Fenêtre internet s'affichet seules

Résolu

Remy33 Messages postés 10 Statut Membre -
ep44 Messages postés 7432 Statut Contributeur - 10 avr. 2008 à 13:34

Bonjour,
J'ai un souci, des fenêtres internet et d fenêtres de détectionde spyware apparaissent tut le temps sur mon ordi.
En lisant les conseils surl forum, 'ai essayé d'utiliser Hijackthis et voilà le résultat:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ASUSTPE] C:\Windows\system32\ASUSTPE.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Cld2000.exe] C:\Program Files\Calendrier\Cld2000.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\RMY~1\AppData\Local\Temp\mlJCRJcb.dll,#1
O4 - HKCU\..\Run: [pqdjplha] C:\ProgramData\pqdjplha\ohutwpqr.exe
O4 - HKCU\..\Run: [tu27VcYbRl] C:\ProgramData\cdgverkz\gxszifaz.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\RMY~1\AppData\Local\Temp\cBsrsQIA.dll,c
O4 - HKCU\..\Run: [b072763e] rundll32.exe "C:\Users\RMY~1\AppData\Local\Temp\nkuhmqgm.dll",b
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [yjdnwzsc] C:\ProgramData\yjdnwzsc\bmdsbqry.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: OFFICE One Startup v7.lnk = ?
O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe

Merci pour votre aide, que puis-je faire?

Afficher la suite

A voir également:

Fenêtre internet s'affichet seules
Fenetre windows - Guide
Gps sans internet - Guide
Fenêtre hors écran windows 11 - Guide
Mon pc rame sur internet - Guide
Internet explorer - Guide

12 réponses

Réponse 1 / 12

ep44 Messages postés 7432 Statut Contributeur 3

Bonsoir

bien infecté

Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

- Vas dans "Démarrer" puis Panneau de configuration.
- Double Clique sur l'icône Comptes d'utilisateurs et sur Activer ou désactiver le contrôle des comptes d'utilisateurs.
- Clique sur Continuer.
- Décoche la case Utiliser le contrôle des comptes d'utilisateurs pour vous aider à protéger votre ordinateur.
- Valide par OK et redémarre.

ensuite
Télécharge Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
=> déconnecte toi d'internet et ferme toutes tes applications.
=> désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
=> Double-clic sur combofix,
=> Ne touche à rien tant que le scan n'est pas terminé.Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
=> Attends que combofix ait terminé, un rapport sera créé.
=> réactive ton parefeu, ton antivirus, la garde de ton antispyware
=> copie/colle le rapport C:\ComboFix.txt

@+

Remy33 Messages postés 10 Statut Membre

Salut
Bon, j'ai fait ce que tu as dit et voilà le résultat:
ComboFix 08-04-08.5 - Rémy 2008-04-08 23:35:09.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1062 [GMT 2:00]
Endroit: C:\Users\Rémy\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Rémy\Desktopblackbird.jpg
C:\Users\Rémy\DesktopEditorFKWP1.5.exe
C:\Users\Rémy\DesktopEditorFKWP2.0.exe
C:\Users\Rémy\Desktopfilemanagerclient.exe
C:\Users\Rémy\Desktopfkwp1.5.exe
C:\Users\Rémy\Desktopfkwp2.0.exe
C:\Users\Rémy\Desktopfwebd.exe
C:\Users\Rémy\DesktopFWebdEditor.exe
C:\Users\Rémy\DesktopTrojan.Win32.BlackBird.exe
C:\Users\Rémy\Desktopvirii

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-08 to 2008-04-08 ))))))))))))))))))))))))))))))))))))
.

2008-04-08 07:36 . 2008-04-08 07:36 <REP> d-------- C:\ProgramData\rhtdinub
2008-04-07 16:29 . 2008-04-07 16:29 <REP> d-------- C:\Program Files\Trend Micro
2008-04-07 16:10 . 2008-04-07 16:10 <REP> d-------- C:\ProgramData\rseqtjie
2008-04-07 15:38 . 2008-04-07 15:38 <REP> d-------- C:\ProgramData\yjdnwzsc
2008-04-07 14:39 . 2008-04-08 23:31 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-04-07 14:39 . 2008-04-08 23:40 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-06 19:34 . 2008-04-06 19:34 <REP> d-------- C:\ProgramData\pqdjplha
2008-04-06 19:34 . 2008-04-08 23:48 <REP> d-------- C:\ProgramData\cdgverkz
2008-04-02 14:19 . 2008-03-29 19:31 75,856 --a------ C:\Windows\System32\drivers\aswSP.sys
2008-04-02 14:19 . 2008-03-29 19:35 20,560 --a------ C:\Windows\System32\drivers\aswFsBlk.sys
2008-03-19 11:51 . 2008-03-20 12:54 <REP> d-------- C:\Program Files\Google
2008-03-19 11:50 . 2008-03-19 11:51 <REP> d-------- C:\Program Files\Java
2008-03-19 11:49 . 2008-03-19 11:49 <REP> d-------- C:\Program Files\Common Files\Java
2008-03-12 10:39 . 2007-12-17 00:50 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-03-12 10:39 . 2007-12-16 11:56 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
2008-03-11 10:44 . 2008-03-11 10:45 <REP> d-------- C:\Program Files\KompoZer

