Raphaelfargeon ==> Infections sous VISTA

Bonjour Afideg,

Bonjour j'ai EXACTEMENT le meme probleme que eff ici http://www.commentcamarche.net/forum/affich 5924129 vundo wml exe abebot pccleaner helpppp?page=4#86

Je vous poste ici mon log :

ComboFix 08-04-17.1 - Raphael 2008-04-18 11:10:40.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1534 [GMT 2:00]
Running from: C:\Users\Raphael\Desktop\TRISTAN.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://sl.tf1.fr
.
((((((((((((((((((((((((( Files Created from 2008-03-18 to 2008-04-18 )))))))))))))))))))))))))))))))
.

2008-04-18 11:04 . 2008-04-18 11:05 524,288 --ahs---- C:\ntuser.dat{4e364916-0d17-11dd-8ecc-001f3adfd0a2}.TMContainer000­00000000000000002.regtrans-ms
2008-04-18 11:04 . 2008-04-18 11:05 524,288 --ahs---- C:\ntuser.dat{4e364916-0d17-11dd-8ecc-001f3adfd0a2}.TMContainer000­00000000000000001.regtrans-ms
2008-04-18 11:04 . 2008-04-18 11:05 65,536 --ahs---- C:\ntuser.dat{4e364916-0d17-11dd-8ecc-001f3adfd0a2}.TM.blf
2008-04-18 10:51 . 2008-04-18 11:04 262,144 --a------ C:\ntuser.dat
2008-04-18 10:51 . 2008-04-18 11:04 5,120 --ah----- C:\ntuser.dat.LOG1
2008-04-18 10:51 . 2008-04-18 11:04 0 --ah----- C:\ntuser.dat.LOG2
2008-04-18 10:44 . 2007-03-21 20:39 1,060,864 --a------ C:\Windows\System32\MFC71.DL1
2008-04-18 10:44 . 2007-03-21 20:33 503,808 --a------ C:\Windows\System32\MSVCP71.DL1
2008-04-18 10:44 . 2007-03-21 20:33 348,160 --a------ C:\Windows\System32\MSVCR71.DL1
2008-04-18 10:43 . 2008-04-18 10:43 <DIR> d-------- C:\Users\All Users\Symantec
2008-04-18 10:43 . 2008-04-18 10:43 <DIR> d-------- C:\ProgramData\Symantec
2008-04-18 10:43 . 2008-04-18 10:43 <DIR> d-------- C:\Program Files\Symantec
2008-04-18 10:43 . 2008-04-18 10:43 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-18 10:24 . 2008-04-18 10:16 512,096 --a------ C:\Windows\System32\drivers\amon.sys
2008-04-18 10:23 . 2008-04-18 10:13 15,424 --a------ C:\Windows\System32\drivers\nod32drv.sys
2008-04-18 10:11 . 2008-04-18 10:24 <DIR> d-------- C:\Program Files\ESET
2008-04-18 10:04 . 2008-04-18 10:05 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-04-18 10:04 . 2008-04-18 10:05 <DIR> d-------- C:\ProgramData\Lavasoft
2008-04-18 10:04 . 2008-04-18 10:04 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-18 10:00 . 2008-04-18 10:01 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-18 09:37 . 2008-04-18 09:51 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-04-18 09:37 . 2008-04-18 09:51 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-04-18 09:37 . 2008-04-18 09:37 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-18 08:42 . 2008-04-18 08:42 <DIR> d-------- C:\Users\All Users\Grisoft
2008-04-18 08:42 . 2008-04-18 08:42 <DIR> d-------- C:\ProgramData\Grisoft
2008-04-18 06:22 . 2008-04-18 06:44 96,645 --a------ C:\Windows\System32\drivers\klin.dat
2008-04-18 06:22 . 2008-04-18 06:44 87,941 --a------ C:\Windows\System32\drivers\klick.dat
2008-04-18 06:21 . 2008-04-18 09:46 <DIR> d-------- C:\Users\All Users\Kaspersky Lab
2008-04-18 06:21 . 2008-04-18 09:46 <DIR> d-------- C:\ProgramData\Kaspersky Lab
2008-04-18 06:21 . 2008-04-18 06:21 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-04-18 06:21 . 2008-04-18 11:12 21,538,080 --ahs---- C:\Windows\System32\drivers\fidbox.dat
2008-04-18 06:21 . 2008-04-18 07:50 146,216 --ahs---- C:\Windows\System32\drivers\fidbox.idx
2008-04-18 06:19 . 2008-04-18 06:19 <DIR> d-------- C:\kav
2008-04-18 06:04 . 2008-04-18 06:05 <DIR> d-------- C:\ComboFix
2008-04-18 05:02 . 2008-04-18 05:02 <DIR> d-------- C:\VundoFix Backups
2008-04-18 04:54 . 2008-04-18 04:54 1,152 --a------ C:\Windows\System32\windrv.sys
2008-04-18 03:44 . 2008-04-18 03:44 262,144 --a------ C:\Windows\System32\wrap_oal.dll
2008-04-18 03:44 . 2008-04-18 03:44 86,016 --a------ C:\Windows\System32\OpenAL32.dll
2008-04-18 03:42 . 2008-04-18 03:42 <DIR> d-------- C:\Windows\System32\Futuremark
