Infection et messages VIRUS ALERT!

Bonsoir,
Merci pour ta réponse.
Comme tout a l'air de bien fonctionner maintenant, peux-tu me dire pourquoi tu souhaites que je continue avec un autre soft ?
Je te pose la question parce qu'aucun des liens suivants ne fonctionne :
* BleepingComputer.com (erreur 403 - Forbidden ??? il faut avoir créé un compte sur leur site ?)
* ForoSpyware.com (soft introuvable sur la page HTML)
* GeeksTogo.com (Forbidden You don't have permission to access /ComboFix.exe on this server. Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.)
J'ai que Firefox 3, pas IE, mais je ne pense pas que ça change grand chose...
Merci.

Oui, mais Malwarebytes' Anti-Malware l'a détecté et en principe corrigé, d'après le rapport, non ?
J'insiste car aucun des liens de téléchargement ne fonctionne.
En regardant d'autres posts, il semble que cet outil a été plusieurs fois retiré du téléchargement car infecté, obsolète temporairement, ou considéré trop délicat à utiliser.
Peux-tu m'en dire plus, et me dire où je peux le récupérer si ça te semble nécessaire ?
Encore merci.

Ben oui, j'ai fait la quarantine dans Malware.
C'est pas ce que je te demande, jusqu'à maintenant, j'ai fait ce que tu m'as dis...
J'ai cliqué sur ton lien de Combofix, ça marche pas : erreur 403 (page vide)
Je veux bien faire ce que tu me suggère, sauf que les liens que je t'ai indiqués ne marchent pas.
Liens trouvé sur la page http://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
<li><a href="http://download.bleepingcomputer.com/sUBs/ComboFix.exe" class="goodurl">BleepingComputer.com</a></li>
<li><a href="https://forospyware.com" rel="nofollow" class="goodurl">ForoSpyware.com</a></li>
<li><a href="http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/" rel="nofollow" class="goodurl">GeeksTogo.com</a></li>

Que voici : tu avais raison (une fois de plus), il y avait encore des fichiers nuisibles apparemment. Est-ce que c'est bon maintenant selon toi ?
Dans le Hijack This, les deux lignes suivantes m'étonnent un peu :
- O2 - BHO: (no name) - {A13C2361-1675-4227-9A8E-EDCC03D0C82E} - C:\WINDOWS\system32\mlJAtSjh.dll (file missing)
- O20 - AppInit_DLLs: uouaya.dll
Merci.

----------------------------------------------------------------------------------------------------------------------------------------------------------
SDFix
----------------------------------------------------------------------------------------------------------------------------------------------------------
[b]SDFix: Version 1.237 [/b]
Run by pascal on 23/10/2008 at 00:00

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

[b]Checking Files [/b]:

Trojan Files Found:

C:\Documents and Settings\pascal\Favoris\Malware Defender.url - Deleted
C:\Documents and Settings\pascal\Favoris\Protect Your Privacy.url - Deleted
C:\Documents and Settings\pascal\Favoris\System Error Fixer.url - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\pwrmgr.exe.bat - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\smchk.exe.bat - Deleted
C:\DOCUME~1\pascal\LOCALS~1\Temp\windfr.exe.bat - Deleted

Removing Temp Files

[b]ADS Check [/b]:
[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-23 00:04:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

[b]Remaining Services [/b]:

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Utils\\eMule\\emule.exe"="C:\\Utils\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Jeux\\STALKER\\bin\\XR_3DA.exe"="C:\\Jeux\\STALKER\\bin\\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)"
"C:\\Jeux\\STALKER\\bin\\dedicated\\XR_3DA.exe"="C:\\Jeux\\STALKER\\bin\\dedicated\\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[b]Remaining Files [/b]:

File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Mon 14 Apr 2008 93,184 A.SH. --- "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Sun 13 Apr 2008 1,695,232 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Utils\Spybot - Search & Destroy\SDHelper.dll"
Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Utils\Spybot - Search & Destroy\SDUpdate.exe"
Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Utils\Spybot - Search & Destroy\SpybotSD.exe"
Tue 16 Sep 2008 1,833,296 A.SHR --- "C:\Utils\Spybot - Search & Destroy\TeaTimer.exe"
Wed 22 Oct 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

[b]Finished![/b]