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-07 06:10 45,056 ----a-w C:\Windows\System32\acovcnt.exe
2008-03-29 17:45 1,146,232 ----a-w C:\Windows\System32\aswBoot.exe
2008-03-29 17:32 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-03-29 17:29 23,152 ----a-w C:\Windows\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\Windows\system32\drivers\aswTdi.sys
2008-03-29 17:23 95,608 ----a-w C:\Windows\System32\AVASTSS.scr
2008-03-17 07:48 --------- d-----w C:\ProgramData\Symantec
2008-03-17 07:48 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-16 18:58 --------- d-----w C:\Program Files\Symantec
2008-03-13 02:12 --------- d-----w C:\Program Files\Windows Mail
2008-03-11 08:46 --------- d-----w C:\Program Files\Nvu
2008-02-23 16:13 --------- d-----w C:\Users\PERSO.PC-de-IC2E\AppData\Roaming\vlc
2008-02-20 06:47 765,440 ----a-w C:\Windows\system32\drivers\athr.sys
2008-02-15 14:52 --------- d-----w C:\ProgramData\Microsoft Help
2008-02-14 10:03 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 10:03 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-14 09:55 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-14 09:55 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-14 09:55 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 09:55 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-14 09:55 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-14 09:55 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-02-14 09:55 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-14 09:54 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-14 09:54 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 09:54 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 09:54 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 09:54 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 09:54 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 09:54 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-14 09:54 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 09:54 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 09:54 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 09:54 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-14 09:50 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-14 09:50 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-14 09:50 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-14 09:50 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-12 09:11 --------- d-----w C:\Program Files\ASUS
2008-02-03 20:08 252,344 ----a-w C:\Users\PERSO.PC-de-IC2E\AppData\Roaming\GDIPFONTCACHEV1.DAT
2008-01-29 18:14 155,995 ----a-w C:\Windows\Java\Packages\BVDVHZLB.ZIP
2008-01-29 07:52 4,608 ----a-w C:\Windows\System32\w95inf32.dll
2008-01-26 08:31 253,116 ----a-w C:\Windows\PDFCreator_Toolbar_Uninstaller_8203.exe
2008-01-26 02:13 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-01-26 02:13 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-01-26 02:13 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-01-26 02:13 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-01-26 02:13 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-01-26 02:13 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-01-26 02:13 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-01-26 02:13 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-01-26 02:13 2,923,520 ----a-w C:\Windows\explorer.exe
2008-01-26 02:13 2,028,544 ----a-w C:\Windows\System32\win32k.sys
2008-01-26 02:12 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-01-26 02:11 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-01-26 02:11 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-01-26 02:11 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-01-26 02:09 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2008-01-26 02:09 8,704 ----a-w C:\Windows\System32\hccoin.dll
2008-01-26 02:08 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-01-26 02:07 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-01-26 02:07 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-01-26 02:07 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-01-26 02:07 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-01-26 02:06 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-26 02:04 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-01-25 18:32 16,384 ----a-w C:\Windows\System32\DsrSleep.dll
2008-01-25 18:26 77,824 ----a-w C:\Windows\System32\oopmdisp.exe
2008-01-25 18:26 69,632 ----a-w C:\Windows\System32\oopmagentts.exe
2008-01-25 18:26 624,128 ----a-w C:\Windows\System32\PDFCreatorPilot2.dll
2008-01-25 18:26 31,232 ----a-w C:\Windows\System32\progress.exe
2008-01-25 18:26 26,112 ----a-w C:\Windows\System32\oopmpm.dll
2008-01-25 17:22 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2008-01-25 17:22 43,352 ----a-w C:\Windows\System32\wups2.dll
2008-01-25 17:22 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2008-01-25 17:22 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2008-01-25 17:20 80,896 ----a-w C:\Windows\System32\wudriver.dll
2008-01-25 17:20 549,720 ----a-w C:\Windows\System32\wuapi.dll
2008-01-25 17:20 33,624 ----a-w C:\Windows\System32\wups.dll
2008-01-25 17:19 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-01-25 17:19 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2008-01-10 05:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2007-12-13 20:59 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D96F3DB-70F6-46F7-BE01-09D946AFCF5F}]
2008-04-06 19:39 268288 --a------ C:\Users\RMY~1\AppData\Local\Temp\cBsrsQIA.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-26 04:06 1232896]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 22:35 90112]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-06-20 13:49 451872]
"Cld2000.exe"="C:\Program Files\Calendrier\Cld2000.exe" [ ]
"pqdjplha"="C:\ProgramData\pqdjplha\ohutwpqr.exe" [2008-04-06 19:34 110592]
"tu27VcYbRl"="C:\ProgramData\cdgverkz\gxszifaz.exe" [ ]
"WINSOS VERIFY"="C:\Program Files\Winsos\WINSOS.exe" [ ]
"yjdnwzsc"="C:\ProgramData\yjdnwzsc\bmdsbqry.exe" [2008-04-07 15:38 94208]
"rhtdinub"="C:\ProgramData\rhtdinub\clkfwzwd.exe" [2008-04-08 07:36 98304]
"vfjhccov"="C:\Windows\system32\exctqpwt.exe" [2008-04-08 23:49 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-12-13 21:53 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 05:06 4669440 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-06-15 10:45 1826816 C:\Windows\SkyTel.exe]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-09-03 07:33 630784]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 18:27 61440]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-23 07:27 815104]
"ASUSTPE"="C:\Windows\system32\ASUSTPE.exe" [2006-12-13 01:06 106496]
"ASUS Camera ScreenSaver"="C:\Windows\ASScrProlog.exe" [2007-12-13 23:28 37232]
"ASUS Screen Saver Protector"="C:\Windows\ASScrPro.exe" [2007-12-13 23:28 33136]
"PowerForPhone"="C:\Program Files\PowerForPhone\PowerForPhone.exe" [2007-06-26 20:10 778240]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 16:57 282624]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 22:52 49152]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 11:22 517768]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 01:01:50 734872]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 22:40:10 210520]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]
OFFICE One Startup v7.lnk - C:\Program Files\OFFICE One v7\OFFICE One Startup v7\oostartupv7.exe [2008-01-25 20:41:32 713728]
PDFCreator.lnk - C:\Program Files\PDFCreator\PDFCreator.exe [2008-01-26 10:30:47 2641920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"tu27VcYbRl"= C:\ProgramData\cdgverkz\gxszifaz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{7EC199B4-2EE8-4E30-A06E-C24C15D751A9}"= Disabled:UDP:F:\setup\HPZNUI01.EXE:hpznui01.exe
"{79C21E11-96BF-4C34-8024-4FDBD8E51756}"= Disabled:TCP:F:\setup\HPZNUI01.EXE:hpznui01.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 19:32]
R2 HPSLPSVC;HP Network Devices Support;C:\Windows\system32\svchost.exe [2006-11-02 11:45]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\Windows\System32\StkCSrv.exe [2007-04-19 00:42]
R3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\Windows\system32\DRIVERS\l260x86.sys [2007-08-17 08:00]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2008-02-20 08:47]
R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-02-02 09:09]
R3 RTSTOR;USB Mass Storage Device;C:\Windows\system32\drivers\RTSTOR.SYS [2007-01-11 04:18]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\Windows\system32\Drivers\StkCMini.sys [2007-06-06 04:40]
S3 Asushwio;Asushwio;C:\Windows\system32\drivers\Asushwio.sys [2006-10-10 21:33]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\Windows\system32\DRIVERS\fbxusb32.sys [2004-10-20 17:23]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {6173A4FC-D42D-69A6-52CA-A30496389760} /qb

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-08 12:11:07 C:\Windows\Tasks\User_Feed_Synchronization-{7414A2DD-83A3-4901-A13C-F2E3BD6F7A65}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-08 23:48:36
Windows 6.0.6000 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Windows\system32\conime.exe
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Windows\system32\wermgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\DllHost.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-08 23:50:04 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-08 21:49:58
Pre-Run: 46,727,577,600 octets libres
Post-Run: 48,690,950,144 octets libres
.
2008-04-07 06:17:06 --- E O F ---

Ca te parle?
En tout cas merci pour ton aide
@+

Réponse 2 / 12

ep44 Messages postés 7432 Statut Contributeur 3

Connais tu ceci
C:\Program Files\Calendrier\Cld2000.exe

selectionne ceci

registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D96F3DB-70F6-46F7-BE01-09D946AFCF5F}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"yjdnwzsc"=-
"rhtdinub"=-
"vfjhccov"=-
"pqdjplha"=-

File::
C:\ProgramData\rhtdinub
C:\ProgramData\rseqtjie
C:\ProgramData\yjdnwzsc
C:\ProgramData\pqdjplha
C:\ProgramData\cdgverkz

* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
* Veille à ce que Retour à la ligne ne soit pas coché dans Format.
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

reposte aussi un nouveau hijack

@+

Remy33 Messages postés 10 Statut Membre

Avant de faire cette dernière action, je n'avais plus de fenetre internet qui s'ouvraient, mais toujours des alertes antivirus et anti spyware. Donc déjà un grand merci pour la première partie de la résolution.
Pour C:\Program Files\Calendrier\Cld2000.exe, c'était un agenda que j'avais installé, mais je ne l'utilise plus.
Voici ce que tu m'as demandé:

ComboFix 08-04-08.5 - Rémy 2008-04-09 13:36:57.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.918 [GMT 2:00]
Endroit: C:\Users\Rémy\Desktop\ComboFix.exe
Command switches used :: C:\Users\R‚my\Desktop\CFScript.txt
* Création d'un nouveau point de restauration
.
TimedOut: progfile.dat

((((((((((((((((((((((((((((( Fichiers créés 2008-03-09 to 2008-04-09 ))))))))))))))))))))))))))))))))))))
.

