Infection virus VIN32

Bonjour,
J'ai supprimer les 4 registres dans la mise en quarantainej'ai relançé un nouveau scan je retrouve de nouveau ces registres infectés
Voici le nouveau rapport Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:47:00, on 28/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rkx5b6zwk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\FinePixViewerS\QuickDCF2.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\DOCUME~1\maurice2\LOCALS~1\Temp\Répertoire temporaire 2 pour HiJackThis.zip\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7A970955-A749-47F0-AD00-DD776594EDAC} - c:\windows\system32\qdlzvsw.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {BE59BEFC-0358-4F9A-A1F4-4738B60C68EF} - C:\DOCUME~1\MAURIC~1.MAU\LOCALS~1\Temp\dm4.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [rkx5b6zwk] C:\WINDOWS\system32\rkx5b6zwk.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [rkx5b6zwk] C:\WINDOWS\system32\rkx5b6zwk.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Exif Launcher S.lnk = C:\Program Files\FinePixViewerS\QuickDCF2.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{89E1E61E-9AAA-453B-BE2F-E765F6F46DB0}: NameServer = 80.10.246.130 81.253.149.10
O20 - Winlogon Notify: epmtpglm - C:\WINDOWS\SYSTEM32\qdlzvsw.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

Bonjour
Non il n'est pas trop tard
Cependant quelques problèmes
- Le répertoire C: DOCUM~1 est introuvable (caché ? cependant dans windows l'option afficher les dossiers et fichiers cachés est cochée)
- Le fichier C:\windows\système32\drivers\Hns40.sys est introuvable(caché ?)
et je ne sais pas comment transmettre les rapports pour les autres fichiers sachant que la seule option qui est proposée par le logiciel est l'impression . J'ai essayé de scanner derrier mais cela me paraît inexploitable
Merci de votre réponse

j'ajouterai qu'il ne le trouvera pas car dans les fichier temp ... bien vu Shion ! ^^

il n'est pas du tout installé comme il le faudrai : si erreur il y a lors d'un fix de ligne , pas de possible de revenir en arrière ...

Donc en attendant que le lien pour Combofix soit dispo. , fais exactement ce qui suit :

Télécharges et installes le logiciel HijackThis :

ici :ftp://ftp.commentcamarche.com/download/HJTInstall.exe
ou ici : http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

1- Cliques sur le setup pour lancer l'installe : laisses toi guider et ne modifies pas les paramètres d'installation .
A la fin de l'installe , le prg ce lance automatiquement : fermes le en cliquant sur la croix rouge .
Au final, tu dois avoir un raccourci sur ton bureau et aussi un cheminement comme : "C:\ programme file\Trend Micro\HijackThis\HijackThis.exe " .
Supprimes le raccourcis stp ...

Important :
Renommer le prg HijackThis :
Rends toi sur ton PC ici "C:\ programme file\Trend Micro\HijackThis\HijackThis.exe"<---cliques droit sur ce dernier et choisis "renommer" : tapes monjack et valides .
Puis cliques droit sur "monjack.exe" et choisis "envoyer vers" -> le bureau ( créer un raccourci ).

tuto pour utilisation
Regardes ici, c'est parfaitement expliqué en images (merci balltrap34) :
http://pageperso.aol.fr/balltrap34/demohijack.htm

2-!!Déconnectes toi et fermes toute tes applications en cours !!

Cliques sur le raccourci du bureau pour lancer le prg :
fais un scan "monjack" (ou HijackThis renommé) en cliquant sur : "Do a system scan and save a logfile"

---> Postes le rapport généré pour analyse ...

Tout d'abord merci, la solution d'utiliser "mawarebytes" a bien fonctionné puisque je n'ai plus de fichiers infectés . Cependant les rapports d'analyse depuis signalent tous que 4 registres sont infectés ( même après relance du PC).
Est-ce important ? Que faut-il faire?
Voici une copie du rapport:
Malwarebytes' Anti-Malware 1.23
Version de la base de données: 985
Windows 5.1.2600 Service Pack 2

08:35:07 27/07/2008
mbam-log-7-27-2008 (08-34-25).txt

Type de recherche: Examen rapide
Eléments examinés: 97877
Temps écoulé: 25 minute(s), 12 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Merci pour votre réponse

bonjour
voici le rapport comfix




ComboFix 08-07-27.5 - maurice2 2008-07-28 17:29:44.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.499 [GMT 2:00]
Endroit: C:\Documents and Settings\maurice2\Mes documents\Documents\vrac\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\qdlzvsw.dll . . . . Echec de suppression

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TCPSR
-------\Legacy_VRGLGBXO
-------\Service_vrglgbxo


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-28 to 2008-07-28 ))))))))))))))))))))))))))))))))))))
.

