Fenêtre internet s'affichet seules

Résolu
Remy33 Messages postés 10 Statut Membre -  
ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   -
Bonjour,
J'ai un souci, des fenêtres internet et d fenêtres de détectionde spyware apparaissent tut le temps sur mon ordi.
En lisant les conseils surl forum, 'ai essayé d'utiliser Hijackthis et voilà le résultat:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ASUSTPE] C:\Windows\system32\ASUSTPE.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Cld2000.exe] C:\Program Files\Calendrier\Cld2000.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\RMY~1\AppData\Local\Temp\mlJCRJcb.dll,#1
O4 - HKCU\..\Run: [pqdjplha] C:\ProgramData\pqdjplha\ohutwpqr.exe
O4 - HKCU\..\Run: [tu27VcYbRl] C:\ProgramData\cdgverkz\gxszifaz.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\RMY~1\AppData\Local\Temp\cBsrsQIA.dll,c
O4 - HKCU\..\Run: [b072763e] rundll32.exe "C:\Users\RMY~1\AppData\Local\Temp\nkuhmqgm.dll",b
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [yjdnwzsc] C:\ProgramData\yjdnwzsc\bmdsbqry.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: OFFICE One Startup v7.lnk = ?
O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe

Merci pour votre aide, que puis-je faire?
Configuration: Windows Vista
Internet Explorer 7.0

12 réponses

  1. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonsoir

    bien infecté

    Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

    - Vas dans "Démarrer" puis Panneau de configuration.
    - Double Clique sur l'icône Comptes d'utilisateurs et sur Activer ou désactiver le contrôle des comptes d'utilisateurs.
    - Clique sur Continuer.
    - Décoche la case Utiliser le contrôle des comptes d'utilisateurs pour vous aider à protéger votre ordinateur.
    - Valide par OK et redémarre.

    ensuite
    Télécharge Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    et sauvegarde le sur ton bureau et pas ailleurs!
    => déconnecte toi d'internet et ferme toutes tes applications.
    => désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
    => Double-clic sur combofix,
    => Ne touche à rien tant que le scan n'est pas terminé.Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
    => Attends que combofix ait terminé, un rapport sera créé.
    => réactive ton parefeu, ton antivirus, la garde de ton antispyware
    => copie/colle le rapport C:\ComboFix.txt

    @+
    1
    1. Remy33 Messages postés 10 Statut Membre
       
      Salut
      Bon, j'ai fait ce que tu as dit et voilà le résultat:
      ComboFix 08-04-08.5 - Rémy 2008-04-08 23:35:09.1 - NTFSx86
      Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1062 [GMT 2:00]
      Endroit: C:\Users\Rémy\Desktop\ComboFix.exe
      * Création d'un nouveau point de restauration
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Users\Rémy\Desktopblackbird.jpg
      C:\Users\Rémy\DesktopEditorFKWP1.5.exe
      C:\Users\Rémy\DesktopEditorFKWP2.0.exe
      C:\Users\Rémy\Desktopfilemanagerclient.exe
      C:\Users\Rémy\Desktopfkwp1.5.exe
      C:\Users\Rémy\Desktopfkwp2.0.exe
      C:\Users\Rémy\Desktopfwebd.exe
      C:\Users\Rémy\DesktopFWebdEditor.exe
      C:\Users\Rémy\DesktopTrojan.Win32.BlackBird.exe
      C:\Users\Rémy\Desktopvirii

      .
      ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-08 to 2008-04-08 ))))))))))))))))))))))))))))))))))))
      .

      2008-04-08 07:36 . 2008-04-08 07:36 <REP> d-------- C:\ProgramData\rhtdinub
      2008-04-07 16:29 . 2008-04-07 16:29 <REP> d-------- C:\Program Files\Trend Micro
      2008-04-07 16:10 . 2008-04-07 16:10 <REP> d-------- C:\ProgramData\rseqtjie
      2008-04-07 15:38 . 2008-04-07 15:38 <REP> d-------- C:\ProgramData\yjdnwzsc
      2008-04-07 14:39 . 2008-04-08 23:31 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
      2008-04-07 14:39 . 2008-04-08 23:40 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
      2008-04-06 19:34 . 2008-04-06 19:34 <REP> d-------- C:\ProgramData\pqdjplha
      2008-04-06 19:34 . 2008-04-08 23:48 <REP> d-------- C:\ProgramData\cdgverkz
      2008-04-02 14:19 . 2008-03-29 19:31 75,856 --a------ C:\Windows\System32\drivers\aswSP.sys
      2008-04-02 14:19 . 2008-03-29 19:35 20,560 --a------ C:\Windows\System32\drivers\aswFsBlk.sys
      2008-03-19 11:51 . 2008-03-20 12:54 <REP> d-------- C:\Program Files\Google
      2008-03-19 11:50 . 2008-03-19 11:51 <REP> d-------- C:\Program Files\Java
      2008-03-19 11:49 . 2008-03-19 11:49 <REP> d-------- C:\Program Files\Common Files\Java
      2008-03-12 10:39 . 2007-12-17 00:50 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
      2008-03-12 10:39 . 2007-12-16 11:56 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
      2008-03-11 10:44 . 2008-03-11 10:45 <REP> d-------- C:\Program Files\KompoZer

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-04-07 06:10 45,056 ----a-w C:\Windows\System32\acovcnt.exe
      2008-03-29 17:45 1,146,232 ----a-w C:\Windows\System32\aswBoot.exe
      2008-03-29 17:32 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
      2008-03-29 17:29 23,152 ----a-w C:\Windows\system32\drivers\aswRdr.sys
      2008-03-29 17:27 42,912 ----a-w C:\Windows\system32\drivers\aswTdi.sys
      2008-03-29 17:23 95,608 ----a-w C:\Windows\System32\AVASTSS.scr
      2008-03-17 07:48 --------- d-----w C:\ProgramData\Symantec
      2008-03-17 07:48 --------- d-----w C:\Program Files\Common Files\Symantec Shared
      2008-03-16 18:58 --------- d-----w C:\Program Files\Symantec
      2008-03-13 02:12 --------- d-----w C:\Program Files\Windows Mail
      2008-03-11 08:46 --------- d-----w C:\Program Files\Nvu
      2008-02-23 16:13 --------- d-----w C:\Users\PERSO.PC-de-IC2E\AppData\Roaming\vlc
      2008-02-20 06:47 765,440 ----a-w C:\Windows\system32\drivers\athr.sys
      2008-02-15 14:52 --------- d-----w C:\ProgramData\Microsoft Help
      2008-02-14 10:03 194,560 ----a-w C:\Windows\System32\WebClnt.dll
      2008-02-14 10:03 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
      2008-02-14 09:55 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
      2008-02-14 09:55 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
      2008-02-14 09:55 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
      2008-02-14 09:55 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
      2008-02-14 09:55 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
      2008-02-14 09:55 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
      2008-02-14 09:55 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
      2008-02-14 09:54 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
      2008-02-14 09:54 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
      2008-02-14 09:54 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
      2008-02-14 09:54 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
      2008-02-14 09:54 24,064 ----a-w C:\Windows\System32\netcfg.exe
      2008-02-14 09:54 22,016 ----a-w C:\Windows\System32\netiougc.exe
      2008-02-14 09:54 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
      2008-02-14 09:54 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
      2008-02-14 09:54 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
      2008-02-14 09:54 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
      2008-02-14 09:54 1,686,528 ----a-w C:\Windows\System32\gameux.dll
      2008-02-14 09:50 824,832 ----a-w C:\Windows\System32\wininet.dll
      2008-02-14 09:50 56,320 ----a-w C:\Windows\System32\iesetup.dll
      2008-02-14 09:50 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
      2008-02-14 09:50 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
      2008-02-12 09:11 --------- d-----w C:\Program Files\ASUS
      2008-02-03 20:08 252,344 ----a-w C:\Users\PERSO.PC-de-IC2E\AppData\Roaming\GDIPFONTCACHEV1.DAT
      2008-01-29 18:14 155,995 ----a-w C:\Windows\Java\Packages\BVDVHZLB.ZIP
      2008-01-29 07:52 4,608 ----a-w C:\Windows\System32\w95inf32.dll
      2008-01-26 08:31 253,116 ----a-w C:\Windows\PDFCreator_Toolbar_Uninstaller_8203.exe
      2008-01-26 02:13 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
      2008-01-26 02:13 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
      2008-01-26 02:13 542,720 ----a-w C:\Windows\System32\sysmain.dll
      2008-01-26 02:13 502,784 ----a-w C:\Windows\System32\wlansvc.dll
      2008-01-26 02:13 47,104 ----a-w C:\Windows\System32\wlanapi.dll
      2008-01-26 02:13 297,984 ----a-w C:\Windows\System32\wlansec.dll
      2008-01-26 02:13 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
      2008-01-26 02:13 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
      2008-01-26 02:13 2,923,520 ----a-w C:\Windows\explorer.exe
      2008-01-26 02:13 2,028,544 ----a-w C:\Windows\System32\win32k.sys
      2008-01-26 02:12 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
      2008-01-26 02:11 7,680 ----a-w C:\Windows\System32\spwmp.dll
      2008-01-26 02:11 4,096 ----a-w C:\Windows\System32\dxmasf.dll
      2008-01-26 02:11 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
      2008-01-26 02:09 8,704 ----a-w C:\Windows\System32\hcrstco.dll
      2008-01-26 02:09 8,704 ----a-w C:\Windows\System32\hccoin.dll
      2008-01-26 02:08 1,327,104 ----a-w C:\Windows\System32\quartz.dll
      2008-01-26 02:07 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
      2008-01-26 02:07 84,480 ----a-w C:\Windows\System32\INETRES.dll
      2008-01-26 02:07 737,792 ----a-w C:\Windows\System32\inetcomm.dll
      2008-01-26 02:07 223,232 ----a-w C:\Windows\System32\WMASF.DLL
      2008-01-26 02:06 11,776 ----a-w C:\Windows\System32\sbunattend.exe
      2008-01-26 02:04 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
      2008-01-25 18:32 16,384 ----a-w C:\Windows\System32\DsrSleep.dll
      2008-01-25 18:26 77,824 ----a-w C:\Windows\System32\oopmdisp.exe
      2008-01-25 18:26 69,632 ----a-w C:\Windows\System32\oopmagentts.exe
      2008-01-25 18:26 624,128 ----a-w C:\Windows\System32\PDFCreatorPilot2.dll
      2008-01-25 18:26 31,232 ----a-w C:\Windows\System32\progress.exe
      2008-01-25 18:26 26,112 ----a-w C:\Windows\System32\oopmpm.dll
      2008-01-25 17:22 53,080 ----a-w C:\Windows\System32\wuauclt.exe
      2008-01-25 17:22 43,352 ----a-w C:\Windows\System32\wups2.dll
      2008-01-25 17:22 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
      2008-01-25 17:22 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
      2008-01-25 17:20 80,896 ----a-w C:\Windows\System32\wudriver.dll
      2008-01-25 17:20 549,720 ----a-w C:\Windows\System32\wuapi.dll
      2008-01-25 17:20 33,624 ----a-w C:\Windows\System32\wups.dll
      2008-01-25 17:19 31,232 ----a-w C:\Windows\System32\wuapp.exe
      2008-01-25 17:19 163,000 ----a-w C:\Windows\System32\wuwebv.dll
      2008-01-10 05:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
      2007-12-13 20:59 174 --sha-w C:\Program Files\desktop.ini
      .