2008-04-09 00:17 . 2008-04-09 00:17 118 --a------ C:\Windows\System32\MRT.INI
2008-04-09 00:10 . 2008-02-15 01:19 944,184 --a------ C:\Windows\System32\winload.exe
2008-04-09 00:10 . 2008-02-19 07:10 620,088 --a------ C:\Windows\System32\ci.dll
2008-04-09 00:10 . 2008-02-29 08:39 371,712 --a------ C:\Windows\System32\srcore.dll
2008-04-09 00:10 . 2008-02-29 08:38 313,856 --a------ C:\Windows\System32\rstrui.exe
2008-04-09 00:10 . 2008-02-29 08:39 40,960 --a------ C:\Windows\System32\srclient.dll
2008-04-09 00:10 . 2008-02-29 08:51 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-04-09 00:10 . 2008-02-29 08:38 16,384 --a------ C:\Windows\System32\srdelayed.exe
2008-04-09 00:10 . 2008-02-29 08:34 7,168 --a------ C:\Windows\System32\f3ahvoas.dll
2008-04-09 00:10 . 2008-02-29 08:35 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-04-08 07:36 . 2008-04-08 07:36 <REP> d-------- C:\ProgramData\rhtdinub
2008-04-07 16:29 . 2008-04-07 16:29 <REP> d-------- C:\Program Files\Trend Micro
2008-04-07 16:10 . 2008-04-07 16:10 <REP> d-------- C:\ProgramData\rseqtjie
2008-04-07 15:38 . 2008-04-07 15:38 <REP> d-------- C:\ProgramData\yjdnwzsc
2008-04-07 14:39 . 2008-04-08 23:31 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-04-07 14:39 . 2008-04-08 23:40 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-06 19:34 . 2008-04-06 19:34 <REP> d-------- C:\ProgramData\pqdjplha
2008-04-06 19:34 . 2008-04-08 23:48 <REP> d-------- C:\ProgramData\cdgverkz
2008-04-02 14:19 . 2008-03-29 19:31 75,856 --a------ C:\Windows\System32\drivers\aswSP.sys
2008-04-02 14:19 . 2008-03-29 19:35 20,560 --a------ C:\Windows\System32\drivers\aswFsBlk.sys
2008-03-20 08:59 . 2008-03-20 15:02 <REP> d-------- C:\Users\Rémy\AppData\Roaming\Google
2008-03-19 11:51 . 2008-03-20 12:54 <REP> d-------- C:\Program Files\Google
2008-03-19 11:50 . 2008-03-19 11:51 <REP> d-------- C:\Program Files\Java
2008-03-19 11:49 . 2008-03-19 11:49 <REP> d-------- C:\Program Files\Common Files\Java
2008-03-12 10:39 . 2007-12-17 00:50 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-03-12 10:39 . 2007-12-16 11:56 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
2008-03-11 10:44 . 2008-03-11 10:45 <REP> d-------- C:\Program Files\KompoZer
2008-03-11 10:39 . 2008-03-11 10:39 <REP> d-------- C:\Users\Rémy\AppData\Roaming\KompoZer

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-09 11:40 3,145,728 --sha-w C:\Users\Rémy\NTUSER.DAT
2008-04-09 11:40 3,145,728 --sha-w C:\Users\Rémy\NTUSER.DAT
2008-04-09 10:23 1,835,008 --sha-w C:\Users\Invité\NTUSER.DAT
2008-04-09 10:23 1,835,008 --sha-w C:\Users\Invité\NTUSER.DAT
2008-04-09 09:53 --------- d-----w C:\Program Files\Windows Mail
2008-04-08 12:35 --------- d-----w C:\Users\Rémy\AppData\Roaming\Image Zone Express
2008-04-07 12:21 --------- d-s---w C:\Users\Rémy\AppData\Roaming\Microsoft
2008-04-07 06:10 45,056 ----a-w C:\Windows\System32\acovcnt.exe
2008-03-29 17:45 1,146,232 ----a-w C:\Windows\System32\aswBoot.exe
2008-03-29 17:32 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-03-29 17:29 23,152 ----a-w C:\Windows\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\Windows\system32\drivers\aswTdi.sys
2008-03-29 17:23 95,608 ----a-w C:\Windows\System32\AVASTSS.scr
2008-03-20 13:02 --------- d-----w C:\Users\Rémy\AppData\Roaming\Google
2008-03-17 07:48 --------- d-----w C:\ProgramData\Symantec
2008-03-17 07:48 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-16 18:58 --------- d-----w C:\Program Files\Symantec
2008-03-11 08:46 --------- d-----w C:\Program Files\Nvu
2008-03-11 08:39 --------- d-----w C:\Users\Rémy\AppData\Roaming\KompoZer
2008-02-29 04:14 2,028,544 ----a-w C:\Windows\System32\win32k.sys
2008-02-23 16:13 --------- d-----w C:\Users\PERSO.PC-de-IC2E\AppData\Roaming\vlc
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-20 21:29 --------- d-s---w C:\Users\Invité\AppData\Roaming\Microsoft
2008-02-20 06:47 765,440 ----a-w C:\Windows\system32\drivers\athr.sys
2008-02-18 17:06 251,184 ----a-w C:\Users\Rémy\AppData\Roaming\GDIPFONTCACHEV1.DAT
2008-02-18 17:02 --------- d-----w C:\Users\Rémy\AppData\Roaming\OFFICEOne7
2008-02-15 14:52 --------- d-----w C:\ProgramData\Microsoft Help
2008-02-15 14:32 --------- d-----w C:\Users\Rémy\AppData\Roaming\Calendrier Xtra
2008-02-14 10:03 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 10:03 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-14 09:55 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-14 09:55 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-14 09:55 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 09:55 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-14 09:55 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-14 09:55 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-02-14 09:55 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-14 09:54 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-14 09:54 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 09:54 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 09:54 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 09:54 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 09:54 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 09:54 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-14 09:54 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 09:54 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 09:54 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 09:54 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-12 09:11 --------- d-----w C:\Program Files\ASUS
2008-02-11 23:20 --------- d-----w C:\Users\Invité\AppData\Roaming\HP
2008-02-11 18:54 --------- d-----w C:\Users\Invité\AppData\Roaming\Adobe
2008-02-11 18:51 --------- d-----w C:\Users\Invité\AppData\Roaming\Talkback
2008-02-11 18:51 --------- d-----w C:\Users\Invité\AppData\Roaming\ATI
2008-02-11 18:50 --------- d-----w C:\Users\Invité\AppData\Roaming\OFFICE One v7
2008-02-11 18:50 --------- d-----w C:\Users\Invité\AppData\Roaming\Mozilla
2008-02-11 18:49 --------- d-----w C:\Users\Invité\AppData\Roaming\Macromedia
2008-02-11 18:49 --------- d-----w C:\Users\Invité\AppData\Roaming\Identities
2008-02-11 15:54 --------- d-----w C:\Users\Rémy\AppData\Roaming\Printer Info Cache
2008-02-03 20:08 252,344 ----a-w C:\Users\PERSO.PC-de-IC2E\AppData\Roaming\GDIPFONTCACHEV1.DAT
2008-01-29 18:14 155,995 ----a-w C:\Windows\Java\Packages\BVDVHZLB.ZIP
2008-01-29 07:52 4,608 ----a-w C:\Windows\System32\w95inf32.dll
2008-01-26 08:31 253,116 ----a-w C:\Windows\PDFCreator_Toolbar_Uninstaller_8203.exe
2008-01-26 02:13 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-01-26 02:13 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-01-26 02:13 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-01-26 02:13 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-01-26 02:13 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-01-26 02:13 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-01-26 02:13 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-01-26 02:13 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-01-26 02:13 2,923,520 ----a-w C:\Windows\explorer.exe
2008-01-26 02:12 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-01-26 02:11 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-01-26 02:11 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-01-26 02:11 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-01-26 02:09 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2008-01-26 02:09 8,704 ----a-w C:\Windows\System32\hccoin.dll
2008-01-26 02:08 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-01-26 02:07 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-01-26 02:07 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-01-26 02:07 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-01-26 02:07 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-01-26 02:06 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-26 02:04 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-01-25 18:32 16,384 ----a-w C:\Windows\System32\DsrSleep.dll
2008-01-25 18:26 77,824 ----a-w C:\Windows\System32\oopmdisp.exe
2008-01-25 18:26 69,632 ----a-w C:\Windows\System32\oopmagentts.exe
2008-01-25 18:26 624,128 ----a-w C:\Windows\System32\PDFCreatorPilot2.dll
2008-01-25 18:26 31,232 ----a-w C:\Windows\System32\progress.exe
2008-01-25 18:26 26,112 ----a-w C:\Windows\System32\oopmpm.dll
2008-01-25 17:22 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2008-01-25 17:22 43,352 ----a-w C:\Windows\System32\wups2.dll
2008-01-25 17:22 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2008-01-25 17:22 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2008-01-25 17:20 80,896 ----a-w C:\Windows\System32\wudriver.dll
2008-01-25 17:20 549,720 ----a-w C:\Windows\System32\wuapi.dll
.

