Virus Win32-adware-gen

Doudou62 Messages postés 1 Date d'inscription   Statut Membre -  
 Doudou62 -
Salut à tous,
Je vous expose mon problème, j'ai choppé un virus de m... son nom Win32 Adware-gen, je vous demande humblement votre aide. En regardant sur le forum, je vois que la majorité des personnes poste de le rapport de HijackThis alors je vais faire de même.J'ai essayé plusieur possibilité pour le supprimer mais il reviens toujours au démarrage alors la je sèche.

Merci d'avance de votre aides

CI-DESSOUS LE RAPPORT
Logfile of HijackThis v1.99.1
Scan saved at 13:15:15, on 08.04.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
C:\Program Files\Cobian Backup 8\cbService.exe
C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\PROGRA~1\DelFax\WFXSWTCH.exe
C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\DelFax\WFXMOD32.EXE
C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
C:\Program Files\Cobian Backup 8\cbInterface.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\windows\system32\kpwnw64r.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Nero\Nero8\InCD\InCD.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DeTeWe\OpenCTI.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Corel\Corel Graphics 12\Programs\CorUpd.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\DelFax\WFXCTL32.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://english.ircfast2.com/index.php?rvs=hompag
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aceradvantage.com/stdreg
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\DelFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Cobian Backup 8 interface] "C:\Program Files\Cobian Backup 8\cbInterface.exe" -service
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\FR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=041908 serial=DR12WUG-9117671-vnl lang=FR
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [{D1-18-80-0E-DW}] C:\windows\system32\kpwnw64r.exe DWoli5FF
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero8\InCD\InCD.exe
O4 - HKCU\..\Run: [OpenCTI] "C:\Program Files\DeTeWe\OpenCTI.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [c:_program files_corel_cor3c] C:\Program Files\Corel\Corel Graphics 12\Programs\CorUpd.exe /Watch /r="Software\Corel\CorelDRAW\12.0"
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\kpwnw64r.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Contrôleur.LNK = C:\Program Files\DelFax\WFXCTL32.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
O23 - Service: Cobian Backup 8 service (CobBMService) - Luis Cobian - C:\Program Files\Cobian Backup 8\cbService.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Droppix Service - Droppix - C:\Program Files\Fichiers communs\Droppix\DxService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: DelrinaFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE

Merci d'avance
Configuration: Windows XP
Firefox 2.0.0.13

15 réponses

  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt,

    télécharge OTMoveIt
    http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    Citation :

    C:\windows\system32\kpwnw64r.exe

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

    _____________

    Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Sauvegarde le sur ton bureau et pas ailleurs !

    Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

    Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
    Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
    0
    1. Doudou62
       
      Salut JlpJlp,
      D'abord un grand merci pour prendre du temps pour résoudre mon problème, j'apprécie fortement.

      Comme demandé j'ai exécuter les différentes tâches que tu m'a conseillées , ci-dessous je te poste les 2 rapports.

      1)OTVmov

      C:\windows\system32\kpwnw64r.exe moved successfully.

      OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04092008_065622

      2)Combofix

      ComboFix 08-04-08.7 - Didier 2008-04-09 7:11:44.1 - NTFSx86
      Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.490 [GMT 2:00]
      Endroit: C:\Documents and Settings\Didier\Bureau\KillBagle.exe
      * Création d'un nouveau point de restauration

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
      .
      TimedOut: progfile.dat

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Documents and Settings\Didier\Menu Démarrer\Programmes\Démarrage\DW_Start.lnk
      C:\WINDOWS\system32\msnav32.ax

      .
      ((((((((((((((((((((((((((((( Fichiers créés 2008-03-09 to 2008-04-09 ))))))))))))))))))))))))))))))))))))
      .

      2008-04-09 07:05 . 2008-04-09 07:05 49,228 --a------ C:\WINDOWS\system32\kpwnw64r.exe
      2008-04-09 06:56 . 2008-04-09 06:56 <REP> d-------- C:\_OTMoveIt
      2008-04-08 12:31 . 2008-04-08 12:32 <REP> d-------- C:\Program Files\RegCleaner
      2008-04-08 11:57 . 2008-04-08 11:57 307,968 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
      2008-04-08 11:57 . 2008-02-27 13:15 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
      2008-04-08 11:41 . 2008-04-08 11:41 49,215 --a------ C:\WINDOWS\system32\rwwnw64d.exe
      2008-04-08 10:53 . 2008-04-08 08:57 141,525 --a------ C:\Capture01.jpg
      2008-04-08 07:34 . 2005-02-16 11:06 218,112 --a------ C:\HijackThis.exe
      2008-04-08 07:31 . 2008-04-08 07:31 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
      2008-04-08 07:31 . 2008-04-08 07:31 <REP> d-------- C:\Documents and Settings\Didier\Application Data\Malwarebytes
      2008-04-08 07:31 . 2008-04-08 07:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
      2008-04-07 09:46 . 2008-04-07 09:46 <REP> d-------- C:\Documents and Settings\Didier\Application Data\Grisoft
      2008-04-07 09:46 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
      2008-04-04 10:56 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
      2008-04-04 10:56 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
      2008-04-01 15:23 . 2008-04-01 15:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
      2008-04-01 07:54 . 2008-04-01 07:54 712,841 --a------ C:\Test aptitude.JPG
      2008-03-29 03:09 . 2008-04-03 18:47 934 --a------ C:\WINDOWS\system32\winpfz33.sys
      2008-03-28 13:10 . 2008-03-28 13:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
      2008-03-27 08:52 . 2008-03-27 08:52 <REP> d-------- C:\Program Files\NeroInstall.bak
      2008-03-27 08:50 . 2008-03-27 08:50 <REP> d-------- C:\Documents and Settings\Didier\Application Data\Nero
      2008-03-27 08:47 . 2008-03-27 08:48 <REP> d-------- C:\Program Files\Fichiers communs\Nero
      2008-03-27 08:47 . 2008-03-27 08:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
      2008-03-27 08:32 . 2008-03-27 08:32 49,185 --a------ C:\WINDOWS\system32\kownw64r.exe
      2008-03-26 16:50 . 2008-03-15 00:56 <REP> d-------- C:\Okoker.AVI.to.DVD.VCD.DIVX.MPEG.Converter&Burner.v4.9.Cracked-AHCU
      2008-03-25 16:44 . 2008-03-25 16:44 33,792 --a------ C:\Devis CSF Batailles sans prix.xls
      2008-03-25 15:22 . 2008-03-25 15:22 19,759 --a------ C:\8822 DV version client.xls
      2008-03-25 11:42 . 2008-03-25 11:42 88,232 --a------ C:\bookmarks.html
      2008-03-25 11:37 . 2008-03-25 11:40 851 --a------ C:\VSO ConvertXtoDvd.lnk
      2008-03-25 11:23 . 2007-03-28 07:18 735 --a------ C:\VSO PhotoDVD.lnk
      2008-03-18 11:56 . 2008-03-18 12:52 5,105 --a------ C:\Abieniste mail .htm
      2008-03-18 10:34 . 2008-03-18 10:22 946,016 --a------ C:\Maison Sécurité Froid.bak
      2008-03-18 10:13 . 2008-03-18 10:34 970,016 --a------ C:\Maison Sécurité Froid.dwg
      2008-03-12 12:12 . 2008-03-12 12:12 21 --a------ C:\WINDOWS\TemplateWizard.INI

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-04-08 09:57 --------- d-----w C:\Program Files\TuneUp Utilities 2008
      2008-04-07 07:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
      2008-04-03 11:56 --------- d-----w C:\Program Files\DelFax
      2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
      2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
      2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
      2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
      2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
      2008-03-29 17:23 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
      2008-03-27 06:47 --------- d-----w C:\Program Files\Nero
      2008-03-27 06:38 --------- d-----w C:\Program Files\Fichiers communs\Ahead
      2008-03-27 02:37 --------- d-----w C:\Program Files\eMule
      2008-03-12 09:08 --------- d-----w C:\Program Files\Fichiers communs\Adobe
      2008-03-06 06:44 --------- d-----w C:\Program Files\Scelte32
      2008-03-03 13:53 --------- d-----w C:\Program Files\Yahoo!
      2008-03-03 13:53 --------- d-----w C:\Program Files\Fichiers communs\ACD Systems
      2008-03-03 08:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
      2008-03-03 06:59 --------- d-----w C:\Documents and Settings\Didier\Application Data\Corel
      2008-03-03 06:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-03-03 06:29 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
      2008-03-03 06:29 --------- d-----w C:\Program Files\Fichiers communs\Corel
      2008-03-03 06:28 --------- d-----w C:\Program Files\Corel
      2008-03-03 06:24 --------- d-----w C:\Program Files\WinISO
      2008-02-28 16:38 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
      2008-02-28 12:04 238,888 ----a-w C:\WINDOWS\NuNInst.exe
      2008-02-28 12:03 40,360 ----a-w C:\WINDOWS\system32\drivers\InCDRm.sys
      2008-02-28 12:03 38,952 ----a-w C:\WINDOWS\system32\drivers\InCDPass.sys
      2008-02-28 12:03 17,448 ----a-w C:\WINDOWS\system32\drivers\InCDrec.sys
      2008-02-28 12:03 128,424 ----a-w C:\WINDOWS\system32\drivers\InCDfs.sys
      2008-02-26 15:14 972,072 ----a-w C:\WINDOWS\UNRecode.exe
      2008-02-26 13:30 9,216 ----a-w C:\WINDOWS\system32\avgwlntf.dll
      2008-02-26 06:07 --------- d-----w C:\Program Files\iTunes
      2008-02-26 06:07 --------- d-----w C:\Program Files\iPod
      2008-02-26 06:05 --------- d-----w C:\Program Files\QuickTime
      2008-02-18 15:21 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
      2008-02-18 15:21 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
      2008-02-18 15:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
      2008-02-18 06:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\LightScribe
      2008-02-18 06:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Droppix
      2008-02-18 06:52 --------- d-----w C:\Program Files\illiminable
      2008-02-18 06:52 --------- d-----w C:\Program Files\Fichiers communs\LightScribe
      2008-02-18 06:52 --------- d-----w C:\Program Files\Fichiers communs\Droppix
      2008-02-18 06:52 --------- d-----w C:\Documents and Settings\Didier\Application Data\Droppix
      2008-02-18 06:51 --------- d-----w C:\Program Files\Droppix
      2008-02-15 14:14 --------- d-----w C:\Program Files\Microsoft ActiveSync
      2008-02-14 12:40 --------- d-----w C:\Program Files\PowerpointImageExtractor_V1_2
      2008-02-14 10:28 --------- d-----w C:\Documents and Settings\Didier\Application Data\Spamihilator
      2008-02-14 10:08 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
      2008-02-14 06:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
      2008-02-12 05:48 --------- d-----w C:\Documents and Settings\Didier\Application Data\Else plus
      2008-02-12 05:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sign scr mags for
      2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
      2007-10-02 11:28 667 ----a-w C:\Documents and Settings\Didier\Application Data\waver_2.95.dat
      2007-02-15 10:02 87,608 ----a-w C:\Documents and Settings\Didier\Application Data\ezpinst.exe
      2007-02-15 10:02 47,360 ----a-w C:\Documents and Settings\Didier\Application Data\pcouffin.sys
      .