      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D96F3DB-70F6-46F7-BE01-09D946AFCF5F}]
      2008-04-06 19:39 268288 --a------ C:\Users\RMY~1\AppData\Local\Temp\cBsrsQIA.dll

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-26 04:06 1232896]
      "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 22:35 90112]
      "LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-06-20 13:49 451872]
      "Cld2000.exe"="C:\Program Files\Calendrier\Cld2000.exe" [ ]
      "pqdjplha"="C:\ProgramData\pqdjplha\ohutwpqr.exe" [2008-04-06 19:34 110592]
      "tu27VcYbRl"="C:\ProgramData\cdgverkz\gxszifaz.exe" [ ]
      "WINSOS VERIFY"="C:\Program Files\Winsos\WINSOS.exe" [ ]
      "yjdnwzsc"="C:\ProgramData\yjdnwzsc\bmdsbqry.exe" [2008-04-07 15:38 94208]
      "rhtdinub"="C:\ProgramData\rhtdinub\clkfwzwd.exe" [2008-04-08 07:36 98304]
      "vfjhccov"="C:\Windows\system32\exctqpwt.exe" [2008-04-08 23:49 94208]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-12-13 21:53 1006264]
      "RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 05:06 4669440 C:\Windows\RtHDVCpl.exe]
      "Skytel"="Skytel.exe" [2007-06-15 10:45 1826816 C:\Windows\SkyTel.exe]
      "SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-09-03 07:33 630784]
      "ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 18:27 61440]
      "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-23 07:27 815104]
      "ASUSTPE"="C:\Windows\system32\ASUSTPE.exe" [2006-12-13 01:06 106496]
      "ASUS Camera ScreenSaver"="C:\Windows\ASScrProlog.exe" [2007-12-13 23:28 37232]
      "ASUS Screen Saver Protector"="C:\Windows\ASScrPro.exe" [2007-12-13 23:28 33136]
      "PowerForPhone"="C:\Program Files\PowerForPhone\PowerForPhone.exe" [2007-06-26 20:10 778240]
      "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 16:57 282624]
      "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 22:52 49152]
      "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 11:22 517768]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
      Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 01:01:50 734872]
      HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 22:40:10 210520]
      Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
      Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]
      OFFICE One Startup v7.lnk - C:\Program Files\OFFICE One v7\OFFICE One Startup v7\oostartupv7.exe [2008-01-25 20:41:32 713728]
      PDFCreator.lnk - C:\Program Files\PDFCreator\PDFCreator.exe [2008-01-26 10:30:47 2641920]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "EnableLUA"= 0 (0x0)

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
      "tu27VcYbRl"= C:\ProgramData\cdgverkz\gxszifaz.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "UacDisableNotify"=dword:00000001
      "InternetSettingsDisableNotify"=dword:00000001
      "AutoUpdateDisableNotify"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
      "{7EC199B4-2EE8-4E30-A06E-C24C15D751A9}"= Disabled:UDP:F:\setup\HPZNUI01.EXE:hpznui01.exe
      "{79C21E11-96BF-4C34-8024-4FDBD8E51756}"= Disabled:TCP:F:\setup\HPZNUI01.EXE:hpznui01.exe

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
      "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

      R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31]
      R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
      R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 19:32]
      R2 HPSLPSVC;HP Network Devices Support;C:\Windows\system32\svchost.exe [2006-11-02 11:45]
      R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\Windows\System32\StkCSrv.exe [2007-04-19 00:42]
      R3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\Windows\system32\DRIVERS\l260x86.sys [2007-08-17 08:00]
      R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2008-02-20 08:47]
      R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-02-02 09:09]
      R3 RTSTOR;USB Mass Storage Device;C:\Windows\system32\drivers\RTSTOR.SYS [2007-01-11 04:18]
      R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\Windows\system32\Drivers\StkCMini.sys [2007-06-06 04:40]
      S3 Asushwio;Asushwio;C:\Windows\system32\drivers\Asushwio.sys [2006-10-10 21:33]
      S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\Windows\system32\DRIVERS\fbxusb32.sys [2004-10-20 17:23]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      bthsvcs REG_MULTI_SZ BthServ
      HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
      HPService REG_MULTI_SZ HPSLPSVC
      hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc


      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
      msiexec /fums {6173A4FC-D42D-69A6-52CA-A30496389760} /qb

      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
      "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
      .
      Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
      "2008-04-08 12:11:07 C:\Windows\Tasks\User_Feed_Synchronization-{7414A2DD-83A3-4901-A13C-F2E3BD6F7A65}.job"
      - C:\Windows\system32\msfeedssync.exe
      .
      **************************************************************************

      catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-04-08 23:48:36
      Windows 6.0.6000 NTFS

      Balayage processus cach‚s ...

      Balayage cach‚ autostart entries ...

      Balayage des fichiers cach‚s ...

      Scan termin‚ avec succŠs
      Les fichiers cach‚s: 0

      **************************************************************************
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\Windows\system32\Ati2evxx.exe
      C:\Windows\system32\Ati2evxx.exe
      C:\Program Files\ATK Hotkey\ASLDRSrv.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
      C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
      C:\Windows\system32\WUDFHost.exe
      C:\Program Files\ASUS\ASUS Live Update\ALU.exe
      C:\Windows\system32\conime.exe
      C:\Program Files\ATK Hotkey\Hcontrol.exe
      C:\Program Files\ATKOSD2\ATKOSD2.exe
      C:\Program Files\Wireless Console 2\wcourier.exe
      C:\Program Files\P4G\BatteryLife.exe
      C:\Program Files\ATK Hotkey\ATKOSD.exe
      C:\Windows\system32\wermgr.exe
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
      C:\Program Files\palmOne\HOTSYNC.EXE
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
      C:\Windows\system32\DllHost.exe
      .
      **************************************************************************
      .
      Temps d'accomplissement: 2008-04-08 23:50:04 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-04-08 21:49:58
      Pre-Run: 46,727,577,600 octets libres
      Post-Run: 48,690,950,144 octets libres
      .
      2008-04-07 06:17:06 --- E O F ---


      Ca te parle?
      En tout cas merci pour ton aide
      @+
      0
  2. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Connais tu ceci
    C:\Program Files\Calendrier\Cld2000.exe

    selectionne ceci

    registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D96F3DB-70F6-46F7-BE01-09D946AFCF5F}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "yjdnwzsc"=-
    "rhtdinub"=-
    "vfjhccov"=-
    "pqdjplha"=-

    File::
    C:\ProgramData\rhtdinub
    C:\ProgramData\rseqtjie
    C:\ProgramData\yjdnwzsc
    C:\ProgramData\pqdjplha
    C:\ProgramData\cdgverkz



    * Copie le texte sélectionné (CTRL+C).
    * Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
    * Veille à ce que Retour à la ligne ne soit pas coché dans Format.
    * Colle le texte copié dans ce bloc-notes (CTRL+V).
    * Sauvegarde ce fichier sous le nom de CFScript.txt
    * Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
    * Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
    * Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
    * Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
    * Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    reposte aussi un nouveau hijack

    @+
    1
    1. Remy33 Messages postés 10 Statut Membre
       
      Avant de faire cette dernière action, je n'avais plus de fenetre internet qui s'ouvraient, mais toujours des alertes antivirus et anti spyware. Donc déjà un grand merci pour la première partie de la résolution.
      Pour C:\Program Files\Calendrier\Cld2000.exe, c'était un agenda que j'avais installé, mais je ne l'utilise plus.
      Voici ce que tu m'as demandé:

      ComboFix 08-04-08.5 - Rémy 2008-04-09 13:36:57.2 - NTFSx86
      Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.918 [GMT 2:00]
      Endroit: C:\Users\Rémy\Desktop\ComboFix.exe
      Command switches used :: C:\Users\R‚my\Desktop\CFScript.txt
      * Création d'un nouveau point de restauration
      .
      TimedOut: progfile.dat

      ((((((((((((((((((((((((((((( Fichiers créés 2008-03-09 to 2008-04-09 ))))))))))))))))))))))))))))))))))))
      .