((((((((((((((((((((((((((((( snapshot@2008-04-08_23.49.23.66 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-08 21:40:11 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-04-09 09:55:11 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-04-09 11:36:45 6,193,152 ----a-w C:\Windows\erdnt\Hiv-backup\SCHEMA.DAT
- 2008-03-13 02:12:09 665,600 ----a-w C:\Windows\inf\drvindex.dat
+ 2008-04-09 09:52:42 665,600 ----a-w C:\Windows\inf\drvindex.dat
- 2008-03-13 02:12:11 51,200 ----a-w C:\Windows\inf\infpub.dat
+ 2008-04-09 09:53:05 51,200 ----a-w C:\Windows\inf\infpub.dat
- 2008-03-13 02:12:08 86,016 ----a-w C:\Windows\inf\infstor.dat
+ 2008-04-09 09:53:05 86,016 ----a-w C:\Windows\inf\infstor.dat
- 2008-03-13 02:12:08 86,016 ----a-w C:\Windows\inf\infstrng.dat
+ 2008-04-09 09:52:43 86,016 ----a-w C:\Windows\inf\infstrng.dat
- 2008-04-08 21:41:26 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-04-09 11:10:31 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-04-08 21:48:27 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-04-09 09:56:01 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-04-08 21:43:59 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-04-09 11:36:16 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-04-08 21:48:27 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-04-09 10:06:26 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-04-09 10:06:26 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-02-14 09:50:31 124,928 ----a-w C:\Windows\System32\advpack.dll
+ 2008-02-21 04:43:34 124,928 ----a-w C:\Windows\System32\advpack.dll
- 2008-04-08 21:46:07 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-04-09 11:31:44 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-04-08 21:46:07 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-09 11:31:44 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-08 21:46:07 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-09 11:31:44 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2006-11-02 09:46:04 162,816 ----a-w C:\Windows\System32\dnsapi.dll
+ 2007-12-16 11:42:18 162,816 ----a-w C:\Windows\System32\dnsapi.dll
- 2006-11-02 09:45:02 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe
+ 2007-12-16 11:41:39 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe
- 2006-11-02 09:46:04 83,968 ----a-w C:\Windows\System32\dnsrslvr.dll
+ 2007-12-16 11:42:18 83,968 ----a-w C:\Windows\System32\dnsrslvr.dll
- 2008-02-14 09:50:22 347,136 ----a-w C:\Windows\System32\dxtmsft.dll
+ 2008-02-21 04:43:35 347,136 ----a-w C:\Windows\System32\dxtmsft.dll
- 2008-02-14 09:50:23 214,528 ----a-w C:\Windows\System32\dxtrans.dll
+ 2008-02-21 04:43:35 214,528 ----a-w C:\Windows\System32\dxtrans.dll
- 2008-02-16 15:57:32 709,584 ----a-w C:\Windows\System32\FNTCACHE.DAT
+ 2008-04-09 09:54:37 709,584 ----a-w C:\Windows\System32\FNTCACHE.DAT
- 2008-02-14 09:50:20 63,488 ----a-w C:\Windows\System32\icardie.dll
+ 2008-02-21 04:43:35 63,488 ----a-w C:\Windows\System32\icardie.dll
- 2008-02-14 09:50:13 70,656 ----a-w C:\Windows\System32\ie4uinit.exe
+ 2008-02-21 04:43:03 70,656 ----a-w C:\Windows\System32\ie4uinit.exe
- 2008-02-14 09:50:25 383,488 ----a-w C:\Windows\System32\ieapfltr.dll
+ 2008-02-21 04:43:35 383,488 ----a-w C:\Windows\System32\ieapfltr.dll
- 2008-02-14 09:50:58 6,066,176 ----a-w C:\Windows\System32\ieframe.dll
+ 2008-02-21 04:43:35 6,066,176 ----a-w C:\Windows\System32\ieframe.dll
- 2008-02-14 09:50:12 44,544 ----a-w C:\Windows\System32\iernonce.dll
+ 2008-02-21 04:43:36 44,544 ----a-w C:\Windows\System32\iernonce.dll
- 2008-02-14 09:51:00 180,736 ----a-w C:\Windows\System32\ieui.dll
+ 2008-02-21 04:43:36 180,736 ----a-w C:\Windows\System32\ieui.dll
- 2008-02-14 09:50:31 27,648 ----a-w C:\Windows\System32\jsproxy.dll
+ 2008-02-21 04:43:36 27,648 ----a-w C:\Windows\System32\jsproxy.dll
- 2008-02-14 09:50:31 64,512 ----a-w C:\Windows\System32\migration\WininetPlugin.dll
+ 2008-02-21 04:43:42 64,512 ----a-w C:\Windows\System32\migration\WininetPlugin.dll
- 2008-03-05 16:30:54 19,148,408 ----a-w C:\Windows\System32\mrt.exe
+ 2008-04-06 05:56:20 19,836,024 ----a-w C:\Windows\System32\mrt.exe
- 2008-02-14 09:50:45 3,592,192 ----a-w C:\Windows\System32\mshtml.dll
+ 2008-02-21 04:43:36 3,591,680 ----a-w C:\Windows\System32\mshtml.dll
- 2008-02-14 09:50:48 478,208 ----a-w C:\Windows\System32\mshtmled.dll
+ 2008-02-21 04:43:36 478,208 ----a-w C:\Windows\System32\mshtmled.dll
- 2008-02-14 09:50:20 671,232 ----a-w C:\Windows\System32\mstime.dll
+ 2008-02-21 04:43:37 671,232 ----a-w C:\Windows\System32\mstime.dll
- 2008-04-08 21:45:32 103,924 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-04-09 10:00:04 103,924 ----a-w C:\Windows\System32\perfc009.dat
- 2008-04-08 21:45:32 117,572 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-04-09 10:00:04 117,572 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-04-08 21:45:32 610,142 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-04-09 10:00:04 610,142 ----a-w C:\Windows\System32\perfh009.dat
- 2008-04-08 21:45:32 690,832 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-04-09 10:00:04 690,832 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-02-14 09:50:32 44,544 ----a-w C:\Windows\System32\pngfilt.dll
+ 2008-02-21 04:43:38 44,544 ----a-w C:\Windows\System32\pngfilt.dll
- 2008-03-13 19:38:27 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-04-09 09:56:31 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2008-02-14 09:50:30 1,159,680 ----a-w C:\Windows\System32\urlmon.dll
+ 2008-02-21 04:43:41 1,159,680 ----a-w C:\Windows\System32\urlmon.dll
- 2008-04-08 21:13:24 8,474 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-458277762-2666843864-592232392-1000_UserData.bin
+ 2008-04-09 10:04:29 9,062 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-458277762-2666843864-592232392-1000_UserData.bin
- 2008-04-08 21:13:24 70,068 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-04-09 10:04:26 70,170 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-04-08 21:13:21 43,044 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-04-09 10:04:23 43,592 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-03-13 02:12:22 1,479,652 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-04-08 22:19:23 29,319,882 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-02-21 04:43:34 124,928 ----a-w C:\Windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.16643_none_a9bce801f5c7b8c8\advpack.dll
+ 2008-02-22 04:48:31 124,928 ----a-w C:\Windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.20777_none_aa2a16310efa11c1\advpack.dll
+ 2008-02-29 06:53:29 46,592 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.18027_none_6929f9588cd4875c\setbcdlocale.dll
+ 2008-02-29 07:11:54 988,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.18027_none_6929f9588cd4875c\winload.exe
+ 2008-02-29 07:11:56 927,288 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.18027_none_6929f9588cd4875c\winresume.exe
+ 2008-02-29 06:37:41 46,592 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.22125_none_69b1958fa5f3f478\setbcdlocale.dll
+ 2008-02-29 07:02:42 988,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.22125_none_69b1958fa5f3f478\winload.exe
+ 2008-02-29 07:02:41 927,288 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.22125_none_69b1958fa5f3f478\winresume.exe
+ 2008-02-29 06:51:24 19,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..uggertransport-1394_31bf3856ad364e35_6.0.6000.16646_none_61bfda98f6d6f5d5\kd1394.dll
+ 2008-02-29 06:54:17 19,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..uggertransport-1394_31bf3856ad364e35_6.0.6000.20782_none_621a368c1018a007\kd1394.dll
+ 2008-02-29 07:14:21 19,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..uggertransport-1394_31bf3856ad364e35_6.0.6001.18027_none_63bcb960f3ec683b\kd1394.dll
+ 2008-02-29 06:57:07 19,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..uggertransport-1394_31bf3856ad364e35_6.0.6001.22125_none_644455980d0bd557\kd1394.dll
+ 2008-02-14 23:19:24 944,184 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.16646_none_591b3d986f9b5725\winload.exe
+ 2008-02-14 10:00:07 905,400 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.16646_none_591b3d986f9b5725\winresume.exe
+ 2008-02-14 23:13:10 944,696 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.20782_none_5975998b88dd0157\winload.exe
+ 2008-02-14 10:00:06 905,400 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.20782_none_5975998b88dd0157\winresume.exe
+ 2008-02-29 07:11:54 988,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.18027_none_5b181c606cb0c98b\winload.exe
+ 2008-02-29 07:11:56 927,288 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.18027_none_5b181c606cb0c98b\winresume.exe
+ 2008-02-29 07:02:42 988,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.22125_none_5b9fb89785d036a7\winload.exe
+ 2008-02-29 07:02:41 927,288 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.22125_none_5b9fb89785d036a7\winresume.exe
+ 2008-02-19 05:10:22 620,088 ----a-w C:\Windows\winsxs\x86_microsoft-windows-codeintegrity_31bf3856ad364e35_6.0.6000.16642_none_9e68737c07b7f5c7\ci.dll
+ 2008-02-19 04:54:56 620,088 ----a-w C:\Windows\winsxs\x86_microsoft-windows-codeintegrity_31bf3856ad364e35_6.0.6000.20775_none_9ed4a16120eb3569\ci.dll
+ 2008-02-22 05:05:52 615,992 ----a-w C:\Windows\winsxs\x86_microsoft-windows-codeintegrity_31bf3856ad364e35_6.0.6001.18023_none_a065524404cd682d\ci.dll
+ 2008-02-22 04:57:25 615,992 ----a-w C:\Windows\winsxs\x86_microsoft-windows-codeintegrity_31bf3856ad364e35_6.0.6001.22120_none_a0ebee311dedbbf2\ci.dll
+ 2007-12-16 11:42:18 162,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.16615_none_dff66fbd85366d1e\dnsapi.dll
+ 2007-12-16 11:41:39 24,576 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.16615_none_dff66fbd85366d1e\dnscacheugc.exe
+ 2007-12-16 11:42:18 83,968 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.16615_none_dff66fbd85366d1e\dnsrslvr.dll
+ 2007-12-16 11:49:22 162,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.20740_none_e05a9b529e70e208\dnsapi.dll
+ 2007-12-16 09:41:27 24,576 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.20740_none_e05a9b529e70e208\dnscacheugc.exe
+ 2007-12-16 11:49:22 84,480 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.20740_none_e05a9b529e70e208\dnsrslvr.dll
+ 2008-02-21 04:43:35 296,448 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6000.16643_none_57702c844c48b643\gdi32.dll
+ 2008-02-22 04:49:18 296,448 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6000.20777_none_57dd5ab3657b0f3c\gdi32.dll
+ 2008-02-22 04:57:23 295,936 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6001.18023_none_596c0b02495f0f52\gdi32.dll
+ 2008-02-22 04:48:18 295,936 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6001.22120_none_59f2a6ef627f6317\gdi32.dll
+ 2008-02-21 04:43:38 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.16643_none_ebb7f1b116609ec7\pngfilt.dll
+ 2008-02-22 04:51:42 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.20777_none_ec251fe02f92f7c0\pngfilt.dll
+ 2008-02-21 04:43:41 1,159,680 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16643_none_b2d49a63d9c1162b\urlmon.dll
+ 2008-02-22 04:52:08 1,162,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20777_none_b341c892f2f36f24\urlmon.dll
+ 2008-02-22 05:01:33 1,166,336 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18023_none_b4d078e1d6d76f3a\urlmon.dll
+ 2008-02-22 04:52:15 1,166,336 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22120_none_b55714ceeff7c2ff\urlmon.dll