2008-04-18 03:42 . 2007-09-07 14:55 27,672 --a------ C:\Windows\System32\drivers\Entech.sys
2008-04-18 03:42 . 2007-09-07 14:55 12,744 --a------ C:\Windows\System32\drivers\Entech64.sys
2008-04-18 03:42 . 2007-09-07 14:55 6,173 --a------ C:\Windows\System32\drivers\Entech.vxd
2008-04-18 03:42 . 2001-11-19 20:05 3,972 --a------ C:\Windows\System32\drivers\PciBus.sys
2008-04-18 03:41 . 2008-04-18 03:41 <DIR> d-------- C:\Program Files\Futuremark
2008-04-18 02:22 . 2008-04-18 02:22 <DIR> d-------- C:\Users\All Users\twfozwlv
2008-04-18 02:22 . 2008-04-18 02:22 <DIR> d-------- C:\Users\All Users\qfkjovip
2008-04-18 02:22 . 2008-04-18 02:22 <DIR> d-------- C:\ProgramData\twfozwlv
2008-04-18 02:22 . 2008-04-18 02:22 <DIR> d-------- C:\ProgramData\qfkjovip
2008-04-18 02:11 . 2008-04-18 02:11 14 --a------ C:\Windows\System32\SysEngine.SYS
2008-04-17 20:16 . 2008-04-17 20:16 <DIR> d-------- C:\Program Files\Apple Software Update
2008-04-17 16:27 . 2008-04-17 16:27 <DIR> d-------- C:\Program Files\Zattoo
2008-04-17 15:38 . 2008-04-17 15:38 <DIR> d-------- C:\Users\All Users\Microsoft Corporation
2008-04-17 15:38 . 2008-04-17 15:38 <DIR> d-------- C:\ProgramData\Microsoft Corporation
2008-04-17 15:38 . 2008-04-17 15:38 <DIR> d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2008-04-16 11:55 . 2008-04-16 11:55 107,888 --a------ C:\Windows\System32\CmdLineExt.dll
2008-04-16 10:28 . 2008-04-16 10:28 <DIR> d-------- C:\Users\All Users\POP3Profiles
2008-04-16 10:28 . 2008-04-16 10:28 <DIR> d-------- C:\ProgramData\POP3Profiles
2008-04-16 09:55 . 2008-04-16 10:13 <DIR> d-------- C:\Users\All Users\POPWWPROFILES
2008-04-16 09:55 . 2008-04-16 10:13 <DIR> d-------- C:\ProgramData\POPWWPROFILES
2008-04-16 08:13 . 2008-04-16 08:25 <DIR> d-------- C:\Program Files\GameSpy Arcade
2008-04-16 07:37 . 2008-04-16 07:37 <DIR> d-------- C:\Program Files\StreamboxVcrSuite2
2008-04-16 05:29 . 2008-04-16 07:27 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-04-15 07:05 . 2008-04-15 07:05 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_xusb21_01001.Wdf
2008-04-15 07:04 . 2008-04-15 07:04 <DIR> d-------- C:\Program Files\Microsoft Xbox 360 Accessories
2008-04-15 06:24 . 2008-04-15 06:24 98,304 --a------ C:\Windows\system32CmdLineExt.dll
2008-04-15 06:11 . 2008-04-16 10:24 <DIR> d-------- C:\Program Files\Ubisoft
2008-04-15 06:02 . 2008-04-15 06:04 <DIR> d--h----- C:\Windows\msdownld.tmp
2008-04-15 05:15 . 2008-04-15 05:15 <DIR> d-------- C:\Program Files\Eidos
2008-04-15 04:47 . 2008-04-15 04:47 <DIR> d-------- C:\Users\Public\CyberLink
2008-04-15 04:42 . 2008-04-15 04:42 <DIR> d-------- C:\Program Files\Common Files\CyberLink
2008-04-15 04:31 . 2001-05-04 12:05 505,104 --a------ C:\Windows\System32\msxml.dll
2008-04-15 04:31 . 2000-05-22 01:00 140,488 --a------ C:\Windows\System32\comdlg32.ocx
2008-04-15 04:31 . 1998-06-18 01:00 89,360 --a------ C:\Windows\System32\VB5DB.DLL
2008-04-15 04:31 . 2000-03-17 09:21 69,632 --a------ C:\Windows\System32\xmltok.dll
2008-04-15 04:31 . 2000-03-17 09:21 36,864 --a------ C:\Windows\System32\xmlparse.dll
2008-04-15 04:31 . 2002-04-24 13:43 35,840 --a------ C:\Windows\System32\comdlg32.oca
2008-04-15 04:31 . 2002-04-09 18:23 29,184 --a------ C:\Windows\System32\MSINET.oca
2008-04-15 04:31 . 2001-05-04 12:05 28,432 --a------ C:\Windows\System32\msxmlr.dll
2008-04-15 04:31 . 2002-10-17 11:35 26,096 --a------ C:\Windows\System32\xmlinst.exe
2008-04-15 02:29 . 2008-04-15 02:29 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_xusb21_01005.Wdf
2008-04-15 02:24 . 2008-04-15 02:24 <DIR> d-------- C:\Windows\System32\Age of Empires III - War Chiefs dir
2008-04-15 02:24 . 2008-04-15 02:24 532,480 --a------ C:\Windows\System32\Age of Empires III - War Chiefs.scr
2008-04-12 00:43 . 2008-04-12 00:43 <DIR> d-------- C:\VFS
2008-04-11 06:10 . 2008-04-11 06:10 <DIR> d-------- C:\Users\Raphael\AppData\Roaming\acccore
2008-04-11 06:09 . 2008-04-11 06:09 <DIR> d-------- C:\Users\All Users\Viewpoint