      2008-04-09 00:17 . 2008-04-09 00:17 118 --a------ C:\Windows\System32\MRT.INI
      2008-04-09 00:10 . 2008-02-15 01:19 944,184 --a------ C:\Windows\System32\winload.exe
      2008-04-09 00:10 . 2008-02-19 07:10 620,088 --a------ C:\Windows\System32\ci.dll
      2008-04-09 00:10 . 2008-02-29 08:39 371,712 --a------ C:\Windows\System32\srcore.dll
      2008-04-09 00:10 . 2008-02-29 08:38 313,856 --a------ C:\Windows\System32\rstrui.exe
      2008-04-09 00:10 . 2008-02-29 08:39 40,960 --a------ C:\Windows\System32\srclient.dll
      2008-04-09 00:10 . 2008-02-29 08:51 19,000 --a------ C:\Windows\System32\kd1394.dll
      2008-04-09 00:10 . 2008-02-29 08:38 16,384 --a------ C:\Windows\System32\srdelayed.exe
      2008-04-09 00:10 . 2008-02-29 08:34 7,168 --a------ C:\Windows\System32\f3ahvoas.dll
      2008-04-09 00:10 . 2008-02-29 08:35 6,656 --a------ C:\Windows\System32\kbd106n.dll
      2008-04-08 07:36 . 2008-04-08 07:36 <REP> d-------- C:\ProgramData\rhtdinub
      2008-04-07 16:29 . 2008-04-07 16:29 <REP> d-------- C:\Program Files\Trend Micro
      2008-04-07 16:10 . 2008-04-07 16:10 <REP> d-------- C:\ProgramData\rseqtjie
      2008-04-07 15:38 . 2008-04-07 15:38 <REP> d-------- C:\ProgramData\yjdnwzsc
      2008-04-07 14:39 . 2008-04-08 23:31 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
      2008-04-07 14:39 . 2008-04-08 23:40 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
      2008-04-06 19:34 . 2008-04-06 19:34 <REP> d-------- C:\ProgramData\pqdjplha
      2008-04-06 19:34 . 2008-04-08 23:48 <REP> d-------- C:\ProgramData\cdgverkz
      2008-04-02 14:19 . 2008-03-29 19:31 75,856 --a------ C:\Windows\System32\drivers\aswSP.sys
      2008-04-02 14:19 . 2008-03-29 19:35 20,560 --a------ C:\Windows\System32\drivers\aswFsBlk.sys
      2008-03-20 08:59 . 2008-03-20 15:02 <REP> d-------- C:\Users\Rémy\AppData\Roaming\Google
      2008-03-19 11:51 . 2008-03-20 12:54 <REP> d-------- C:\Program Files\Google
      2008-03-19 11:50 . 2008-03-19 11:51 <REP> d-------- C:\Program Files\Java
      2008-03-19 11:49 . 2008-03-19 11:49 <REP> d-------- C:\Program Files\Common Files\Java
      2008-03-12 10:39 . 2007-12-17 00:50 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
      2008-03-12 10:39 . 2007-12-16 11:56 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
      2008-03-11 10:44 . 2008-03-11 10:45 <REP> d-------- C:\Program Files\KompoZer
      2008-03-11 10:39 . 2008-03-11 10:39 <REP> d-------- C:\Users\Rémy\AppData\Roaming\KompoZer

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-04-09 11:40 3,145,728 --sha-w C:\Users\Rémy\NTUSER.DAT
      2008-04-09 11:40 3,145,728 --sha-w C:\Users\Rémy\NTUSER.DAT
      2008-04-09 10:23 1,835,008 --sha-w C:\Users\Invité\NTUSER.DAT
      2008-04-09 10:23 1,835,008 --sha-w C:\Users\Invité\NTUSER.DAT
      2008-04-09 09:53 --------- d-----w C:\Program Files\Windows Mail
      2008-04-08 12:35 --------- d-----w C:\Users\Rémy\AppData\Roaming\Image Zone Express
      2008-04-07 12:21 --------- d-s---w C:\Users\Rémy\AppData\Roaming\Microsoft
      2008-04-07 06:10 45,056 ----a-w C:\Windows\System32\acovcnt.exe
      2008-03-29 17:45 1,146,232 ----a-w C:\Windows\System32\aswBoot.exe
      2008-03-29 17:32 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
      2008-03-29 17:29 23,152 ----a-w C:\Windows\system32\drivers\aswRdr.sys
      2008-03-29 17:27 42,912 ----a-w C:\Windows\system32\drivers\aswTdi.sys
      2008-03-29 17:23 95,608 ----a-w C:\Windows\System32\AVASTSS.scr
      2008-03-20 13:02 --------- d-----w C:\Users\Rémy\AppData\Roaming\Google
      2008-03-17 07:48 --------- d-----w C:\ProgramData\Symantec
      2008-03-17 07:48 --------- d-----w C:\Program Files\Common Files\Symantec Shared
      2008-03-16 18:58 --------- d-----w C:\Program Files\Symantec
      2008-03-11 08:46 --------- d-----w C:\Program Files\Nvu
      2008-03-11 08:39 --------- d-----w C:\Users\Rémy\AppData\Roaming\KompoZer
      2008-02-29 04:14 2,028,544 ----a-w C:\Windows\System32\win32k.sys
      2008-02-23 16:13 --------- d-----w C:\Users\PERSO.PC-de-IC2E\AppData\Roaming\vlc
      2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
      2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
      2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
      2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
      2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
      2008-02-20 21:29 --------- d-s---w C:\Users\Invité\AppData\Roaming\Microsoft
      2008-02-20 06:47 765,440 ----a-w C:\Windows\system32\drivers\athr.sys
      2008-02-18 17:06 251,184 ----a-w C:\Users\Rémy\AppData\Roaming\GDIPFONTCACHEV1.DAT
      2008-02-18 17:02 --------- d-----w C:\Users\Rémy\AppData\Roaming\OFFICEOne7
      2008-02-15 14:52 --------- d-----w C:\ProgramData\Microsoft Help
      2008-02-15 14:32 --------- d-----w C:\Users\Rémy\AppData\Roaming\Calendrier Xtra
      2008-02-14 10:03 194,560 ----a-w C:\Windows\System32\WebClnt.dll
      2008-02-14 10:03 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
      2008-02-14 09:55 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
      2008-02-14 09:55 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
      2008-02-14 09:55 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
      2008-02-14 09:55 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
      2008-02-14 09:55 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
      2008-02-14 09:55 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
      2008-02-14 09:55 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
      2008-02-14 09:54 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
      2008-02-14 09:54 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
      2008-02-14 09:54 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
      2008-02-14 09:54 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
      2008-02-14 09:54 24,064 ----a-w C:\Windows\System32\netcfg.exe
      2008-02-14 09:54 22,016 ----a-w C:\Windows\System32\netiougc.exe
      2008-02-14 09:54 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
      2008-02-14 09:54 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
      2008-02-14 09:54 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
      2008-02-14 09:54 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
      2008-02-14 09:54 1,686,528 ----a-w C:\Windows\System32\gameux.dll
      2008-02-12 09:11 --------- d-----w C:\Program Files\ASUS
      2008-02-11 23:20 --------- d-----w C:\Users\Invité\AppData\Roaming\HP
      2008-02-11 18:54 --------- d-----w C:\Users\Invité\AppData\Roaming\Adobe
      2008-02-11 18:51 --------- d-----w C:\Users\Invité\AppData\Roaming\Talkback
      2008-02-11 18:51 --------- d-----w C:\Users\Invité\AppData\Roaming\ATI
      2008-02-11 18:50 --------- d-----w C:\Users\Invité\AppData\Roaming\OFFICE One v7
      2008-02-11 18:50 --------- d-----w C:\Users\Invité\AppData\Roaming\Mozilla
      2008-02-11 18:49 --------- d-----w C:\Users\Invité\AppData\Roaming\Macromedia
      2008-02-11 18:49 --------- d-----w C:\Users\Invité\AppData\Roaming\Identities
      2008-02-11 15:54 --------- d-----w C:\Users\Rémy\AppData\Roaming\Printer Info Cache
      2008-02-03 20:08 252,344 ----a-w C:\Users\PERSO.PC-de-IC2E\AppData\Roaming\GDIPFONTCACHEV1.DAT
      2008-01-29 18:14 155,995 ----a-w C:\Windows\Java\Packages\BVDVHZLB.ZIP
      2008-01-29 07:52 4,608 ----a-w C:\Windows\System32\w95inf32.dll
      2008-01-26 08:31 253,116 ----a-w C:\Windows\PDFCreator_Toolbar_Uninstaller_8203.exe
      2008-01-26 02:13 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
      2008-01-26 02:13 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
      2008-01-26 02:13 542,720 ----a-w C:\Windows\System32\sysmain.dll
      2008-01-26 02:13 502,784 ----a-w C:\Windows\System32\wlansvc.dll
      2008-01-26 02:13 47,104 ----a-w C:\Windows\System32\wlanapi.dll
      2008-01-26 02:13 297,984 ----a-w C:\Windows\System32\wlansec.dll
      2008-01-26 02:13 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
      2008-01-26 02:13 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
      2008-01-26 02:13 2,923,520 ----a-w C:\Windows\explorer.exe
      2008-01-26 02:12 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
      2008-01-26 02:11 7,680 ----a-w C:\Windows\System32\spwmp.dll
      2008-01-26 02:11 4,096 ----a-w C:\Windows\System32\dxmasf.dll
      2008-01-26 02:11 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
      2008-01-26 02:09 8,704 ----a-w C:\Windows\System32\hcrstco.dll
      2008-01-26 02:09 8,704 ----a-w C:\Windows\System32\hccoin.dll
      2008-01-26 02:08 1,327,104 ----a-w C:\Windows\System32\quartz.dll
      2008-01-26 02:07 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
      2008-01-26 02:07 84,480 ----a-w C:\Windows\System32\INETRES.dll
      2008-01-26 02:07 737,792 ----a-w C:\Windows\System32\inetcomm.dll
      2008-01-26 02:07 223,232 ----a-w C:\Windows\System32\WMASF.DLL
      2008-01-26 02:06 11,776 ----a-w C:\Windows\System32\sbunattend.exe
      2008-01-26 02:04 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
      2008-01-25 18:32 16,384 ----a-w C:\Windows\System32\DsrSleep.dll
      2008-01-25 18:26 77,824 ----a-w C:\Windows\System32\oopmdisp.exe
      2008-01-25 18:26 69,632 ----a-w C:\Windows\System32\oopmagentts.exe
      2008-01-25 18:26 624,128 ----a-w C:\Windows\System32\PDFCreatorPilot2.dll
      2008-01-25 18:26 31,232 ----a-w C:\Windows\System32\progress.exe
      2008-01-25 18:26 26,112 ----a-w C:\Windows\System32\oopmpm.dll
      2008-01-25 17:22 53,080 ----a-w C:\Windows\System32\wuauclt.exe
      2008-01-25 17:22 43,352 ----a-w C:\Windows\System32\wups2.dll
      2008-01-25 17:22 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
      2008-01-25 17:22 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
      2008-01-25 17:20 80,896 ----a-w C:\Windows\System32\wudriver.dll
      2008-01-25 17:20 549,720 ----a-w C:\Windows\System32\wuapi.dll
      .