+ 2008-02-29 06:34:50 7,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..humb-shift_keyboard_31bf3856ad364e35_6.0.6000.16646_none_ebb5eec692f230bc\f3ahvoas.dll
+ 2008-02-29 06:30:51 7,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..humb-shift_keyboard_31bf3856ad364e35_6.0.6000.20782_none_ec104ab9ac33daee\f3ahvoas.dll
+ 2008-02-21 04:43:37 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.16643_none_deb7292c7f69d59a\mstime.dll
+ 2008-02-22 04:50:37 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.20777_none_df24575b989c2e93\mstime.dll
+ 2008-02-22 04:59:51 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.18023_none_e0b307aa7c802ea9\mstime.dll
+ 2008-02-22 04:50:26 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.22120_none_e139a39795a0826e\mstime.dll
+ 2008-02-29 06:35:17 6,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..rd-japanese_106_key_31bf3856ad364e35_6.0.6000.16646_none_dafbedd9168fe683\kbd106n.dll
+ 2008-02-29 06:31:23 6,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..rd-japanese_106_key_31bf3856ad364e35_6.0.6000.20782_none_db5649cc2fd190b5\kbd106n.dll
+ 2008-02-21 04:43:36 27,648 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16643_none_ffda7605a4ca3cbe\jsproxy.dll
+ 2008-02-21 04:43:42 826,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16643_none_ffda7605a4ca3cbe\wininet.dll
+ 2008-02-21 04:43:42 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16643_none_ffda7605a4ca3cbe\WininetPlugin.dll
+ 2008-02-22 04:49:41 27,648 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20777_none_0047a434bdfc95b7\jsproxy.dll
+ 2008-02-22 04:52:15 827,392 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20777_none_0047a434bdfc95b7\wininet.dll
+ 2008-02-22 04:52:15 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20777_none_0047a434bdfc95b7\WininetPlugin.dll
+ 2008-02-22 04:58:23 28,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18023_none_01d65483a1e095cd\jsproxy.dll
+ 2008-02-22 05:01:41 826,880 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18023_none_01d65483a1e095cd\wininet.dll
+ 2008-02-22 05:01:41 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18023_none_01d65483a1e095cd\WininetPlugin.dll
+ 2008-02-22 04:49:22 28,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22120_none_025cf070bb00e992\jsproxy.dll
+ 2008-02-22 04:52:21 826,880 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22120_none_025cf070bb00e992\wininet.dll
+ 2008-02-22 04:52:21 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22120_none_025cf070bb00e992\WininetPlugin.dll
+ 2007-12-13 20:21:38 2,455,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16643_none_f98398df6eb5b711\ieapfltr.dat
+ 2008-02-21 04:43:35 383,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16643_none_f98398df6eb5b711\ieapfltr.dll
+ 2007-12-13 20:21:38 2,455,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20777_none_f9f0c70e87e8100a\ieapfltr.dat
+ 2008-02-22 04:49:22 383,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20777_none_f9f0c70e87e8100a\ieapfltr.dll
+ 2008-02-21 04:43:35 347,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16643_none_95b7d197849b3d3f\dxtmsft.dll
+ 2008-02-21 04:43:35 214,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16643_none_95b7d197849b3d3f\dxtrans.dll
+ 2008-02-22 04:49:00 347,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20777_none_9624ffc69dcd9638\dxtmsft.dll
+ 2008-02-22 04:49:00 214,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20777_none_9624ffc69dcd9638\dxtrans.dll
+ 2008-02-21 04:43:36 478,208 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.16643_none_461a6bef465befcc\mshtmled.dll
+ 2008-02-22 04:50:17 478,208 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.20777_none_46879a1e5f8e48c5\mshtmled.dll
+ 2008-02-21 04:43:36 3,591,680 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16643_none_113495242520a5f4\mshtml.dll
+ 2008-02-22 04:50:17 3,593,728 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.20777_none_11a1c3533e52feed\mshtml.dll
+ 2008-02-22 04:59:30 3,578,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18023_none_133073a22236ff03\mshtml.dll
+ 2008-02-22 04:50:05 3,578,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22120_none_13b70f8f3b5752c8\mshtml.dll
+ 2008-02-21 04:43:35 63,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.16643_none_588d01ee673531fd\icardie.dll
+ 2008-02-22 04:49:21 63,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.20777_none_58fa301d80678af6\icardie.dll
+ 2008-02-21 04:43:03 26,624 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16643_none_2d5382911cf5aba1\ieUnatt.exe
+ 2008-02-21 04:43:03 625,664 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16643_none_2d5382911cf5aba1\iexplore.exe
+ 2008-02-22 02:43:50 26,624 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20777_none_2dc0b0c03628049a\ieUnatt.exe
+ 2008-02-22 02:44:11 625,664 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20777_none_2dc0b0c03628049a\iexplore.exe
+ 2008-02-21 04:43:03 70,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16643_none_c3c237ac61707446\ie4uinit.exe
+ 2008-02-21 04:43:36 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16643_none_c3c237ac61707446\iernonce.dll
+ 2008-02-21 04:43:36 56,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16643_none_c3c237ac61707446\iesetup.dll
+ 2008-02-22 02:43:42 70,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20777_none_c42f65db7aa2cd3f\ie4uinit.exe
+ 2008-02-22 04:49:24 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20777_none_c42f65db7aa2cd3f\iernonce.dll
+ 2008-02-22 04:49:24 56,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20777_none_c42f65db7aa2cd3f\iesetup.dll
+ 2008-02-21 04:43:35 52,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.16643_none_29e74e1c682049a3\iebrshim.dll
+ 2008-02-22 04:49:22 52,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.20777_none_2a547c4b8152a29c\iebrshim.dll
+ 2008-02-21 04:43:35 6,066,176 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16643_none_6293ef27b1163421\ieframe.dll
+ 2008-02-21 04:43:36 180,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16643_none_6293ef27b1163421\ieui.dll
+ 2008-02-22 04:49:24 6,067,712 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20777_none_63011d56ca488d1a\ieframe.dll
+ 2008-02-22 04:49:24 180,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20777_none_63011d56ca488d1a\ieui.dll
+ 2008-02-21 04:43:03 263,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.16643_none_e68d5ba694998859\ieinstal.exe
+ 2008-02-22 02:44:02 263,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.20777_none_e6fa89d5adcbe152\ieinstal.exe
+ 2008-02-21 04:43:03 301,568 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.16643_none_0b3590c2d714480b\ieuser.exe
+ 2008-02-22 02:44:03 301,568 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.20777_none_0ba2bef1f046a104\ieuser.exe
+ 2008-03-17 22:43:16 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16660_none_f060fbf66e8469dc\OESpamFilter.dat
+ 2008-03-17 22:16:50 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20801_none_f12c7a798770787e\OESpamFilter.dat
+ 2008-03-17 22:18:52 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18040_none_f25cda746b9ac2eb\OESpamFilter.dat
+ 2008-03-17 22:17:41 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22144_none_f2ea786784b4c811\OESpamFilter.dat
+ 2008-02-29 06:38:54 313,856 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.16646_none_44d4534db6337506\rstrui.exe
+ 2008-02-29 06:39:13 40,960 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.16646_none_44d4534db6337506\srclient.dll
+ 2008-02-29 06:39:13 371,712 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.16646_none_44d4534db6337506\srcore.dll
+ 2008-02-29 06:38:59 16,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.16646_none_44d4534db6337506\srdelayed.exe
+ 2008-02-29 04:05:40 313,856 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.20782_none_452eaf40cf751f38\rstrui.exe
+ 2008-02-29 06:33:44 40,960 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.20782_none_452eaf40cf751f38\srclient.dll
+ 2008-02-29 06:33:44 371,712 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.20782_none_452eaf40cf751f38\srcore.dll
+ 2008-02-29 04:05:32 16,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.20782_none_452eaf40cf751f38\srdelayed.exe
+ 2008-02-29 04:12:59 318,464 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.18027_none_46d13215b348e76c\rstrui.exe
+ 2008-02-29 06:53:38 40,960 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.18027_none_46d13215b348e76c\srclient.dll
+ 2008-02-29 06:53:39 378,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.18027_none_46d13215b348e76c\srcore.dll
+ 2008-02-29 04:12:53 14,848 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.18027_none_46d13215b348e76c\srdelayed.exe
+ 2008-02-29 04:06:52 318,464 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.22125_none_4758ce4ccc685488\rstrui.exe
+ 2008-02-29 06:37:51 40,960 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.22125_none_4758ce4ccc685488\srclient.dll
+ 2008-02-29 06:37:51 378,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.22125_none_4758ce4ccc685488\srcore.dll
+ 2008-02-29 04:06:46 14,848 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.22125_none_4758ce4ccc685488\srdelayed.exe
+ 2008-02-29 04:16:38 2,027,008 ----a-w C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16646_none_b6e7fd209d7b409d\win32k.sys
+ 2008-02-29 04:14:24 2,028,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.20782_none_b7425913b6bceacf\win32k.sys
+ 2008-02-29 04:21:49 2,032,128 ----a-w C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18027_none_b8e4dbe89a90b303\win32k.sys
+ 2008-02-29 04:15:56 2,032,128 ----a-w C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.22125_none_b96c781fb3b0201f\win32k.sys
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D96F3DB-70F6-46F7-BE01-09D946AFCF5F}]
C:\Users\RMY~1\AppData\Local\Temp\cBsrsQIA.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-26 04:06 1232896]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 22:35 90112]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-06-20 13:49 451872]
"Cld2000.exe"="C:\Program Files\Calendrier\Cld2000.exe" [ ]
"pqdjplha"="C:\ProgramData\pqdjplha\ohutwpqr.exe" [2008-04-06 19:34 110592]
"tu27VcYbRl"="C:\ProgramData\cdgverkz\gxszifaz.exe" [ ]
"WINSOS VERIFY"="C:\Program Files\Winsos\WINSOS.exe" [ ]
"yjdnwzsc"="C:\ProgramData\yjdnwzsc\bmdsbqry.exe" [2008-04-07 15:38 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-12-13 21:53 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 05:06 4669440 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-06-15 10:45 1826816 C:\Windows\SkyTel.exe]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-09-03 07:33 630784]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 18:27 61440]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-23 07:27 815104]
"ASUSTPE"="C:\Windows\system32\ASUSTPE.exe" [2006-12-13 01:06 106496]
"ASUS Camera ScreenSaver"="C:\Windows\ASScrProlog.exe" [2007-12-13 23:28 37232]
"ASUS Screen Saver Protector"="C:\Windows\ASScrPro.exe" [2007-12-13 23:28 33136]
"PowerForPhone"="C:\Program Files\PowerForPhone\PowerForPhone.exe" [2007-06-26 20:10 778240]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 16:57 282624]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 22:52 49152]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 11:22 517768]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