2008-07-28 10:53 . 2008-07-28 10:53 <REP> d-------- C:\Documents and Settings\jessie\Application Data\Malwarebytes
2008-07-26 14:21 . 2008-07-26 14:22 <REP> d-------- C:\Documents and Settings\jessie\Application Data\kwkkphjy
2008-07-26 11:40 . 2008-07-28 17:43 3,374,222 --a------ C:\WINDOWS\{00000002-00000000-00000008-00001102-00000002-80651102}.BAK
2008-07-26 11:39 . 2008-07-26 11:39 <REP> d-------- C:\Documents and Settings\maurice2_2.MAURICE.001\Application Data\Malwarebytes
2008-07-26 08:30 . 2008-07-26 08:30 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-26 08:30 . 2008-07-26 08:30 <REP> d-------- C:\Documents and Settings\maurice2\Application Data\Malwarebytes
2008-07-26 08:30 . 2008-07-26 08:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-26 08:30 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-26 08:30 . 2008-07-23 20:09 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-25 09:34 . 2008-07-25 09:34 <REP> d-------- C:\Documents and Settings\maurice2\Application Data\AVGTOOLBAR
2008-07-25 09:33 . 2008-07-25 09:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-25 08:00 . 2008-07-25 08:00 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-25 08:00 . 2008-07-25 08:00 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-24 07:38 . 2008-07-24 07:38 <REP> d-------- C:\Documents and Settings\maurice2_2.MAURICE.001\Application Data\kwkkphjy
2008-07-23 08:36 . 2006-12-07 12:37 <REP> d--h----- C:\Documents and Settings\maurice2_2.MAURICE.001\Voisinage r‚seau
2008-07-23 08:36 . 2006-12-07 12:37 <REP> d--h----- C:\Documents and Settings\maurice2_2.MAURICE.001\Voisinage d'impression
2008-07-23 08:36 . 2006-12-07 11:52 <REP> d--h----- C:\Documents and Settings\maurice2_2.MAURICE.001\ModŠles
2008-07-23 08:36 . 2008-07-24 07:45 <REP> dr------- C:\Documents and Settings\maurice2_2.MAURICE.001\Mes documents
2008-07-23 08:36 . 2006-12-07 12:37 <REP> dr------- C:\Documents and Settings\maurice2_2.MAURICE.001\Menu D‚marrer
2008-07-23 08:36 . 2008-07-23 08:37 <REP> dr------- C:\Documents and Settings\maurice2_2.MAURICE.001\Favoris
2008-07-23 08:36 . 2006-12-07 12:37 <REP> d-------- C:\Documents and Settings\maurice2_2.MAURICE.001\Bureau
2008-07-23 08:36 . 2008-07-27 08:00 <REP> d-------- C:\Documents and Settings\maurice2_2.MAURICE.001
2008-07-22 18:22 . 2008-07-22 18:22 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\kwkkphjy
2008-07-22 10:09 . 2008-07-22 10:09 <REP> d-------- C:\Program Files\CCleaner
2008-07-22 08:06 . 2008-07-22 08:06 <REP> d-------- C:\Documents and Settings\maurice2\Application Data\kwkkphjy
2008-07-21 08:49 . 2008-07-23 08:35 <REP> d-------- C:\Documents and Settings\maurice2_2.MAURICE.000
2008-07-21 07:40 . 2008-05-28 14:26 16,896 --a------ C:\WINDOWS\system32\rkx5b6zwk.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-28 15:22 --------- d-----w C:\Program Files\Wanadoo
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-04 18:32 --------- d-----w C:\Documents and Settings\famille.MAURICE\Application Data\Canon
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7A970955-A749-47F0-AD00-DD776594EDAC}]
2006-03-02 14:00 103936 --a------ c:\windows\system32\qdlzvsw.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-20 16:27 68856]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 21:45 1211176]
"AdobeUpdater"="C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 10:37 2321600]
"rkx5b6zwk"="C:\WINDOWS\system32\rkx5b6zwk.exe" [2008-05-28 14:26 16896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 02:00 28672]
"WooCnxMon"="C:\PROGRA~1\Wanadoo\CnxMon.exe" [2004-10-13 17:12 24576]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 12:38 866816]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-10-13 17:12 24576]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [2004-10-13 17:12 49152]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00 49152]