      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
      @={8D2223A2-B3C6-4e32-B096-CDD11F628C60}

      [HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
      2008-02-28 14:04 97064 --a------ C:\Program Files\Nero\Nero8\InCD\NBHShx.dll

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "OpenCTI"="C:\Program Files\DeTeWe\OpenCTI.exe" [2004-12-03 14:22 221184]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
      "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 15:07 1289000]
      "LightScribe Control Panel"="C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe" [2008-01-24 13:32 2289664]
      "c:_program files_corel_cor3c"="C:\Program Files\Corel\Corel Graphics 12\Programs\CorUpd.exe" [2003-11-18 10:38 139264]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00 455168]
      "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00 455168]
      "SoundMan"="SOUNDMAN.EXE" [2005-08-16 23:39 90112 C:\WINDOWS\SOUNDMAN.EXE]
      "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 15:40 413696]
      "WFXSwtch"="C:\PROGRA~1\DelFax\WFXSWTCH.exe" [2006-12-27 10:52 28160]
      "WinFaxAppPortStarter"="wfxsnt40.exe" [2006-12-27 10:52 45568 C:\WINDOWS\system32\WFXSNT40.EXE]
      "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 15:46 28160 C:\WINDOWS\KHALMNPR.Exe]
      "Cobian Backup 8 interface"="C:\Program Files\Cobian Backup 8\cbInterface.exe" [2007-03-21 00:35 2424320]
      "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
      "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
      "MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-17 14:12 135168]
      "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
      "CorelDRAW Graphics Suite 11b"="C:\Program Files\Corel\Corel Graphics 12\Languages\FR\Programs\Registration.exe" [2003-12-03 02:52 733184]
      "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 13:41 196608]
      "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-04-13 07:07 69632]
      "{D1-18-80-0E-DW}"="c:\windows\system32\kpwnw64r.exe" [2008-04-09 07:05 49228]
      "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 17:29 2221352]
      "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
      "InCD"="C:\Program Files\Nero\Nero8\InCD\InCD.exe" [2008-02-28 14:03 1083176]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

      C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
      BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2006-12-11 09:18:31 1048576]
      Contr“leur.LNK - C:\Program Files\DelFax\WFXCTL32.EXE [2006-12-27 10:20:35 549888]
      Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-12-27 16:38:25 450560]

      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
      "{A213B520-C6C2-11d0-AF9D-008029E1027E}"= C:\Program Files\DelFax\WfxSeh32.Dll [1998-07-27 09:54 38400]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
      avgwlntf.dll 2008-02-26 15:30 9216 C:\WINDOWS\system32\avgwlntf.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "msacm.l3acm"= C:\WINDOWS\system32\l3codecp.acm
      "msacm.l3codecp"=
      "VIDC.ACDV"= ACDV.dll

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
      "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
      "MsnMsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
      "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe
      "LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
      "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
      "PCMService"="C:\Program Files\Acer TV-FM\PCMService.exe"
      "MediaSync"=C:\Program Files\Acer\Acer eConsole\MediaSync.exe
      "OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
      "SiSPower"=Rundll32.exe SiSPower.dll,ModeAgent
      "Logitech Hardware Abstraction Layer"=KHALMNPR.EXE
      "LaunchApp"=Alaunch
      "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
      "SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
      "AspireService"=C:\Program Files\Acer\Acer eMode Management\AspireService.exe
      "OPSE reminder"="C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini"
      "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
      "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
      "MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
      "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      "ntiMUI"=C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
      "Device Detector"=DevDetect.exe -autorun
      "CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
      "MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
      "mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
      "Spamihilator"="C:\Program Files\Spamihilator\spamihilator.exe"
      "SecurDisc"=C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
      "NeroFilterCheck"=C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "FirewallOverride"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\Acer TV-FM\\PowerCinema.exe"=
      "C:\\Program Files\\Acer TV-FM\\PCMService.exe"=
      "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "\\\\Serveur\\Gestion (O)\\ASTUCES\\Astuces.exe"=
      "C:\\Program Files\\eMule\\emule.exe"=
      "C:\\Program Files\\Shareaza\\Shareaza.exe"=
      "C:\\Program Files\\Namo\\WebEditor 6 Trial\\bin\\WebEditor.exe"=
      "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
      "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\MSN Messenger\\livecall.exe"=
      "C:\\WINDOWS\\system32\\mmc.exe"=
      "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
      "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
      "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
      "C:\\Program Files\\Spamihilator\\dccproc.exe"=
      "C:\\Program Files\\iTunes\\iTunes.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

      R0 PrecSim;PrecSim;C:\WINDOWS\system32\DRIVERS\precsim.sys [2002-04-26 01:00]
      R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
      R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
      R2 NeroRegInCDSrv;Nero Registry InCD Service;C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2008-02-28 14:04]
      R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-05 14:00]
      R2 wfxsvc;DelrinaFax PRO;C:\WINDOWS\system32\WFXSVC.EXE [2000-05-15 17:37]
      R3 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 15:46]
      R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
      R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 14:00]
      S3 Droppix Service;Droppix Service;"C:\Program Files\Fichiers communs\Droppix\DxService.exe" [2008-02-01 17:12]
      S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-04-08 11:57]
      S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 11:38]

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
      UxTuneUp

      *Newly Created Service* - CATCHME

      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
      "C:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe"
      .
      Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
      "2008-04-07 18:42:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
      "2008-04-09 05:04:10 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
      - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
      .
      **************************************************************************

      catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-04-09 07:15:02
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cachés ...

      Balayage caché autostart entries ...

      Balayage des fichiers cachés ...

      Scan terminé avec succès
      Les fichiers cachés: 0

      **************************************************************************
      .
      Temps d'accomplissement: 2008-04-09 7:15:43
      ComboFix-quarantined-files.txt 2008-04-09 05:15:38
      Pre-Run: 7,069,347,840 octets libres
      Post-Run: 7,062,183,936 octets libres
      .
      2008-03-13 02:01:34 --- E O F ---

      Franchement je ne comprend pas grand chose à tout cela , mais je te fait confiance.

      Salutations et merci encore
      0
  2. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    analyse ce fichier sur virus total et si infécté tu le vire: https://www.virustotal.com/gui/

    C:\Okoker.AVI.to.DVD.VCD.DIVX.MPEG.Converter&Burner.v4.9.Crack­ed-AHCU

    ____

    colle le rapport d'un scan en ligne
    avec un des suivants:

    bitdefender en ligne :
    http://www.bitdefender.fr/scan_fr/scan8/ie.html

    scan en ligne firefox

    https://www.trendmicro.com/fr_fr/business.html

    Panda en ligne :
    http://pandasoftware.fr

    ________________
    puis

    colle un rapport hijackthis et dis tes soucis actuels
    0
  3. Doudou62
     
    Salut à toi JlpJlp,
    En fait le fichier que tu m'a demandé d'analyser est un répertoire, mais j'ai quand même analyser les fichiers qui s'y trouvais mais sans résultat et en plus après çà j'ai supprimer le répertoire qui me servais à rien.
    Ci dessous les 2 rapport d'analyse.