----------------------------------------------------------------------------------------------------------------------------------------------------------
Hijack This
----------------------------------------------------------------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:11, on 23/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Utils\SPAMfighter\sfus.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Utils\SPAMfighter\SFAgent.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\msiexec.exe
C:\Utils\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Utils\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {42AE1DA1-FF60-4435-A81F-9B6538F865A6} - (no file)
O2 - BHO: (no name) - {4acfdf28-c07c-4b2a-ab71-d6c3c90f3dcf} - (no file)
O2 - BHO: (no name) - {A13C2361-1675-4227-9A8E-EDCC03D0C82E} - C:\WINDOWS\system32\mlJAtSjh.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Utils\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini"
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Utils\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O20 - AppInit_DLLs: uouaya.dll
O20 - Winlogon Notify: awtqoLbc - C:\WINDOWS\
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Utils\SPAMfighter\sfus.exe

Voici le rapport...
Malwarebytes' Anti-Malware 1.29
Version de la base de données: 1304
Windows 5.1.2600 Service Pack 3

23/10/2008 01:35:38
mbam-log-2008-10-23 (01-35-38).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 146994
Temps écoulé: 28 minute(s), 18 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\System Volume Information\_restore{95B04B44-25D0-4118-AA11-E59DFE14CDFD}\RP45\A0003445.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{95B04B44-25D0-4118-AA11-E59DFE14CDFD}\RP45\A0003446.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{95B04B44-25D0-4118-AA11-E59DFE14CDFD}\RP45\A0003447.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{95B04B44-25D0-4118-AA11-E59DFE14CDFD}\RP45\A0003448.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Encore un log de CF cette fois-ci : c'est bon pour toi ?
Bonne nuit.
Merci encore de ton aide.

ComboFix 08-10-22.02 - pascal 2008-10-23 2:17:54.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.2486 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\pascal\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\hjStAJlm.ini
C:\WINDOWS\system32\hjStAJlm.ini2
C:\WINDOWS\system32\uonunece.ini

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-23 au 2008-10-23 ))))))))))))))))))))))))))))))))))))
.