2008-04-11 06:09 . 2008-04-11 06:11 <DIR> d-------- C:\Users\All Users\AOL OCP
2008-04-11 06:09 . 2008-04-11 06:09 <DIR> d-------- C:\Users\All Users\AOL
2008-04-11 06:09 . 2008-04-11 06:09 <DIR> d-------- C:\ProgramData\Viewpoint
2008-04-11 06:09 . 2008-04-11 06:11 <DIR> d-------- C:\ProgramData\AOL OCP
2008-04-11 06:09 . 2008-04-11 06:09 <DIR> d-------- C:\ProgramData\AOL
2008-04-11 06:09 . 2008-04-11 06:09 <DIR> d-------- C:\Program Files\Viewpoint
2008-04-11 06:09 . 2008-04-12 00:50 <DIR> d-------- C:\Program Files\Common Files\AOL
2008-04-11 06:09 . 2008-04-11 06:10 367 --ah----- C:\IPH.PH
2008-04-09 21:50 . 2008-04-09 21:50 <DIR> d-------- C:\Users\Raphael\AppData\Roaming\tmp
2008-04-09 21:50 . 2008-04-09 21:50 <DIR> d-------- C:\Users\Raphael\AppData\Roaming\Reallusion
2008-04-09 21:40 . 2008-04-09 21:50 <DIR> d-------- C:\Users\Raphael\AppData\Roaming\AVSMedia
2008-04-09 21:40 . 2008-04-09 21:40 <DIR> d-------- C:\Users\All Users\AVS4YOU
2008-04-09 21:40 . 2008-04-09 21:40 <DIR> d-------- C:\ProgramData\AVS4YOU
2008-04-09 21:40 . 2008-04-09 21:51 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2008-04-08 21:47 . 2008-02-29 06:21 2,032,128 --a------ C:\Windows\System32\win32k.sys
2008-04-08 20:11 . 2008-04-08 20:11 0 --a------ C:\Users\Raphael\AppData\Roaming\wklnhst.dat
2008-04-08 06:21 . 2008-04-08 06:21 <DIR> d-------- C:\Windows\System32\Dell
2008-04-08 02:45 . 2008-04-08 02:45 <DIR> dr-h----- C:\Users\Raphael\AppData\Roaming\SecuROM
2008-04-08 02:16 . 2008-04-08 02:29 1,208 --a------ C:\Windows\Radio_Fr.ini
2008-04-08 02:15 . 2008-04-08 02:23 <DIR> d-------- C:\Program Files\Radio Fr Solo
2008-04-07 21:15 . 2008-04-07 21:15 <DIR> d-------- C:\Program Files\Combined Community Codec Pack
2008-04-07 07:07 . 2008-04-07 07:07 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-04-06 21:38 . 2008-04-06 21:51 <DIR> d-------- C:\Program Files\MSECache
2008-04-06 21:32 . 2008-04-15 06:21 <DIR> d-------- C:\Program Files\RADVideo
2008-04-05 00:07 . 2008-04-18 08:12 28,029 --a------ C:\Users\All Users\nvModes.dat
2008-04-05 00:07 . 2008-04-18 08:12 28,029 --a------ C:\ProgramData\nvModes.dat
2008-04-04 23:06 . 2008-04-04 23:06 <DIR> d-------- C:\Users\Raphael\AppData\Roaming\PeerNetworking
2008-04-04 04:54 . 2008-04-04 04:54 <DIR> d-------- C:\Program Files\Picasa2
2008-04-04 04:24 . 2008-04-04 04:24 0 --ah----- C:\Users\Raphael.LOG2
2008-04-04 04:24 . 2008-04-04 04:24 0 --ah----- C:\Users\Raphael.LOG1
2008-04-04 04:23 . 2008-04-10 06:05 <DIR> d-------- C:\Users\Raphael\SecurityScans
2008-04-04 04:17 . 2008-04-04 04:17 <DIR> d-------- C:\Program Files\Microsoft Baseline Security Analyzer 2
2008-04-03 20:59 . 2008-04-18 08:20 <DIR> d-------- C:\Users\Raphael\AppData\Roaming\Browzar
2008-04-03 20:38 . 2008-04-03 20:38 <DIR> d-------- C:\Program Files\Skype Recorder
2008-04-03 06:52 . 2008-04-03 06:52 <DIR> d-------- C:\Program Files\iTunes
2008-04-03 06:52 . 2008-04-03 06:52 <DIR> d-------- C:\Program Files\iPod
2008-04-03 06:51 . 2008-04-03 06:51 <DIR> d-------- C:\Program Files\QuickTime
2008-04-03 01:25 . 2008-04-03 01:25 203,776 --a------ C:\Windows\System32\clrviddc.dll
2008-04-03 01:25 . 1999-09-10 13:06 45,056 --a------ C:\Windows\System32\wnaspi32.dll
2008-04-03 01:25 . 1999-09-10 13:06 25,244 --a------ C:\Windows\System32\drivers\aspi32.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-08 20:30 --------- d-----w C:\Program Files\Windows Mail
2008-04-08 00:41 --------- d-----w C:\Program Files\Microsoft Games
2008-04-01 04:45 174 --sha-w C:\Program Files\desktop.ini
2008-04-01 04:36 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-01 04:36 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-04-01 04:36 --------- d-----w C:\Program Files\Windows Journal
2008-04-01 04:36 --------- d-----w C:\Program Files\Windows Defender
2008-04-01 04:36 --------- d-----w C:\Program Files\Windows Collaboration