    ;***********************************************************************************************************************************************************************************
    ANALYSIS: 2008-04-10 10:22:18
    PROTECTIONS: 1
    MALWARE: 4
    SUSPECTS: 1
    ;***********************************************************************************************************************************************************************************
    PROTECTIONS
    Description Version Active Updated
    ;===================================================================================================================================================================================
    Avira AntiVir PersonalEdition 7.0.3.136
    Yes Yes
    ;===================================================================================================================================================================================
    MALWARE
    Id Description Type Active Severity Disinfectable Disinfected Location
    ;===================================================================================================================================================================================
    00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Didier\Cookies\didier@xiti[1].txt
    01185375 Application/Psexec.A HackTools No 0 Yes No C:\WINDOWS\PSEXESVC.EXE
    01192683 Adware/Lop Adware No 0 Yes No C:\System Volume Information\_restore{EADA2B13-36AE-4518-A8C2-3D8B7D759571}\RP514\A0064328.exe
    02906128 Adware/Zenosearch Adware No 0 Yes No C:\System Volume Information\_restore{EADA2B13-36AE-4518-A8C2-3D8B7D759571}\RP514\A0064321.exe
    ;===================================================================================================================================================================================
    SUSPECTS
    Sent Location =
    ;===================================================================================================================================================================================
    Yes C:\WINDOWS\system32\rcntqldn.exe =
    ;===================================================================================================================================================================================
    VULNERABILITIES
    Id Severity Description =
    ;===================================================================================================================================================================================
    ;===================================================================================================================================================================================

    Logfile of HijackThis v1.99.1
    Scan saved at 10:37:15, on 10.04.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Cobian Backup 8\cbService.exe
    C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\WFXSVC.EXE
    C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
    C:\Program Files\DelFax\WFXMOD32.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\PROGRA~1\DelFax\WFXSWTCH.exe
    C:\WINDOWS\system32\wfxsnt40.exe
    C:\Program Files\Cobian Backup 8\cbInterface.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\windows\system32\kpwnw64r.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\DeTeWe\OpenCTI.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Corel\Corel Graphics 12\Programs\CorUpd.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    C:\Program Files\DelFax\WFXCTL32.EXE
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\iTunes\iTunes.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\distnoted.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\WINDOWS\system32\rcntqldn.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://english.ircfast2.com/index.php?rvs=hompag
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aceradvantage.com/stdreg
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\DelFax\WFXSWTCH.exe
    O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Cobian Backup 8 interface] "C:\Program Files\Cobian Backup 8\cbInterface.exe" -service
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\FR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=041908 serial=DR12WUG-9117671-vnl lang=FR
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [{D1-18-80-0E-DW}] C:\windows\system32\kpwnw64r.exe DWoli5FF
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero8\InCD\InCD.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [g]eeV\mWhjlnspB] C:\WINDOWS\system32\rcntqldn.exe DWoli5FF
    O4 - HKCU\..\Run: [OpenCTI] "C:\Program Files\DeTeWe\OpenCTI.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [c:_program files_corel_cor3c] C:\Program Files\Corel\Corel Graphics 12\Programs\CorUpd.exe /Watch /r="Software\Corel\CorelDRAW\12.0"
    O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\rcntqldn.exe
    O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\kpwnw64r.exe
    O4 - Global Startup: BlueSoleil.lnk = ?
    O4 - Global Startup: Contrôleur.LNK = C:\Program Files\DelFax\WFXCTL32.EXE
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
    O23 - Service: Cobian Backup 8 service (CobBMService) - Luis Cobian - C:\Program Files\Cobian Backup 8\cbService.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: Droppix Service - Droppix - C:\Program Files\Fichiers communs\Droppix\DxService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
    O23 - Service: DelrinaFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE

    Voila c'est fait... dis moi ce que tu pense, merci d'avance

    Salutations
    0
  4. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

    Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    File::
    C:\WINDOWS\system32\rcntqldn.exe
    C:\WINDOWS\system32\kpwnw64r.exe
    C:\WINDOWS\system32\rwwnw64d.exe

    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayide­ntifiers\NBHShellExt]
    @={8D2223A2-B3C6-4e32-B096-CDD11F628C60}
    "{D1-18-80-0E-DW}"="-

    Enregistre ce fichier sous le nom CFscript

    Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

    Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

    Remets aussi un rapport Hijackthis

    Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Doudou62
     
    Salut à toi JlpJlp, quel patience...j'ai fait mes devoirs et je te poste ci-dessous les 2 rapports.

    Merci encore.

    ComboFix 08-04-08.7 - Didier 2008-04-10 13:24:32.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.490 [GMT 2:00]
    Endroit: C:\Documents and Settings\Didier\Bureau\KillBagle.exe
    Command switches used :: C:\Documents and Settings\Didier\Bureau\CFscript.txt
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

    FILE ::
    C:\WINDOWS\system32\kpwnw64r.exe
    C:\WINDOWS\system32\rcntqldn.exe
    C:\WINDOWS\system32\rwwnw64d.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Didier\Menu Démarrer\Programmes\Démarrage\Deewoo.lnk
    C:\Documents and Settings\Didier\Menu Démarrer\Programmes\Démarrage\DW_Start.lnk
    C:\WINDOWS\system32\kpwnw64r.exe
    C:\WINDOWS\system32\msnav32.ax
    C:\WINDOWS\system32\rcntqldn.exe
    C:\WINDOWS\system32\rwwnw64d.exe
    C:\WINDOWS\system32\zxdnt3d.cfg

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-03-10 to 2008-04-10 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-10 12:50 . 2008-04-10 12:50 100,469,258 --a------ C:\SAUVEGARDE REGISTRE LE 10-4-2008.reg
    2008-04-10 07:40 . 2008-04-10 07:42 <REP> d-------- C:\Program Files\Panda Security
    2008-04-10 03:00 . 2008-04-10 03:03 1,374 --a------ C:\WINDOWS\imsins.BAK
    2008-04-09 13:26 . 2008-04-09 13:25 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
    2008-04-09 13:25 . 2008-04-09 13:34 <REP> d-------- C:\Documents and Settings\Didier\.housecall6.6
    2008-04-09 12:09 . 2008-04-09 12:09 361,429 --a------ C:\Img005.jpg
    2008-04-09 09:39 . 2008-04-09 09:39 <REP> d-------- C:\Program Files\Avira
    2008-04-09 09:39 . 2008-04-09 09:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-04-09 07:34 . 2008-04-10 13:05 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-04-09 07:34 . 2008-04-09 07:34 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-04-09 06:56 . 2008-04-09 06:56 <REP> d-------- C:\_OTMoveIt
    2008-04-08 12:31 . 2008-04-08 12:32 <REP> d-------- C:\Program Files\RegCleaner
    2008-04-08 11:57 . 2008-04-08 11:57 307,968 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
    2008-04-08 11:57 . 2008-02-27 13:15 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
    2008-04-08 10:53 . 2008-04-08 08:57 141,525 --a------ C:\Capture01.jpg
    2008-04-08 07:34 . 2005-02-16 11:06 218,112 --a------ C:\HijackThis.exe
    2008-04-08 07:31 . 2008-04-08 07:31 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-04-08 07:31 . 2008-04-08 07:31 <REP> d-------- C:\Documents and Settings\Didier\Application Data\Malwarebytes
    2008-04-08 07:31 . 2008-04-08 07:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-04-07 09:46 . 2008-04-07 09:46 <REP> d-------- C:\Documents and Settings\Didier\Application Data\Grisoft
    2008-04-07 09:46 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2008-04-01 15:23 . 2008-04-01 15:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2008-04-01 07:54 . 2008-04-01 07:54 712,841 --a------ C:\Test aptitude.JPG
    2008-03-29 03:09 . 2008-04-10 06:49 933 --a------ C:\WINDOWS\system32\winpfz33.sys
    2008-03-28 13:10 . 2008-03-28 13:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
    2008-03-27 08:52 . 2008-03-27 08:52 <REP> d-------- C:\Program Files\NeroInstall.bak
    2008-03-27 08:50 . 2008-03-27 08:50 <REP> d-------- C:\Documents and Settings\Didier\Application Data\Nero
    2008-03-27 08:47 . 2008-03-27 08:48 <REP> d-------- C:\Program Files\Fichiers communs\Nero
    2008-03-27 08:47 . 2008-03-27 08:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
    2008-03-27 08:32 . 2008-03-27 08:32 49,185 --a------ C:\WINDOWS\system32\kownw64r.exe
    2008-03-25 16:44 . 2008-03-25 16:44 33,792 --a------ C:\Devis CSF Batailles sans prix.xls
    2008-03-25 15:22 . 2008-03-25 15:22 19,759 --a------ C:\8822 DV version client.xls
    2008-03-25 11:42 . 2008-03-25 11:42 88,232 --a------ C:\bookmarks.html
    2008-03-25 11:37 . 2008-03-25 11:40 851 --a------ C:\VSO ConvertXtoDvd.lnk
    2008-03-25 11:23 . 2007-03-28 07:18 735 --a------ C:\VSO PhotoDVD.lnk
    2008-03-18 11:56 . 2008-03-18 12:52 5,105 --a------ C:\Abieniste mail .htm
    2008-03-18 10:34 . 2008-03-18 10:22 946,016 --a------ C:\Maison Sécurité Froid.bak
    2008-03-18 10:13 . 2008-03-18 10:34 970,016 --a------ C:\Maison Sécurité Froid.dwg
    2008-03-12 12:12 . 2008-03-12 12:12 21 --a------ C:\WINDOWS\TemplateWizard.INI