      ((((((((((((((((((((((((((((( snapshot@2008-04-08_23.49.23.66 )))))))))))))))))))))))))))))))))))))))))
      .
      - 2008-04-08 21:40:11 67,584 --s-a-w C:\Windows\bootstat.dat
      + 2008-04-09 09:55:11 67,584 --s-a-w C:\Windows\bootstat.dat
      + 2008-04-09 11:36:45 6,193,152 ----a-w C:\Windows\erdnt\Hiv-backup\SCHEMA.DAT
      - 2008-03-13 02:12:09 665,600 ----a-w C:\Windows\inf\drvindex.dat
      + 2008-04-09 09:52:42 665,600 ----a-w C:\Windows\inf\drvindex.dat
      - 2008-03-13 02:12:11 51,200 ----a-w C:\Windows\inf\infpub.dat
      + 2008-04-09 09:53:05 51,200 ----a-w C:\Windows\inf\infpub.dat
      - 2008-03-13 02:12:08 86,016 ----a-w C:\Windows\inf\infstor.dat
      + 2008-04-09 09:53:05 86,016 ----a-w C:\Windows\inf\infstor.dat
      - 2008-03-13 02:12:08 86,016 ----a-w C:\Windows\inf\infstrng.dat
      + 2008-04-09 09:52:43 86,016 ----a-w C:\Windows\inf\infstrng.dat
      - 2008-04-08 21:41:26 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
      + 2008-04-09 11:10:31 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
      - 2008-04-08 21:48:27 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
      + 2008-04-09 09:56:01 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
      - 2008-04-08 21:43:59 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
      + 2008-04-09 11:36:16 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
      - 2008-04-08 21:48:27 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
      + 2008-04-09 10:06:26 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
      + 2008-04-09 10:06:26 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
      - 2008-02-14 09:50:31 124,928 ----a-w C:\Windows\System32\advpack.dll
      + 2008-02-21 04:43:34 124,928 ----a-w C:\Windows\System32\advpack.dll
      - 2008-04-08 21:46:07 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
      + 2008-04-09 11:31:44 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
      - 2008-04-08 21:46:07 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
      + 2008-04-09 11:31:44 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
      - 2008-04-08 21:46:07 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
      + 2008-04-09 11:31:44 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
      - 2006-11-02 09:46:04 162,816 ----a-w C:\Windows\System32\dnsapi.dll
      + 2007-12-16 11:42:18 162,816 ----a-w C:\Windows\System32\dnsapi.dll
      - 2006-11-02 09:45:02 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe
      + 2007-12-16 11:41:39 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe
      - 2006-11-02 09:46:04 83,968 ----a-w C:\Windows\System32\dnsrslvr.dll
      + 2007-12-16 11:42:18 83,968 ----a-w C:\Windows\System32\dnsrslvr.dll
      - 2008-02-14 09:50:22 347,136 ----a-w C:\Windows\System32\dxtmsft.dll
      + 2008-02-21 04:43:35 347,136 ----a-w C:\Windows\System32\dxtmsft.dll
      - 2008-02-14 09:50:23 214,528 ----a-w C:\Windows\System32\dxtrans.dll
      + 2008-02-21 04:43:35 214,528 ----a-w C:\Windows\System32\dxtrans.dll
      - 2008-02-16 15:57:32 709,584 ----a-w C:\Windows\System32\FNTCACHE.DAT
      + 2008-04-09 09:54:37 709,584 ----a-w C:\Windows\System32\FNTCACHE.DAT
      - 2008-02-14 09:50:20 63,488 ----a-w C:\Windows\System32\icardie.dll
      + 2008-02-21 04:43:35 63,488 ----a-w C:\Windows\System32\icardie.dll
      - 2008-02-14 09:50:13 70,656 ----a-w C:\Windows\System32\ie4uinit.exe
      + 2008-02-21 04:43:03 70,656 ----a-w C:\Windows\System32\ie4uinit.exe
      - 2008-02-14 09:50:25 383,488 ----a-w C:\Windows\System32\ieapfltr.dll
      + 2008-02-21 04:43:35 383,488 ----a-w C:\Windows\System32\ieapfltr.dll
      - 2008-02-14 09:50:58 6,066,176 ----a-w C:\Windows\System32\ieframe.dll
      + 2008-02-21 04:43:35 6,066,176 ----a-w C:\Windows\System32\ieframe.dll
      - 2008-02-14 09:50:12 44,544 ----a-w C:\Windows\System32\iernonce.dll
      + 2008-02-21 04:43:36 44,544 ----a-w C:\Windows\System32\iernonce.dll
      - 2008-02-14 09:51:00 180,736 ----a-w C:\Windows\System32\ieui.dll
      + 2008-02-21 04:43:36 180,736 ----a-w C:\Windows\System32\ieui.dll
      - 2008-02-14 09:50:31 27,648 ----a-w C:\Windows\System32\jsproxy.dll
      + 2008-02-21 04:43:36 27,648 ----a-w C:\Windows\System32\jsproxy.dll
      - 2008-02-14 09:50:31 64,512 ----a-w C:\Windows\System32\migration\WininetPlugin.dll
      + 2008-02-21 04:43:42 64,512 ----a-w C:\Windows\System32\migration\WininetPlugin.dll
      - 2008-03-05 16:30:54 19,148,408 ----a-w C:\Windows\System32\mrt.exe
      + 2008-04-06 05:56:20 19,836,024 ----a-w C:\Windows\System32\mrt.exe
      - 2008-02-14 09:50:45 3,592,192 ----a-w C:\Windows\System32\mshtml.dll
      + 2008-02-21 04:43:36 3,591,680 ----a-w C:\Windows\System32\mshtml.dll
      - 2008-02-14 09:50:48 478,208 ----a-w C:\Windows\System32\mshtmled.dll
      + 2008-02-21 04:43:36 478,208 ----a-w C:\Windows\System32\mshtmled.dll
      - 2008-02-14 09:50:20 671,232 ----a-w C:\Windows\System32\mstime.dll
      + 2008-02-21 04:43:37 671,232 ----a-w C:\Windows\System32\mstime.dll
      - 2008-04-08 21:45:32 103,924 ----a-w C:\Windows\System32\perfc009.dat
      + 2008-04-09 10:00:04 103,924 ----a-w C:\Windows\System32\perfc009.dat
      - 2008-04-08 21:45:32 117,572 ----a-w C:\Windows\System32\perfc00C.dat
      + 2008-04-09 10:00:04 117,572 ----a-w C:\Windows\System32\perfc00C.dat
      - 2008-04-08 21:45:32 610,142 ----a-w C:\Windows\System32\perfh009.dat
      + 2008-04-09 10:00:04 610,142 ----a-w C:\Windows\System32\perfh009.dat
      - 2008-04-08 21:45:32 690,832 ----a-w C:\Windows\System32\perfh00C.dat
      + 2008-04-09 10:00:04 690,832 ----a-w C:\Windows\System32\perfh00C.dat
      - 2008-02-14 09:50:32 44,544 ----a-w C:\Windows\System32\pngfilt.dll
      + 2008-02-21 04:43:38 44,544 ----a-w C:\Windows\System32\pngfilt.dll
      - 2008-03-13 19:38:27 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
      + 2008-04-09 09:56:31 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
      - 2008-02-14 09:50:30 1,159,680 ----a-w C:\Windows\System32\urlmon.dll
      + 2008-02-21 04:43:41 1,159,680 ----a-w C:\Windows\System32\urlmon.dll
      - 2008-04-08 21:13:24 8,474 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-458277762-2666843864-592232392-1000_UserData.bin
      + 2008-04-09 10:04:29 9,062 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-458277762-2666843864-592232392-1000_UserData.bin
      - 2008-04-08 21:13:24 70,068 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
      + 2008-04-09 10:04:26 70,170 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
      - 2008-04-08 21:13:21 43,044 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
      + 2008-04-09 10:04:23 43,592 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
      - 2008-03-13 02:12:22 1,479,652 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
      + 2008-04-08 22:19:23 29,319,882 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
      + 2008-02-21 04:43:34 124,928 ----a-w C:\Windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.16643_none_a9bce801f5c7b8c8\advpack.dll
      + 2008-02-22 04:48:31 124,928 ----a-w C:\Windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.20777_none_aa2a16310efa11c1\advpack.dll
      + 2008-02-29 06:53:29 46,592 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.18027_none_6929f9588cd4875c\setbcdlocale.dll
      + 2008-02-29 07:11:54 988,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.18027_none_6929f9588cd4875c\winload.exe
      + 2008-02-29 07:11:56 927,288 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.18027_none_6929f9588cd4875c\winresume.exe
      + 2008-02-29 06:37:41 46,592 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.22125_none_69b1958fa5f3f478\setbcdlocale.dll
      + 2008-02-29 07:02:42 988,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.22125_none_69b1958fa5f3f478\winload.exe
      + 2008-02-29 07:02:41 927,288 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.22125_none_69b1958fa5f3f478\winresume.exe
      + 2008-02-29 06:51:24 19,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..uggertransport-1394_31bf3856ad364e35_6.0.6000.16646_none_61bfda98f6d6f5d5\kd1394.dll
      + 2008-02-29 06:54:17 19,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..uggertransport-1394_31bf3856ad364e35_6.0.6000.20782_none_621a368c1018a007\kd1394.dll
      + 2008-02-29 07:14:21 19,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..uggertransport-1394_31bf3856ad364e35_6.0.6001.18027_none_63bcb960f3ec683b\kd1394.dll
      + 2008-02-29 06:57:07 19,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..uggertransport-1394_31bf3856ad364e35_6.0.6001.22125_none_644455980d0bd557\kd1394.dll
      + 2008-02-14 23:19:24 944,184 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.16646_none_591b3d986f9b5725\winload.exe
      + 2008-02-14 10:00:07 905,400 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.16646_none_591b3d986f9b5725\winresume.exe
      + 2008-02-14 23:13:10 944,696 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.20782_none_5975998b88dd0157\winload.exe
      + 2008-02-14 10:00:06 905,400 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.20782_none_5975998b88dd0157\winresume.exe
      + 2008-02-29 07:11:54 988,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.18027_none_5b181c606cb0c98b\winload.exe
      + 2008-02-29 07:11:56 927,288 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.18027_none_5b181c606cb0c98b\winresume.exe
      + 2008-02-29 07:02:42 988,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.22125_none_5b9fb89785d036a7\winload.exe
      + 2008-02-29 07:02:41 927,288 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.22125_none_5b9fb89785d036a7\winresume.exe
      + 2008-02-19 05:10:22 620,088 ----a-w C:\Windows\winsxs\x86_microsoft-windows-codeintegrity_31bf3856ad364e35_6.0.6000.16642_none_9e68737c07b7f5c7\ci.dll
      + 2008-02-19 04:54:56 620,088 ----a-w C:\Windows\winsxs\x86_microsoft-windows-codeintegrity_31bf3856ad364e35_6.0.6000.20775_none_9ed4a16120eb3569\ci.dll
      + 2008-02-22 05:05:52 615,992 ----a-w C:\Windows\winsxs\x86_microsoft-windows-codeintegrity_31bf3856ad364e35_6.0.6001.18023_none_a065524404cd682d\ci.dll
      + 2008-02-22 04:57:25 615,992 ----a-w C:\Windows\winsxs\x86_microsoft-windows-codeintegrity_31bf3856ad364e35_6.0.6001.22120_none_a0ebee311dedbbf2\ci.dll
      + 2007-12-16 11:42:18 162,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.16615_none_dff66fbd85366d1e\dnsapi.dll
      + 2007-12-16 11:41:39 24,576 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.16615_none_dff66fbd85366d1e\dnscacheugc.exe
      + 2007-12-16 11:42:18 83,968 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.16615_none_dff66fbd85366d1e\dnsrslvr.dll
      + 2007-12-16 11:49:22 162,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.20740_none_e05a9b529e70e208\dnsapi.dll
      + 2007-12-16 09:41:27 24,576 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.20740_none_e05a9b529e70e208\dnscacheugc.exe
      + 2007-12-16 11:49:22 84,480 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.20740_none_e05a9b529e70e208\dnsrslvr.dll
      + 2008-02-21 04:43:35 296,448 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6000.16643_none_57702c844c48b643\gdi32.dll
      + 2008-02-22 04:49:18 296,448 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6000.20777_none_57dd5ab3657b0f3c\gdi32.dll
      + 2008-02-22 04:57:23 295,936 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6001.18023_none_596c0b02495f0f52\gdi32.dll
