mon pc est infecté

Question

Bonsoir,tous le monde,puis-je avoir de l'aide venant de votre part, mon pc est infecté par des trojans depuis hier
.J'avais fait un scan avec avast,ensuite un bitdefender en ligne,et secuser.com.

Rien n'y fait à part qu'il détecte des virus et les supprime ,mais ilreste toujours ce maudit virus
De plus j'ai fait un scan spybot ,il adétecté et supprimé certains spyware
Et rebelote rebelote

Les symptômes pubs disant votre pc est infecté par un trojan downloader,pub base de registre endommagée etc

Actuellement je tente un kapersky en évaluation, et il me dit que certains fichiers infectés, ne peuvent pas êtres supprimés, protégés par un mot de passe, c'est la première fois que je vois un virus impossible à enlever par mot de passes ou alors c moi qui me trompe ça arien avoir avec les fichiers infectes

ici mon rapport HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:56:13, on 04/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20733)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users.WINDOWS\Application Data\sxubuzob\whqvknwd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ilezktwb.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32
etdde.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrateur.4CDEA9EC3B764F8\Bureau\HiJackThis.exe
C:\WINDOWS\system32\ilezktwb.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = https://support.microsoft.com/en-US/topic/internet-explorer-downloads-d49e1f0d-571c-9a7b-d97e-be248806ca70
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: ::1 localhost
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [taivqioq] C:\WINDOWS\system32\ilezktwb.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [vfilnqbr] C:\WINDOWS\system32\fgxcxqbq.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKLM\..\Policies\Explorer\Run: [ia6bH01sW5] C:\Documents and Settings\All Users.WINDOWS\Application Data\sxubuzob\whqvknwd.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans	scuinst.vbs" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32	scupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans	scuinst.vbs" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans	scuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans	scuinst.vbs" (User 'Default user')
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Statistiques d?nti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: CachemanXP (CachemanXPService) - Outertech - C:\Program Files\CachemanXP\CachemanXP.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

o6cobra · Answer

je sais pas si sa va t aider mais plutot que d essayer de supprimer met les en 40éne toujours avec avast

shadow-san · Answer

avec avast ,il arrive pas à scanner certains secteurs,c'est la première fois qu'il fait pas son boulot

theyellow29 · Answer

salut

essai de supprimer ce fichier surement en mode sans echec

C:\Documents and Settings\All Users.WINDOWS\Application Data\sxubuzob\whqvknwd.exe

shadow-san · Answer

ok je vais essayer mais je laisse finir  kapersky
merci bcp.:)

ludsfa · Answer

bonjour,

 
Télécharge SDFix (d’Andy Manchesta) http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
 
Enregistre le sur ton le bureau.
 
Lance le.
Fais install afin qu’il puisse s’extraire.  
 
Redémarre en mode sans échec  
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
 
Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\  
Double clique sur RunThis.bat .  (L’extension bat peut ne pas apparaître)  
Appuie sur Y pour le lancer.
 
Il te sera demandé d'appuyer sur une touche pour redemarrer , fais le
Il est probable que le redémarrage soit un peu plus long que d’habitude.
Une fois l’apparition de ton Bureau, il affichera Finished
 
Appuie sur une touche.
 
Un rapport est généré , poste le dans ta réponse.
Il se trouve également. dans le dossier  SDFix  >Repor

shadow-san · Answer

Merci pour vos réponses rapides^^,que fait sdfix deplus que hijackthis

ludsfa · Answer

hijackthis est là pour voir les failles qui se cache sur ton pc .
Et sdfix le désinfecte.

shadow-san · Answer

ok merci ça rendre pas en conflits avec d'autres antivirus,j'imagine
sinon tu me l'aurais doiss-je désinstaller mon antivirus?

ludsfa · Answer

ne désinstalle pas ton antivirus. "jamais"

tu demandes de l'aide ou pas ?????

shadow-san · Answer

ok juste c'était juste un question,
parce que a ma connaissance on peut pas mettre deux antivirus sur un même pc,
donc sdfix n'est pas un antivirus,c'est juste un désinfecteur de fichiers
désolé si je me suis mal exprimé

ludsfa · Answer

http://mickael.barroux.free.fr/securite/sdfix.php

voici le lien sdfix
la confiance régne.

il faut pas poster un hijackthis si tu refuse de te faire aider.

shadow-san · Answer

qui t'as dit que je refusais d'être aidé xD,je suis preneur pour ton aide
merci

shadow-san · Answer

ici mon rapport sd fix:

[b]SDFix: Version 1.166 [/b]

Run by Administrateur on 04/04/2008 at 21:54

Microsoft Windows XP [version 5.1.2600]
Running From: C:\PROGRA~1\ROCKST~1\SDFix

[b]Checking Services [/b]:


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing Security Center Service 

Rebooting


[b]Checking Files [/b]: 

Trojan Files Found:

C:\WINDOWS\fkdnrwsv.dll  - Deleted
C:\WINDOWS\iTunesMusic.exe  - Deleted
C:\WINDOWSs.txt  - Deleted





Removing Temp Files

[b]ADS Check [/b]:
 


                                 [b]Final Check [/b]:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-04 22:06:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:cf,0d,75,7d,28,2b,56,11,93,a0,30,1e,b7,b7,81,e6,57,38,ae,f1,4a,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,01,69,e8,cc,ee,a3,ff,80,a1,14,68,f4,5f,fd,f8,b5,47,..
"khjeh"=hex:f8,e5,a1,4a,00,85,6e,41,99,c8,7a,6c,a3,d2,cf,10,c5,86,e2,30,d1,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:93,94,a4,ec,8b,b1,58,d5,e1,8e,59,ec,3d,ce,95,15,8e,b5,55,f3,01,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:cf,0d,75,7d,28,2b,56,11,93,a0,30,1e,b7,b7,81,e6,57,38,ae,f1,4a,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,01,69,e8,cc,ee,a3,ff,80,a1,14,68,f4,5f,fd,f8,b5,47,..
"khjeh"=hex:f8,e5,a1,4a,00,85,6e,41,99,c8,7a,6c,a3,d2,cf,10,c5,86,e2,30,d1,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:93,94,a4,ec,8b,b1,58,d5,e1,8e,59,ec,3d,ce,95,15,8e,b5,55,f3,01,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG10.00.00.01WORKSTATION"="1D71EC5CCB6E7604CE9960DECD5C9AEC9886AAFAF8750F85523F90531854A6E4E8D54D76BD84F342FD95EEC7864005A849D404002CC27DB7534315B3E1A3F8737ED3756B89453F2FE2B25BD1AE57C8F56E4ACE6F5CE09592665D6870FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555A9C6AECB7A5D14075D575E7D6A3B9808EDA509E9E58566E69A3A54620E0583BC9AAC4B151CA0A675D3D1E544CF0A7B6560AD9396CB17455FDF88941B0BDE9D88960717582FDA012A5FDEB3F0169FA9A56B0FAC5740A440E654B1030D8E9751F27A5B5E78444620003408BB4566134223D31BF8D6DE7B870A73E8A3CC76AD3BC115DC9F93A035B09417241C070C269B75F1E855A616EEBF79C827AE5479A76F5EC98612AC5B7C502CDFCB2563A4A082D93254CFB9A858048A76A70F809C8DF0D70E941C2962F5922C77DE5C68224CB62D947D296AAD12DE35B1EBE493BC6B3CDFEA88DB54F601FEA15F7D7C8A4978EC752DC55A738EFC5297C238033289D2BFCA80A7A05C2DFC10B8AA8F72A035774C5B24550CF68CFB54718813F0E687575A14817AEE536E503447FE3EDE65D2A07128B7961EF73876CC2973C9E91D8D9265D9B2CD80B07765CF4219781879E3CC6C4EB4B9A25FF85998C688EB5EA74720A95C6D35414D57293945C770A8607E5CC0DF82B05F79091209F6E14E713CB42264832382D0E8748DBA0FEE1B4C800CB1E69618B3CFF67996E30B2C087AF22ABCC85853D185A4870714820534F5A54BB24BCC81BD21EBAADD6177287685CA4F18FC8896FD66881D90F8A615384A7FCC4B4D025F8DB7505462AF55ABB951239EE099E4152A30FC95288FA53FEA23217769405CE5A62A0101A4EDE1A135D1436AC7ADE50DB954D2A64F734F36D00D82047F6D22DD4F41BE1028327D05912F54D3813BA3D25676BA580B331642B54BFD0083903F22147CAE3475852DE63A43E2D3C7B85CCBEDEE4B87E3D191BD26D2534F71594425C28DD6F217651BEEDF20E0B6D50E72F0B14BFE65E9467C17754C27A5C7EC64696FDC25289DC112547686239B6C9CEAD195CBB475ADFBB4543A96FE8D8862F78771036A829C0004E5B6EFE3F5D0B37111D3E32E9244D13D894DC1C7E4BA45FBAC634FD90529F986031C07400F4C9AD1E368BC92E7C89A3F64CD144F5DE8160E97A3450D0663FB52A1672C3980A98A7E9495B36BF6D69D83229C084BFB2249F29E5699003067C642CC9CF034BB3B328E02615827941216789861C9519CF846932863371203DA10D91F831F7B0354B33A9F926F19E89E32B22C053B5C6A83697A31753E8950E301BC4CA8B13BEFCE25E0F137F1F7F02795E85B3772CDE85C03D8CA797E8DBFAF353318DBD707EC868F0312228B5C"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Game Vindicator\Game Vindicator\GameVindicator.exe"="C:\Program Files\Game Vindicator\Game Vindicator\GameVindicator.exe:*:Enabled:GameVindicator"
"C:\Program Files\Sega\OutRun2006 Coast 2 Coast\OR2006C2C.EXE"="C:\Program Files\Sega\OutRun2006 Coast 2 Coast\OR2006C2C.EXE:*:Enabled:OR2006C2C"
"C:\Program Files\SFO\SFO_fullscreen.exe"="C:\Program Files\SFO\SFO_fullscreen.exe:*:Enabled:SFO_fullscreen"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\adslTV\adsltv.exe"="C:\Program Files\adslTV\adsltv.exe:*:Enabled:adsltv"
"C:\Program Files\SFO\SFO_smallwindow.exe"="C:\Program Files\SFO\SFO_smallwindow.exe:*:Enabled:SFO_smallwindow"
"C:\Program Files\Microsoft Games\Halo 2\halo2.exe"="C:\Program Files\Microsoft Games\Halo 2\halo2.exe:*:Enabled:Halo 2"
"C:\Program Files\Street Fighter Online\SFO_fullscreen.exe"="C:\Program Files\Street Fighter Online\SFO_fullscreen.exe:*:Enabled:SFO_fullscreen"
"C:\Program Files\GGPO Client\ggpoClient.exe"="C:\Program Files\GGPO Client\ggpoClient.exe:*:Enabled:ggpoClient"
"C:\Documents and Settings\Administrateur.4CDEA9EC3B764F8\Bureau\Mame++117_Emuline_Pack\Mame++117_Emuline_Pack\neocpsmameppkgui.exe"="C:\Documents and Settings\Administrateur.4CDEA9EC3B764F8\Bureau\Mame++117_Emuline_Pack\Mame++117_Emuline_Pack\neocpsmameppkgui.exe:*:Enabled:Multiple Arcade Machine Emulator"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\SFO\SFO_vista.exe"="C:\Program Files\SFO\SFO_vista.exe:*:Enabled:SFO_vista"
"C:\Program Files\Bid For Power\quake3.exe"="C:\Program Files\Bid For Power\quake3.exe:*:Enabled:quake3"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"C:\kav\kis7.0\french\setup.exe"="C:\kav\kis7.0\french\setup.exe:*:Enabled:Programme d'installation de Kaspersky Internet Security 7.0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files [/b]:


File Backups: - C:\PROGRA~1\ROCKST~1\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Sun  2 Mar 2008            24 ..SH. --- "C:\WINDOWS\S9EE652AA.tmp"
Mon 28 Jan 2008     1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008     5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008     2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Thu 24 Jan 2008             0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 17 Oct 2005             0 A..H. --- "C:\Documents and Settings\Administrateur.4CDEA9EC3B764F8\Bureau\Mon archive 23-03-08\Grandmaster mugen\Grandmaster mugen\chars\yashiro ultraroxeadme\images\Sav2F9.tmp"

[b]Finished![/b]

merci encore

ludsfa · Answer

re ,
 bien on continu peux tu me poster un autre hijackthis s'il te plait.

shadow-san · Answer

ca à l'air de marcher aucune fenetres intempestives et le ple pc est +rapide,
mise à part que certains services marchent plus,je vais tenter de reinstaller avec le sp2
ici mon log hijacthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:06:51, on 05/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20733)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32
etdde.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\system32svp.exe
C:\WINDOWS\system32	lntsvr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrateur.4CDEA9EC3B764F8\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = https://support.microsoft.com/en-US/topic/internet-explorer-downloads-d49e1f0d-571c-9a7b-d97e-be248806ca70
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans	scuinst.vbs" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32	scupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans	scuinst.vbs" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans	scuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans	scuinst.vbs" (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Statistiques d?nti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: CachemanXP (CachemanXPService) - Outertech - C:\Program Files\CachemanXP\CachemanXP.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

ludsfa · Answer

re bonjour shadow-san

on continue



Désactive tes protections résidentes (antivirus, Spybot...) ! 



#  Télécharge Combofix (sUBs) sur ton Bureau. http://download.bleepingcomputer.com/sUBs/ComboFix.exe
# Double clique sur combofix.exe afin de le lancer.
# Tape sur la touche 1 (Yes) pour démarrer le scan.
# Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse

avec un autre hijackthis. on arrive au bout .

shadow-san · Answer

rebonjour , voici le rapport combofix:
ComboFix 08-04-04.1 - Administrateur 2008-04-05 17:26:34.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.378 [GMT 2:00]
Endroit: C:\Documents and Settings\Administrateur.4CDEA9EC3B764F8\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrateur.4CDEA9EC3B764F8\Bureaublackbird.jpg
C:\Documents and Settings\Administrateur.4CDEA9EC3B764F8\BureauEditorFKWP1.5.exe
C:\Documents and Settings\Administrateur.4CDEA9EC3B764F8\BureauEditorFKWP2.0.exe
C:\Documents and Settings\Administrateur.4CDEA9EC3B764F8\Bureaufilemanagerclient.exe
C:\Documents and Settings\Administrateur.4CDEA9EC3B764F8\Bureaufkwp1.5.exe
C:\Documents and Settings\Administrateur.4CDEA9EC3B764F8\Bureaufkwp2.0.exe
C:\Documents and Settings\Administrateur.4CDEA9EC3B764F8\Bureaufwebd.exe
C:\Documents and Settings\Administrateur.4CDEA9EC3B764F8\BureauFWebdEditor.exe
C:\Documents and Settings\Administrateur.4CDEA9EC3B764F8\BureauTrojan.Win32.BlackBird.exe
C:\Documents and Settings\Administrateur.4CDEA9EC3B764F8\Bureauvirii
C:\Program Files\PS TO USB CONVERTOR\CnsMin5.ico
C:\WINDOWS\a.bat
C:\WINDOWS\bdn.com
C:\WINDOWS\mssecu.exe
C:\WINDOWS\system32\eaeacbfeac8_g.dll
C:\WINDOWS\system32akttzn.exe
C:\WINDOWS\system32anticipator.dll
C:\WINDOWS\system32awtoolb.dll
C:\WINDOWS\system32bdn.com
C:\WINDOWS\system32bsva-egihsg52.exe
C:\WINDOWS\system32dpcproxy.exe
C:\WINDOWS\system32emesx.dll
C:\WINDOWS\system32h@tkeysh@@k.dll
C:\WINDOWS\system32hoproxy.dll
C:\WINDOWS\system32hxiwlgpm.dat
C:\WINDOWS\system32hxiwlgpm.exe
C:\WINDOWS\system32medup012.dll
C:\WINDOWS\system32medup020.dll
C:\WINDOWS\system32msgp.exe
C:\WINDOWS\system32msnbho.dll
C:\WINDOWS\system32mssecu.exe
C:\WINDOWS\system32msvchost.exe
C:\WINDOWS\system32mtr2.exe
C:\WINDOWS\system32mwin32.exe
C:\WINDOWS\system32netode.exe
C:\WINDOWS\system32newsd32.exe
C:\WINDOWS\system32ps1.exe
C:\WINDOWS\system32psof1.exe
C:\WINDOWS\system32psoft1.exe
C:\WINDOWS\system32regc64.dll
C:\WINDOWS\system32regm64.dll
C:\WINDOWS\system32Rundl1.exe
C:\WINDOWS\system32smp
C:\WINDOWS\system32smp\msrc.exe
C:\WINDOWS\system32sncntr.exe
C:\WINDOWS\system32ssurf022.dll
C:\WINDOWS\system32ssvchost.com
C:\WINDOWS\system32ssvchost.exe
C:\WINDOWS\system32sysreq.exe
C:\WINDOWS\system32taack.dat
C:\WINDOWS\system32taack.exe
C:\WINDOWS\system32temp#01.exe
C:\WINDOWS\system32thun.dll
C:\WINDOWS\system32thun32.dll
C:\WINDOWS\system32VBIEWER.OCX
C:\WINDOWS\system32vbsys2.dll
C:\WINDOWS\system32vcatchpi.dll
C:\WINDOWS\system32winlogonpc.exe
C:\WINDOWS\system32winsystem.exe
C:\WINDOWS\system32WINWGPX.EXE
C:\WINDOWS\Web\def.htm

.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-05 to 2008-04-05 ))))))))))))))))))))))))))))))))))))
.