C:\Users\R‚my\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
HotSync Manager.lnk - C:\Program Files\palmOne\HOTSYNC.EXE [2004-04-12 22:38:32 299008]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 01:01:50 734872]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 22:40:10 210520]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]
OFFICE One Startup v7.lnk - C:\Program Files\OFFICE One v7\OFFICE One Startup v7\oostartupv7.exe [2008-01-25 20:41:32 713728]
PDFCreator.lnk - C:\Program Files\PDFCreator\PDFCreator.exe [2008-01-26 10:30:47 2641920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"tu27VcYbRl"= C:\ProgramData\cdgverkz\gxszifaz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{7EC199B4-2EE8-4E30-A06E-C24C15D751A9}"= Disabled:UDP:F:\setup\HPZNUI01.EXE:hpznui01.exe
"{79C21E11-96BF-4C34-8024-4FDBD8E51756}"= Disabled:TCP:F:\setup\HPZNUI01.EXE:hpznui01.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 19:32]
R2 HPSLPSVC;HP Network Devices Support;C:\Windows\system32\svchost.exe [2006-11-02 11:45]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\Windows\System32\StkCSrv.exe [2007-04-19 00:42]
R3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\Windows\system32\DRIVERS\l260x86.sys [2007-08-17 08:00]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2008-02-20 08:47]
R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-02-02 09:09]
R3 RTSTOR;USB Mass Storage Device;C:\Windows\system32\drivers\RTSTOR.SYS [2007-01-11 04:18]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\Windows\system32\Drivers\StkCMini.sys [2007-06-06 04:40]
S3 Asushwio;Asushwio;C:\Windows\system32\drivers\Asushwio.sys [2006-10-10 21:33]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\Windows\system32\DRIVERS\fbxusb32.sys [2004-10-20 17:23]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {6173A4FC-D42D-69A6-52CA-A30496389760} /qb