      + 2008-02-22 04:48:18 295,936 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6001.22120_none_59f2a6ef627f6317\gdi32.dll
      + 2008-02-21 04:43:38 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.16643_none_ebb7f1b116609ec7\pngfilt.dll
      + 2008-02-22 04:51:42 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.20777_none_ec251fe02f92f7c0\pngfilt.dll
      + 2008-02-21 04:43:41 1,159,680 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16643_none_b2d49a63d9c1162b\urlmon.dll
      + 2008-02-22 04:52:08 1,162,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20777_none_b341c892f2f36f24\urlmon.dll
      + 2008-02-22 05:01:33 1,166,336 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18023_none_b4d078e1d6d76f3a\urlmon.dll
      + 2008-02-22 04:52:15 1,166,336 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22120_none_b55714ceeff7c2ff\urlmon.dll
      + 2008-02-29 06:34:50 7,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..humb-shift_keyboard_31bf3856ad364e35_6.0.6000.16646_none_ebb5eec692f230bc\f3ahvoas.dll
      + 2008-02-29 06:30:51 7,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..humb-shift_keyboard_31bf3856ad364e35_6.0.6000.20782_none_ec104ab9ac33daee\f3ahvoas.dll
      + 2008-02-21 04:43:37 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.16643_none_deb7292c7f69d59a\mstime.dll
      + 2008-02-22 04:50:37 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.20777_none_df24575b989c2e93\mstime.dll
      + 2008-02-22 04:59:51 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.18023_none_e0b307aa7c802ea9\mstime.dll
      + 2008-02-22 04:50:26 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.22120_none_e139a39795a0826e\mstime.dll
      + 2008-02-29 06:35:17 6,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..rd-japanese_106_key_31bf3856ad364e35_6.0.6000.16646_none_dafbedd9168fe683\kbd106n.dll
      + 2008-02-29 06:31:23 6,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..rd-japanese_106_key_31bf3856ad364e35_6.0.6000.20782_none_db5649cc2fd190b5\kbd106n.dll
      + 2008-02-21 04:43:36 27,648 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16643_none_ffda7605a4ca3cbe\jsproxy.dll
      + 2008-02-21 04:43:42 826,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16643_none_ffda7605a4ca3cbe\wininet.dll
      + 2008-02-21 04:43:42 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16643_none_ffda7605a4ca3cbe\WininetPlugin.dll
      + 2008-02-22 04:49:41 27,648 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20777_none_0047a434bdfc95b7\jsproxy.dll
      + 2008-02-22 04:52:15 827,392 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20777_none_0047a434bdfc95b7\wininet.dll
      + 2008-02-22 04:52:15 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20777_none_0047a434bdfc95b7\WininetPlugin.dll
      + 2008-02-22 04:58:23 28,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18023_none_01d65483a1e095cd\jsproxy.dll
      + 2008-02-22 05:01:41 826,880 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18023_none_01d65483a1e095cd\wininet.dll
      + 2008-02-22 05:01:41 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18023_none_01d65483a1e095cd\WininetPlugin.dll
      + 2008-02-22 04:49:22 28,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22120_none_025cf070bb00e992\jsproxy.dll
      + 2008-02-22 04:52:21 826,880 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22120_none_025cf070bb00e992\wininet.dll
      + 2008-02-22 04:52:21 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22120_none_025cf070bb00e992\WininetPlugin.dll
      + 2007-12-13 20:21:38 2,455,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16643_none_f98398df6eb5b711\ieapfltr.dat
      + 2008-02-21 04:43:35 383,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16643_none_f98398df6eb5b711\ieapfltr.dll
      + 2007-12-13 20:21:38 2,455,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20777_none_f9f0c70e87e8100a\ieapfltr.dat
      + 2008-02-22 04:49:22 383,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20777_none_f9f0c70e87e8100a\ieapfltr.dll
      + 2008-02-21 04:43:35 347,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16643_none_95b7d197849b3d3f\dxtmsft.dll
      + 2008-02-21 04:43:35 214,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16643_none_95b7d197849b3d3f\dxtrans.dll
      + 2008-02-22 04:49:00 347,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20777_none_9624ffc69dcd9638\dxtmsft.dll
      + 2008-02-22 04:49:00 214,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20777_none_9624ffc69dcd9638\dxtrans.dll
      + 2008-02-21 04:43:36 478,208 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.16643_none_461a6bef465befcc\mshtmled.dll
      + 2008-02-22 04:50:17 478,208 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.20777_none_46879a1e5f8e48c5\mshtmled.dll
      + 2008-02-21 04:43:36 3,591,680 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16643_none_113495242520a5f4\mshtml.dll
      + 2008-02-22 04:50:17 3,593,728 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.20777_none_11a1c3533e52feed\mshtml.dll
      + 2008-02-22 04:59:30 3,578,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18023_none_133073a22236ff03\mshtml.dll
      + 2008-02-22 04:50:05 3,578,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22120_none_13b70f8f3b5752c8\mshtml.dll
      + 2008-02-21 04:43:35 63,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.16643_none_588d01ee673531fd\icardie.dll
      + 2008-02-22 04:49:21 63,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.20777_none_58fa301d80678af6\icardie.dll
      + 2008-02-21 04:43:03 26,624 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16643_none_2d5382911cf5aba1\ieUnatt.exe
      + 2008-02-21 04:43:03 625,664 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16643_none_2d5382911cf5aba1\iexplore.exe
      + 2008-02-22 02:43:50 26,624 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20777_none_2dc0b0c03628049a\ieUnatt.exe
      + 2008-02-22 02:44:11 625,664 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20777_none_2dc0b0c03628049a\iexplore.exe
      + 2008-02-21 04:43:03 70,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16643_none_c3c237ac61707446\ie4uinit.exe
      + 2008-02-21 04:43:36 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16643_none_c3c237ac61707446\iernonce.dll
      + 2008-02-21 04:43:36 56,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16643_none_c3c237ac61707446\iesetup.dll
      + 2008-02-22 02:43:42 70,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20777_none_c42f65db7aa2cd3f\ie4uinit.exe
      + 2008-02-22 04:49:24 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20777_none_c42f65db7aa2cd3f\iernonce.dll
      + 2008-02-22 04:49:24 56,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20777_none_c42f65db7aa2cd3f\iesetup.dll
      + 2008-02-21 04:43:35 52,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.16643_none_29e74e1c682049a3\iebrshim.dll
      + 2008-02-22 04:49:22 52,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.20777_none_2a547c4b8152a29c\iebrshim.dll
      + 2008-02-21 04:43:35 6,066,176 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16643_none_6293ef27b1163421\ieframe.dll
      + 2008-02-21 04:43:36 180,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16643_none_6293ef27b1163421\ieui.dll
      + 2008-02-22 04:49:24 6,067,712 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20777_none_63011d56ca488d1a\ieframe.dll
      + 2008-02-22 04:49:24 180,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20777_none_63011d56ca488d1a\ieui.dll
      + 2008-02-21 04:43:03 263,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.16643_none_e68d5ba694998859\ieinstal.exe
      + 2008-02-22 02:44:02 263,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.20777_none_e6fa89d5adcbe152\ieinstal.exe
      + 2008-02-21 04:43:03 301,568 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.16643_none_0b3590c2d714480b\ieuser.exe
      + 2008-02-22 02:44:03 301,568 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.20777_none_0ba2bef1f046a104\ieuser.exe
      + 2008-03-17 22:43:16 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16660_none_f060fbf66e8469dc\OESpamFilter.dat
      + 2008-03-17 22:16:50 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20801_none_f12c7a798770787e\OESpamFilter.dat
      + 2008-03-17 22:18:52 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18040_none_f25cda746b9ac2eb\OESpamFilter.dat
      + 2008-03-17 22:17:41 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22144_none_f2ea786784b4c811\OESpamFilter.dat
      + 2008-02-29 06:38:54 313,856 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.16646_none_44d4534db6337506\rstrui.exe
      + 2008-02-29 06:39:13 40,960 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.16646_none_44d4534db6337506\srclient.dll
      + 2008-02-29 06:39:13 371,712 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.16646_none_44d4534db6337506\srcore.dll
      + 2008-02-29 06:38:59 16,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.16646_none_44d4534db6337506\srdelayed.exe
      + 2008-02-29 04:05:40 313,856 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.20782_none_452eaf40cf751f38\rstrui.exe
      + 2008-02-29 06:33:44 40,960 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.20782_none_452eaf40cf751f38\srclient.dll
      + 2008-02-29 06:33:44 371,712 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.20782_none_452eaf40cf751f38\srcore.dll
      + 2008-02-29 04:05:32 16,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.20782_none_452eaf40cf751f38\srdelayed.exe
      + 2008-02-29 04:12:59 318,464 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.18027_none_46d13215b348e76c\rstrui.exe
      + 2008-02-29 06:53:38 40,960 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.18027_none_46d13215b348e76c\srclient.dll
      + 2008-02-29 06:53:39 378,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.18027_none_46d13215b348e76c\srcore.dll
      + 2008-02-29 04:12:53 14,848 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.18027_none_46d13215b348e76c\srdelayed.exe
      + 2008-02-29 04:06:52 318,464 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.22125_none_4758ce4ccc685488\rstrui.exe
      + 2008-02-29 06:37:51 40,960 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.22125_none_4758ce4ccc685488\srclient.dll
      + 2008-02-29 06:37:51 378,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.22125_none_4758ce4ccc685488\srcore.dll
      + 2008-02-29 04:06:46 14,848 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.22125_none_4758ce4ccc685488\srdelayed.exe
      + 2008-02-29 04:16:38 2,027,008 ----a-w C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16646_none_b6e7fd209d7b409d\win32k.sys
      + 2008-02-29 04:14:24 2,028,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.20782_none_b7425913b6bceacf\win32k.sys
      + 2008-02-29 04:21:49 2,032,128 ----a-w C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18027_none_b8e4dbe89a90b303\win32k.sys
      + 2008-02-29 04:15:56 2,032,128 ----a-w C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.22125_none_b96c781fb3b0201f\win32k.sys
      .
      -- Snapshot reset to current date --
      .
      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D96F3DB-70F6-46F7-BE01-09D946AFCF5F}]
      C:\Users\RMY~1\AppData\Local\Temp\cBsrsQIA.dll