2008-04-05 16:52 . 2004-08-19 17:09 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-04-05 16:42 . 2004-08-19 16:09 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
2008-04-05 16:31 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\[u]0[/u]00001_.tmp
2008-04-05 16:29 . 2008-04-05 16:43 <REP> d-------- C:\WINDOWS\EHome
2008-04-05 09:25 . 2008-04-05 09:25 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-04-05 07:26 . 2008-04-05 07:25 36,442,281 --a------ C:\WINDOWS\LPT$VPN.201
2008-04-05 07:25 . 2008-04-05 07:26 <REP> d-------- C:\WINDOWS\AU_Temp
2008-04-05 07:25 . 2008-04-05 07:25 36,442,281 --a------ C:\WINDOWS\VPTNFILE.201
2008-04-04 22:59 . 2008-04-04 22:59 <REP> d-------- C:\Program Files\RegSupreme
2008-04-04 22:59 . 2008-04-04 22:59 23 --a------ C:\WINDOWS\system32\fefdebc4_g.ocx
2008-04-04 21:50 . 2008-04-04 21:50 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-04 21:44 . 2008-04-04 21:44 <REP> d-------- C:\Program Files\Rockstar games
2008-04-04 17:04 . 2008-04-04 17:04 91,700 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-04-04 17:04 . 2008-04-04 17:04 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-04-04 17:03 . 2008-04-04 17:03 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-04-04 17:03 . 2008-04-05 17:15 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-04-04 17:03 . 2008-04-05 17:30 3,625,248 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-04 17:03 . 2008-04-05 17:30 89,120 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-04 17:03 . 2008-04-05 17:10 50,996 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-04 17:03 . 2008-04-05 17:10 9,044 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-04-04 16:58 . 2008-04-04 16:58 <REP> d-------- C:\kav
2008-04-04 16:04 . 2008-04-04 16:04 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2008-04-04 07:13 . 2008-04-04 07:13 <REP> d-------- C:\Program Files\Webroot
2008-04-04 07:13 . 2008-04-04 07:13 <REP> d-------- C:\Program Files\Fichiers communs\Webroot Shared
2008-04-04 07:13 . 2008-04-04 07:13 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Webroot
2008-04-04 07:13 . 2008-04-04 07:13 <REP> d-------- C:\Documents and Settings\Administrateur.4CDEA9EC3B764F8\Application Data\Webroot
2008-04-04 07:12 . 2007-11-26 14:50 196,424 --a------ C:\WINDOWS\Unwash6.exe
2008-04-03 19:38 . 2008-04-03 19:38 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-03 16:54 . 2008-04-03 16:56 <REP> d-------- C:\Documents and Settings\Administrateur.4CDEA9EC3B764F8\Application Data\PC-Cleaner
2008-04-03 16:21 . 2008-04-05 07:26 <REP> d-------- C:\WINDOWS\report
2008-04-03 16:21 . 2008-04-03 16:21 <REP> d-------- C:\WINDOWS\AU_Backup
2008-04-03 16:21 . 2008-04-03 16:21 1,948,082 --a------ C:\WINDOWS\tsc.ptn
2008-04-03 16:21 . 2008-04-05 07:26 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2008-04-03 16:21 . 2008-04-03 16:21 333,576 --a------ C:\WINDOWS\TSC.exe
2008-04-03 16:21 . 2008-04-05 07:25 86,094 --a------ C:\WINDOWS\BPMNT.dll
2008-04-03 16:21 . 2008-04-03 16:21 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2008-04-03 16:21 . 2008-04-05 07:26 823 --a------ C:\WINDOWS\tsc.ini
2008-04-03 16:20 . 2008-04-03 16:20 <REP> d-------- C:\WINDOWS\AU_Log
2008-04-03 16:20 . 2008-04-05 07:25 170 --a------ C:\WINDOWS\GetServer.ini
2008-04-03 16:19 . 2008-04-03 16:19 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2008-04-03 16:19 . 2008-04-03 16:19 286,720 --a------ C:\WINDOWS\PATCH.EXE
2008-04-03 16:19 . 2008-04-03 16:19 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2008-04-03 14:21 . 2008-04-04 21:32 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\sxubuzob
2008-04-02 18:14 . 2008-04-02 18:14 51,355 --a------ C:\WINDOWS\system32\muzika.xm
2008-04-01 21:12 . 2008-04-01 21:12 <REP> d-------- C:\Program Files\SystemRequirementsLab
2008-04-01 21:12 . 2008-04-01 21:12 <REP> d-------- C:\Documents and Settings\Administrateur.4CDEA9EC3B764F8\Application Data\SystemRequirementsLab
2008-03-30 19:16 . 2008-03-31 19:04 <REP> d-------- C:\Downloads
2008-03-30 19:12 . 2008-04-03 14:05 <REP> d-------- C:\Program Files\FlashGet
2008-03-30 16:38 . 2008-03-30 16:39 <REP> d-------- C:\Program Files\Far Cry
2008-03-30 16:20 . 2008-03-30 16:20 <REP> d-------- C:\Program Files\AZR
2008-03-30 08:32 . 2008-03-30 08:32 1,409 --a------ C:\WINDOWS\system32\tmpD7D16.FOT
2008-03-30 08:32 . 2008-03-30 08:32 1,409 --a------ C:\WINDOWS\system32\tmp39C16.FOT
2008-03-30 08:32 . 2008-03-30 08:32 1,409 --a------ C:\WINDOWS\system32\tmp2CC16.FOT
2008-03-30 08:32 . 2008-03-30 08:32 1,409 --a------ C:\WINDOWS\system32\tmp1FC16.FOT
2008-03-30 07:52 . 2008-03-30 07:52 0 --a------ C:\WINDOWS\exctrlst.INI
2008-03-30 07:48 . 2008-03-30 07:48 <REP> d-------- C:\Program Files\Resource Kit
2008-03-29 20:46 . 2008-03-29 20:46 1,409 --a------ C:\WINDOWS\system32\tmpB976A.FOT
2008-03-29 20:46 . 2008-03-29 20:46 1,409 --a------ C:\WINDOWS\system32\tmpAC76A.FOT
2008-03-29 20:46 . 2008-03-29 20:46 1,409 --a------ C:\WINDOWS\system32\tmp9F76A.FOT
2008-03-29 20:46 . 2008-03-29 20:46 1,409 --a------ C:\WINDOWS\system32\tmp5886A.FOT
2008-03-29 16:38 . 2008-03-29 19:46 <REP> d-------- C:\Program Files\Bid For Power
2008-03-25 21:31 . 2008-03-25 21:39 <REP> d-------- C:\Documents and Settings\Administrateur.4CDEA9EC3B764F8\Application Data\Hide IP NG
2008-03-25 08:12 . 2008-04-05 17:11 103,437 --a------ C:\WINDOWS\system32\oodbs.lor
2008-03-24 23:04 . 2008-03-24 23:04 <REP> d-------- C:\WINDOWS\system32\Futuremark
2008-03-24 23:04 . 2008-03-24 23:04 <REP> d-------- C:\Program Files\Fichiers communs\Futuremark Shared
2008-03-24 23:04 . 2007-10-11 12:55 27,672 -ra------ C:\WINDOWS\system32\drivers\Entech.sys
2008-03-24 19:43 . 2008-04-05 11:05 <REP> d-------- C:\WINDOWS\system32\oodag
2008-03-24 19:42 . 2008-03-24 19:42 0 --a------ C:\WINDOWS\oodcnt.INI
2008-03-24 19:38 . 2008-03-24 19:38 <REP> d-------- C:\Program Files\OO Software
2008-03-24 18:08 . 2008-03-24 18:08 1,409 --a------ C:\WINDOWS\system32\tmpFE5E8.FOT
2008-03-24 18:08 . 2008-03-24 18:08 1,409 --a------ C:\WINDOWS\system32\tmp5F4E8.FOT
2008-03-24 18:08 . 2008-03-24 18:08 1,409 --a------ C:\WINDOWS\system32\tmp335E8.FOT
2008-03-24 18:08 . 2008-03-24 18:08 1,409 --a------ C:\WINDOWS\system32\tmp265E8.FOT
2008-03-24 17:55 . 2008-04-05 11:24 <REP> d-------- C:\WINDOWS\system32\Macromed
2008-03-24 17:38 . 1996-03-21 12:58 111,616 --------- C:\WINDOWS\system32\DINO2D.DLL
2008-03-24 17:38 . 1996-03-21 12:45 98,304 --------- C:\WINDOWS\system32\DMIX.DLL
2008-03-24 17:38 . 1996-10-31 03:00 32,768 --------- C:\WINDOWS\SCUNINST.EXE
2008-03-24 17:38 . 1996-10-31 03:00 30,720 --------- C:\WINDOWS\SCUSSMPL.DLL
2008-03-24 17:38 . 1996-10-31 03:00 22,528 --------- C:\WINDOWS\MsgV2US.DLL
2008-03-24 16:26 . 2008-03-24 16:26 <REP> d-------- C:\WINDOWS\$regcmp$
2008-03-24 15:44 . 2008-03-24 15:54 <REP> d-------- C:\Program Files\Microsoft Bootvis
2008-03-24 09:07 . 2008-03-24 09:07 1,409 --a------ C:\WINDOWS\system32\tmpF35A0.FOT
2008-03-24 09:07 . 2008-03-24 09:07 1,409 --a------ C:\WINDOWS\system32\tmp544A0.FOT
2008-03-24 09:07 . 2008-03-24 09:07 1,409 --a------ C:\WINDOWS\system32\tmp384A0.FOT
2008-03-24 09:07 . 2008-03-24 09:07 1,409 --a------ C:\WINDOWS\system32\tmp2B4A0.FOT
2008-03-24 08:53 . 2008-04-03 18:13 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-03-24 00:27 . 2008-03-24 00:27 <REP> d-------- C:\Program Files\gs
2008-03-24 00:25 . 2008-03-24 00:36 <REP> d-------- C:\Program Files\GameEx
2008-03-23 23:20 . 2008-03-23 23:20 6,688 --a------ C:\WINDOWS\movexe.exe
2008-03-23 23:19 . 2008-03-23 23:20 <REP> d-------- C:\Program Files\Tamagotchi Simulator
2008-03-23 23:12 . 1994-12-06 01:00 12,800 --a------ C:\WINDOWS\system\WING32.DLL
2008-03-23 19:12 . 2008-03-23 19:12 1,409 --a------ C:\WINDOWS\system32\tmpB9185.FOT
2008-03-23 19:12 . 2008-03-23 19:12 1,409 --a------ C:\WINDOWS\system32\tmpAB185.FOT
2008-03-23 19:12 . 2008-03-23 19:12 1,409 --a------ C:\WINDOWS\system32\tmp9E185.FOT
2008-03-23 19:12 . 2008-03-23 19:12 1,409 --a------ C:\WINDOWS\system32\tmp67285.FOT
2008-03-23 17:06 . 2008-03-23 17:06 1,409 --a------ C:\WINDOWS\system32\tmpBB73A.FOT
2008-03-23 17:06 . 2008-03-23 17:06 1,409 --a------ C:\WINDOWS\system32\tmp8383A.FOT
2008-03-23 17:06 . 2008-03-23 17:06 1,409 --a------ C:\WINDOWS\system32\tmp6883A.FOT
2008-03-23 17:06 . 2008-03-23 17:06 1,409 --a------ C:\WINDOWS\system32\tmp0793A.FOT
2008-03-22 22:39 . 2008-03-22 23:17 349 --a------ C:\WINDOWS\n02.ini