2008-10-23 00:18 . 2008-10-23 00:18 <REP> d-------- C:\Documents and Settings\pascal\Application Data\Windows Search
2008-10-22 23:58 . 2008-10-22 23:59 <REP> d-------- C:\WINDOWS\ERUNT
2008-10-22 23:48 . 2008-10-23 00:09 <REP> d-------- C:\SDFix
2008-10-22 23:48 . 2008-10-22 23:48 1,554,567 --a------ C:\Temp\SDFix.exe
2008-10-22 23:37 . 2008-10-22 23:37 <REP> d-------- C:\Program Files\Windows Desktop Search
2008-10-22 23:37 . 2008-10-22 23:37 <REP> d-------- C:\Documents and Settings\pascal\Application Data\Windows Desktop Search
2008-10-22 23:36 . 2008-10-22 23:36 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-10-22 23:35 . 2008-10-22 23:35 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-10-22 23:35 . 2008-10-22 23:36 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-10-22 23:04 . 2008-10-22 23:16 918 --a------ C:\WINDOWS\CDPLAYER.INI
2008-10-22 04:07 . 2008-10-22 04:07 <REP> d-------- C:\Documents and Settings\pascal\Application Data\Malwarebytes
2008-10-22 04:07 . 2008-10-22 04:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-22 04:07 . 2008-10-22 04:07 2,351,120 --a------ C:\Temp\mbam-setup.exe
2008-10-22 04:07 . 2008-10-16 20:25 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-22 04:07 . 2008-10-16 20:25 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-22 04:00 . 2008-10-22 04:00 13,588 --a------ C:\WINDOWS\system32\wpa.bak
2008-10-22 03:10 . 2008-10-22 03:10 812,344 --a------ C:\Temp\HJTInstall.exe
2008-10-22 02:42 . 2008-10-22 02:42 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-10-22 02:19 . 2005-01-20 13:47 175,616 --a------ C:\WINDOWS\system32\strings.exe
2008-10-22 02:19 . 2006-03-02 23:42 73,728 --a------ C:\WINDOWS\system32\pv.exe
2008-10-22 02:19 . 2005-01-13 21:41 39,184 --a------ C:\WINDOWS\system32\Ntrights.exe
2008-10-22 02:19 . 2005-10-19 18:50 16,384 --a------ C:\WINDOWS\system32\restart.exe
2008-10-22 02:19 . 2005-01-13 21:41 11,254 --a------ C:\WINDOWS\system32\locate.com
2008-10-22 02:18 . 2008-10-22 02:18 <REP> d-------- C:\Temp\l2mfix
2008-10-22 02:18 . 2008-10-22 02:18 350,891 --a------ C:\Temp\l2mfix.exe
2008-10-22 02:05 . 2008-10-22 02:11 2,980 --a------ C:\WINDOWS\system32\tmp.reg
2008-10-22 02:04 . 2008-10-22 02:11 <REP> d-------- C:\Temp\SmitfraudFix
2008-10-22 02:03 . 2008-10-22 02:04 1,599,060 --a------ C:\Temp\SmitfraudFix.zip
2008-10-22 01:47 . 2008-10-22 01:47 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Softland
2008-10-22 01:47 . 2008-10-22 01:47 86 --a------ C:\WINDOWS\wininit.ini
2008-10-22 01:34 . 2008-10-22 01:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-22 01:32 . 2008-10-22 01:33 15,083,520 --a------ C:\Temp\spybotsd160.exe
2008-10-22 01:30 . 2008-10-23 02:21 13,588 --a------ C:\WINDOWS\system32\wpa.dbl
2008-10-22 00:50 . 2008-10-11 21:22 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-10-22 00:50 . 2008-10-11 21:22 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-10-22 00:50 . 2008-10-11 20:22 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-10-22 00:50 . 2008-10-11 21:22 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-10-22 00:50 . 2008-10-11 21:22 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-10-22 00:50 . 2008-10-11 21:22 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-10-22 00:50 . 2008-10-11 21:22 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-10-22 00:50 . 2008-10-22 00:50 <REP> d-------- C:\Documents and Settings\Administrateur
2008-10-21 22:17 . 2008-10-22 00:41 <REP> d-------- C:\Program Files\Fichiers communs\DVDVideoSoft
2008-10-21 22:17 . 2002-01-05 15:37 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2008-10-19 21:43 . 2008-10-19 21:43 <REP> d-------- C:\Documents and Settings\pascal\Application Data\dvdcss
2008-10-19 21:41 . 2008-05-06 08:01 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2008-10-19 21:41 . 2008-05-06 08:01 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2008-10-19 16:07 . 2008-10-21 21:42 <REP> d-------- C:\Documents and Settings\pascal\Application Data\Canon
2008-10-18 14:58 . 2008-10-08 13:43 20,120 --a------ C:\WINDOWS\system32\dopdfmn6.dll
2008-10-18 14:58 . 2008-10-08 13:43 18,072 --a------ C:\WINDOWS\system32\dopdfmi6.dll
2008-10-18 14:58 . 2008-09-08 12:44 7,481 --a------ C:\WINDOWS\system32\dopdf6.ctm
2008-10-16 22:21 . 2008-10-16 22:21 <REP> d-------- C:\Program Files\Windows Resource Kits
2008-10-16 21:41 . 2008-10-16 21:50 <REP> d-------- C:\Documents and Settings\pascal\dwhelper
2008-10-16 21:32 . 2008-10-16 21:32 0 --a------ C:\WINDOWS\nsreg.dat
2008-10-16 21:04 . 2008-10-16 21:04 <REP> d--h----- C:\BJPrinter
2008-10-16 21:03 . 2004-08-16 22:00 116,736 --a------ C:\WINDOWS\system32\CNMLM6z.DLL
2008-10-16 21:03 . 2008-04-13 11:45 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-10-16 21:03 . 2008-04-13 11:45 32,128 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-10-16 21:03 . 2008-04-13 11:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-10-16 21:03 . 2008-04-13 11:47 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-10-16 21:03 . 2008-04-13 11:45 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-10-16 21:03 . 2008-04-13 11:45 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-10-16 21:03 . 2004-08-16 22:00 7,680 --a------ C:\WINDOWS\system32\CNMVS6z.DLL