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-26 04:06 1232896]
      "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 22:35 90112]
      "LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-06-20 13:49 451872]
      "Cld2000.exe"="C:\Program Files\Calendrier\Cld2000.exe" [ ]
      "pqdjplha"="C:\ProgramData\pqdjplha\ohutwpqr.exe" [2008-04-06 19:34 110592]
      "tu27VcYbRl"="C:\ProgramData\cdgverkz\gxszifaz.exe" [ ]
      "WINSOS VERIFY"="C:\Program Files\Winsos\WINSOS.exe" [ ]
      "yjdnwzsc"="C:\ProgramData\yjdnwzsc\bmdsbqry.exe" [2008-04-07 15:38 94208]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-12-13 21:53 1006264]
      "RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 05:06 4669440 C:\Windows\RtHDVCpl.exe]
      "Skytel"="Skytel.exe" [2007-06-15 10:45 1826816 C:\Windows\SkyTel.exe]
      "SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-09-03 07:33 630784]
      "ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 18:27 61440]
      "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-23 07:27 815104]
      "ASUSTPE"="C:\Windows\system32\ASUSTPE.exe" [2006-12-13 01:06 106496]
      "ASUS Camera ScreenSaver"="C:\Windows\ASScrProlog.exe" [2007-12-13 23:28 37232]
      "ASUS Screen Saver Protector"="C:\Windows\ASScrPro.exe" [2007-12-13 23:28 33136]
      "PowerForPhone"="C:\Program Files\PowerForPhone\PowerForPhone.exe" [2007-06-26 20:10 778240]
      "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 16:57 282624]
      "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 22:52 49152]
      "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 11:22 517768]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