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-05 15:30 --------- d-----w C:\Program Files\PS TO USB CONVERTOR
2008-04-04 14:59 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-04-03 17:39 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-04-03 17:35 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-03-31 16:58 --------- d-----w C:\Documents and Settings\Administrateur.4CDEA9EC3B764F8\Application Data\Azureus
2008-03-30 09:19 --------- d-----w C:\Program Files\inKline Global
2008-03-25 17:49 --------- d-----w C:\Documents and Settings\Administrateur.4CDEA9EC3B764F8\Application Data\OpenOffice.org2
2008-03-24 21:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-24 14:16 19,728 -c--a-w C:\WINDOWS\system32\pgdfgsvc.exe
2008-03-21 18:00 24,976 -c--a-w C:\WINDOWS\twain_16.dll
2008-03-19 15:19 --------- d-----w C:\Program Files\Google
2008-03-18 17:23 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-03-17 07:02 --------- d---a-w C:\Program Files\Fichiers communs\InstallShield
2008-03-16 16:14 --------- d-----w C:\Program Files\Sega
2008-03-15 19:16 --------- d-----w C:\Program Files\Java
2008-03-09 14:58 --------- d-----w C:\Program Files\Azureus
2008-03-07 22:14 --------- d-----w C:\Program Files\ma-config.com
2008-03-02 16:05 --------- d-----w C:\Program Files\adslTV
2008-03-02 14:20 --------- d-----w C:\Program Files\StepMania
2008-03-02 12:27 --------- d-----w C:\Program Files\SlySoft
2008-02-29 22:52 --------- d-----w C:\Documents and Settings\Administrateur.4CDEA9EC3B764F8\Application Data\CCleanup
2008-02-29 22:48 --------- d-----w C:\Program Files\Complete Cleanup Trial
2008-02-29 21:31 4,096 ----a-w C:\WINDOWS\system32\drivers\nocashio.sys
2008-02-29 20:47 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-29 16:09 --------- d-----w C:\Program Files\Foxit Software
2008-02-29 15:58 --------- d-----w C:\Program Files\Investintech.com Inc
2008-02-29 14:44 --------- d-----w C:\Program Files\HP
2008-02-29 14:40 --------- d-----w C:\Program Files\Fichiers communs\HP
2008-02-29 14:37 --------- d---a-w C:\Program Files\Hewlett-Packard
2008-02-29 14:37 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Hewlett-Packard
2008-02-29 12:55 --------- d-----w C:\Program Files\SFO Xpress
2008-02-29 08:51 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-02-28 12:24 --------- d-----w C:\Program Files\CCleaner
2008-02-28 09:45 230,152 ----a-w C:\WINDOWS\system32\PDBoot.exe
2008-02-27 14:37 --------- d-----w C:\Program Files\Occtpt
2008-02-27 14:18 --------- d-----w C:\Program Files\DivX
2008-02-27 10:53 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Games
2008-02-27 10:20 --------- d-----w C:\Documents and Settings\Administrateur.4CDEA9EC3B764F8\Application Data\Microsoft Game Studios
2008-02-27 10:07 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-02-26 05:51 2,863,616 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-02-26 03:12 372,736 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-02-26 03:10 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-02-26 03:10 299,520 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-02-26 03:02 172,032 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-02-26 03:02 126,976 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-02-26 03:01 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-02-26 03:01 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-02-26 03:01 126,976 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-02-26 03:00 520,192 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-02-26 02:59 9,797,632 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-02-26 02:58 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-02-26 02:49 3,176,480 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-02-26 02:41 1,755,264 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-02-26 02:29 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-02-26 02:25 393,216 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-02-26 02:23 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-02-26 02:22 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-02-26 02:21 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-02-26 02:19 167,936 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-02-26 02:16 520,192 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-02-25 20:38 4,484 ----a-w C:\WINDOWS\system32\drivers\cpuidlep.sys
2008-02-25 20:38 --------- d-----w C:\Program Files\CpuIdle
2008-02-25 19:02 2,031 ----a-w C:\Program Files\uninstal.log
2008-02-25 07:09 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-02-25 07:09 --------- d-----r C:\Documents and Settings\Administrateur.4CDEA9EC3B764F8\Application Data\SecuROM
2008-02-24 11:04 --------- d-----w C:\Documents and Settings\Administrateur.4CDEA9EC3B764F8\Application Data\TuneUp Software
2008-02-24 11:03 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-24 11:03 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\TuneUp Software
2008-02-22 14:22 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Trymedia
2008-02-22 13:34 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\InstallShield
2008-02-21 18:27 --------- d-----w C:\Program Files\Neuf
2008-02-21 16:40 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-02-21 16:40 --------- d-----w C:\Documents and Settings\Administrateur.4CDEA9EC3B764F8\Application Data\DAEMON Tools
2008-02-21 09:22 --------- d-----w C:\Program Files\CAPCOM
2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-02-20 12:20 --------- d-----w C:\Program Files\Ad-Aware
2008-02-20 12:17 --------- d-----w C:\Documents and Settings\Administrateur.4CDEA9EC3B764F8\Application Data\Lavasoft
2008-02-20 11:50 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Prevx
2008-02-20 11:41 164 ----a-w C:\install.dat
2008-02-20 11:28 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\MSN6
2008-02-20 11:28 --------- d-----w C:\Documents and Settings\Administrateur.4CDEA9EC3B764F8\Application Data\MSN6
2008-02-20 09:14 --------- d-----w C:\Documents and Settings\Administrateur.4CDEA9EC3B764F8\Application Data\AlertPing
2008-02-19 19:50 --------- d-----w C:\Program Files\WebAnim Gif
2008-02-19 17:37 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\SEGA
2008-02-19 14:28 --------- d-----w C:\Documents and Settings\Administrateur.4CDEA9EC3B764F8\Application Data\vlc
2008-02-19 13:46 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-02-19 10:41 --------- d-----w C:\Documents and Settings\Administrateur.4CDEA9EC3B764F8\Application Data\Nero
2008-02-19 05:43 --------- d-----w C:\Documents and Settings\Administrateur.4CDEA9EC3B764F8\Application Data\Media Player Classic
2008-02-18 20:54 --------- d-----w C:\Program Files\Windows Live
2008-02-18 20:48 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2008-02-18 20:39 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Office Genuine Advantage
2008-02-18 20:31 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Azureus
2008-02-18 20:07 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\ESTsoft
2008-02-18 20:07 --------- d-----w C:\Documents and Settings\Administrateur.4CDEA9EC3B764F8\Application Data\ESTsoft
2008-02-17 20:13 --------- d-----w C:\Program Files\Edelweiss
2008-02-16 07:03 --------- d-----w C:\Program Files\iSpeed
2008-02-11 17:30 --------- d-----w C:\Program Files\Romcenter
2008-02-09 05:36 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-02-08 16:37 219,664 ----a-w C:\WINDOWS\system32\klogon.dll
.