2008-10-16 21:02 . 2008-10-16 21:02 <REP> d-------- C:\Program Files\NewSoft
2008-10-16 21:02 . 2008-10-16 21:02 <REP> d-------- C:\Documents and Settings\pascal\WINDOWS
2008-10-16 21:02 . 2008-10-16 21:02 <REP> d-------- C:\Documents and Settings\pascal\Application Data\NewSoft
2008-10-16 21:01 . 2008-10-16 21:01 <REP> d-------- C:\Program Files\ScanSoft
2008-10-16 21:01 . 2008-10-16 21:01 <REP> d-------- C:\Program Files\Fichiers communs\ScanSoft Shared
2008-10-16 21:01 . 2008-10-16 21:01 <REP> d-------- C:\Documents and Settings\pascal\Application Data\ScanSoft
2008-10-16 21:01 . 2008-10-16 21:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SSScanWizard
2008-10-16 21:01 . 2008-10-16 21:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
2008-10-16 21:01 . 2008-10-16 21:01 532 --a------ C:\WINDOWS\MAXLINK.INI
2008-10-16 20:59 . 2008-10-16 20:59 <REP> d-------- C:\WINDOWS\StartHtmico
2008-10-16 20:59 . 2008-10-16 20:59 <REP> d-------- C:\WINDOWS\MP780,750
2008-10-16 01:14 . 2008-10-16 01:18 <REP> d-------- C:\Program Files\Windows Live Safety Center
2008-10-16 00:51 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-10-16 00:51 . 2008-10-19 11:20 385 --a------ C:\WINDOWS\ODBC.INI
2008-10-16 00:50 . 2008-10-16 00:51 <REP> d-------- C:\WINDOWS\SHELLNEW
2008-10-16 00:50 . 2008-10-16 00:50 <REP> d-------- C:\Program Files\Microsoft.NET
2008-10-16 00:50 . 2008-10-16 00:50 <REP> d-------- C:\Program Files\Microsoft Works
2008-10-16 00:36 . 2008-10-16 00:36 <REP> d-------- C:\Program Files\Microsoft Référence
2008-10-16 00:36 . 2008-10-16 00:36 1,409 --a------ C:\WINDOWS\system\BSSYM5.FOT
2008-10-16 00:36 . 2008-10-16 00:36 1,409 --a------ C:\WINDOWS\system\BSSYM4.FOT
2008-10-16 00:36 . 2008-10-16 00:36 1,409 --a------ C:\WINDOWS\system\BSSYM3.FOT
2008-10-16 00:36 . 2008-10-16 00:36 1,409 --a------ C:\WINDOWS\system\BSSYM2.FOT
2008-10-16 00:36 . 2008-10-16 00:36 1,409 --a------ C:\WINDOWS\system\BSSYM1.FOT
2008-10-15 20:51 . 2008-08-14 15:23 2,191,232 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-15 20:51 . 2008-08-14 15:23 2,147,328 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-15 20:51 . 2008-08-14 15:23 2,068,096 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-15 20:51 . 2008-08-14 15:23 2,025,984 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-14 23:33 . 2008-10-14 23:33 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-10-14 22:40 . 2008-10-21 21:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-10-12 23:26 . 2008-10-21 22:26 116 --a------ C:\WINDOWS\NeroDigital.ini
2008-10-12 22:48 . 2008-10-12 22:49 <REP> d-------- C:\Documents and Settings\sophie\Application Data\SPAMfighter
2008-10-12 22:48 . 2008-10-12 22:48 <REP> d-------- C:\Documents and Settings\sophie\Application Data\ATI
2008-10-12 22:31 . 2008-10-12 22:31 <REP> d-------- C:\Program Files\Fichiers communs\Application
2008-10-12 22:31 . 2008-10-12 22:31 <REP> d-------- C:\Documents and Settings\pascal\Application Data\SPAMfighter
2008-10-12 22:06 . 2008-10-12 22:06 <REP> d-------- C:\WINDOWS\FLV Player
2008-10-12 22:06 . 2008-10-12 22:06 266,293 --a------ C:\WINDOWS\system32\temp.000
2008-10-12 22:06 . 2008-10-12 22:06 40,960 --a------ C:\WINDOWS\system32\LView Pro Photo Screen Saver.scr
2008-10-12 22:03 . 2008-10-12 22:02 724,992 --a------ C:\WINDOWS\iun6002.exe
2008-10-12 22:00 . 2008-10-12 22:00 <REP> d-------- C:\Program Files\Fichiers communs\Nero
2008-10-12 22:00 . 2008-10-12 22:00 <REP> d-------- C:\Program Files\Fichiers communs\LightScribe
2008-10-12 21:59 . 2008-10-12 21:59 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
2008-10-12 21:59 . 2008-10-12 21:59 <REP> d-------- C:\Program Files\Ahead
2008-10-12 21:59 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-10-12 21:59 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-10-12 21:59 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-10-12 21:59 . 2004-07-09 09:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2008-10-12 21:59 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-10-12 21:59 . 2006-01-12 16:40 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-10-12 21:59 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-10-12 21:57 . 2008-10-12 21:59 1,570,816 --a------ C:\Documents and Settings\pascal\Application Data\tsdnwin.dll
2008-10-12 21:56 . 2008-10-12 21:56 <REP> d-------- C:\Program Files\SAMSUNG
2008-10-12 21:30 . 2008-10-12 21:30 <REP> d-------- C:\Program Files\Multimedia Card Reader
2008-10-12 14:38 . 2008-10-12 14:38 <REP> d-------- C:\Program Files\MSXML 4.0
2008-10-12 14:27 . 2008-06-14 19:33 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-10-12 14:27 . 2008-06-14 19:33 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-10-12 14:23 . 2008-10-12 14:23 <REP> d---s---- C:\Documents and Settings\pascal\UserData
2008-10-12 14:23 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-10-12 14:23 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-10-12 14:23 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-10-12 14:23 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-10-12 14:23 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-12 14:22 . 2007-09-27 10:47 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-10-12 12:25 . 2008-10-12 12:25 <REP> d-------- C:\Program Files\Network Associates