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-08 09:57 --------- d-----w C:\Program Files\TuneUp Utilities 2008
    2008-04-07 07:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-04-03 11:56 --------- d-----w C:\Program Files\DelFax
    2008-03-27 06:47 --------- d-----w C:\Program Files\Nero
    2008-03-27 06:38 --------- d-----w C:\Program Files\Fichiers communs\Ahead
    2008-03-27 02:37 --------- d-----w C:\Program Files\eMule
    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
    2008-03-12 09:08 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-03-06 06:44 --------- d-----w C:\Program Files\Scelte32
    2008-03-03 13:53 --------- d-----w C:\Program Files\Yahoo!
    2008-03-03 13:53 --------- d-----w C:\Program Files\Fichiers communs\ACD Systems
    2008-03-03 08:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
    2008-03-03 06:59 --------- d-----w C:\Documents and Settings\Didier\Application Data\Corel
    2008-03-03 06:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-03-03 06:29 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-03-03 06:29 --------- d-----w C:\Program Files\Fichiers communs\Corel
    2008-03-03 06:28 --------- d-----w C:\Program Files\Corel
    2008-03-03 06:24 --------- d-----w C:\Program Files\WinISO
    2008-03-01 16:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    2008-02-29 08:57 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
    2008-02-29 08:56 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2008-02-28 16:38 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
    2008-02-28 12:04 238,888 ----a-w C:\WINDOWS\NuNInst.exe
    2008-02-28 12:03 40,360 ----a-w C:\WINDOWS\system32\drivers\InCDRm.sys
    2008-02-28 12:03 38,952 ----a-w C:\WINDOWS\system32\drivers\InCDPass.sys
    2008-02-28 12:03 17,448 ----a-w C:\WINDOWS\system32\drivers\InCDrec.sys
    2008-02-28 12:03 128,424 ----a-w C:\WINDOWS\system32\drivers\InCDfs.sys
    2008-02-26 15:14 972,072 ----a-w C:\WINDOWS\UNRecode.exe
    2008-02-26 13:30 9,216 ----a-w C:\WINDOWS\system32\avgwlntf.dll
    2008-02-26 06:07 --------- d-----w C:\Program Files\iTunes
    2008-02-26 06:07 --------- d-----w C:\Program Files\iPod
    2008-02-26 06:05 --------- d-----w C:\Program Files\QuickTime
    2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
    2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
    2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
    2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
    2008-02-20 05:35 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
    2008-02-18 15:21 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
    2008-02-18 15:21 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
    2008-02-18 15:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
    2008-02-18 06:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\LightScribe
    2008-02-18 06:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Droppix
    2008-02-18 06:52 --------- d-----w C:\Program Files\illiminable
    2008-02-18 06:52 --------- d-----w C:\Program Files\Fichiers communs\LightScribe
    2008-02-18 06:52 --------- d-----w C:\Program Files\Fichiers communs\Droppix
    2008-02-18 06:52 --------- d-----w C:\Documents and Settings\Didier\Application Data\Droppix
    2008-02-18 06:51 --------- d-----w C:\Program Files\Droppix
    2008-02-15 14:14 --------- d-----w C:\Program Files\Microsoft ActiveSync
    2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
    2008-02-14 12:40 --------- d-----w C:\Program Files\PowerpointImageExtractor_V1_2
    2008-02-14 10:28 --------- d-----w C:\Documents and Settings\Didier\Application Data\Spamihilator
    2008-02-14 10:08 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-02-14 06:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
    2008-02-12 05:48 --------- d-----w C:\Documents and Settings\Didier\Application Data\Else plus
    2008-02-12 05:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sign scr mags for
    2007-10-02 11:28 667 ----a-w C:\Documents and Settings\Didier\Application Data\waver_2.95.dat
    2007-02-15 10:02 87,608 ----a-w C:\Documents and Settings\Didier\Application Data\ezpinst.exe
    2007-02-15 10:02 47,360 ----a-w C:\Documents and Settings\Didier\Application Data\pcouffin.sys
    .

    ((((((((((((((((((((((((((((( snapshot@2008-04-09_ 7.15.21.14 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-03-20 07:56:50 1,846,016 ----a-w C:\WINDOWS\$hf_mig$\KB941693\SP2QFE\win32k.sys
    + 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spmsg.dll
    + 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spuninst.exe
    + 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\spcustom.dll
    + 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\update.exe
    + 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\updspapi.dll
    + 2008-02-20 05:20:23 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsapi.dll
    + 2008-02-20 18:50:24 45,568 ----a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsrslvr.dll
    + 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB945553\spmsg.dll
    + 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB945553\spuninst.exe
    + 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\spcustom.dll
    + 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\update.exe
    + 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\updspapi.dll
    + 2008-02-20 06:52:42 282,624 ----a-w C:\WINDOWS\$hf_mig$\KB948590\SP2QFE\gdi32.dll
    + 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spmsg.dll
    + 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spuninst.exe
    + 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\spcustom.dll
    + 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\update.exe
    + 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\updspapi.dll
    + 2007-12-07 02:08:32 124,928 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll
    + 2007-12-19 22:53:23 347,136 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtmsft.dll
    + 2007-12-07 02:08:32 214,528 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtrans.dll
    + 2007-12-07 02:08:32 133,120 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\extmgr.dll
    + 2007-12-07 02:08:32 63,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\icardie.dll
    + 2007-12-06 11:02:31 70,656 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ie4uinit.exe
    + 2007-12-07 02:08:32 153,088 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakeng.dll
    + 2007-12-07 02:08:32 230,400 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieaksie.dll
    + 2007-12-06 04:59:51 161,792 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakui.dll
    + 2007-12-07 02:08:32 383,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dll
    + 2007-12-07 02:08:32 384,512 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iedkcs32.dll
    + 2007-12-07 02:08:33 6,066,176 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieframe.dll
    + 2007-12-07 02:08:33 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iernonce.dll
    + 2007-12-07 02:08:33 267,776 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iertutil.dll
    + 2007-12-06 11:00:58 13,824 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieudinit.exe
    + 2007-12-06 11:03:16 625,664 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe
    + 2007-12-07 02:08:33 27,648 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\jsproxy.dll
    + 2007-12-07 02:08:33 459,264 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeeds.dll
    + 2007-12-07 02:08:33 52,224 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeedsbs.dll
    + 2007-12-08 05:08:36 3,592,192 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll
    + 2007-12-07 02:08:34 478,208 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtmled.dll
    + 2007-12-07 02:08:34 193,024 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msrating.dll
    + 2007-12-07 02:08:34 671,232 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mstime.dll
    + 2007-12-07 02:08:34 102,912 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\occache.dll
    + 2008-01-11 05:36:55 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\pngfilt.dll
    + 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe
    + 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\updspapi.dll
    + 2007-12-07 02:08:34 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll
    + 2007-12-07 02:08:34 1,159,680 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll
    + 2007-12-07 02:08:34 233,472 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll
    + 2007-12-07 02:08:34 824,832 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
    - 2007-12-07 02:08:32 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
    + 2008-03-01 12:58:06 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
    - 2007-12-07 02:08:32 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
    + 2008-03-01 12:58:06 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
    - 2007-12-19 22:53:23 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
    + 2008-03-01 12:58:06 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
    - 2007-12-07 02:08:32 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
    + 2008-03-01 12:58:06 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
    - 2007-12-07 02:08:32 133,120 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
    + 2008-03-01 12:58:06 133,120 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
    - 2007-12-07 02:08:32 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
    + 2008-03-01 12:58:06 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
    - 2007-12-07 02:08:32 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
    + 2008-03-01 12:58:06 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
    - 2007-12-07 02:08:32 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
    + 2008-03-01 12:58:06 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
    - 2007-12-07 02:08:32 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
    + 2008-03-01 12:58:07 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
    - 2007-12-07 02:08:32 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
    + 2008-03-01 12:58:07 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
    - 2007-12-07 02:08:33 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
    + 2008-03-01 12:58:08 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
    - 2007-12-07 02:08:33 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
    + 2008-03-01 12:58:08 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
    - 2007-12-07 02:08:33 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
    + 2008-03-01 12:58:08 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
    - 2007-12-07 02:08:33 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
    + 2008-03-01 12:58:08 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
    - 2007-12-07 02:08:33 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
    + 2008-03-01 12:58:08 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
    - 2007-12-07 02:08:33 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    + 2008-03-01 12:58:08 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    - 2007-12-07 02:08:34 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
    + 2008-03-01 12:58:09 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
    - 2007-12-07 02:08:34 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
    + 2008-03-01 12:58:10 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
    - 2007-12-07 02:08:34 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
    + 2008-03-01 12:58:10 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
    - 2007-12-07 02:08:34 102,912 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
    + 2008-03-01 12:58:10 102,912 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
    - 2008-01-11 05:36:55 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
    + 2008-03-01 12:58:10 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
    - 2007-12-07 02:08:34 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
    + 2008-03-01 12:58:10 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
    - 2007-12-07 02:08:34 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
    + 2008-03-01 12:58:10 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
    - 2007-12-07 02:08:34 233,472 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
    + 2008-03-01 12:58:11 233,472 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
    - 2007-12-07 02:08:34 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
    + 2008-03-01 12:58:11 826,368 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
    - 2006-06-26 17:41:32 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll
    + 2008-02-20 05:35:05 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
    + 2007-08-09 11:04:11 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
    + 2007-07-18 12:22:19 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
    + 2008-04-09 07:41:55 61,632 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
    + 2007-03-01 08:34:36 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
    - 2007-12-19 22:53:23 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
    + 2008-03-01 12:58:06 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
    - 2007-12-07 02:08:32 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
    + 2008-03-01 12:58:06 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
    - 2007-12-07 02:08:32 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
    + 2008-03-01 12:58:06 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
    - 2008-03-03 08:09:08 654,656 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
    + 2008-04-10 01:10:53 654,656 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
    - 2007-12-07 02:08:32 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
    + 2008-03-01 12:58:06 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
    - 2007-12-06 11:02:31 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
    + 2008-02-29 08:56:41 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
    - 2007-12-07 02:08:32 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
    + 2008-03-01 12:58:06 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
    - 2007-12-07 02:08:32 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
    + 2008-03-01 12:58:06 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
    - 2007-12-06 04:59:51 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
    + 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
    - 2007-12-07 02:08:32 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
    + 2008-03-01 12:58:07 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
    - 2007-12-07 02:08:32 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
    + 2008-03-01 12:58:07 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
    - 2007-12-07 02:08:33 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
    + 2008-03-01 12:58:08 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
    - 2007-12-07 02:08:33 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
    + 2008-03-01 12:58:08 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
    - 2007-12-07 02:08:33 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
    + 2008-03-01 12:58:08 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
    - 2007-12-06 11:00:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
    + 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
    - 2007-12-07 02:08:33 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
    + 2008-03-01 12:58:08 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
    - 2008-03-05 16:30:54 19,148,408 ----a-w C:\WINDOWS\system32\MRT.exe
    + 2008-04-06 05:56:20 19,836,024 ----a-w C:\WINDOWS\system32\MRT.exe
    - 2007-12-07 02:08:33 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
    + 2008-03-01 12:58:08 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
    - 2007-12-07 02:08:33 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
    + 2008-03-01 12:58:08 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
    - 2007-12-08 05:08:36 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll
    + 2008-03-01 16:28:10 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
    - 2007-12-07 02:08:34 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
    + 2008-03-01 12:58:09 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
    - 2007-12-07 02:08:34 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
    + 2008-03-01 12:58:10 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
    - 2007-12-07 02:08:34 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
    + 2008-03-01 12:58:10 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
    - 2007-12-07 02:08:34 102,912 ----a-w C:\WINDOWS\system32\occache.dll
    + 2008-03-01 12:58:10 102,912 ----a-w C:\WINDOWS\system32\occache.dll
    - 2008-03-31 05:03:31 63,860 ----a-w C:\WINDOWS\system32\perfc009.dat
    + 2008-04-10 11:09:20 63,860 ----a-w C:\WINDOWS\system32\perfc009.dat
    - 2008-03-31 05:03:31 77,014 ----a-w C:\WINDOWS\system32\perfc00C.dat
    + 2008-04-10 11:09:20 77,014 ----a-w C:\WINDOWS\system32\perfc00C.dat
    - 2008-03-31 05:03:31 405,310 ----a-w C:\WINDOWS\system32\perfh009.dat
    + 2008-04-10 11:09:20 405,310 ----a-w C:\WINDOWS\system32\perfh009.dat
    - 2008-03-31 05:03:31 472,378 ----a-w C:\WINDOWS\system32\perfh00C.dat
    + 2008-04-10 11:09:20 472,378 ----a-w C:\WINDOWS\system32\perfh00C.dat
    - 2008-01-11 05:36:55 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
    + 2008-03-01 12:58:10 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
    - 2007-12-07 02:08:34 105,984 ----a-w C:\WINDOWS\system32\url.dll
    + 2008-03-01 12:58:10 105,984 ----a-w C:\WINDOWS\system32\url.dll
    - 2007-12-07 02:08:34 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
    + 2008-03-01 12:58:10 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
    - 2007-12-07 02:08:34 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
    + 2008-03-01 12:58:11 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
    - 2007-12-07 02:08:34 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
    + 2008-03-01 12:58:11 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    + 2008-04-10 11:04:37 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_230.dat
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
    @={8D2223A2-B3C6-4e32-B096-CDD11F628C60}