"OPSE reminder"="C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" [2003-07-07 10:30 729088]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 16:57 282624]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"rkx5b6zwk"="C:\WINDOWS\system32\rkx5b6zwk.exe" [2008-05-28 14:26 16896]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 18:56 24576 C:\WINDOWS\system32\CTHELPER.EXE]
"SoundMan"="SOUNDMAN.EXE" [2006-03-01 17:22 577536 C:\WINDOWS\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hns40.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\msncall.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\WINDOWS\\system32\\rkx5b6zwk.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1504:UDP"= 1504:UDP:Windows Media Format SDK (iexplore.exe)
"1505:UDP"= 1505:UDP:Windows Media Format SDK (iexplore.exe)
"1506:UDP"= 1506:UDP:Windows Media Format SDK (iexplore.exe)
"2868:TCP"= 2868:TCP:@xpsp2res.dll,-22009
"80:TCP"= 80:TCP:@xpsp2res.dll,-22009
"60541:TCP"= 60541:TCP:@xpsp2res.dll,-22009
"21792:TCP"= 21792:TCP:@xpsp2res.dll,-22009
"45332:TCP"= 45332:TCP:@xpsp2res.dll,-22009
"61312:TCP"= 61312:TCP:@xpsp2res.dll,-22009
"25417:TCP"= 25417:TCP:@xpsp2res.dll,-22009
"53370:TCP"= 53370:TCP:@xpsp2res.dll,-22009
"34321:TCP"= 34321:TCP:@xpsp2res.dll,-22009
"52336:TCP"= 52336:TCP:@xpsp2res.dll,-22009
"47238:TCP"= 47238:TCP:@xpsp2res.dll,-22009
"1559:TCP"= 1559:TCP:@xpsp2res.dll,-22009
"7774:TCP"= 7774:TCP:@xpsp2res.dll,-22009
"10014:TCP"= 10014:TCP:@xpsp2res.dll,-22009
"56959:TCP"= 56959:TCP:@xpsp2res.dll,-22009
"54907:TCP"= 54907:TCP:@xpsp2res.dll,-22009
"37495:TCP"= 37495:TCP:@xpsp2res.dll,-22009
"61063:TCP"= 61063:TCP:@xpsp2res.dll,-22009
"65117:TCP"= 65117:TCP:@xpsp2res.dll,-22009
"3847:TCP"= 3847:TCP:@xpsp2res.dll,-22009
"11842:TCP"= 11842:TCP:@xpsp2res.dll,-22009
"34501:TCP"= 34501:TCP:@xpsp2res.dll,-22009
"34246:TCP"= 34246:TCP:@xpsp2res.dll,-22009
"47053:TCP"= 47053:TCP:@xpsp2res.dll,-22009
"39449:TCP"= 39449:TCP:@xpsp2res.dll,-22009
"1314:TCP"= 1314:TCP:@xpsp2res.dll,-22009
"48839:TCP"= 48839:TCP:@xpsp2res.dll,-22009
"61046:TCP"= 61046:TCP:@xpsp2res.dll,-22009
"18127:TCP"= 18127:TCP:@xpsp2res.dll,-22009
"20818:TCP"= 20818:TCP:@xpsp2res.dll,-22009
"63583:TCP"= 63583:TCP:@xpsp2res.dll,-22009
"38488:TCP"= 38488:TCP:@xpsp2res.dll,-22009
"30344:TCP"= 30344:TCP:@xpsp2res.dll,-22009
"56342:TCP"= 56342:TCP:@xpsp2res.dll,-22009
"42107:TCP"= 42107:TCP:@xpsp2res.dll,-22009
"34150:TCP"= 34150:TCP:@xpsp2res.dll,-22009
"18229:TCP"= 18229:TCP:@xpsp2res.dll,-22009
"33806:TCP"= 33806:TCP:@xpsp2res.dll,-22009
"48692:TCP"= 48692:TCP:@xpsp2res.dll,-22009
"50279:TCP"= 50279:TCP:@xpsp2res.dll,-22009
"63542:TCP"= 63542:TCP:@xpsp2res.dll,-22009
"45636:TCP"= 45636:TCP:@xpsp2res.dll,-22009
"11088:TCP"= 11088:TCP:@xpsp2res.dll,-22009
"37179:TCP"= 37179:TCP:@xpsp2res.dll,-22009
"39770:TCP"= 39770:TCP:@xpsp2res.dll,-22009
"1395:TCP"= 1395:TCP:@xpsp2res.dll,-22009
"49171:TCP"= 49171:TCP:@xpsp2res.dll,-22009
"55075:TCP"= 55075:TCP:@xpsp2res.dll,-22009
"44601:TCP"= 44601:TCP:@xpsp2res.dll,-22009
"57884:TCP"= 57884:TCP:@xpsp2res.dll,-22009
"4097:TCP"= 4097:TCP:@xpsp2res.dll,-22009
"2617:TCP"= 2617:TCP:@xpsp2res.dll,-22009
"63624:TCP"= 63624:TCP:@xpsp2res.dll,-22009
"41270:TCP"= 41270:TCP:@xpsp2res.dll,-22009
"20293:TCP"= 20293:TCP:@xpsp2res.dll,-22009
"19074:TCP"= 19074:TCP:@xpsp2res.dll,-22009
"7484:TCP"= 7484:TCP:@xpsp2res.dll,-22009
"47496:TCP"= 47496:TCP:@xpsp2res.dll,-22009
"62521:TCP"= 62521:TCP:@xpsp2res.dll,-22009
"19576:TCP"= 19576:TCP:@xpsp2res.dll,-22009
"18775:TCP"= 18775:TCP:@xpsp2res.dll,-22009

