;C:\WINDOWS\system32\DRIVERS\v90drv.sys [2001-11-29 16:09]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

*Newly Created Service* - ANIWZCSDSERVICE
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-07-06 15:48:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"


1000 mercis pour ton aide.
Gunostash

Malwarebytes' Anti-Malware 1.19
Version de la base de données: 927
Windows 5.1.2600 Service Pack 2

21:19:40 2008-07-06
mbam-log-7-6-2008 (21-19-40).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 96963
Temps écoulé: 45 minute(s), 58 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Voici le rapport, ça veut dire que tout est OK ?

Bonjour
Pour le glisser déposer, faut-il mettre le cfscript.txt-Bloc-notes dans le ComboFix.txt-Bloc-notes ,peux-tu me détailler ?
Merci

Le rapport du scan doit être uploadé sur Mediafire, comment faire ? Faut-il ouvrir ton lien avant ?

Bonjour
Je t'envoie le rapport.
Merci



ComboFix 08-07-05.1 - 2008-07-08 17:26:20.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.55 [GMT 2:00]Endroit: C:\Documents and Settings\Mes documents\ComboFix.exe
Command switches used :: C:\Documents and Settings\Bureau\cfscript.txt
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\temp\itmp4
C:\temp\itmp4\mkbv4i.log
C:\WINDOWS\system32\cPT
C:\WINDOWS\system32\oprt
C:\WINDOWS\system32\RI
.
---- Previous Run -------
.
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\system32\aHkQXyay.ini
C:\WINDOWS\system32\aHkQXyay.ini2
C:\WINDOWS\system32\EKTDeMoq.ini
C:\WINDOWS\system32\EKTDeMoq.ini2
C:\WINDOWS\system32\fukgqnvg.ini
C:\WINDOWS\system32\MabryObj.dll
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\QYbdcccf.ini
C:\WINDOWS\system32\QYbdcccf.ini2
C:\WINDOWS\system32\tcafjxxo.ini
C:\WINDOWS\system32\zlib.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2008-06-08 to 2008-07-08 ))))))))))))))))))))))))))))))))))))
.

2008-07-06 17:31 . 2008-07-08 12:55 3,284 --a------ C:\WINDOWS\system32\ANIWZCS{F417B992-35A1-4149-AA17-A0A3B5BEA691}
2008-07-06 17:28 . 2008-07-08 12:55 15 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME{F417B992-35A1-4149-AA17-A0A3B5BEA691}
2008-07-06 17:27 . 2008-07-06 17:27 <REP> d-------- C:\Program Files\ANI
2008-07-06 17:26 . 2008-07-06 17:26 <REP> d-------- C:\Program Files\D-Link
2008-07-06 17:26 . 2008-07-06 17:26 <REP> d-------- C:\Documents and Settings\ROSELINE GUENO\Application Data\InstallShield
2008-07-06 01:55 . 2008-07-06 01:55 <REP> d-------- C:\Documents and Settings\ROSELINE GUENO\Application Data\EPSON
2008-07-06 01:54 . 2008-07-06 01:54 <REP> d-------- C:\Program Files\Fichiers communs\BitDefender
2008-07-06 01:17 . 2008-07-06 01:17 <REP> d-------- C:\WINDOWS\system32\ActiveScan
2008-07-06 01:17 . 2008-07-07 10:38 <REP> d-------- C:\Program Files\Enigma Software Group
2008-07-03 17:57 . 2008-07-03 17:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\UDL
2008-07-03 17:46 . 2008-07-06 01:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\EPSON
2008-07-03 17:45 . 2006-12-08 04:04 76,800 --a------ C:\WINDOWS\system32\E_FLBCAE.DLL
2008-07-03 17:45 . 2006-04-19 04:00 62,976 --a------ C:\WINDOWS\system32\E_FD4BCAE.DLL
2008-07-03 17:45 . 2004-09-10 22:12 49,152 --a------ C:\WINDOWS\system32\E_DCINST.DLL
2008-07-03 17:21 . 2008-07-06 01:33 <REP> d-------- C:\Program Files\epson
2008-07-03 17:21 . 2006-12-28 00:00 208,896 --a------ C:\WINDOWS\system32\esint7e.dll
2008-07-03 17:21 . 2006-12-28 00:00 66,560 --a------ C:\WINDOWS\system32\eswia7e.dll
2008-07-03 17:21 . 2006-03-10 00:00 3,584 --a------ C:\WINDOWS\system32\eswiaml.dll
2008-07-03 17:20 . 2008-07-03 17:20 27 --a------ C:\WINDOWS\CDE DX4400DEFGIPS.ini
2008-06-30 21:40 . 2008-06-30 21:40 3,284 --a------ C:\WINDOWS\system32\ANIWZCS{A6101D9F-0E4F-4622-B89F-04FD8BD59B20}
2008-06-30 21:37 . 2008-07-05 14:46 15 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME{A6101D9F-0E4F-4622-B89F-04FD8BD59B20}
2008-06-29 02:03 . 2008-07-06 18:15 121 --a------ C:\WINDOWS\bdagent.INI
2008-06-29 01:23 . 2008-06-29 01:23 <REP> d-------- C:\Documents and Settings\ROSELINE GUENO\Application Data\Bitdefender
2008-06-29 01:22 . 2008-06-29 01:22 <REP> d-------- C:\Program Files\BitDefender
2008-06-29 01:22 . 2008-06-29 01:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-06-25 00:31 . 2008-06-25 00:31 250 --a------ C:\WINDOWS\gmer.ini
2008-06-16 15:38 . 2008-07-06 01:54 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-16 15:38 . 2008-06-16 15:38 <REP> d-------- C:\Documents and Settings\ROSELINE GUENO\Application Data\Malwarebytes
2008-06-16 15:38 . 2008-06-16 15:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-16 15:38 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-16 15:38 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-15 22:27 . 2008-06-16 15:26 109,842 --a------ C:\WINDOWS\BMa7aaf44a.xml
2008-06-15 02:27 . 2008-07-04 00:24 269 --a------ C:\WINDOWS\wininit.ini
2008-06-08 23:22 . 2008-06-12 22:02 <REP> d-------- C:\Program Files\a-squared Anti-Malware