    [HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
    2008-02-28 14:04 97064 --a------ C:\Program Files\Nero\Nero8\InCD\NBHShx.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "OpenCTI"="C:\Program Files\DeTeWe\OpenCTI.exe" [2004-12-03 14:22 221184]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 15:07 1289000]
    "LightScribe Control Panel"="C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe" [2008-01-24 13:32 2289664]
    "c:_program files_corel_cor3c"="C:\Program Files\Corel\Corel Graphics 12\Programs\CorUpd.exe" [2003-11-18 10:38 139264]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00 455168]
    "SoundMan"="SOUNDMAN.EXE" [2005-08-16 23:39 90112 C:\WINDOWS\SOUNDMAN.EXE]
    "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 15:40 413696]
    "WFXSwtch"="C:\PROGRA~1\DelFax\WFXSWTCH.exe" [2006-12-27 10:52 28160]
    "WinFaxAppPortStarter"="wfxsnt40.exe" [2006-12-27 10:52 45568 C:\WINDOWS\system32\WFXSNT40.EXE]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 15:46 28160 C:\WINDOWS\KHALMNPR.Exe]
    "Cobian Backup 8 interface"="C:\Program Files\Cobian Backup 8\cbInterface.exe" [2007-03-21 00:35 2424320]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
    "MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-17 14:12 135168]
    "CorelDRAW Graphics Suite 11b"="C:\Program Files\Corel\Corel Graphics 12\Languages\FR\Programs\Registration.exe" [2003-12-03 02:52 733184]
    "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 13:41 196608]
    "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-04-13 07:07 69632]
    "{D1-18-80-0E-DW}"="C:\windows\system32\kpwnw64r.exe" [ ]
    "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 17:29 2221352]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
    "InCD"="C:\Program Files\Nero\Nero8\InCD\InCD.exe" [2008-02-28 14:03 1083176]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-09 09:41 249896]
    "g]eeV\mWhjlnspB"="C:\WINDOWS\system32\rcntqldn.exe" [ ]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2006-12-11 09:18:31 1048576]
    Contr“leur.LNK - C:\Program Files\DelFax\WFXCTL32.EXE [2006-12-27 10:20:35 549888]
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-12-27 16:38:25 450560]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{A213B520-C6C2-11d0-AF9D-008029E1027E}"= C:\Program Files\DelFax\WfxSeh32.Dll [1998-07-27 09:54 38400]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
    avgwlntf.dll 2008-02-26 15:30 9216 C:\WINDOWS\system32\avgwlntf.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.l3acm"= C:\WINDOWS\system32\l3codecp.acm
    "msacm.l3codecp"=
    "VIDC.ACDV"= ACDV.dll

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
    "MsnMsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe
    "LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    "PCMService"="C:\Program Files\Acer TV-FM\PCMService.exe"
    "MediaSync"=C:\Program Files\Acer\Acer eConsole\MediaSync.exe
    "OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    "SiSPower"=Rundll32.exe SiSPower.dll,ModeAgent
    "Logitech Hardware Abstraction Layer"=KHALMNPR.EXE
    "LaunchApp"=Alaunch
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    "SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    "AspireService"=C:\Program Files\Acer\Acer eMode Management\AspireService.exe
    "OPSE reminder"="C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini"
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
    "MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    "ntiMUI"=C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
    "Device Detector"=DevDetect.exe -autorun
    "CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
    "MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
    "mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
    "Spamihilator"="C:\Program Files\Spamihilator\spamihilator.exe"
    "SecurDisc"=C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
    "NeroFilterCheck"=C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "FirewallOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Acer TV-FM\\PowerCinema.exe"=
    "C:\\Program Files\\Acer TV-FM\\PCMService.exe"=
    "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "\\\\Serveur\\Gestion (O)\\ASTUCES\\Astuces.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\Shareaza\\Shareaza.exe"=
    "C:\\Program Files\\Namo\\WebEditor 6 Trial\\bin\\WebEditor.exe"=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\WINDOWS\\system32\\mmc.exe"=
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "C:\\Program Files\\Spamihilator\\dccproc.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R0 PrecSim;PrecSim;C:\WINDOWS\system32\DRIVERS\precsim.sys [2002-04-26 01:00]
    R2 NeroRegInCDSrv;Nero Registry InCD Service;C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2008-02-28 14:04]
    R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-05 14:00]
    R2 wfxsvc;DelrinaFax PRO;C:\WINDOWS\system32\WFXSVC.EXE [2000-05-15 17:37]
    R3 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 15:46]
    R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 14:00]
    S3 Droppix Service;Droppix Service;"C:\Program Files\Fichiers communs\Droppix\DxService.exe" [2008-02-01 17:12]
    S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-04-08 11:57]
    S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 11:38]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "C:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe"
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-04-07 18:42:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-04-10 11:04:44 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
    .
    **************************************************************************

    catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-10 13:29:32
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "g]eeV\\mWhjlnspB"="C:\\WINDOWS\\system32\\rcntqldn.exe DWoli5FF"
    .
    Temps d'accomplissement: 2008-04-10 13:30:52
    ComboFix-quarantined-files.txt 2008-04-10 11:30:39
    ComboFix2.txt 2008-04-09 05:15:44
    Pre-Run: 6,906,867,712 octets libres
    Post-Run: 6,895,140,864 octets libres
    .
    2008-04-10 01:03:14 --- E O F ---

    Logfile of HijackThis v1.99.1
    Scan saved at 06:55:40, on 11.04.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Cobian Backup 8\cbService.exe
    C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\WFXSVC.EXE
    C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
    C:\Program Files\DelFax\WFXMOD32.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\PROGRA~1\DelFax\WFXSWTCH.exe
    C:\WINDOWS\system32\wfxsnt40.exe
    C:\Program Files\Cobian Backup 8\cbInterface.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\DeTeWe\OpenCTI.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Corel\Corel Graphics 12\Programs\CorUpd.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    C:\Program Files\DelFax\WFXCTL32.EXE
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\iTunes\iTunes.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\distnoted.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://english.ircfast2.com/index.php?rvs=hompag
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aceradvantage.com/stdreg
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\DelFax\WFXSWTCH.exe
    O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Cobian Backup 8 interface] "C:\Program Files\Cobian Backup 8\cbInterface.exe" -service
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\FR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=041908 serial=DR12WUG-9117671-vnl lang=FR
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [{D1-18-80-0E-DW}] C:\windows\system32\kpwnw64r.exe DWoli5FF
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero8\InCD\InCD.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [g]eeV\mWhjlnspB] C:\WINDOWS\system32\rcntqldn.exe DWoli5FF
    O4 - HKCU\..\Run: [OpenCTI] "C:\Program Files\DeTeWe\OpenCTI.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [c:_program files_corel_cor3c] C:\Program Files\Corel\Corel Graphics 12\Programs\CorUpd.exe /Watch /r="Software\Corel\CorelDRAW\12.0"
    O4 - Global Startup: BlueSoleil.lnk = ?
    O4 - Global Startup: Contrôleur.LNK = C:\Program Files\DelFax\WFXCTL32.EXE
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
    O23 - Service: Cobian Backup 8 service (CobBMService) - Luis Cobian - C:\Program Files\Cobian Backup 8\cbService.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: Droppix Service - Droppix - C:\Program Files\Fichiers communs\Droppix\DxService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
    O23 - Service: DelrinaFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE

    Et voila que te dire de plus

    Salutations
    0
  7. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    analyse ces fichiers sur virus total et si infécté tu le rajoute dans la partie file
    https://www.virustotal.com/gui/

    C:\WINDOWS\system32\winpfz33.sys
    C:\WINDOWS\system32\kownw64r.exe

    _________________________

    Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

    Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    File::
    C:\Documents and Settings\Didier\Menu Démarrer\Programmes\Démarrage\Deewoo.lnk
    C:\Documents and Settings\Didier\Menu Démarrer\Programmes\Démarrage\DW_Start.lnk
    C:\WINDOWS\system32\kpwnw64r.exe
    C:\WINDOWS\system32\msnav32.ax
    C:\WINDOWS\system32\rcntqldn.exe
    C:\WINDOWS\system32\rwwnw64d.exe
    C:\WINDOWS\system32\zxdnt3d.cfg

    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayide­­ntifiers\NBHShellExt]
    @={8D2223A2-B3C6-4e32-B096-CDD11F628C60}
    "{D1-18-80-0E-DW}"=-
    "g]eeV\mWhjlnspB"=-

    Enregistre ce fichier sous le nom CFscript

    Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

    Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

    Remets aussi un rapport Hijackthis

    Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
    0
  8. Doudou62
     
    Salut à toi JlpJlp,
    Effectivement le fichier kownw64r.exe était infecter donc j'ai suivis tes recommandations ci-dessous les 2 rapports demandés.