------- Sigcheck -------

2004-08-19 16:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2007-12-18 04:04 507904 fb66744d525ea5df9a719f1db9b2dff4 C:\WINDOWS\system32\winlogon.exe

2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\ServicePackFiles\i386\ndis.sys
2007-12-18 04:04 182656 bc84c4f67d0e880b0c46dc0ce2b8cbaa C:\WINDOWS\system32\drivers\ndis.sys

2004-08-19 16:04 2058880 f252fae094c54572ece38a039f2103c4 C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
2007-12-18 04:04 2479872 37cf5612cd0b972a6a9e5a1ec4219e47 C:\WINDOWS\system32\ntkrnlpa.exe

2004-08-19 16:04 2183040 7d38ce4398e6aa6339b4644feadcc0d8 C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
2007-12-18 04:04 2347392 c23532a465a0b2ea4fc35b494bff5524 C:\WINDOWS\system32\ntoskrnl.exe

2007-12-18 04:04 1789952 addc47dfd517f2143d71e9310e414b50 C:\WINDOWS\explorer.exe
2004-08-19 16:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 17:44 61440]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 13:17 61440]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 18:36 227856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="cmd.exe" [2004-08-19 16:09 400896 C:\WINDOWS\system32\cmd.exe]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2007-12-18 04:04 44544]
"nltide3"="cmd.exe" [2004-08-19 16:09 400896 C:\WINDOWS\system32\cmd.exe]
"nltide_2"="regsvr32 /s /n /i:U shell32" []
"nltide_3"="advpack.dll" [2007-12-07 03:42 124928 C:\WINDOWS\system32\advpack.dll]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)
"NoDesktopCleanupWizard"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 1 (0x1)
"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3acm"= ac3acm.acm
"msacm.lameacm"= lameACM.acm
"vidc.LEAD"= LCODCCMP.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^Administrateur.4CDEA9EC3B764F8^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.3.lnk]
path=C:\Documents and Settings\Administrateur.4CDEA9EC3B764F8\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.3.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^D?arrage rapide du logiciel HP Image Zone.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\D?arrage rapide du logiciel HP Image Zone.lnk
backup=C:\WINDOWS\pss\D?arrage rapide du logiciel HP Image Zone.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2006-09-28 21:21 57344 C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2004-05-12 16:18 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-02-12 14:38 49152 c:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Modem Booster]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
--a------ 2007-06-29 00:01 2512128 C:\WINDOWS\system32\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Booster]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a--c--- 2007-01-10 22:59 1235456 C:\Program Files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a--c--- 2007-04-16 16:28 577536 C:\WINDOWS\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Styler]
--a--c--- 2006-05-03 12:48 307200 C:\Program Files\styler\Styler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\taivqioq]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TopDesk]
--a--c--- 2007-12-18 04:04 201216 C:\WINDOWS\system32\topdesk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tracks Eraser Pro]
--a------ 2004-05-02 16:02 240640 C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UberIcon]
--a--c--- 2006-07-18 00:16 122880 C:\Program Files\UberIcon\UberIcon Manager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vfilnqbr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vistadrv]
--a--c--- 2006-07-30 04:37 121089 C:\WINDOWS\system32\Vistadrive\vsdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTaskTips]
--a------ 2007-12-18 04:04 36864 C:\Windows\System32\VisualTaskTips.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
--a------ 2007-11-26 14:50 1222984 C:\Program Files\Webroot\Washer\wwDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-11-03 20:20 866584 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Game Vindicator\\Game Vindicator\\GameVindicator.exe"=
"C:\\Program Files\\Sega\\OutRun2006 Coast 2 Coast\\OR2006C2C.EXE"=
"C:\\Program Files\\SFO\\SFO_fullscreen.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\adslTV\\adsltv.exe"=
"C:\\Program Files\\SFO\\SFO_smallwindow.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\SFO\\SFO_vista.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\kav\\kis7.0\\french\\setup.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 Si3112;Si3112;C:\WINDOWS\system32\drivers\Si3112.sys [2007-12-18 04:04]
R0 Si3124;Si3124;C:\WINDOWS\system32\drivers\Si3124.sys [2007-12-18 04:04]
R0 Si3132r5;Si3132r5;C:\WINDOWS\system32\drivers\Si3132r5.sys [2007-12-18 04:04]
R0 Si3531;Si3531;C:\WINDOWS\system32\drivers\Si3531.sys [2007-12-18 04:04]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-09-21 18:49]
R1 cpuidlep;CpuIdle Pro System Driver;C:\WINDOWS\system32\drivers\cpuidlep.sys [2008-02-25 22:38]
R2 PD91Agent;PD91Agent;"C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe" [2008-02-28 11:44]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-19 16:10]
R2 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-11-26 14:50]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
R3 scrcap;scrcap;C:\WINDOWS\system32\DRIVERS\scrcap.sys [2006-12-27 16:47]
S3 CachemanXPService;CachemanXP;C:\Program Files\CachemanXP\CachemanXP.exe [2008-01-27 08:22]
S3 GPU-Z;GPU-Z;C:\DOCUME~1\ADMINI~1.4CD\LOCALS~1\Temp\GPU-Z.sys []
S3 PD91Engine;PD91Engine;"C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe" [2008-02-29 15:08]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-03-18 19:22]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-12-29 02:58]
S3 viafilter;VIA USB Filter;C:\WINDOWS\system32\Drivers\viausb1.sys [2001-09-19 14:28]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-05 15:11:54 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
"2008-04-05 15:14:55 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-05 17:30:34
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-05 17:31:45
ComboFix-quarantined-files.txt 2008-04-05 15:31:28
Pre-Run: 7,009,759,232 octets libres
Post-Run: 6,993,186,816 octets libres
.
2008-02-29 06:25:46 --- E O F ---

et voici le rapport hijackthis

shadow-san · Answer

rebonjour, voici le rapport combofix:

ComboFix 08-04-04.1 - Administrateur 2008-04-05 17:26:34.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.378 [GMT 2:00]
Endroit: C:\Documents and Settings\Administrateur.4CDEA9EC3B764F8\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrateur.4CDEA9EC3B764F8\Bureaublackbird.jpg
C:\Documents and Settings\Administrateur.4CDEA9EC3B764F8\BureauEditorFKWP1.5.exe
C:\Documents and Settings\Administrateur.4CDEA9EC3B764F8\BureauEditorFKWP2.0.exe
C:\Documents and Settings\Administrateur.4CDEA9EC3B764F8\Bureaufilemanagerclient.exe
C:\Documents and Settings\Administrateur.4CDEA9EC3B764F8\Bureaufkwp1.5.exe
C:\Documents and Settings\Administrateur.4CDEA9EC3B764F8\Bureaufkwp2.0.exe
C:\Documents and Settings\Administrateur.4CDEA9EC3B764F8\Bureaufwebd.exe
C:\Documents and Settings\Administrateur.4CDEA9EC3B764F8\BureauFWebdEditor.exe
C:\Documents and Settings\Administrateur.4CDEA9EC3B764F8\BureauTrojan.Win32.BlackBird.exe
C:\Documents and Settings\Administrateur.4CDEA9EC3B764F8\Bureauvirii
C:\Program Files\PS TO USB CONVERTOR\CnsMin5.ico
C:\WINDOWS\a.bat
C:\WINDOWS\bdn.com
C:\WINDOWS\mssecu.exe
C:\WINDOWS\system32\eaeacbfeac8_g.dll
C:\WINDOWS\system32akttzn.exe
C:\WINDOWS\system32anticipator.dll
C:\WINDOWS\system32awtoolb.dll
C:\WINDOWS\system32bdn.com
C:\WINDOWS\system32bsva-egihsg52.exe
C:\WINDOWS\system32dpcproxy.exe
C:\WINDOWS\system32emesx.dll
C:\WINDOWS\system32h@tkeysh@@k.dll
C:\WINDOWS\system32hoproxy.dll
C:\WINDOWS\system32hxiwlgpm.dat
C:\WINDOWS\system32hxiwlgpm.exe
C:\WINDOWS\system32medup012.dll
C:\WINDOWS\system32medup020.dll
C:\WINDOWS\system32msgp.exe
C:\WINDOWS\system32msnbho.dll
C:\WINDOWS\system32mssecu.exe
C:\WINDOWS\system32msvchost.exe
C:\WINDOWS\system32mtr2.exe
C:\WINDOWS\system32mwin32.exe
C:\WINDOWS\system32netode.exe
C:\WINDOWS\system32newsd32.exe
C:\WINDOWS\system32ps1.exe
C:\WINDOWS\system32psof1.exe
C:\WINDOWS\system32psoft1.exe
C:\WINDOWS\system32regc64.dll
C:\WINDOWS\system32regm64.dll
C:\WINDOWS\system32Rundl1.exe
C:\WINDOWS\system32smp
C:\WINDOWS\system32smp\msrc.exe
C:\WINDOWS\system32sncntr.exe
C:\WINDOWS\system32ssurf022.dll
C:\WINDOWS\system32ssvchost.com
C:\WINDOWS\system32ssvchost.exe
C:\WINDOWS\system32sysreq.exe
C:\WINDOWS\system32taack.dat
C:\WINDOWS\system32taack.exe
C:\WINDOWS\system32temp#01.exe
C:\WINDOWS\system32thun.dll
C:\WINDOWS\system32thun32.dll
C:\WINDOWS\system32VBIEWER.OCX
C:\WINDOWS\system32vbsys2.dll
C:\WINDOWS\system32vcatchpi.dll
C:\WINDOWS\system32winlogonpc.exe
C:\WINDOWS\system32winsystem.exe
C:\WINDOWS\system32WINWGPX.EXE
C:\WINDOWS\Web\def.htm

.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-05 to 2008-04-05 ))))))))))))))))))))))))))))))))))))
.