2008-04-01 04:36 --------- d-----w C:\Program Files\Windows Calendar
2008-04-01 04:09 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-04-01 04:09 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-03-31 21:50 --------- d-sh--w C:\ProgramData\Templates
2008-03-31 21:50 --------- d-sh--w C:\ProgramData\Start Menu
2008-03-31 21:50 --------- d-sh--w C:\ProgramData\Favorites
2008-03-31 21:50 --------- d-sh--w C:\ProgramData\Documents
2008-03-31 21:50 --------- d-sh--w C:\ProgramData\Desktop
2008-03-31 21:50 --------- d-sh--w C:\ProgramData\Application Data
2008-03-25 12:32 25,784 ------w C:\Windows\system32\drivers\msahci.sys
2008-03-25 12:32 20,152 ------w C:\Windows\system32\drivers\viaide.sys
2008-03-25 12:32 19,128 ------w C:\Windows\system32\drivers\cmdide.sys
2008-03-25 12:32 18,104 ------w C:\Windows\system32\drivers\amdide.sys
2008-03-25 12:32 17,592 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-03-25 12:32 17,592 ------w C:\Windows\system32\drivers\aliide.sys
2008-03-25 12:26 12,800 ------w C:\Windows\system32\drivers\sffp_mmc.sys
2008-03-25 12:21 58,472 ------w C:\Windows\system32\drivers\ULIAGPKX.SYS
2008-03-25 12:21 54,888 ------w C:\Windows\system32\drivers\AMDAGP.SYS
2008-03-25 12:21 54,376 ------w C:\Windows\system32\drivers\VIAAGP.SYS
2008-03-25 12:21 53,864 ------w C:\Windows\system32\drivers\AGP440.sys
2008-03-25 12:21 53,352 ------w C:\Windows\system32\drivers\SISAGP.SYS
2008-03-25 12:21 47,208 ------w C:\Windows\system32\drivers\isapnp.sys
2008-03-25 12:21 242,688 ------w C:\Windows\system32\drivers\rdpdr.sys
2008-03-25 12:21 106,600 ------w C:\Windows\system32\drivers\NV_AGP.SYS
2008-03-05 21:03 479,752 ----a-w C:\Windows\System32\XAudio2_0.dll
2008-03-05 21:03 238,088 ----a-w C:\Windows\System32\xactengine3_0.dll
2008-03-05 21:00 25,608 ----a-w C:\Windows\System32\X3DAudio1_3.dll
2008-03-05 20:56 3,786,760 ----a-w C:\Windows\System32\D3DX9_37.dll
2008-03-05 20:56 1,420,824 ----a-w C:\Windows\System32\D3DCompiler_37.dll
2008-03-04 17:33 7,680 ----a-w C:\Windows\System32\ff_vfw.dll
2008-03-04 03:53 78,336 ----a-w C:\Windows\System32\ieencode.dll
2008-03-04 03:52 830,464 ----a-w C:\Windows\System32\wininet.dll
2008-03-04 03:52 47,616 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-03-04 03:52 41,984 ----a-w C:\Windows\System32\licmgr10.dll
2008-03-04 03:52 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-03-04 03:52 20,480 ----a-w C:\Windows\System32\PDMSetup.exe
2008-03-04 03:52 17,920 ----a-w C:\Windows\System32\corpol.dll
2008-03-04 03:52 142,848 ----a-w C:\Windows\System32\IESetting.dll
2008-03-04 03:52 13,824 ----a-w C:\Windows\System32\SetIEInstalledDate.exe
2008-03-04 03:52 13,824 ----a-w C:\Windows\System32\SetDepNx.exe
2008-03-04 03:51 69,120 ----a-w C:\Windows\System32\iesetup.dll
2008-03-04 03:51 69,120 ----a-w C:\Windows\System32\admparse.dll
2008-03-04 03:51 66,560 ----a-w C:\Windows\System32\wextract.exe
2008-03-04 03:51 168,448 ----a-w C:\Windows\System32\iexpress.exe
2008-03-04 03:50 48,128 ----a-w C:\Windows\System32\mshtmler.dll
2008-03-04 03:50 45,568 ----a-w C:\Windows\System32\mshta.exe
2008-03-04 03:50 36,352 ----a-w C:\Windows\System32\imgutil.dll
2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe
2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-22 12:46 360,448 ----a-w C:\Windows\System32\nvuninst.exe
2008-02-22 05:05 615,992 ----a-w C:\Windows\System32\ci.dll
2008-02-22 04:57 295,936 ----a-w C:\Windows\System32\gdi32.dll
2008-02-08 16:37 219,664 ----a-w C:\Windows\System32\klogon.dll
2008-02-06 04:07 462,864 ----a-w C:\Windows\System32\d3dx10_37.dll
2008-02-01 16:11 586,240 ----a-w C:\Windows\WLXPGSS.SCR
2008-01-29 17:02 107,368 ----a-w C:\Windows\System32\GEARAspi.dll
2008-01-19 07:43 376,376 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-01-19 07:43 3,600,440 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-01-19 07:43 3,548,728 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-01-19 07:42 94,776 ----a-w C:\Windows\System32\MigAutoPlay.exe