    ComboFix 08-04-08.7 - Didier 2008-04-11 11:36:24.3 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.452 [GMT 2:00]
    Endroit: C:\Documents and Settings\Didier\Bureau\KillBagle.exe
    Command switches used :: C:\Documents and Settings\Didier\Bureau\CFscript.txt
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

    FILE ::
    C:\Documents and Settings\Didier\Menu Démarrer\Programmes\Démarrage\Deewoo.lnk
    C:\Documents and Settings\Didier\Menu Démarrer\Programmes\Démarrage\DW_Start.lnk
    C:\WINDOWS\system32\kownw64r.exe
    C:\WINDOWS\system32\kpwnw64r.exe
    C:\WINDOWS\system32\msnav32.ax
    C:\WINDOWS\system32\rcntqldn.exe
    C:\WINDOWS\system32\rwwnw64d.exe
    C:\WINDOWS\system32\zxdnt3d.cfg
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\kownw64r.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-03-11 to 2008-04-11 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-10 12:50 . 2008-04-10 12:50 100,469,258 --------- C:\SAUVEGARDE REGISTRE LE 10-4-2008.reg
    2008-04-10 07:40 . 2008-04-10 07:42 <REP> d-------- C:\Program Files\Panda Security
    2008-04-10 03:00 . 2008-04-10 03:03 1,374 --a------ C:\WINDOWS\imsins.BAK
    2008-04-09 13:26 . 2008-04-09 13:25 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
    2008-04-09 13:25 . 2008-04-09 13:34 <REP> d-------- C:\Documents and Settings\Didier\.housecall6.6
    2008-04-09 12:09 . 2008-04-09 12:09 361,429 --------- C:\Img005.jpg
    2008-04-09 09:39 . 2008-04-09 09:39 <REP> d-------- C:\Program Files\Avira
    2008-04-09 09:39 . 2008-04-09 09:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-04-09 07:34 . 2008-04-10 13:34 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-04-09 07:34 . 2008-04-09 07:34 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-04-09 06:56 . 2008-04-09 06:56 <REP> d-------- C:\_OTMoveIt
    2008-04-08 12:31 . 2008-04-08 12:32 <REP> d-------- C:\Program Files\RegCleaner
    2008-04-08 11:57 . 2008-04-08 11:57 307,968 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
    2008-04-08 11:57 . 2008-02-27 13:15 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
    2008-04-08 10:53 . 2008-04-08 08:57 141,525 --------- C:\Capture01.jpg
    2008-04-08 07:34 . 2005-02-16 11:06 218,112 --------- C:\HijackThis.exe
    2008-04-08 07:31 . 2008-04-08 07:31 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-04-08 07:31 . 2008-04-08 07:31 <REP> d-------- C:\Documents and Settings\Didier\Application Data\Malwarebytes
    2008-04-08 07:31 . 2008-04-08 07:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-04-07 09:46 . 2008-04-07 09:46 <REP> d-------- C:\Documents and Settings\Didier\Application Data\Grisoft
    2008-04-07 09:46 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2008-04-01 15:23 . 2008-04-01 15:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2008-04-01 07:54 . 2008-04-01 07:54 712,841 --------- C:\Test aptitude.JPG
    2008-03-29 03:09 . 2008-04-10 06:49 933 --a------ C:\WINDOWS\system32\winpfz33.sys
    2008-03-28 13:10 . 2008-03-28 13:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
    2008-03-27 08:52 . 2008-03-27 08:52 <REP> d-------- C:\Program Files\NeroInstall.bak
    2008-03-27 08:50 . 2008-03-27 08:50 <REP> d-------- C:\Documents and Settings\Didier\Application Data\Nero
    2008-03-27 08:47 . 2008-03-27 08:48 <REP> d-------- C:\Program Files\Fichiers communs\Nero
    2008-03-27 08:47 . 2008-03-27 08:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
    2008-03-25 16:44 . 2008-03-25 16:44 33,792 --a------ C:\Devis CSF Batailles sans prix.xls
    2008-03-25 15:22 . 2008-03-25 15:22 19,759 --a------ C:\8822 DV version client.xls
    2008-03-25 11:42 . 2008-03-25 11:42 88,232 --a------ C:\bookmarks.html
    2008-03-25 11:37 . 2008-03-25 11:40 851 --a------ C:\VSO ConvertXtoDvd.lnk
    2008-03-25 11:23 . 2007-03-28 07:18 735 --a------ C:\VSO PhotoDVD.lnk
    2008-03-18 11:56 . 2008-03-18 12:52 5,105 --------- C:\Abieniste mail .htm
    2008-03-18 10:34 . 2008-03-18 10:22 946,016 --a------ C:\Maison Sécurité Froid.bak
    2008-03-18 10:13 . 2008-03-18 10:34 970,016 --------- C:\Maison Sécurité Froid.dwg
    2008-03-12 12:12 . 2008-03-12 12:12 21 --a------ C:\WINDOWS\TemplateWizard.INI

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-11 05:37 --------- d-----w C:\Program Files\Microsoft ActiveSync
    2008-04-08 09:57 --------- d-----w C:\Program Files\TuneUp Utilities 2008
    2008-04-07 07:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-04-03 11:56 --------- d-----w C:\Program Files\DelFax
    2008-03-27 06:47 --------- d-----w C:\Program Files\Nero
    2008-03-27 06:38 --------- d-----w C:\Program Files\Fichiers communs\Ahead
    2008-03-27 02:37 --------- d-----w C:\Program Files\eMule
    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
    2008-03-12 09:08 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-03-06 06:44 --------- d-----w C:\Program Files\Scelte32
    2008-03-03 13:53 --------- d-----w C:\Program Files\Yahoo!
    2008-03-03 13:53 --------- d-----w C:\Program Files\Fichiers communs\ACD Systems
    2008-03-03 08:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
    2008-03-03 06:59 --------- d-----w C:\Documents and Settings\Didier\Application Data\Corel
    2008-03-03 06:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-03-03 06:29 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-03-03 06:29 --------- d-----w C:\Program Files\Fichiers communs\Corel
    2008-03-03 06:28 --------- d-----w C:\Program Files\Corel
    2008-03-03 06:24 --------- d-----w C:\Program Files\WinISO
    2008-03-01 16:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    2008-02-29 08:57 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
    2008-02-29 08:56 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2008-02-28 16:38 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
    2008-02-28 12:04 238,888 ----a-w C:\WINDOWS\NuNInst.exe
    2008-02-28 12:03 40,360 ----a-w C:\WINDOWS\system32\drivers\InCDRm.sys
    2008-02-28 12:03 38,952 ----a-w C:\WINDOWS\system32\drivers\InCDPass.sys
    2008-02-28 12:03 17,448 ----a-w C:\WINDOWS\system32\drivers\InCDrec.sys
    2008-02-28 12:03 128,424 ----a-w C:\WINDOWS\system32\drivers\InCDfs.sys
    2008-02-26 15:14 972,072 ----a-w C:\WINDOWS\UNRecode.exe
    2008-02-26 13:30 9,216 ----a-w C:\WINDOWS\system32\avgwlntf.dll
    2008-02-26 06:07 --------- d-----w C:\Program Files\iTunes
    2008-02-26 06:07 --------- d-----w C:\Program Files\iPod
    2008-02-26 06:05 --------- d-----w C:\Program Files\QuickTime
    2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
    2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
    2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
    2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
    2008-02-20 05:35 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
    2008-02-18 15:21 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
    2008-02-18 15:21 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
    2008-02-18 15:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
    2008-02-18 06:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\LightScribe
    2008-02-18 06:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Droppix
    2008-02-18 06:52 --------- d-----w C:\Program Files\illiminable
    2008-02-18 06:52 --------- d-----w C:\Program Files\Fichiers communs\LightScribe
    2008-02-18 06:52 --------- d-----w C:\Program Files\Fichiers communs\Droppix
    2008-02-18 06:52 --------- d-----w C:\Documents and Settings\Didier\Application Data\Droppix
    2008-02-18 06:51 --------- d-----w C:\Program Files\Droppix
    2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
    2008-02-14 12:40 --------- d-----w C:\Program Files\PowerpointImageExtractor_V1_2
    2008-02-14 10:28 --------- d-----w C:\Documents and Settings\Didier\Application Data\Spamihilator
    2008-02-14 10:08 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-02-14 06:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
    2008-02-12 05:48 --------- d-----w C:\Documents and Settings\Didier\Application Data\Else plus
    2008-02-12 05:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sign scr mags for
    2007-10-02 11:28 667 ----a-w C:\Documents and Settings\Didier\Application Data\waver_2.95.dat
    2007-02-15 10:02 87,608 ----a-w C:\Documents and Settings\Didier\Application Data\ezpinst.exe
    2007-02-15 10:02 47,360 ----a-w C:\Documents and Settings\Didier\Application Data\pcouffin.sys
    .