2008-04-05 16:52 . 2004-08-19 17:09 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-04-05 16:42 . 2004-08-19 16:09 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
2008-04-05 16:31 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\[u]0[/u]00001_.tmp
2008-04-05 16:29 . 2008-04-05 16:43 <REP> d-------- C:\WINDOWS\EHome
2008-04-05 09:25 . 2008-04-05 09:25 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-04-05 07:26 . 2008-04-05 07:25 36,442,281 --a------ C:\WINDOWS\LPT$VPN.201
2008-04-05 07:25 . 2008-04-05 07:26 <REP> d-------- C:\WINDOWS\AU_Temp
2008-04-05 07:25 . 2008-04-05 07:25 36,442,281 --a------ C:\WINDOWS\VPTNFILE.201
2008-04-04 22:59 . 2008-04-04 22:59 <REP> d-------- C:\Program Files\RegSupreme
2008-04-04 22:59 . 2008-04-04 22:59 23 --a------ C:\WINDOWS\system32\fefdebc4_g.ocx
2008-04-04 21:50 . 2008-04-04 21:50 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-04 21:44 . 2008-04-04 21:44 <REP> d-------- C:\Program Files\Rockstar games
2008-04-04 17:04 . 2008-04-04 17:04 91,700 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-04-04 17:04 . 2008-04-04 17:04 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-04-04 17:03 . 2008-04-04 17:03 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-04-04 17:03 . 2008-04-05 17:15 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-04-04 17:03 . 2008-04-05 17:30 3,625,248 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-04 17:03 . 2008-04-05 17:30 89,120 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-04 17:03 . 2008-04-05 17:10 50,996 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-04 17:03 . 2008-04-05 17:10 9,044 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-04-04 16:58 . 2008-04-04 16:58 <REP> d-------- C:\kav
2008-04-04 16:04 . 2008-04-04 16:04 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2008-04-04 07:13 . 2008-04-04 07:13 <REP> d-------- C:\Program Files\Webroot
2008-04-04 07:13 . 2008-04-04 07:13 <REP> d-------- C:\Program Files\Fichiers communs\Webroot Shared
2008-04-04 07:13 . 2008-04-04 07:13 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Webroot
2008-04-04 07:13 . 2008-04-04 07:13 <REP> d-------- C:\Documents and Settings\Administrateur.4CDEA9EC3B764F8\Application Data\Webroot
2008-04-04 07:12 . 2007-11-26 14:50 196,424 --a------ C:\WINDOWS\Unwash6.exe
2008-04-03 19:38 . 2008-04-03 19:38 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-03 16:54 . 2008-04-03 16:56 <REP> d-------- C:\Documents and Settings\Administrateur.4CDEA9EC3B764F8\Application Data\PC-Cleaner
2008-04-03 16:21 . 2008-04-05 07:26 <REP> d-------- C:\WINDOWS\report
2008-04-03 16:21 . 2008-04-03 16:21 <REP> d-------- C:\WINDOWS\AU_Backup
2008-04-03 16:21 . 2008-04-03 16:21 1,948,082 --a------ C:\WINDOWS\tsc.ptn
2008-04-03 16:21 . 2008-04-05 07:26 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2008-04-03 16:21 . 2008-04-03 16:21 333,576 --a------ C:\WINDOWS\TSC.exe
2008-04-03 16:21 . 2008-04-05 07:25 86,094 --a------ C:\WINDOWS\BPMNT.dll
2008-04-03 16:21 . 2008-04-03 16:21 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2008-04-03 16:21 . 2008-04-05 07:26 823 --a------ C:\WINDOWS\tsc.ini
2008-04-03 16:20 . 2008-04-03 16:20 <REP> d-------- C:\WINDOWS\AU_Log
2008-04-03 16:20 . 2008-04-05 07:25 170 --a------ C:\WINDOWS\GetServer.ini
2008-04-03 16:19 . 2008-04-03 16:19 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2008-04-03 16:19 . 2008-04-03 16:19 286,720 --a------ C:\WINDOWS\PATCH.EXE
2008-04-03 16:19 . 2008-04-03 16:19 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2008-04-03 14:21 . 2008-04-04 21:32 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\sxubuzob
2008-04-02 18:14 . 2008-04-02 18:14 51,355 --a------ C:\WINDOWS\system32\muzika.xm
2008-04-01 21:12 . 2008-04-01 21:12 <REP> d-------- C:\Program Files\SystemRequirementsLab
2008-04-01 21:12 . 2008-04-01 21:12 <REP> d-------- C:\Documents and Settings\Administrateur.4CDEA9EC3B764F8\Application Data\SystemRequirementsLab
2008-03-30 19:16 . 2008-03-31 19:04 <REP> d-------- C:\Downloads
2008-03-30 19:12 . 2008-04-03 14:05 <REP> d-------- C:\Program Files\FlashGet
2008-03-30 16:38 . 2008-03-30 16:39 <REP> d-------- C:\Program Files\Far Cry
2008-03-30 16:20 . 2008-03-30 16:20 <REP> d-------- C:\Program Files\AZR
2008-03-30 08:32 . 2008-03-30 08:32 1,409 --a------ C:\WINDOWS\system32\tmpD7D16.FOT
2008-03-30 08:32 . 2008-03-30 08:32 1,409 --a------ C:\WINDOWS\system32\tmp39C16.FOT
2008-03-30 08:32 . 2008-03-30 08:32 1,409 --a------ C:\WINDOWS\system32\tmp2CC16.FOT
2008-03-30 08:32 . 2008-03-30 08:32 1,409 --a------ C:\WINDOWS\system32\tmp1FC16.FOT
2008-03-30 07:52 . 2008-03-30 07:52 0 --a------ C:\WINDOWS\exctrlst.INI
2008-03-30 07:48 . 2008-03-30 07:48 <REP> d-------- C:\Program Files\Resource Kit
2008-03-29 20:46 . 2008-03-29 20:46 1,409 --a------ C:\WINDOWS\system32\tmpB976A.FOT
2008-03-29 20:46 . 2008-03-29 20:46 1,409 --a------ C:\WINDOWS\system32\tmpAC76A.FOT
2008-03-29 20:46 . 2008-03-29 20:46 1,409 --a------ C:\WINDOWS\system32\tmp9F76A.FOT
2008-03-29 20:46 . 2008-03-29 20:46 1,409 --a------ C:\WINDOWS\system32\tmp5886A.FOT
2008-03-29 16:38 . 2008-03-29 19:46 <REP> d-------- C:\Program Files\Bid For Power
2008-03-25 21:31 . 2008-03-25 21:39 <REP> d-------- C:\Documents and Settings\Administrateur.4CDEA9EC3B764F8\Application Data\Hide IP NG
2008-03-25 08:12 . 2008-04-05 17:11 103,437 --a------ C:\WINDOWS\system32\oodbs.lor
2008-03-24 23:04 . 2008-03-24 23:04 <REP> d-------- C:\WINDOWS\system32\Futuremark
2008-03-24 23:04 . 2008-03-24 23:04 <REP> d-------- C:\Program Files\Fichiers communs\Futuremark Shared
2008-03-24 23:04 . 2007-10-11 12:55 27,672 -ra------ C:\WINDOWS\system32\drivers\Entech.sys
2008-03-24 19:43 . 2008-04-05 11:05 <REP> d-------- C:\WINDOWS\system32\oodag
2008-03-24 19:42 . 2008-03-24 19:42 0 --a------ C:\WINDOWS\oodcnt.INI
2008-03-24 19:38 . 2008-03-24 19:38 <REP> d-------- C:\Program Files\OO Software
2008-03-24 18:08 . 2008-03-24 18:08 1,409 --a------ C:\WINDOWS\system32\tmpFE5E8.FOT
2008-03-24 18:08 . 2008-03-24 18:08 1,409 --a------ C:\WINDOWS\system32\tmp5F4E8.FOT
2008-03-24 18:08 . 2008-03-24 18:08 1,409 --a------ C:\WINDOWS\system32\tmp335E8.FOT
2008-03-24 18:08 . 2008-03-24 18:08 1,409 --a------ C:\WINDOWS\system32\tmp265E8.FOT
2008-03-24 17:55 . 2008-04-05 11:24 <REP> d-------- C:\WINDOWS\system32\Macromed
2008-03-24 17:38 . 1996-03-21 12:58 111,616 --------- C:\WINDOWS\system32\DINO2D.DLL
2008-03-24 17:38 . 1996-03-21 12:45 98,304 --------- C:\WINDOWS\system32\DMIX.DLL
2008-03-24 17:38 . 1996-10-31 03:00 32,768 --------- C:\WINDOWS\SCUNINST.EXE
2008-03-24 17:38 . 1996-10-31 03:00 30,720 --------- C:\WINDOWS\SCUSSMPL.DLL
2008-03-24 17:38 . 1996-10-31 03:00 22,528 --------- C:\WINDOWS\MsgV2US.DLL
2008-03-24 16:26 . 2008-03-24 16:26 <REP> d-------- C:\WINDOWS\$regcmp$
2008-03-24 15:44 . 2008-03-24 15:54 <REP> d-------- C:\Program Files\Microsoft Bootvis
2008-03-24 09:07 . 2008-03-24 09:07 1,409 --a------ C:\WINDOWS\system32\tmpF35A0.FOT
2008-03-24 09:07 . 2008-03-24 09:07 1,409 --a------ C:\WINDOWS\system32\tmp544A0.FOT
2008-03-24 09:07 . 2008-03-24 09:07 1,409 --a------ C:\WINDOWS\system32\tmp384A0.FOT
2008-03-24 09:07 . 2008-03-24 09:07 1,409 --a------ C:\WINDOWS\system32\tmp2B4A0.FOT
2008-03-24 08:53 . 2008-04-03 18:13 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-03-24 00:27 . 2008-03-24 00:27 <REP> d-------- C:\Program Files\gs
2008-03-24 00:25 . 2008-03-24 00:36 <REP> d-------- C:\Program Files\GameEx
2008-03-23 23:20 . 2008-03-23 23:20 6,688 --a------ C:\WINDOWS\movexe.exe
2008-03-23 23:19 . 2008-03-23 23:20 <REP> d-------- C:\Program Files\Tamagotchi Simulator
2008-03-23 23:12 . 1994-12-06 01:00 12,800 --a------ C:\WINDOWS\system\WING32.DLL
2008-03-23 19:12 . 2008-03-23 19:12 1,409 --a------ C:\WINDOWS\system32\tmpB9185.FOT
2008-03-23 19:12 . 2008-03-23 19:12 1,409 --a------ C:\WINDOWS\system32\tmpAB185.FOT
2008-03-23 19:12 . 2008-03-23 19:12 1,409 --a------ C:\WINDOWS\system32\tmp9E185.FOT
2008-03-23 19:12 . 2008-03-23 19:12 1,409 --a------ C:\WINDOWS\system32\tmp67285.FOT
2008-03-23 17:06 . 2008-03-23 17:06 1,409 --a------ C:\WINDOWS\system32\tmpBB73A.FOT
2008-03-23 17:06 . 2008-03-23 17:06 1,409 --a------ C:\WINDOWS\system32\tmp8383A.FOT
2008-03-23 17:06 . 2008-03-23 17:06 1,409 --a------ C:\WINDOWS\system32\tmp6883A.FOT
2008-03-23 17:06 . 2008-03-23 17:06 1,409 --a------ C:\WINDOWS\system32\tmp0793A.FOT
2008-03-22 22:39 . 2008-03-22 23:17 349 --a------ C:\WINDOWS\n02.ini