R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\system32\DRIVERS\bsstor.sys [2002-06-05 18:07]
R0 mfchtxkj;mfchtxkj;C:\WINDOWS\system32\drivers\mfchtxkj.sys [2006-03-02 14:00]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
S0 Hns40;Hns40;C:\WINDOWS\system32\Drivers\Hns40.sys []
S3 FXDRV;FXDRV;D:\Fxdrv.sys []
S4 BsUDF;InCD UDF Driver;C:\WINDOWS\system32\drivers\BsUDF.sys [2002-08-09 06:00]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

2008-05-06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 15:21]
.
- - - - ORPHANS REMOVED - - - -

BHO-{BE59BEFC-0358-4F9A-A1F4-4738B60C68EF} - C:\DOCUME~1\MAURIC~1.MAU\LOCALS~1\Temp\dm4.dll
HKLM-Run-Adobe Photo Downloader - C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
HKU-Default-Run-Picasa Media Detector - C:\Program Files\Picasa2\PicasaMediaDetector.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.wanadoo.fr/
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R0 -: HKLM-Main,Default_Search_URL = hxxp://www.google.com/ie
R0 -: HKCU-Search,SearchAssistant = hxxp://www.google.com/ie
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
R0 -: HKLM-Search,SearchAssistant = hxxp://www.google.com/ie
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O16 -: {88764F69-3831-4EC1-B40B-FF21D8381345} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
C:\WINDOWS\Downloaded Program Files\AdSignerADP.inf
C:\WINDOWS\system32\msvcp60.dll
C:\WINDOWS\system32\atl.dll
C:\WINDOWS\Downloaded Program Files\AdVerifierADP.dll
C:\WINDOWS\Downloaded Program Files\AdSignerADP.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-28 17:42:59
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\FinePixViewerS\QuickDCF2.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-28 17:47:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-28 15:47:15

Pre-Run: 32,520,851,456 octets libres
Post-Run: 33,128,939,520 octets libres

bonjour
voici le rapport comfix




ComboFix 08-07-27.5 - maurice2 2008-07-28 17:29:44.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.499 [GMT 2:00]
Endroit: C:\Documents and Settings\maurice2\Mes documents\Documents\vrac\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\qdlzvsw.dll . . . . Echec de suppression

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TCPSR
-------\Legacy_VRGLGBXO
-------\Service_vrglgbxo


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-28 to 2008-07-28 ))))))))))))))))))))))))))))))))))))
.