      C:\Users\R‚my\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
      HotSync Manager.lnk - C:\Program Files\palmOne\HOTSYNC.EXE [2004-04-12 22:38:32 299008]

      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
      Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 01:01:50 734872]
      HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 22:40:10 210520]
      Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
      Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]
      OFFICE One Startup v7.lnk - C:\Program Files\OFFICE One v7\OFFICE One Startup v7\oostartupv7.exe [2008-01-25 20:41:32 713728]
      PDFCreator.lnk - C:\Program Files\PDFCreator\PDFCreator.exe [2008-01-26 10:30:47 2641920]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
      "tu27VcYbRl"= C:\ProgramData\cdgverkz\gxszifaz.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "UacDisableNotify"=dword:00000001
      "InternetSettingsDisableNotify"=dword:00000001
      "AutoUpdateDisableNotify"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
      "{7EC199B4-2EE8-4E30-A06E-C24C15D751A9}"= Disabled:UDP:F:\setup\HPZNUI01.EXE:hpznui01.exe
      "{79C21E11-96BF-4C34-8024-4FDBD8E51756}"= Disabled:TCP:F:\setup\HPZNUI01.EXE:hpznui01.exe

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
      "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

      R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31]
      R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
      R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 19:32]
      R2 HPSLPSVC;HP Network Devices Support;C:\Windows\system32\svchost.exe [2006-11-02 11:45]
      R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\Windows\System32\StkCSrv.exe [2007-04-19 00:42]
      R3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\Windows\system32\DRIVERS\l260x86.sys [2007-08-17 08:00]
      R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2008-02-20 08:47]
      R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-02-02 09:09]
      R3 RTSTOR;USB Mass Storage Device;C:\Windows\system32\drivers\RTSTOR.SYS [2007-01-11 04:18]
      R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\Windows\system32\Drivers\StkCMini.sys [2007-06-06 04:40]
      S3 Asushwio;Asushwio;C:\Windows\system32\drivers\Asushwio.sys [2006-10-10 21:33]
      S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\Windows\system32\DRIVERS\fbxusb32.sys [2004-10-20 17:23]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      bthsvcs REG_MULTI_SZ BthServ
      HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
      HPService REG_MULTI_SZ HPSLPSVC
      hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

      *Newly Created Service* - CATCHME

      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
      msiexec /fums {6173A4FC-D42D-69A6-52CA-A30496389760} /qb

      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
      "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
      .
      Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
      "2008-04-08 12:11:07 C:\Windows\Tasks\User_Feed_Synchronization-{7414A2DD-83A3-4901-A13C-F2E3BD6F7A65}.job"
      - C:\Windows\system32\msfeedssync.exe
      .
      **************************************************************************

      catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-04-09 13:40:37
      Windows 6.0.6000 NTFS

      Balayage processus cachés ...

      Balayage caché autostart entries ...

      Balayage des fichiers cachés ...

      Scan terminé avec succès
      Les fichiers cachés: 0

      **************************************************************************
      .
      Temps d'accomplissement: 2008-04-09 13:41:20
      ComboFix-quarantined-files.txt 2008-04-09 11:41:15
      ComboFix2.txt 2008-04-08 21:50:05
      Pre-Run: 48,854,548,480 octets libres
      Post-Run: 48,720,060,416 octets libres
      .
      2008-04-08 22:20:05 --- E O F ---
      0
  3. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonsoir
    ton hijack n'est pas complet
    il faut le poster en entier
    @+
    0
    1. Remy33 Messages postés 10 Statut Membre
       
      Voici le tout:

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 22:23:26, on 07/04/2008
      Platform: Windows Vista (WinNT 6.00.1904)
      MSIE: Internet Explorer v7.00 (7.00.6000.16609)
      Boot mode: Normal

      Running processes:
      C:\Windows\system32\taskeng.exe
      C:\Windows\system32\Dwm.exe
      C:\Windows\system32\taskeng.exe
      C:\Program Files\ASUS\ASUS Live Update\ALU.exe
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Windows\RtHDVCpl.exe
      C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
      C:\Program Files\ASUS\ATK Media\DMedia.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Windows\System32\ASUSTPE.exe
      C:\Windows\ASScrPro.exe
      C:\Program Files\PowerForPhone\PowerForPhone.exe
      C:\Program Files\Alwil Software\Avast4\ashDisp.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
      C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\Program Files\Windows Sidebar\sidebar.exe
      C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
      C:\ProgramData\pqdjplha\ohutwpqr.exe
      C:\ProgramData\cdgverkz\gxszifaz.exe
      C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\PDFCreator\PDFCreator.exe
      C:\Program Files\palmOne\HOTSYNC.EXE
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
      C:\Program Files\Internet Explorer\ieuser.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
      C:\Windows\Explorer.exe
      C:\Windows\system32\conime.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.asus.com/fr/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      O1 - Hosts: ::1 localhost
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
      O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
      O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
      O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
      O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
      O4 - HKLM\..\Run: [Skytel] Skytel.exe
      O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
      O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [ASUSTPE] C:\Windows\system32\ASUSTPE.exe
      O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
      O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
      O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
      O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
      O4 - HKCU\..\Run: [Cld2000.exe] C:\Program Files\Calendrier\Cld2000.exe
      O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\RMY~1\AppData\Local\Temp\mlJCRJcb.dll,#1
      O4 - HKCU\..\Run: [pqdjplha] C:\ProgramData\pqdjplha\ohutwpqr.exe
      O4 - HKCU\..\Run: [tu27VcYbRl] C:\ProgramData\cdgverkz\gxszifaz.exe
      O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\RMY~1\AppData\Local\Temp\cBsrsQIA.dll,c
      O4 - HKCU\..\Run: [b072763e] rundll32.exe "C:\Users\RMY~1\AppData\Local\Temp\nkuhmqgm.dll",b
      O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
      O4 - HKCU\..\Run: [yjdnwzsc] C:\ProgramData\yjdnwzsc\bmdsbqry.exe
      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
      O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
      O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O4 - Global Startup: OFFICE One Startup v7.lnk = ?
      O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O13 - Gopher Prefix:
      O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab?AuthParam=1205920197_f4587d0d24ce749ef333353feef99e62&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
      O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
      O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
      O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
      O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
      O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe
      0
  4. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonjour tu n'as pas du faire correctement la manip

    as tu bien fait glisser le dossier CFScript.txt sur l'icone de combofix ?
    @+
    0
    1. Remy33 Messages postés 10 Statut Membre
       
      Oui, je l'avais bien fait et je l'ai refais, mais je n'est pas le choix entre 1 et 2 comme tu m'as dit, il se lance et analyse tout comme la première fois.
      Que dois-je faire alors?
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    bon on procéde autrement

    relance hijack et coche ceci
    O4 - HKCU\..\Run: [Cld2000.exe] C:\Program Files\Calendrier\Cld2000.exe
    O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\RMY~1\AppData\Local\Temp\mlJCRJcb.dll,#1
    O4 - HKCU\..\Run: [pqdjplha] C:\ProgramData\pqdjplha\ohutwpqr.exe
    O4 - HKCU\..\Run: [tu27VcYbRl] C:\ProgramData\cdgverkz\gxszifaz.exe
    O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\RMY~1\AppData\Local\Temp\cBsrsQIA.dll,c
    O4 - HKCU\..\Run: [yjdnwzsc] C:\ProgramData\yjdnwzsc\bmdsbqry.exe
    O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
    ensuite clique sur fix checked

    Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
    http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
    clic double sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :
    Paste List of Files/Folders to be moved.

    C:\ProgramData\rhtdinub
    C:\ProgramData\rseqtjie
    C:\ProgramData\yjdnwzsc
    C:\ProgramData\pqdjplha
    C:\ProgramData\cdgverkz

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaîtra dans le cadre Results.
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\\\_OTMoveIt\MovedFiles.

    il te sera peut-être demandé de redémarrer le pc pour achever la suppression.
    @+
    0
    1. Remy33 Messages postés 10 Statut Membre
       
      Salut
      Voici:

      C:\ProgramData\rhtdinub moved successfully.
      C:\ProgramData\rseqtjie moved successfully.
      C:\ProgramData\yjdnwzsc moved successfully.
      C:\ProgramData\pqdjplha moved successfully.
      C:\ProgramData\cdgverkz moved successfully.

      OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04092008_211039

      Ca veux dire que c'est règlé?
      @+
      0
  7. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    non pas encore

    refais un hijack stp
    0
    1. Remy33 Messages postés 10 Statut Membre
       
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 21:04:44, on 09/04/2008
      Platform: Windows Vista (WinNT 6.00.1904)
      MSIE: Internet Explorer v7.00 (7.00.6000.16643)
      Boot mode: Normal

      Running processes:
      C:\Windows\system32\taskeng.exe
      C:\Windows\system32\Dwm.exe
      C:\Windows\system32\taskeng.exe
      C:\Program Files\ASUS\ASUS Live Update\ALU.exe
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Windows\RtHDVCpl.exe
      C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
      C:\Program Files\ASUS\ATK Media\DMedia.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Windows\System32\ASUSTPE.exe
      C:\Windows\ASScrPro.exe
      C:\Program Files\PowerForPhone\PowerForPhone.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
      C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\Program Files\Windows Sidebar\sidebar.exe
      C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
      C:\ProgramData\yjdnwzsc\bmdsbqry.exe
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\PDFCreator\PDFCreator.exe
      C:\Program Files\palmOne\HOTSYNC.EXE
      C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
      C:\Program Files\palmOne\Palm.exe
      C:\Program Files\Windows Media Player\wmplayer.exe
      C:\Program Files\Windows Media Player\WMPNSCFG.exe
      C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
      C:\Windows\MSAgent\agentsvr.exe
      C:\Windows\system32\conime.exe
      C:\Windows\Explorer.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\Program Files\Internet Explorer\ieuser.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Poker\PokerFROnline\casino.exe
      C:\Windows\system32\SearchFilterHost.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {1D96F3DB-70F6-46F7-BE01-09D946AFCF5F} - C:\Users\RMY~1\AppData\Local\Temp\cBsrsQIA.dll (file missing)
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
      O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
      O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
      O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
      O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
      O4 - HKLM\..\Run: [Skytel] Skytel.exe
      O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
      O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [ASUSTPE] C:\Windows\system32\ASUSTPE.exe
      O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
      O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
      O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
      O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
      O4 - HKCU\..\Run: [Cld2000.exe] C:\Program Files\Calendrier\Cld2000.exe
      O4 - HKCU\..\Run: [pqdjplha] C:\ProgramData\pqdjplha\ohutwpqr.exe
      O4 - HKCU\..\Run: [tu27VcYbRl] C:\ProgramData\cdgverkz\gxszifaz.exe
      O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
      O4 - HKCU\..\Run: [yjdnwzsc] C:\ProgramData\yjdnwzsc\bmdsbqry.exe
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKLM\..\Policies\Explorer\Run: [tu27VcYbRl] C:\ProgramData\cdgverkz\gxszifaz.exe
      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
      O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
      O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O4 - Global Startup: OFFICE One Startup v7.lnk = ?
      O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O13 - Gopher Prefix:
      O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab?AuthParam=1205920197_f4587d0d24ce749ef333353feef99e62&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
      O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
      O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
      O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
      O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
      O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe
      0
  8. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    tu n'as pas coché les cases comme je t'avais demandé

    donc relance hijack et coche ceci
    O2 - BHO: (no name) - {1D96F3DB-70F6-46F7-BE01-09D946AFCF5F} - C:\Users\RMY~1\AppData\Local\Temp\cBsrsQIA.dll (file missing)
    O4 - HKCU\..\Run: [Cld2000.exe] C:\Program Files\Calendrier\Cld2000.exe
    O4 - HKCU\..\Run: [pqdjplha] C:\ProgramData\pqdjplha\ohutwpqr.exe
    O4 - HKCU\..\Run: [tu27VcYbRl] C:\ProgramData\cdgverkz\gxszifaz.exe
    O4 - HKCU\..\Run: [yjdnwzsc] C:\ProgramData\yjdnwzsc\bmdsbqry.exe
    O4 - HKLM\..\Policies\Explorer\Run: [tu27VcYbRl] C:\ProgramData\cdgverkz\gxszifaz.exe
    O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
    ensuite clique sur fix checked

    ensuite il reste encore une chose
    donc refais la manip avec OTMoveIt
    mais cette fois-ci tu colle ceci
    C:\ProgramData\yjdnwzsc\bmdsbqry.exe

    et ceci C:\Poker\PokerFROnline\casino.exe
    tu l'as mis toi même
    @+

    0
    1. Remy33 Messages postés 10 Statut Membre
       
      Salut,
      J'ai fait ce que tu m'as dit mais j'avais que 2 lignes parmi celles que tu m'as données:

      O2 - BHO: (no name) - {1D96F3DB-70F6-46F7-BE01-09D946AFCF5F} - C:\Users\RMY~1\AppData\Local\Temp\cBsrsQIA.dll (file missing)
      O4 - HKLM\..\Policies\Explorer\Run: [tu27VcYbRl] C:\ProgramData\cdgverkz\gxszifaz.exe

      J'ai refais un Hijack:

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 22:34:22, on 09/04/2008
      Platform: Windows Vista (WinNT 6.00.1904)
      MSIE: Internet Explorer v7.00 (7.00.6000.16643)
      Boot mode: Normal

      Running processes:
      C:\Windows\system32\taskeng.exe
      C:\Windows\system32\Dwm.exe
      C:\Windows\system32\taskeng.exe
      C:\Program Files\ASUS\ASUS Live Update\ALU.exe
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Windows\RtHDVCpl.exe
      C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
      C:\Program Files\ASUS\ATK Media\DMedia.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Windows\System32\ASUSTPE.exe
      C:\Windows\ASScrPro.exe
      C:\Program Files\PowerForPhone\PowerForPhone.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
      C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\Program Files\Windows Sidebar\sidebar.exe
      C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\PDFCreator\PDFCreator.exe
      C:\Program Files\palmOne\HOTSYNC.EXE
      C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
      C:\Program Files\palmOne\Palm.exe
      C:\Program Files\Windows Media Player\WMPNSCFG.exe
      C:\Windows\system32\conime.exe
      C:\Windows\Explorer.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\Program Files\Internet Explorer\ieuser.exe
      C:\Poker\PokerFROnline\casino.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
      O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
      O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
      O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
      O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
      O4 - HKLM\..\Run: [Skytel] Skytel.exe
      O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
      O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [ASUSTPE] C:\Windows\system32\ASUSTPE.exe
      O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
      O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
      O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
      O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
      O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
      O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
      O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O4 - Global Startup: OFFICE One Startup v7.lnk = ?
      O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O13 - Gopher Prefix:
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab?AuthParam=1205920197_f4587d0d24ce749ef333353feef99e62&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
      O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
      O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
      O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
      O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
      O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe
      0
  9. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    bon très bien ça à l'air pas tout ça

    pour finir

    * Télécharge malwarebytes
    http://www.malwarebytes.org/mbam/program/mbam-setup.exe

    => Installe le
    => Ensuite va en mode sans echec

    Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
    Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel

    => Lance malwarebytes
    => Coche "Executer un examen complet"
    => Si tu es en présence d'une infection à la fin de l'examen clique sur "ok"
    => Clique sur Supprimer la sélection
    => Pour poster le rapport Clique sur l'onglet Rapports/Logs, sélectionne celui t'intéresse et clique sur Ouvrir
    => Fait copier coller et poste le rapport

    --------------------------

    ensuite

    * Télécharge CCleaner
    https://filehippo.com/download_ccleaner/
    => Aide toi de ce tuto pour l'utiliser
    https://www.malekal.com/tutoriel-ccleaner/

    --------------------------

    Ensuite fait un scan en ligne

    avec bitdefender et colle le rapport

    https://www.bitdefender.com/toolbox/

    un tuto
    http://pageperso.aol.fr/rginformatique/mapage/defender.htm
    @+
    0
  10. Remy33 Messages postés 10 Statut Membre
     
    Voici pour malwarebytes:

    Malwarebytes' Anti-Malware 1.11
    Version de la base de données: 604

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 137251
    Temps écoulé: 22 minute(s), 55 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 5
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 4

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorertoolbar (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\_OTMoveIt\MovedFiles\04092008_211039\ProgramData\cdgverkz\gxszifaz.exe.bak (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\_OTMoveIt\MovedFiles\04092008_211039\ProgramData\pqdjplha\ohutwpqr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\_OTMoveIt\MovedFiles\04092008_211039\ProgramData\rseqtjie\dshsjitm.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\_OTMoveIt\MovedFiles\04092008_211039\ProgramData\yjdnwzsc\bmdsbqry.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    et pour bitdefender:

    BitDefender Online Scanner - Real Time Virus Report

    Generated at: Thu, Apr 10, 2008 - 07:48:49

    --------------------------------------------------------------------------------

    Scan Info

    Scanned Files
    237283

    Infected Files
    0

    Virus Detected

    No virus found.

    --------------------------------------------------------------------------------

    This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.

    Cette fois ca à l'air réglé!!!!
    Si c'est le cas, je te remercie mille fois pour ce guidage et ces expications claires.
    C'est vraiment sympa d'avoir pris un peu de ton temps pour m'aider, sans je n'aurai rien pu faire
    @+
    0
  11. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonjour

    si plus de soucis

    Tu peux supprimer tous les logiciels que nous avons utilisés
    va dans ajout/suppression de programes et dans programmes files
    pour vérifier

    ensuite fait ceci (IMPORTANT)

    =démarrer
    =panneau de configuration
    =système
    =onglet Restauration système
    =coche la case (Désactiver la restauration système)
    =redémarre l'ordinateur
    =réactive la ensuite

    pense à marquer ton sujet en résolu
    si plus de soucis

    @+
    0
  12. Remy33 Messages postés 10 Statut Membre
     
    Voilà j'ai bouclé la boucle.
    Encore un grand merci.
    @+
    0
  13. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    de rien ;-)

    bye bye
    0