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-05 15:30 --------- d-----w C:\Program Files\PS TO USB CONVERTOR
2008-04-04 14:59 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-04-03 17:39 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-04-03 17:35 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-03-31 16:58 --------- d-----w C:\Documents and Settings\Administrateur.4CDEA9EC3B764F8\Application Data\Azureus
2008-03-30 09:19 --------- d-----w C:\Program Files\inKline Global
2008-03-25 17:49 --------- d-----w C:\Documents and Settings\Administrateur.4CDEA9EC3B764F8\Application Data\OpenOffice.org2
2008-03-24 21:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-24 14:16 19,728 -c--a-w C:\WINDOWS\system32\pgdfgsvc.exe
2008-03-21 18:00 24,976 -c--a-w C:\WINDOWS\twain_16.dll
2008-03-19 15:19 --------- d-----w C:\Program Files\Google
2008-03-18 17:23 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-03-17 07:02 --------- d---a-w C:\Program Files\Fichiers communs\InstallShield
2008-03-16 16:14 --------- d-----w C:\Program Files\Sega
2008-03-15 19:16 --------- d-----w C:\Program Files\Java
2008-03-09 14:58 --------- d-----w C:\Program Files\Azureus
2008-03-07 22:14 --------- d-----w C:\Program Files\ma-config.com
2008-03-02 16:05 --------- d-----w C:\Program Files\adslTV
2008-03-02 14:20 --------- d-----w C:\Program Files\StepMania
2008-03-02 12:27 --------- d-----w C:\Program Files\SlySoft
2008-02-29 22:52 --------- d-----w C:\Documents and Settings\Administrateur.4CDEA9EC3B764F8\Application Data\CCleanup
2008-02-29 22:48 --------- d-----w C:\Program Files\Complete Cleanup Trial
2008-02-29 21:31 4,096 ----a-w C:\WINDOWS\system32\drivers\nocashio.sys
2008-02-29 20:47 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-29 16:09 --------- d-----w C:\Program Files\Foxit Software
2008-02-29 15:58 --------- d-----w C:\Program Files\Investintech.com Inc
2008-02-29 14:44 --------- d-----w C:\Program Files\HP
2008-02-29 14:40 --------- d-----w C:\Program Files\Fichiers communs\HP
2008-02-29 14:37 --------- d---a-w C:\Program Files\Hewlett-Packard
2008-02-29 14:37 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Hewlett-Packard
2008-02-29 12:55 --------- d-----w C:\Program Files\SFO Xpress
2008-02-29 08:51 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-02-28 12:24 --------- d-----w C:\Program Files\CCleaner
2008-02-28 09:45 230,152 ----a-w C:\WINDOWS\system32\PDBoot.exe
2008-02-27 14:37 --------- d-----w C:\Program Files\Occtpt
2008-02-27 14:18 --------- d-----w C:\Program Files\DivX
2008-02-27 10:53 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Games
2008-02-27 10:20 --------- d-----w C:\Documents and Settings\Administrateur.4CDEA9EC3B764F8\Application Data\Microsoft Game Studios
2008-02-27 10:07 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-02-26 05:51 2,863,616 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-02-26 03:12 372,736 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-02-26 03:10 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-02-26 03:10 299,520 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-02-26 03:02 172,032 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-02-26 03:02 126,976 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-02-26 03:01 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-02-26 03:01 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-02-26 03:01 126,976 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-02-26 03:00 520,192 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-02-26 02:59 9,797,632 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-02-26 02:58 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-02-26 02:49 3,176,480 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-02-26 02:41 1,755,264 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-02-26 02:29 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-02-26 02:25 393,216 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-02-26 02:23 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-02-26 02:22 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-02-26 02:21 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-02-26 02:19 167,936 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-02-26 02:16 520,192 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-02-25 20:38 4,484 ----a-w C:\WINDOWS\system32\drivers\cpuidlep.sys
2008-02-25 20:38 --------- d-----w C:\Program Files\CpuIdle
2008-02-25 19:02 2,031 ----a-w C:\Program Files\uninstal.log
2008-02-25 07:09 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-02-25 07:09 --------- d-----r C:\Documents and Settings\Administrateur.4CDEA9EC3B764F8\Application Data\SecuROM
2008-02-24 11:04 --------- d-----w C:\Documents and Settings\Administrateur.4CDEA9EC3B764F8\Application Data\TuneUp Software
2008-02-24 11:03 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-24 11:03 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\TuneUp Software
2008-02-22 14:22 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Trymedia
2008-02-22 13:34 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\InstallShield
2008-02-21 18:27 --------- d-----w C:\Program Files\Neuf
2008-02-21 16:40 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-02-21 16:40 --------- d-----w C:\Documents and Settings\Administrateur.4CDEA9EC3B764F8\Application Data\DAEMON Tools
2008-02-21 09:22 --------- d-----w C:\Program Files\CAPCOM
2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-02-20 12:20 --------- d-----w C:\Program Files\Ad-Aware
2008-02-20 12:17 --------- d-----w C:\Documents and Settings\Administrateur.4CDEA9EC3B764F8\Application Data\Lavasoft
2008-02-20 11:50 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Prevx
2008-02-20 11:41 164 ----a-w C:\install.dat
2008-02-20 11:28 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\MSN6
2008-02-20 11:28 --------- d-----w C:\Documents and Settings\Administrateur.4CDEA9EC3B764F8\Application Data\MSN6
2008-02-20 09:14 --------- d-----w C:\Documents and Settings\Administrateur.4CDEA9EC3B764F8\Application Data\AlertPing
2008-02-19 19:50 --------- d-----w C:\Program Files\WebAnim Gif
2008-02-19 17:37 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\SEGA
2008-02-19 14:28 --------- d-----w C:\Documents and Settings\Administrateur.4CDEA9EC3B764F8\Application Data\vlc
2008-02-19 13:46 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-02-19 10:41 --------- d-----w C:\Documents and Settings\Administrateur.4CDEA9EC3B764F8\Application Data\Nero
2008-02-19 05:43 --------- d-----w C:\Documents and Settings\Administrateur.4CDEA9EC3B764F8\Application Data\Media Player Classic
2008-02-18 20:54 --------- d-----w C:\Program Files\Windows Live
2008-02-18 20:48 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2008-02-18 20:39 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Office Genuine Advantage
2008-02-18 20:31 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Azureus
2008-02-18 20:07 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\ESTsoft
2008-02-18 20:07 --------- d-----w C:\Documents and Settings\Administrateur.4CDEA9EC3B764F8\Application Data\ESTsoft
2008-02-17 20:13 --------- d-----w C:\Program Files\Edelweiss
2008-02-16 07:03 --------- d-----w C:\Program Files\iSpeed
2008-02-11 17:30 --------- d-----w C:\Program Files\Romcenter
2008-02-09 05:36 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-02-08 16:37 219,664 ----a-w C:\WINDOWS\system32\klogon.dll
.