    ((((((((((((((((((((((((((((( snapshot_2008-04-10_13.30.02.15 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-04-08 06:34:42 593,920 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe
    + 2008-04-11 05:38:31 593,920 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe
    - 2008-04-08 06:34:42 12,288 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    + 2008-04-11 05:38:31 12,288 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    - 2008-04-08 06:34:42 86,016 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe
    + 2008-04-11 05:38:31 86,016 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe
    - 2008-04-08 06:34:42 135,168 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe
    + 2008-04-11 05:38:31 135,168 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe
    - 2008-04-08 06:34:42 11,264 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    + 2008-04-11 05:38:31 11,264 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    - 2008-04-08 06:34:42 27,136 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    + 2008-04-11 05:38:32 27,136 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    - 2008-04-08 06:34:42 4,096 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    + 2008-04-11 05:38:32 4,096 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    - 2008-04-08 06:34:42 794,624 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
    + 2008-04-11 05:38:32 794,624 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
    - 2008-04-08 06:34:42 249,856 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
    + 2008-04-11 05:38:31 249,856 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
    - 2008-04-08 06:34:42 61,440 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe
    + 2008-04-11 05:38:31 61,440 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe
    - 2008-04-08 06:34:42 23,040 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    + 2008-04-11 05:38:32 23,040 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    - 2008-04-08 06:34:42 286,720 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
    + 2008-04-11 05:38:31 286,720 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
    - 2008-04-08 06:34:42 409,600 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
    + 2008-04-11 05:38:30 409,600 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
    - 2008-04-10 11:09:20 63,860 ----a-w C:\WINDOWS\system32\perfc009.dat
    + 2008-04-11 07:36:05 63,860 ----a-w C:\WINDOWS\system32\perfc009.dat
    - 2008-04-10 11:09:20 77,014 ----a-w C:\WINDOWS\system32\perfc00C.dat
    + 2008-04-11 07:36:05 77,014 ----a-w C:\WINDOWS\system32\perfc00C.dat
    - 2008-04-10 11:09:20 405,310 ----a-w C:\WINDOWS\system32\perfh009.dat
    + 2008-04-11 07:36:05 405,310 ----a-w C:\WINDOWS\system32\perfh009.dat
    - 2008-04-10 11:09:20 472,378 ----a-w C:\WINDOWS\system32\perfh00C.dat
    + 2008-04-11 07:36:05 472,378 ----a-w C:\WINDOWS\system32\perfh00C.dat
    + 2008-04-10 11:33:34 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_cc.dat
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
    @={8D2223A2-B3C6-4e32-B096-CDD11F628C60}

    [HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
    2008-02-28 14:04 97064 --a------ C:\Program Files\Nero\Nero8\InCD\NBHShx.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "OpenCTI"="C:\Program Files\DeTeWe\OpenCTI.exe" [2004-12-03 14:22 221184]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 15:07 1289000]
    "LightScribe Control Panel"="C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe" [2008-01-24 13:32 2289664]
    "c:_program files_corel_cor3c"="C:\Program Files\Corel\Corel Graphics 12\Programs\CorUpd.exe" [2003-11-18 10:38 139264]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00 455168]
    "SoundMan"="SOUNDMAN.EXE" [2005-08-16 23:39 90112 C:\WINDOWS\SOUNDMAN.EXE]
    "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 15:40 413696]
    "WFXSwtch"="C:\PROGRA~1\DelFax\WFXSWTCH.exe" [2006-12-27 10:52 28160]
    "WinFaxAppPortStarter"="wfxsnt40.exe" [2006-12-27 10:52 45568 C:\WINDOWS\system32\WFXSNT40.EXE]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 15:46 28160 C:\WINDOWS\KHALMNPR.Exe]
    "Cobian Backup 8 interface"="C:\Program Files\Cobian Backup 8\cbInterface.exe" [2007-03-21 00:35 2424320]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
    "MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-17 14:12 135168]
    "CorelDRAW Graphics Suite 11b"="C:\Program Files\Corel\Corel Graphics 12\Languages\FR\Programs\Registration.exe" [2003-12-03 02:52 733184]
    "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 13:41 196608]
    "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-04-13 07:07 69632]
    "{D1-18-80-0E-DW}"="C:\windows\system32\kpwnw64r.exe" [ ]
    "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 17:29 2221352]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
    "InCD"="C:\Program Files\Nero\Nero8\InCD\InCD.exe" [2008-02-28 14:03 1083176]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-09 09:41 249896]
    "g]eeV\mWhjlnspB"="C:\WINDOWS\system32\rcntqldn.exe" [ ]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2006-12-11 09:18:31 1048576]
    Contr“leur.LNK - C:\Program Files\DelFax\WFXCTL32.EXE [2006-12-27 10:20:35 549888]
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-12-27 16:38:25 450560]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{A213B520-C6C2-11d0-AF9D-008029E1027E}"= C:\Program Files\DelFax\WfxSeh32.Dll [1998-07-27 09:54 38400]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
    avgwlntf.dll 2008-02-26 15:30 9216 C:\WINDOWS\system32\avgwlntf.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.l3acm"= C:\WINDOWS\system32\l3codecp.acm
    "msacm.l3codecp"=
    "VIDC.ACDV"= ACDV.dll

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
    "MsnMsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe
    "LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    "PCMService"="C:\Program Files\Acer TV-FM\PCMService.exe"
    "MediaSync"=C:\Program Files\Acer\Acer eConsole\MediaSync.exe
    "OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    "SiSPower"=Rundll32.exe SiSPower.dll,ModeAgent
    "Logitech Hardware Abstraction Layer"=KHALMNPR.EXE
    "LaunchApp"=Alaunch
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    "SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    "AspireService"=C:\Program Files\Acer\Acer eMode Management\AspireService.exe
    "OPSE reminder"="C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini"
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
    "MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    "ntiMUI"=C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
    "Device Detector"=DevDetect.exe -autorun
    "CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
    "MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
    "mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
    "Spamihilator"="C:\Program Files\Spamihilator\spamihilator.exe"
    "SecurDisc"=C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
    "NeroFilterCheck"=C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "FirewallOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Acer TV-FM\\PowerCinema.exe"=
    "C:\\Program Files\\Acer TV-FM\\PCMService.exe"=
    "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "\\\\Serveur\\Gestion (O)\\ASTUCES\\Astuces.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\Shareaza\\Shareaza.exe"=
    "C:\\Program Files\\Namo\\WebEditor 6 Trial\\bin\\WebEditor.exe"=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\WINDOWS\\system32\\mmc.exe"=
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "C:\\Program Files\\Spamihilator\\dccproc.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R0 PrecSim;PrecSim;C:\WINDOWS\system32\DRIVERS\precsim.sys [2002-04-26 01:00]
    R2 NeroRegInCDSrv;Nero Registry InCD Service;C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2008-02-28 14:04]
    R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-05 14:00]
    R2 wfxsvc;DelrinaFax PRO;C:\WINDOWS\system32\WFXSVC.EXE [2000-05-15 17:37]
    R3 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 15:46]
    R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 14:00]
    S3 Droppix Service;Droppix Service;"C:\Program Files\Fichiers communs\Droppix\DxService.exe" [2008-02-01 17:12]
    S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-04-08 11:57]
    S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 11:38]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "C:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe"
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-04-07 18:42:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-04-11 09:00:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
    .
    **************************************************************************

    catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-11 11:41:32
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "g]eeV\\mWhjlnspB"="C:\\WINDOWS\\system32\\rcntqldn.exe DWoli5FF"
    .
    Temps d'accomplissement: 2008-04-11 11:42:56
    ComboFix-quarantined-files.txt 2008-04-11 09:42:43
    ComboFix2.txt 2008-04-10 11:30:53
    ComboFix3.txt 2008-04-09 05:15:44
    Pre-Run: 6,598,123,520 octets libres
    Post-Run: 6,585,888,768 octets libres
    .
    2008-04-10 01:03:14 --- E O F ---

    Logfile of HijackThis v1.99.1
    Scan saved at 13:48:27, on 11.04.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Cobian Backup 8\cbService.exe
    C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\WFXSVC.EXE
    C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
    C:\Program Files\DelFax\WFXMOD32.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\PROGRA~1\DelFax\WFXSWTCH.exe
    C:\WINDOWS\system32\wfxsnt40.exe
    C:\Program Files\Cobian Backup 8\cbInterface.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
    C:\Program Files\DeTeWe\OpenCTI.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Corel\Corel Graphics 12\Programs\CorUpd.exe
    C:\Program Files\DelFax\WFXCTL32.EXE
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://english.ircfast2.com/index.php?rvs=hompag
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aceradvantage.com/stdreg
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\DelFax\WFXSWTCH.exe
    O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Cobian Backup 8 interface] "C:\Program Files\Cobian Backup 8\cbInterface.exe" -service
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\FR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=041908 serial=DR12WUG-9117671-vnl lang=FR
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [{D1-18-80-0E-DW}] C:\windows\system32\kpwnw64r.exe DWoli5FF
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero8\InCD\InCD.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [g]eeV\mWhjlnspB] C:\WINDOWS\system32\rcntqldn.exe DWoli5FF
    O4 - HKCU\..\Run: [OpenCTI] "C:\Program Files\DeTeWe\OpenCTI.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [c:_program files_corel_cor3c] C:\Program Files\Corel\Corel Graphics 12\Programs\CorUpd.exe /Watch /r="Software\Corel\CorelDRAW\12.0"
    O4 - Global Startup: BlueSoleil.lnk = ?
    O4 - Global Startup: Contrôleur.LNK = C:\Program Files\DelFax\WFXCTL32.EXE
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
    O23 - Service: Cobian Backup 8 service (CobBMService) - Luis Cobian - C:\Program Files\Cobian Backup 8\cbService.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: Droppix Service - Droppix - C:\Program Files\Fichiers communs\Droppix\DxService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
    O23 - Service: DelrinaFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE

    Et voila , apparement tu cerne le problème, je te l'avoue je suis impresionné, un grand merci et salutations.
    0
  9. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
    Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
    • Redémarre ton ordinateur
    • Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
    • A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
    • Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
    • Choisis ton compte.
    Déroule la liste des instructions ci-dessous :
    • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
    • Appuie sur Y pour commencer le processus de nettoyage.
    • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
    • Appuie sur une touche pour redémarrer le PC.
    • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
    • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
    • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
    0
  10. Doudou62
     
    Salut à toi JlpJlp,
    J'ai suivi tes instructions et voila ci-dessous le rapport de SDfix.