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-16 19:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-12 09:25 155,995 ----a-w C:\WINDOWS\java\Packages\ISHJDRZ5.ZIP
2008-10-11 20:23 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-10-11 19:42 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-10-11 19:42 --------- d-----w C:\Program Files\Realtek
2008-10-11 18:25 --------- d-----w C:\Program Files\microsoft frontpage
2008-10-11 18:23 --------- d-----w C:\Program Files\Services en ligne
2008-09-15 15:26 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-20 05:10 670,208 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 13:23 2,147,328 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:23 2,025,984 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2004-08-06 135168]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SPAMfighter Agent"="C:\Utils\SPAMfighter\SFAgent.exe" [2008-09-22 324232]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 94208]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"OPSE reminder"="C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" [2003-07-07 729088]
"Network Associates Error Reporting Service"="C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe" [2003-10-07 147514]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 155648]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 139320]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=uouaya.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Utils\\eMule\\emule.exe"=
"C:\\Jeux\\STALKER\\bin\\XR_3DA.exe"=
"C:\\Jeux\\STALKER\\bin\\dedicated\\XR_3DA.exe"=

R2 SPAMfighter Update Service;SPAMfighter Update Service;C:\Utils\SPAMfighter\sfus.exe [2008-09-22 184968]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-05-21 93696]
R3 SunkFilt62;Alcor Micro Corp - 6362;C:\WINDOWS\System32\Drivers\sunkfilt62.sys [2004-07-23 46536]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 SunkFilt6;Alcor Micro Corp - 6360;C:\WINDOWS\System32\Drivers\sunkfilt6.sys [ ]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\setup.exe
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{42AE1DA1-FF60-4435-A81F-9B6538F865A6} - (no file)
BHO-{4acfdf28-c07c-4b2a-ab71-d6c3c90f3dcf} - (no file)
BHO-{A13C2361-1675-4227-9A8E-EDCC03D0C82E} - C:\WINDOWS\system32\mlJAtSjh.dll
ShellExecuteHooks-{42AE1DA1-FF60-4435-A81F-9B6538F865A6} - (no file)
Notify-awtqoLbc - (no file)


.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\pascal\Application Data\Mozilla\Firefox\Profiles\rgnqbypv.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://video.mytaratata.com/
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-23 02:21:11
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\searchindexer.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\searchprotocolhost.exe
C:\WINDOWS\system32\searchfilterhost.exe
.
**************************************************************************
.
Heure de fin: 2008-10-23 2:22:48 - La machine a redémarré [pascal]
ComboFix-quarantined-files.txt 2008-10-23 00:22:45

Avant-CF: 175,098,458,112 octets libres
Après-CF: 175,087,730,688 octets libres

240 --- E O F --- 2008-10-15 19:08:47

Le voici.
Qu'en penses-tu ?