------- Sigcheck -------

2004-08-19 16:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2007-12-18 04:04 507904 fb66744d525ea5df9a719f1db9b2dff4 C:\WINDOWS\system32\winlogon.exe

2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\ServicePackFiles\i386\ndis.sys
2007-12-18 04:04 182656 bc84c4f67d0e880b0c46dc0ce2b8cbaa C:\WINDOWS\system32\drivers\ndis.sys

2004-08-19 16:04 2058880 f252fae094c54572ece38a039f2103c4 C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
2007-12-18 04:04 2479872 37cf5612cd0b972a6a9e5a1ec4219e47 C:\WINDOWS\system32\ntkrnlpa.exe

2004-08-19 16:04 2183040 7d38ce4398e6aa6339b4644feadcc0d8 C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
2007-12-18 04:04 2347392 c23532a465a0b2ea4fc35b494bff5524 C:\WINDOWS\system32\ntoskrnl.exe

2007-12-18 04:04 1789952 addc47dfd517f2143d71e9310e414b50 C:\WINDOWS\explorer.exe
2004-08-19 16:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 17:44 61440]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 13:17 61440]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 18:36 227856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="cmd.exe" [2004-08-19 16:09 400896 C:\WINDOWS\system32\cmd.exe]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2007-12-18 04:04 44544]
"nltide3"="cmd.exe" [2004-08-19 16:09 400896 C:\WINDOWS\system32\cmd.exe]
"nltide_2"="regsvr32 /s /n /i:U shell32" []
"nltide_3"="advpack.dll" [2007-12-07 03:42 124928 C:\WINDOWS\system32\advpack.dll]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)
"NoDesktopCleanupWizard"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 1 (0x1)
"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3acm"= ac3acm.acm
"msacm.lameacm"= lameACM.acm
"vidc.LEAD"= LCODCCMP.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^Administrateur.4CDEA9EC3B764F8^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.3.lnk]
path=C:\Documents and Settings\Administrateur.4CDEA9EC3B764F8\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.3.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^D?arrage rapide du logiciel HP Image Zone.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\D?arrage rapide du logiciel HP Image Zone.lnk
backup=C:\WINDOWS\pss\D?arrage rapide du logiciel HP Image Zone.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2006-09-28 21:21 57344 C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2004-05-12 16:18 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-02-12 14:38 49152 c:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Modem Booster]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
--a------ 2007-06-29 00:01 2512128 C:\WINDOWS\system32\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Booster]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a--c--- 2007-01-10 22:59 1235456 C:\Program Files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a--c--- 2007-04-16 16:28 577536 C:\WINDOWS\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Styler]
--a--c--- 2006-05-03 12:48 307200 C:\Program Files\styler\Styler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\taivqioq]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TopDesk]
--a--c--- 2007-12-18 04:04 201216 C:\WINDOWS\system32\topdesk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tracks Eraser Pro]
--a------ 2004-05-02 16:02 240640 C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UberIcon]
--a--c--- 2006-07-18 00:16 122880 C:\Program Files\UberIcon\UberIcon Manager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vfilnqbr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vistadrv]
--a--c--- 2006-07-30 04:37 121089 C:\WINDOWS\system32\Vistadrive\vsdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTaskTips]
--a------ 2007-12-18 04:04 36864 C:\Windows\System32\VisualTaskTips.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
--a------ 2007-11-26 14:50 1222984 C:\Program Files\Webroot\Washer\wwDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-11-03 20:20 866584 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Game Vindicator\\Game Vindicator\\GameVindicator.exe"=
"C:\\Program Files\\Sega\\OutRun2006 Coast 2 Coast\\OR2006C2C.EXE"=
"C:\\Program Files\\SFO\\SFO_fullscreen.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\adslTV\\adsltv.exe"=
"C:\\Program Files\\SFO\\SFO_smallwindow.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\SFO\\SFO_vista.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\kav\\kis7.0\\french\\setup.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 Si3112;Si3112;C:\WINDOWS\system32\drivers\Si3112.sys [2007-12-18 04:04]
R0 Si3124;Si3124;C:\WINDOWS\system32\drivers\Si3124.sys [2007-12-18 04:04]
R0 Si3132r5;Si3132r5;C:\WINDOWS\system32\drivers\Si3132r5.sys [2007-12-18 04:04]
R0 Si3531;Si3531;C:\WINDOWS\system32\drivers\Si3531.sys [2007-12-18 04:04]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-09-21 18:49]
R1 cpuidlep;CpuIdle Pro System Driver;C:\WINDOWS\system32\drivers\cpuidlep.sys [2008-02-25 22:38]
R2 PD91Agent;PD91Agent;"C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe" [2008-02-28 11:44]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-19 16:10]
R2 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-11-26 14:50]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
R3 scrcap;scrcap;C:\WINDOWS\system32\DRIVERS\scrcap.sys [2006-12-27 16:47]
S3 CachemanXPService;CachemanXP;C:\Program Files\CachemanXP\CachemanXP.exe [2008-01-27 08:22]
S3 GPU-Z;GPU-Z;C:\DOCUME~1\ADMINI~1.4CD\LOCALS~1\Temp\GPU-Z.sys []
S3 PD91Engine;PD91Engine;"C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe" [2008-02-29 15:08]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-03-18 19:22]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-12-29 02:58]
S3 viafilter;VIA USB Filter;C:\WINDOWS\system32\Drivers\viausb1.sys [2001-09-19 14:28]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-05 15:11:54 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
"2008-04-05 15:14:55 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-05 17:30:34
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-05 17:31:45
ComboFix-quarantined-files.txt 2008-04-05 15:31:28
Pre-Run: 7,009,759,232 octets libres
Post-Run: 6,993,186,816 octets libres
.
2008-02-29 06:25:46 --- E O F ---

et voci le rapport hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:36:36, on 05/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20733)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Administrateur.4CDEA9EC3B764F8\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = https://support.microsoft.com/en-US/topic/internet-explorer-downloads-d49e1f0d-571c-9a7b-d97e-be248806ca70
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Statistiques d?nti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: CachemanXP (CachemanXPService) - Outertech - C:\Program Files\CachemanXP\CachemanXP.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

ludsfa · Answer

ok,
on poursuit,

refais une analyse en ligne avec kaspersky.  https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
attention cette analyse ne fonctionne qu'avec internet explorer.
clic sur démarrer online scaner.
Tu devras accepter certain activex . Accepte les et enfin execute.
scan ton poste de travail.
A la fin du scan il va te proposer un rapport accepte le et envois le dans ta prochaine réponse.
Dis moi au passage si tu as encore des soucis.

et enfin dernier point. 

https://www.malekal.com/avira-free-security-antivirus-gratuit/

ci dessus le lien pour télécharger antivr et les explications par rapport à avast.
antivir est gratuit mais il est en anglais regarde bien le tuto il t'explique tout.
ta première analyse tu la fera en mode sans echec et tu m'enverras le rapport également.

et enfin en dernier tu me refais un hijackthis.
bon courage.

ludo.

shadowkillercombohit@hotmail.fr · Answer

ici le rapport hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:19:24, on 06/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20733)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\CachemanXP\CachemanXP.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\system32	lntsvr.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Administrateur.4CDEA9EC3B764F8\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = https://support.microsoft.com/en-US/topic/internet-explorer-downloads-d49e1f0d-571c-9a7b-d97e-be248806ca70
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Administrateur"
O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans	scuinst.vbs" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32	scupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans	scuinst.vbs" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans	scuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans	scuinst.vbs" (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe
O23 - Service: CachemanXP (CachemanXPService) - Outertech - C:\Program Files\CachemanXP\CachemanXP.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

Mon pc est infecté

20 réponses

Votre réponse

Newsletters