2008-01-19 07:42 51,768 ----a-w C:\Windows\System32\PSHED.DLL
2008-01-19 07:42 247,352 ----a-w C:\Windows\System32\clfs.sys
2008-01-19 07:42 177,208 ----a-w C:\Windows\System32\halmacpi.dll
2008-01-19 07:42 141,880 ----a-w C:\Windows\System32\halacpi.dll
2008-01-19 07:41 24,120 ----a-w C:\Windows\System32\BOOTVID.DLL
2008-01-19 07:41 21,560 ----a-w C:\Windows\System32\kdusb.dll
2008-01-19 07:41 19,512 ----a-w C:\Windows\System32\kdcom.dll
2008-01-19 07:38 46,080 ----a-w C:\Windows\System32\NAPCRYPT.DLL
2008-01-19 07:38 4,595,712 ----a-w C:\Windows\System32\AuthFWSnapin.dll
2008-01-19 07:38 242,744 ----a-w C:\Windows\System32\rsaenh.dll
2008-01-19 07:38 155,704 ----a-w C:\Windows\System32\dssenh.dll
2008-01-19 07:38 131,640 ----a-w C:\Windows\System32\basecsp.dll
2008-01-19 07:38 103,936 ----a-w C:\Windows\System32\NAPHLPR.DLL
2008-01-19 07:38 1,203,792 ----a-w C:\Windows\System32\ntdll.dll
2008-01-19 07:36 996,352 ----a-w C:\Windows\System32\WMNetMgr.dll
2008-01-19 07:35 98,304 ----a-w C:\Windows\System32\mssitlb.dll
2008-01-19 07:34 98,816 ----a-w C:\Windows\System32\mfps.dll
2008-01-19 07:33 98,304 ----a-w C:\Windows\System32\makecab.exe
2008-01-19 07:32 879,616 ----a-w C:\Windows\System32\Bubbles.scr
2008-01-19 07:32 704,512 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-01-19 07:32 5,714,432 ----a-w C:\Windows\System32\logon.scr
2008-01-19 07:32 258,048 ----a-w C:\Windows\System32\winspool.drv
2008-01-19 07:32 221,184 ----a-w C:\Windows\System32\Mystify.scr
2008-01-19 07:32 220,672 ----a-w C:\Windows\System32\Ribbons.scr
2008-01-19 07:32 21,504 ----a-w C:\Windows\System32\msacm32.drv
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-02-14 02:21 202544]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-01 05:45 68856]
"Dell DataSafe Scheduler"="C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineScheduler.exe" [2007-12-02 23:30 308464]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]
"Sidebar"="C:\Program Files\Windows Sidebar\SideBar.exe" [2008-01-19 09:33 1233920]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33 202240]
"DVDXGhost"="" []
"twfozwlv"="C:\ProgramData\twfozwlv\urclmpcd.exe" [2008-04-18 02:22 114688]
"QjynTOxaFV"="C:\ProgramData\qfkjovip\qlyrchkx.exe" [2008-04-18 02:22 38912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 09:38 1008184]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2008-01-18 13:40 17920]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-09-24 11:27 159744]
"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-12-03 07:58 36864]
"DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 23:43 118784]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-02-14 02:21 16384]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-12-21 17:58 184320]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-01 01:14 185896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 05:16 39792]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-01-02 06:37 405504]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 11:25 144784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-29 06:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 17:36 267048]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2008-02-22 12:46 166432]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-02-22 12:46 13515296]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-02-22 12:46 92704]
"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2008-02-22 12:46 92704]
"XboxStat"="C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 01:05 734264]
"RemoteControl8"="C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 20:23 83240]
"PDVD8LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 11:36 50472]