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-08 12:11:07 C:\Windows\Tasks\User_Feed_Synchronization-{7414A2DD-83A3-4901-A13C-F2E3BD6F7A65}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-09 13:40:37
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-09 13:41:20
ComboFix-quarantined-files.txt 2008-04-09 11:41:15
ComboFix2.txt 2008-04-08 21:50:05
Pre-Run: 48,854,548,480 octets libres
Post-Run: 48,720,060,416 octets libres
.
2008-04-08 22:20:05 --- E O F ---

Réponse 3 / 12

ep44 Messages postés 7432 Statut Contributeur 3

Bonsoir
ton hijack n'est pas complet
il faut le poster en entier
@+

Remy33 Messages postés 10 Statut Membre

Voici le tout:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:23:26, on 07/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ASUSTPE.exe
C:\Windows\ASScrPro.exe
C:\Program Files\PowerForPhone\PowerForPhone.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\ProgramData\pqdjplha\ohutwpqr.exe
C:\ProgramData\cdgverkz\gxszifaz.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PDFCreator\PDFCreator.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\Explorer.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.asus.com/fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ASUSTPE] C:\Windows\system32\ASUSTPE.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Cld2000.exe] C:\Program Files\Calendrier\Cld2000.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\RMY~1\AppData\Local\Temp\mlJCRJcb.dll,#1
O4 - HKCU\..\Run: [pqdjplha] C:\ProgramData\pqdjplha\ohutwpqr.exe
O4 - HKCU\..\Run: [tu27VcYbRl] C:\ProgramData\cdgverkz\gxszifaz.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\RMY~1\AppData\Local\Temp\cBsrsQIA.dll,c
O4 - HKCU\..\Run: [b072763e] rundll32.exe "C:\Users\RMY~1\AppData\Local\Temp\nkuhmqgm.dll",b
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [yjdnwzsc] C:\ProgramData\yjdnwzsc\bmdsbqry.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: OFFICE One Startup v7.lnk = ?
O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab?AuthParam=1205920197_f4587d0d24ce749ef333353feef99e62&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe

Réponse 4 / 12

ep44 Messages postés 7432 Statut Contributeur 3

Bonjour tu n'as pas du faire correctement la manip

as tu bien fait glisser le dossier CFScript.txt sur l'icone de combofix ?
@+

Remy33 Messages postés 10 Statut Membre

Oui, je l'avais bien fait et je l'ai refais, mais je n'est pas le choix entre 1 et 2 comme tu m'as dit, il se lance et analyse tout comme la première fois.
Que dois-je faire alors?

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 5 / 12

ep44 Messages postés 7432 Statut Contributeur 3

bon on procéde autrement

relance hijack et coche ceci
O4 - HKCU\..\Run: [Cld2000.exe] C:\Program Files\Calendrier\Cld2000.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\RMY~1\AppData\Local\Temp\mlJCRJcb.dll,#1
O4 - HKCU\..\Run: [pqdjplha] C:\ProgramData\pqdjplha\ohutwpqr.exe
O4 - HKCU\..\Run: [tu27VcYbRl] C:\ProgramData\cdgverkz\gxszifaz.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\RMY~1\AppData\Local\Temp\cBsrsQIA.dll,c
O4 - HKCU\..\Run: [yjdnwzsc] C:\ProgramData\yjdnwzsc\bmdsbqry.exe
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
ensuite clique sur fix checked

Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
clic double sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :
Paste List of Files/Folders to be moved.