Désolé, le copier-coller a foiré. Le voici :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:14, on 23/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Utils\SPAMfighter\SFAgent.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Utils\SPAMfighter\sfus.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\explorer.exe
C:\Utils\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Utils\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {42AE1DA1-FF60-4435-A81F-9B6538F865A6} - (no file)
O2 - BHO: (no name) - {4acfdf28-c07c-4b2a-ab71-d6c3c90f3dcf} - (no file)
O2 - BHO: (no name) - {A13C2361-1675-4227-9A8E-EDCC03D0C82E} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Utils\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini"
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Utils\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O20 - AppInit_DLLs: uouaya.dll
O20 - Winlogon Notify: awtqoLbc - C:\WINDOWS\
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Utils\SPAMfighter\sfus.exe

VICTOIRE !!!!!!!!!!!!!
Cette fois, c'est bon. Pour moi, l'incident est clos, grâce à ton aide experte.
Mille mercis à toi.
Bonne soirée.

Malwarebytes' Anti-Malware 1.29
Version de la base de données: 1304
Windows 5.1.2600 Service Pack 3

23/10/2008 22:47:52
mbam-log-2008-10-23 (22-47-52).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 146197
Temps écoulé: 26 minute(s), 55 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Salut,
Comme tu voudras, le voici.
Je quitte, et je pars en vacances, j'espère qu'il n'y a plus de manips à faire.
Merci à toi.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:27, on 24/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Utils\SPAMfighter\sfus.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Utils\SPAMfighter\SFAgent.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\msiexec.exe
C:\Utils\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
C:\Utils\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {42AE1DA1-FF60-4435-A81F-9B6538F865A6} - (no file)
O2 - BHO: (no name) - {4acfdf28-c07c-4b2a-ab71-d6c3c90f3dcf} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Utils\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {A13C2361-1675-4227-9A8E-EDCC03D0C82E} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Utils\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini"
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Utils\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Utils\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Utils\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O20 - AppInit_DLLs: uouaya.dll
O20 - Winlogon Notify: awtqoLbc - C:\WINDOWS\
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Utils\SPAMfighter\sfus.exe

Salut,
J'ai répondu ci-dessous.
Merci !

Voici le rapport.
A priori, plus de soucis sur ma machine après redémarrage.
Un grand merci à toi donc pour ton aide !!!

Malwarebytes' Anti-Malware 1.29
Version de la base de données: 1304
Windows 5.1.2600 Service Pack 3

22/10/2008 08:13:43
mbam-log-2008-10-22 (08-13-43).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 147279
Temps écoulé: 2 hour(s), 44 minute(s), 49 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 15
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 7
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 16

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42ae1da1-ff60-4435-a81f-9b6538f865a6} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtqolbc (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{42ae1da1-ff60-4435-a81f-9b6538f865a6} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4acfdf28-c07c-4b2a-ab71-d6c3c90f3dcf} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4acfdf28-c07c-4b2a-ab71-d6c3c90f3dcf} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\lospn (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\lsksaq.bho (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bkqxdons.blkb (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bkqxdons.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\TotalSecure2009 (Rogue.TotalSecure) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2 Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\awtqoLbc.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uouaya.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Local Settings\Temporary Internet Files\Content.IE5\8SZSH9NL\CAYRA7M1 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Local Settings\Temporary Internet Files\Content.IE5\9U23G0QU\file[1].exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Local Settings\Temporary Internet Files\Content.IE5\EQ17X0OP\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Local Settings\Temporary Internet Files\Content.IE5\WA1V9B9M\nd82m0[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1078081533-963894560-682003330-500\Dc2.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1078081533-963894560-682003330-500\Dc3.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1078081533-963894560-682003330-500\Dc5.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{95B04B44-25D0-4118-AA11-E59DFE14CDFD}\RP45\A0002285.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{95B04B44-25D0-4118-AA11-E59DFE14CDFD}\RP45\A0002286.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{95B04B44-25D0-4118-AA11-E59DFE14CDFD}\RP45\A0002295.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{95B04B44-25D0-4118-AA11-E59DFE14CDFD}\RP45\A0003351.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\WINDOWS\emfw.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Application Data\TmpRecentIcons\Total Secure 2009.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\pascal\Local Settings\Temp\pwrmgr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.