    [b]SDFix: Version 1.171 [/b]
    Run by Didier on 14.04.2008 at 07:20

    Microsoft Windows XP [version 5.1.2600]
    Running From: C:\DOCUME~1\Didier\Bureau\SDFix

    [b]Checking Services [/b]:

    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting

    [b]Checking Files [/b]:

    No Trojan Files Found

    Removing Temp Files

    [b]ADS Check [/b]:

    [b]Final Check [/b]:

    catchme 0.3.1351.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-14 07:30:25
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
    "TracesProcessed"=dword:000000af
    "TracesSuccessful"=dword:00000004

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    [b]Remaining Services [/b]:

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Acer\\Acer eConsole\\MediaSync.exe"="C:\\Program Files\\Acer\\Acer eConsole\\MediaSync.exe:LocalSubNet:Enabled:Media Synchoronizer"
    "C:\\Program Files\\Acer\\Acer eConsole\\eConsole.exe"="C:\\Program Files\\Acer\\Acer eConsole\\eConsole.exe:LocalSubNet:Enabled:eConsole"
    "C:\\Program Files\\Acer\\Acer eConsole\\MediaServerService.exe"="C:\\Program Files\\Acer\\Acer eConsole\\MediaServerService.exe:LocalSubNet:Enabled:Acer Media Server"
    "C:\\Program Files\\Acer TV-FM\\PowerCinema.exe"="C:\\Program Files\\Acer TV-FM\\PowerCinema.exe:*:Enabled:CyberLink PowerCinema"
    "C:\\Program Files\\Acer TV-FM\\PCMService.exe"="C:\\Program Files\\Acer TV-FM\\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
    "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "\\\\Serveur\\Gestion (O)\\ASTUCES\\Astuces.exe"="\\\\Serveur\\Gestion (O)\\ASTUCES\\Astuces.exe:*:Enabled:Astuces.exe"
    "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
    "C:\\Program Files\\Shareaza\\Shareaza.exe"="C:\\Program Files\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza"
    "C:\\Program Files\\Namo\\WebEditor 6 Trial\\bin\\WebEditor.exe"="C:\\Program Files\\Namo\\WebEditor 6 Trial\\bin\\WebEditor.exe:*:Enabled:Namo WebEditor 6.0"
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*:Enabled:Microsoft Management Console"
    "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
    "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
    "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
    "C:\\Program Files\\Spamihilator\\dccproc.exe"="C:\\Program Files\\Spamihilator\\dccproc.exe:*:Enabled:dccproc"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
    "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
    "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

    [b]Remaining Files [/b]:

    File Backups: - C:\DOCUME~1\Didier\Bureau\SDFix\backups\backups.zip

    [b]Files with Hidden Attributes [/b]:

    Fri 26 Apr 2002 8,704 A..H. --- "C:\Program Files\CDRWIN5\burnRPAI.exe"
    Mon 5 Nov 2007 6,219,320 A..H. --- "C:\Program Files\Picasa2\setup.exe"
    Sat 20 Nov 2004 26,112 A..H. --- "C:\WINDOWS\AcerDRV\InsD1211.exe"
    Tue 15 Nov 2005 26,112 A..H. --- "C:\WINDOWS\AcerDRV\InsD1215.exe"
    Mon 30 Aug 2004 44,032 A..H. --- "C:\WINDOWS\AcerDRV\rescan.exe"
    Sat 20 Nov 2004 26,112 A..H. --- "C:\WINDOWS\system32\InsD1211.exe"
    Tue 15 Nov 2005 26,112 A..H. --- "C:\WINDOWS\system32\InsD1215.exe"
    Wed 16 Nov 2005 24,576 A..HR --- "C:\WINDOWS\system32\Kill1211.exe"
    Thu 3 Nov 2005 1,024 A..HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
    Thu 3 Nov 2005 1,024 A..HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
    Thu 3 Nov 2005 1,024 A..HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
    Thu 3 Nov 2005 1,024 A..HR --- "C:\WINDOWS\system32\NTIMP3.dll"
    Thu 3 Nov 2005 1,024 A..HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
    Thu 7 Aug 2003 24,576 A..H. --- "C:\WINDOWS\system32\reboot.exe"
    Sat 20 Nov 2004 26,112 A..H. --- "C:\WINDOWS\system32\RemD1211.exe"
    Tue 15 Nov 2005 26,112 A..H. --- "C:\WINDOWS\system32\RemD1215.exe"
    Mon 30 Aug 2004 44,032 A..H. --- "C:\WINDOWS\system32\rescan.exe"
    Thu 4 Dec 1997 5,969,408 ...H. --- "C:\Corel\Graphics8\Programs\CNSFlt80.dll"
    Wed 3 Dec 1997 431,104 ...H. --- "C:\Corel\Graphics8\Programs\convintl.dll"
    Wed 5 Nov 1997 77,312 ...H. --- "C:\Corel\Graphics8\Programs\Mos1680.dll"
    Thu 6 Nov 1997 4,608 ...H. --- "C:\Corel\Graphics8\Programs\Mos3280.dll"
    Mon 14 May 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Tue 15 Nov 2005 78,104 ..SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\Setup.exe"
    Thu 24 Nov 2005 17,920 A.SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setup.dll"
    Thu 24 Nov 2005 12,880 A.SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setupx.dll"
    Thu 22 Mar 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

    [b]Finished![/b]

    Voila je te laisse en tirer les conclusions, encore merci de ton aide
    0
  11. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aceradvantage.com/stdreg

    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [g]eeV\mWhjlnspB] C:\WINDOWS\system32\rcntqldn.exe DWoli5FF

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    ____________________________

    télécharge OTMoveIt
    http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    Citation :
    C:\WINDOWS\system32\rcntqldn.exe

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

    _____________________________

    scan avec
    MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport

    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
    ____________________________

    si tout c'est bien passé désactive la restauration système pour purger les virus qui seraient dedans puis réactive là : https://www.informatruc.com
    ___________________________

    recolle un hijackhtis et dis tes soucis actuels
    0
  12. Doudou62
     
    Salut à toi JlpJlp,
    J'ai éffectué les opérations demandées
    Selon toute vraissemblance tout me semble OK, je te poste les 3 rapports, tu me dira ce que tu en pense.

    File/Folder C:\WINDOWS\system32\rcntqldn.exe not found.

    OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04142008_101405

    Malwarebytes' Anti-Malware 1.11
    Version de la base de données: 623

    Type de recherche: Examen complet (C:\|D:\|H:\|I:\|J:\|K:\|O:\|P:\|Q:\|R:\|T:\|)
    Eléments examinés: 265203
    Temps écoulé: 1 hour(s), 15 minute(s), 49 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Logfile of HijackThis v1.99.1
    Scan saved at 13:17:07, on 14.04.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Cobian Backup 8\cbService.exe
    C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\WFXSVC.EXE
    C:\Program Files\DelFax\WFXMOD32.EXE
    C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\PROGRA~1\DelFax\WFXSWTCH.exe
    C:\WINDOWS\system32\wfxsnt40.exe
    C:\Program Files\Cobian Backup 8\cbInterface.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\DeTeWe\OpenCTI.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\Corel\Corel Graphics 12\Programs\CorUpd.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    C:\Program Files\DelFax\WFXCTL32.EXE
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\iTunes\iTunes.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\distnoted.exe
    C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://english.ircfast2.com/index.php?rvs=hompag
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\DelFax\WFXSWTCH.exe
    O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Cobian Backup 8 interface] "C:\Program Files\Cobian Backup 8\cbInterface.exe" -service
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\FR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=041908 serial=DR12WUG-9117671-vnl lang=FR
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero8\InCD\InCD.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [OpenCTI] "C:\Program Files\DeTeWe\OpenCTI.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [c:_program files_corel_cor3c] C:\Program Files\Corel\Corel Graphics 12\Programs\CorUpd.exe /Watch /r="Software\Corel\CorelDRAW\12.0"
    O4 - Global Startup: BlueSoleil.lnk = ?
    O4 - Global Startup: Contrôleur.LNK = C:\Program Files\DelFax\WFXCTL32.EXE
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
    O23 - Service: Cobian Backup 8 service (CobBMService) - Luis Cobian - C:\Program Files\Cobian Backup 8\cbService.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: Droppix Service - Droppix - C:\Program Files\Fichiers communs\Droppix\DxService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
    O23 - Service: DelrinaFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE

    Un grand merci
    0
  13. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok c'est bon

    encore des problèmes?????,
    0
  14. Doudou62
     
    Salut à toi JlpJlp,
    Un grand merci pour ton aide, je suis content que l'on soie arriver au bout de ces virus. Une dernière petit questions que me conseille tu comme anti-virus pour éviter ce genre de problème, j'avais Avast, maintenant j'ai installé anti-Vir selon les test comparatif il serait mieux, quand pense tu??

    Un grand merci encore
    0
  15. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok c'est bon!

    mets a jour java et adobe reader

    pour java: DEMARRER puis PANNEAU DE CONFIGRATION puis JAVA
    pour adobe : https://www.commentcamarche.net/telecharger/bureautique/2625-adobe-reader/

    pour protéger gratos ton ordi

    securite

    mettre un antivirus

    ANTIVIR (en anglais mais très efficace)
    https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
    -------------
    des anti-espions:

    MalwareByte's Anti-Malware+ SPYBOT

    +
    SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...

    --------
    un pare feu :
    celui de Windows ou mieux KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)

    https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
    https://manuelsdaide.com/contact/
    http://www.open-files.com/forum/index.php?showtopic=29277
    zonealarm

    -----------

    CCLEANER pour effacer les traces de surf
    0
  16. Doudou62
     
    Salut à toi JlpJlp,

    J'ai suivis tes instructions et cela fonctionne comme il faut, un grand merci pour ton aide et tes conseils

    Bonne continuation
    0