C:\ProgramData\rhtdinub
C:\ProgramData\rseqtjie
C:\ProgramData\yjdnwzsc
C:\ProgramData\pqdjplha
C:\ProgramData\cdgverkz

clique sur MoveIt! pour lancer la suppression.
le résultat apparaîtra dans le cadre Results.
clique sur Exit pour fermer.
poste le rapport situé dans C:\\\_OTMoveIt\MovedFiles.

il te sera peut-être demandé de redémarrer le pc pour achever la suppression.
@+

Remy33 Messages postés 10 Statut Membre

Salut
Voici:

C:\ProgramData\rhtdinub moved successfully.
C:\ProgramData\rseqtjie moved successfully.
C:\ProgramData\yjdnwzsc moved successfully.
C:\ProgramData\pqdjplha moved successfully.
C:\ProgramData\cdgverkz moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04092008_211039

Ca veux dire que c'est règlé?
@+

Réponse 6 / 12

ep44 Messages postés 7432 Statut Contributeur 3

non pas encore

refais un hijack stp

Remy33 Messages postés 10 Statut Membre

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:04:44, on 09/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ASUSTPE.exe
C:\Windows\ASScrPro.exe
C:\Program Files\PowerForPhone\PowerForPhone.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\ProgramData\yjdnwzsc\bmdsbqry.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PDFCreator\PDFCreator.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\palmOne\Palm.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
C:\Windows\MSAgent\agentsvr.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Poker\PokerFROnline\casino.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1D96F3DB-70F6-46F7-BE01-09D946AFCF5F} - C:\Users\RMY~1\AppData\Local\Temp\cBsrsQIA.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ASUSTPE] C:\Windows\system32\ASUSTPE.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Cld2000.exe] C:\Program Files\Calendrier\Cld2000.exe
O4 - HKCU\..\Run: [pqdjplha] C:\ProgramData\pqdjplha\ohutwpqr.exe
O4 - HKCU\..\Run: [tu27VcYbRl] C:\ProgramData\cdgverkz\gxszifaz.exe
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [yjdnwzsc] C:\ProgramData\yjdnwzsc\bmdsbqry.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [tu27VcYbRl] C:\ProgramData\cdgverkz\gxszifaz.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: OFFICE One Startup v7.lnk = ?
O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab?AuthParam=1205920197_f4587d0d24ce749ef333353feef99e62&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe

Réponse 7 / 12

ep44 Messages postés 7432 Statut Contributeur 3

tu n'as pas coché les cases comme je t'avais demandé

donc relance hijack et coche ceci
O2 - BHO: (no name) - {1D96F3DB-70F6-46F7-BE01-09D946AFCF5F} - C:\Users\RMY~1\AppData\Local\Temp\cBsrsQIA.dll (file missing)
O4 - HKCU\..\Run: [Cld2000.exe] C:\Program Files\Calendrier\Cld2000.exe
O4 - HKCU\..\Run: [pqdjplha] C:\ProgramData\pqdjplha\ohutwpqr.exe
O4 - HKCU\..\Run: [tu27VcYbRl] C:\ProgramData\cdgverkz\gxszifaz.exe
O4 - HKCU\..\Run: [yjdnwzsc] C:\ProgramData\yjdnwzsc\bmdsbqry.exe
O4 - HKLM\..\Policies\Explorer\Run: [tu27VcYbRl] C:\ProgramData\cdgverkz\gxszifaz.exe
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
ensuite clique sur fix checked

ensuite il reste encore une chose
donc refais la manip avec OTMoveIt
mais cette fois-ci tu colle ceci
C:\ProgramData\yjdnwzsc\bmdsbqry.exe

et ceci C:\Poker\PokerFROnline\casino.exe
tu l'as mis toi même
@+

Remy33 Messages postés 10 Statut Membre

Salut,
J'ai fait ce que tu m'as dit mais j'avais que 2 lignes parmi celles que tu m'as données:

O2 - BHO: (no name) - {1D96F3DB-70F6-46F7-BE01-09D946AFCF5F} - C:\Users\RMY~1\AppData\Local\Temp\cBsrsQIA.dll (file missing)
O4 - HKLM\..\Policies\Explorer\Run: [tu27VcYbRl] C:\ProgramData\cdgverkz\gxszifaz.exe

J'ai refais un Hijack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:34:22, on 09/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ASUSTPE.exe
C:\Windows\ASScrPro.exe
C:\Program Files\PowerForPhone\PowerForPhone.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PDFCreator\PDFCreator.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\palmOne\Palm.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Poker\PokerFROnline\casino.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ASUSTPE] C:\Windows\system32\ASUSTPE.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: OFFICE One Startup v7.lnk = ?
O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab?AuthParam=1205920197_f4587d0d24ce749ef333353feef99e62&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe

Réponse 8 / 12

ep44 Messages postés 7432 Statut Contributeur 3

bon très bien ça à l'air pas tout ça

pour finir

* Télécharge malwarebytes
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

=> Installe le
=> Ensuite va en mode sans echec

Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel

=> Lance malwarebytes
=> Coche "Executer un examen complet"
=> Si tu es en présence d'une infection à la fin de l'examen clique sur "ok"
=> Clique sur Supprimer la sélection
=> Pour poster le rapport Clique sur l'onglet Rapports/Logs, sélectionne celui t'intéresse et clique sur Ouvrir
=> Fait copier coller et poste le rapport

--------------------------

ensuite

* Télécharge CCleaner
https://filehippo.com/download_ccleaner/
=> Aide toi de ce tuto pour l'utiliser
https://www.malekal.com/tutoriel-ccleaner/

--------------------------

Ensuite fait un scan en ligne

avec bitdefender et colle le rapport

https://www.bitdefender.com/toolbox/

un tuto
http://pageperso.aol.fr/rginformatique/mapage/defender.htm
@+

Réponse 9 / 12

Remy33 Messages postés 10 Statut Membre

Voici pour malwarebytes:

Malwarebytes' Anti-Malware 1.11
Version de la base de données: 604

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 137251
Temps écoulé: 22 minute(s), 55 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorertoolbar (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\_OTMoveIt\MovedFiles\04092008_211039\ProgramData\cdgverkz\gxszifaz.exe.bak (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\04092008_211039\ProgramData\pqdjplha\ohutwpqr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\04092008_211039\ProgramData\rseqtjie\dshsjitm.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\04092008_211039\ProgramData\yjdnwzsc\bmdsbqry.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

et pour bitdefender:

BitDefender Online Scanner - Real Time Virus Report

Generated at: Thu, Apr 10, 2008 - 07:48:49

--------------------------------------------------------------------------------

Scan Info

Scanned Files
237283

Infected Files
0

Virus Detected

No virus found.

--------------------------------------------------------------------------------

This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.

Cette fois ca à l'air réglé!!!!
Si c'est le cas, je te remercie mille fois pour ce guidage et ces expications claires.
C'est vraiment sympa d'avoir pris un peu de ton temps pour m'aider, sans je n'aurai rien pu faire
@+

Réponse 10 / 12

ep44 Messages postés 7432 Statut Contributeur 3

Bonjour

si plus de soucis

Tu peux supprimer tous les logiciels que nous avons utilisés
va dans ajout/suppression de programes et dans programmes files
pour vérifier

ensuite fait ceci (IMPORTANT)

=démarrer
=panneau de configuration
=système
=onglet Restauration système
=coche la case (Désactiver la restauration système)
=redémarre l'ordinateur
=réactive la ensuite

pense à marquer ton sujet en résolu
si plus de soucis

@+

Réponse 11 / 12

Remy33 Messages postés 10 Statut Membre

Voilà j'ai bouclé la boucle.
Encore un grand merci.
@+

Réponse 12 / 12

ep44 Messages postés 7432 Statut Contributeur 3

de rien ;-)

bye bye

Discussions similaires

FOTOSE (allemagne)

Formaté mais pas de connexion Internet ?

ATTENTION : escroquerie à la carte bleue !!

Fenêtre internet s'affichet seules

12 réponses

Votre réponse

Discussions similaires

Newsletters