"BDRegion"="C:\Program Files\Cyberlink\Shared Files\brs.exe" [2008-03-21 10:21 91432]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 18:36 227856]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-04 00:55:50 703280]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-03-25 06:55:31 50688]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-01 05:45:03 124400]
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [2007-07-21 01:13:26 1180952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\K­ASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{76DA977C-861D-43E5-8882-EB454F7E21AB}"= C:\Program Files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{59C2E67E-F723-4135-BD49-EFB612485ABE}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{C66515D9-C831-4696-BAD2-F280652CB65F}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{AC41AEAB-EF94-4F1C-B038-393C4E55C6F9}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{984E39B4-DA6B-4F95-A84B-6979AE644E58}"= UDP:C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs
"{1843B27A-0166-48B5-9AF9-5E65FCF6A3CE}"= TCP:C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs
"{25535982-CD5F-413D-93B7-58B4D05169E2}"= UDP:C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties
"{2FB1E516-3CB8-4AA5-B15F-B2F660DE9E61}"= TCP:C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties
"{14382281-59B9-4D0B-89DA-B1FF59FF594F}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{9853543C-F7F6-4E50-97B0-D413FB8A1351}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{475B4256-5712-43BF-9BE3-4A8375B1E0E9}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3CF5077C-56C5-475A-A52D-A294FC650401}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{75F26E18-094A-42A8-AB3A-2A74D81B6064}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{F59DC85A-0DEB-4EA3-9F74-FD29C9BB0CE9}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{91EC0818-A85E-4A33-BBBC-D93DB0E83619}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{6387A782-7C42-4727-8EC9-89E9C82B6B8D}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{CF1649D9-A3F2-4A1F-ACFE-56A70CE39DF2}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{F20A2D2A-8B28-45AE-ADD7-94C814828BAA}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{A3A01CBB-60C2-4E1A-B566-9D471E350BED}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{CC36F84A-341E-4369-910E-07A9A7537F7C}"= UDP:C:\Program Files\AIM6\aim6.exe:AIM
"{8192F573-055C-46AF-AE44-EFAA3AB6B7E6}"= TCP:C:\Program Files\AIM6\aim6.exe:AIM
"TCP Query User{82286092-0AAC-4DD5-B1FB-870B6775CA00}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{C1B1BBD7-D761-4D65-8307-74305A08D368}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{9ECB292A-DB07-4E0C-8A8A-5F039770B3BA}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{0A2C65B4-B6FC-484F-88EC-7F13FF8C48D8}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{D222B459-F307-4F78-8464-09A0CC2ACF03}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{440C4195-BD98-4BD5-B8EC-0C06F2805697}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{4700E488-2976-406B-84D7-6FEE376F2030}C:\\program files\\radio fr solo\\radio_fr_solo.exe"= UDP:C:\program files\radio fr solo\radio_fr_solo.exe:Radio Fr Solo
"UDP Query User{6E403CD7-2AB5-4ED6-BE9B-D14CE1606A24}C:\\program files\\radio fr solo\\radio_fr_solo.exe"= TCP:C:\program files\radio fr solo\radio_fr_solo.exe:Radio Fr Solo
"TCP Query User{E212E7BD-8887-4277-8153-5CE904BDAA58}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{2F20E469-1501-4CA8-BEB6-AFF72B2AB9F7}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{0189394F-236E-4A8C-BC73-C1B4E613A5B8}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{38B4FDC4-F0CB-4A92-871B-DD563B436135}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{AAD2CB15-97B6-4891-8F24-57478A53D420}C:\\program files\\eidos\\hitman blood money\\hitmanbloodmoney.exe"= UDP:C:\program files\eidos\hitman blood money\hitmanbloodmoney.exe:HitmanBloodMoney
"UDP Query User{773EB266-0084-4B11-B899-8E23218F4A52}C:\\program files\\eidos\\hitman blood money\\hitmanbloodmoney.exe"= TCP:C:\program files\eidos\hitman blood money\hitmanbloodmoney.exe:HitmanBloodMoney