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-08 10:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-07 22:21 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-07 19:28 --------- d-----w C:\Documents and Settings\ROSELINE GUENO\Application Data\uTorrent
2008-07-06 15:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-05 23:55 --------- d-----w C:\Program Files\Canon
2008-07-03 16:04 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-06-16 13:33 --------- d-----w C:\Program Files\eMule
2008-06-16 11:43 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-06-16 10:53 2,864 ----a-w C:\WINDOWS\system32\winsock.dll
2008-06-16 10:53 2,864 ----a-w C:\WINDOWS\system32\dllcache\winsock.dll
2008-06-14 17:59 272,768 ----a-w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 23:36 --------- d-----w C:\Program Files\CCleaner
2008-06-02 22:23 --------- d-----w C:\Program Files\Pando Networks
2008-05-17 22:18 --------- d-----w C:\Program Files\uTorrent
2008-05-14 18:02 --------- d-----w C:\Program Files\Neuf
2008-05-14 17:58 --------- d-----w C:\Program Files\MSN Messenger
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:15 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-23 20:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:41 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:41 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2006-09-09 13:30 278,528 -c--a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
.

((((((((((((((((((((((((((((( snapshot@2008-07-06_18.07.11.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-06 15:55:01 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-08 10:52:16 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-01-17 15:34:01 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
+ 2008-01-17 16:34:01 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
+ 2008-07-08 10:52:31 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5c4.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"Pando"="C:\Program Files\Pando Networks\Pando\pando.exe" [2008-05-28 18:50 6210888]
"EPSON Stylus DX4400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 08:01 180736]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00 49152]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-12-14 19:19 221184]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-12-14 19:51 217088]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-12-14 19:57 458752]
"EM_EXEC"="C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-01-28 09:43 35328]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 11:49 49152]
"D-Link D-Link Wireless N DWA-140"="C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe" [2007-03-14 18:29 1388544]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm

[HKLM\~\startupfolder\C:^Documents and Settings^ROSELINE GUENO^Menu Démarrer^Programmes^Démarrage^Personal Player.lnk]
path=C:\Documents and Settings\ROSELINE GUENO\Menu Démarrer\Programmes\Démarrage\Personal Player.lnk
backup=C:\WINDOWS\pss\Personal Player.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\APPS\\ActivSurf\\4448364\\Program\\backWeb-4448364.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Pando Networks\\Pando\\pando.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4672:UDP"= 4672:UDP:emule
"6346:TCP"= 6346:TCP:*:Disabled:Shareaza
"6346:UDP"= 6346:UDP:*:Disabled:Shareaza
"6881:TCP"= 6881:TCP:*:Disabled:Tipiak
"6881:UDP"= 6881:UDP:*:Disabled:Tipiak
"4661:TCP"= 4661:TCP:emule
"4672:TCP"= 4672:TCP:emule
"4661:UDP"= 4661:UDP:emule
"57069:TCP"= 57069:TCP:pando
"57069:UDP"= 57069:UDP:pando
"56065:TCP"= 56065:TCP:pando
"56065:UDP"= 56065:UDP:pando
"61869:TCP"= 61869:TCP:µtorrent
"61869:UDP"= 61869:UDP:µtorrent
"17736:TCP"= 17736:TCP:µtorrent
"17736:UDP"= 17736:UDP:µtorrent
"57464:TCP"= 57464:TCP:Pando P2P TCP Listening Port
"57464:UDP"= 57464:UDP:Pando P2P UDP Listening Port

R0 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2001-08-17 21:52]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2001-12-20 09:02]
R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys [2002-06-07 12:38]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\rt2870.sys [2007-03-13 12:35]
S3 V90drv;v90drv;C:\WINDOWS\system32\DRIVERS\v90drv.sys [2001-11-29 16:09]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-07-08 14:48:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-08 17:29:12
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-07-08 17:33:05
ComboFix-quarantined-files.txt 2008-07-08 15:32:59

Pre-Run: 67,115,782,144 octets libres
Post-Run: 67,107,921,920 octets libres

191 --- E O F --- 2008-06-21 23:13:25

Pour les résidus de Bitdefender et Ccleaner, c'est fait. J'ai supprimé ma vieille version Hijackthis et merci pour la tienne ! Voici le rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:45:31, on 08/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\ROSELINE GUENO\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless N DWA-140] C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\pando.exe" /Minimized
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SEF.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Dominoes - http://download2.games.yahoo.com/games/clients/y/dot9_x.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2) - http://javadl-esd.sun.com/update/1.4.2/jinstall-1_4_2-windows-i586.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe (file missing)
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe

Impossible de t'envoyer le rapport OTMovelt2 ,pourtant j'ai essayé plusieurs fois. Mais Bitdefender (30j gratos) a été installé après l'infection de Virtumonde, Vundo et Malware.trace.Et désinstallé car il ne résolvait pas le problème.
Je t'envoie le rapport Hijackthis quand même...
J'apprécie ton aide, même pour quelqu'un comme moi qui demande tant d'explications .

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:32:05, on 08/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\ROSELINE GUENO\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless N DWA-140] C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\pando.exe" /Minimized
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SEF.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Dominoes - http://download2.games.yahoo.com/games/clients/y/dot9_x.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2) - http://javadl-esd.sun.com/update/1.4.2/jinstall-1_4_2-windows-i586.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe (file missing)
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe (file missing)

J'ai fait ce que tu m'as dit, mais je ne trouve rien à envoyer...Ou alors je n'ai pas encore tout compris.
Désolé de te prendre autant de temps ,c'est très sympa de ta part.
Mais je peux déjà te dire que Virtumonde etc ne me gênent plus.

Bonsoir
Grâce à tes indications j'ai trouvé les rapports OTmovelt que je t'envoie:


C:\Program Files\Fichiers communs\BitDefender\Setup Information\{4A56DAB1-2680-4B8A-AD84-77EECFB94D7B} moved successfully.
C:\Program Files\Fichiers communs\BitDefender\Setup Information moved successfully.
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator moved successfully.
C:\Program Files\Fichiers communs\BitDefender moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07082008_224907


Folder C:\Program Files\Fichiers communs\BitDefender\ not found.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07082008_225419


File/Folder not found.
Folder C:\Program Files\Fichiers communs\BitDefender\ not found.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07082008_231302



File/Folder not found.
File/Folder not found.
Folder C:\Program Files\Fichiers communs\BitDefender\ not found.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07082008_231939



Faut-il t'envoyer un autre rapport Hijackthis ?
Et dois-je garder sur mon pc les fichiers et les rapports qui ont servi à cette désinfection?
MERCI