"TCP Query User{7B1A3F53-17E8-4AE6-8B3B-A9F217D15783}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{8AB26922-0E81-4966-9616-BB8007E1C1F7}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{B941B8D4-9E90-44D9-B58E-CCAFD1C5E87D}"= C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.EXE:CyberLink PowerDVD 8.0
"TCP Query User{8FB15B9D-7B7B-4F7D-83EC-14D0D627A996}C:\\program files\\ubisoft\\crytek\\far cry\\bin32\\farcry.exe"= UDP:C:\program files\ubisoft\crytek\far cry\bin32\farcry.exe:Far Cry
"UDP Query User{1B89515B-C90C-4D6D-9D68-0C1AEC7F8C66}C:\\program files\\ubisoft\\crytek\\far cry\\bin32\\farcry.exe"= TCP:C:\program files\ubisoft\crytek\far cry\bin32\farcry.exe:Far Cry
"TCP Query User{775B7129-F9CC-4315-9F13-28EF3F4D74D5}C:\\program files\\microsoft games\\age of empires iii\\age3y.exe"= UDP:C:\program files\microsoft games\age of empires iii\age3y.exe:Age of Empires III Expansion 2
"UDP Query User{552F566D-4018-4808-BBAE-E60BBF918DD6}C:\\program files\\microsoft games\\age of empires iii\\age3y.exe"= TCP:C:\program files\microsoft games\age of empires iii\age3y.exe:Age of Empires III Expansion 2
"{58EE0E58-A85E-4F2F-8D4C-69A9103E930A}"= UDP:C:\Program Files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{F85F709F-60B5-4453-844E-B3AD6B046F87}"= TCP:C:\Program Files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"TCP Query User{A9A7C5AF-2A6C-435C-BA71-68DD1E56D74F}C:\\program files\\lucasarts\\swkotor2\\swupdate.exe"= UDP:C:\program files\lucasarts\swkotor2\swupdate.exe:Star Wars: Knights of the Old Republic II: The Sith Lords Update Program
"UDP Query User{DD4D54A6-C346-46F6-9514-C9C8759714EB}C:\\program files\\lucasarts\\swkotor2\\swupdate.exe"= TCP:C:\program files\lucasarts\swkotor2\swupdate.exe:Star Wars: Knights of the Old Republic II: The Sith Lords Update Program
"TCP Query User{E0AAE5CA-DB92-40D7-85BE-C8C6387659AC}C:\\program files\\zattoo\\zattood.exe"= UDP:C:\program files\zattoo\zattood.exe:zattood
"UDP Query User{841419BD-C227-4457-AF3B-AEC70DD3C702}C:\\program files\\zattoo\\zattood.exe"= TCP:C:\program files\zattoo\zattood.exe:zattood
"TCP Query User{01E7C78E-9C8A-4807-9A1C-DC9C368FC790}C:\\program files\\zattoo\\zattoo.exe"= UDP:C:\program files\zattoo\zattoo.exe:
"UDP Query User{DB88E94B-E8D5-40F5-B657-1B47D5259DE2}C:\\program files\\zattoo\\zattoo.exe"= TCP:C:\program files\zattoo\zattoo.exe:
"TCP Query User{FAB9510A-8B42-46F4-9973-30C5BD711CB6}C:\\kav\\kis7.0\\english\\setup.exe"= UDP:C:\kav\kis7.0\english\setup.exe:Kaspersky Internet Security 7.0 Setup
"UDP Query User{DFE850CF-2627-4D8E-9F9A-821E7887109E}C:\\kav\\kis7.0\\english\\setup.exe"= TCP:C:\kav\kis7.0\english\setup.exe:Kaspersky Internet Security 7.0 Setup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-10-16 11:05]
R2 {2E444BE9-B8EC-4CE6-8C2B-6536FB7F4FB7};{2E444BE9-B8EC-4CE6-8C2B-6536FB7F4FB7};C:\Program Files\Dell\MediaDirect\[u]0/u00.fcl [2007-09-07 07:29]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};C:\Program Files\CyberLink\PowerDVD8\[u]0/u00.fcl [2008-02-01 17:24]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2008-01-02 06:37]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-02-14 02:21]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 23:38]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-05 02:39]
R3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2006-11-07 03:37]
R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2006-11-07 01:13]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-07 01:13]
R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-12-03 07:58]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-12-03 07:59]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 09:36]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ddb940­28-fa24-11dc-bcfd-806e6f6e6963}]
\shell\AutoRun\command - E:\FarCryAutoCD.exe

*Newly Created Service* - AVGASCLN
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-01 03:28:36 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-04-18 06:12:48 C:\Windows\Tasks\User_Feed_Synchronization-{6CCFE6C3-7092-487F-B340-98ED72BCB6F8}.job"­;
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-18 11:12:32
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-18 11:13:34
ComboFix-quarantined-files.txt 2008-04-18 09:13:12

Pre-Run: 208,799,424,512 bytes free
Post-Run: 209,459,249,152 bytes free
.
2008-04-16 04:51:12 --- E O F ---



============================================
=================================================

OK,
Bonjour Raphaelfargeon,

A)- Télécharge et installe Malwarebyte's Anti-Malware
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

A la fin de l'installation, veille à ce que l'option "Mettre à jour Malwarebytes Anti-Malware" soit cochée. >>> clique sur "Terminer"

Lance Malwarebyte's Anti-Malware en double-cliquant sur l'icône sur le bureau.
Au premier lancement, une fenêtre t'annonce que la version est gratuite >>> clique sur ok
Laisse les Mises à jour se télécharger
*** Referme le programme ***

Redémarre en "Mode sans échec"
Regarde ici pour exécuter le mode sans échec, sans stresser :
< http://www.coupdepoucepc.com/modules/news/article.php?storyid=253 >
Il faut laisser aller le PC à son rythme, pour que s'installe le bureau; après quoi, tu réutilises ta souris.
Quand tu as le curseur qui clignote, tu peux avoir un temps d'ouverture du mode sans échec qui va jusqu'à 15 minutes. Il faut donc être patient.
Choisir sa session habituelle, (pas le compte "Administrateur" ou une autre).

Lance Malwarebyte's Anti-Malware
Onglet "Recherche" >>> coche « Exécuter un examen complet » >>> « Rechercher »
Sélectionne ton disque dur >>> clic sur « Lancer l'examen »

A la fin du scan >>> clique sur « Afficher les résultats » >>> « <gras>Enregistrer le Rapport »
Suppression des éléments détectés >>>> clique sur « Supprimer la sélection »
S'il t'est demandé de redémarrer >>> clique sur "Yes"</gras>
Un rapport de scan s'ouvre, poste le rapport.



B)- Téléchargez Lop S&D.exe sur votre bureau , puis double-cliquez dessus pour installer le programme
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2
Un raccourci sera créé sur votre bureau , puis tout simplement double-cliquez dessus pour lancer l’outil.
Choisissez votre langue
Puis choisissez l'option 1 ( Recherche ) > [Enter]
Laissez le scan se terminer sans fermer la fenêtre , cela peut durer plusieurs minutes
Le Bloc-Notes contenant le rapport va s'ouvrir , postez le sur le forum



C)- Fais une analyse par HijackThis, comme ceci:

1)- Télécharge la version finale de Hijackthis (Trend Secure) ==> HijackThis™ 2.0 .2 < [ http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php?page=download ] > avec un installeur.
- Sur la page, choisis « Download HijackThis Installer » http://img265.imageshack.us/img265/4575/screenshot127sd3.png
et enregistre-le sur le bureau.
Tu dois voir une nouvelle icône « HJTInstall.exe » sur le bureau.


2)- Installation :
- Clic-droit sur l’ icône « HJTInstall.exe » présente sur ton bureau et choisis : "Exécuter en tant qu'administrateur" dans le menu contextuel.
- Ensuite, clic sur « Exécuter », puis sur « Install ».
- Accepte la licence en cliquant sur le bouton "I Accept"
- Le programme s’installe de lui-même dans un dossier dédié.
- Par défaut, il s'installera en C:\Program Files\Trend Micro\HijackThis
- Et un raccourci pour lancer l’analyse apparaît sur le bureau.

Note: Comme cette version est appelée à rester sur le PC, faire un clic-droit sur HJTInstall.exe > Propriétés > Onglet “Compatibilité” > coche la case "Exécuter en tant qu'administrateur" en bas .
- Cette solution pérennise le choix qui peut être obtenu de manière provisoire par « clic-droit sur l'icône de raccourci/Exécuter en tant qu'administrateur» dans le menu contextuel.

3)Analyse :
•-Important à faire en priorité si tu possèdes le logiciel Spybot S&D > Désactive le Tea Timer de Spybot en passant par les options de Spybot: il faut une fois dans le logiciel il faut aller dans le menu "Mode" => coche "Mode avancé" => "Outils"(en bas de page)=> "Résident" => et tu décoches cette case: "Résident Tea Timer" .
- Tu ne dois plus voir l'icône du Tea Timer dans la barre de tâches (Systray près de l’horloge)!

•-Arrête tous les programmes en cours et ferme toutes les fenêtres.
•- Puis, double-clic sur le raccourci HJT créé sur le bureau, et clic sur "Do a system scan and save a logfile" pour lancer l'analyse.
- À la fin du scan le bloc-notes va s'ouvrir sur le bureau
- Tu fais un copier/coller de tout son contenu.
- Et tu le postes sur le forum.
- Il sera enregistré dans le dossier C:\Program Files\Trend Micro\HijackThis, sous hijackthis.log.



Merci
Bonne chance
Al