2008-07-28 10:53 . 2008-07-28 10:53 <REP> d-------- C:\Documents and Settings\jessie\Application Data\Malwarebytes
2008-07-26 14:21 . 2008-07-26 14:22 <REP> d-------- C:\Documents and Settings\jessie\Application Data\kwkkphjy
2008-07-26 11:40 . 2008-07-28 17:43 3,374,222 --a------ C:\WINDOWS\{00000002-00000000-00000008-00001102-00000002-80651102}.BAK
2008-07-26 11:39 . 2008-07-26 11:39 <REP> d-------- C:\Documents and Settings\maurice2_2.MAURICE.001\Application Data\Malwarebytes
2008-07-26 08:30 . 2008-07-26 08:30 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-26 08:30 . 2008-07-26 08:30 <REP> d-------- C:\Documents and Settings\maurice2\Application Data\Malwarebytes
2008-07-26 08:30 . 2008-07-26 08:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-26 08:30 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-26 08:30 . 2008-07-23 20:09 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-25 09:34 . 2008-07-25 09:34 <REP> d-------- C:\Documents and Settings\maurice2\Application Data\AVGTOOLBAR
2008-07-25 09:33 . 2008-07-25 09:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-25 08:00 . 2008-07-25 08:00 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-25 08:00 . 2008-07-25 08:00 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-24 07:38 . 2008-07-24 07:38 <REP> d-------- C:\Documents and Settings\maurice2_2.MAURICE.001\Application Data\kwkkphjy
2008-07-23 08:36 . 2006-12-07 12:37 <REP> d--h----- C:\Documents and Settings\maurice2_2.MAURICE.001\Voisinage r‚seau
2008-07-23 08:36 . 2006-12-07 12:37 <REP> d--h----- C:\Documents and Settings\maurice2_2.MAURICE.001\Voisinage d'impression
2008-07-23 08:36 . 2006-12-07 11:52 <REP> d--h----- C:\Documents and Settings\maurice2_2.MAURICE.001\ModŠles
2008-07-23 08:36 . 2008-07-24 07:45 <REP> dr------- C:\Documents and Settings\maurice2_2.MAURICE.001\Mes documents
2008-07-23 08:36 . 2006-12-07 12:37 <REP> dr------- C:\Documents and Settings\maurice2_2.MAURICE.001\Menu D‚marrer
2008-07-23 08:36 . 2008-07-23 08:37 <REP> dr------- C:\Documents and Settings\maurice2_2.MAURICE.001\Favoris
2008-07-23 08:36 . 2006-12-07 12:37 <REP> d-------- C:\Documents and Settings\maurice2_2.MAURICE.001\Bureau
2008-07-23 08:36 . 2008-07-27 08:00 <REP> d-------- C:\Documents and Settings\maurice2_2.MAURICE.001
2008-07-22 18:22 . 2008-07-22 18:22 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\kwkkphjy
2008-07-22 10:09 . 2008-07-22 10:09 <REP> d-------- C:\Program Files\CCleaner
2008-07-22 08:06 . 2008-07-22 08:06 <REP> d-------- C:\Documents and Settings\maurice2\Application Data\kwkkphjy
2008-07-21 08:49 . 2008-07-23 08:35 <REP> d-------- C:\Documents and Settings\maurice2_2.MAURICE.000
2008-07-21 07:40 . 2008-05-28 14:26 16,896 --a------ C:\WINDOWS\system32\rkx5b6zwk.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-28 15:22 --------- d-----w C:\Program Files\Wanadoo
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-04 18:32 --------- d-----w C:\Documents and Settings\famille.MAURICE\Application Data\Canon
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7A970955-A749-47F0-AD00-DD776594EDAC}]
2006-03-02 14:00 103936 --a------ c:\windows\system32\qdlzvsw.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-20 16:27 68856]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 21:45 1211176]
"AdobeUpdater"="C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 10:37 2321600]
"rkx5b6zwk"="C:\WINDOWS\system32\rkx5b6zwk.exe" [2008-05-28 14:26 16896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 02:00 28672]
"WooCnxMon"="C:\PROGRA~1\Wanadoo\CnxMon.exe" [2004-10-13 17:12 24576]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 12:38 866816]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-10-13 17:12 24576]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [2004-10-13 17:12 49152]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00 49152]
"OPSE reminder"="C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" [2003-07-07 10:30 729088]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 16:57 282624]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"rkx5b6zwk"="C:\WINDOWS\system32\rkx5b6zwk.exe" [2008-05-28 14:26 16896]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 18:56 24576 C:\WINDOWS\system32\CTHELPER.EXE]
"SoundMan"="SOUNDMAN.EXE" [2006-03-01 17:22 577536 C:\WINDOWS\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hns40.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\msncall.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\WINDOWS\\system32\\rkx5b6zwk.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1504:UDP"= 1504:UDP:Windows Media Format SDK (iexplore.exe)
"1505:UDP"= 1505:UDP:Windows Media Format SDK (iexplore.exe)
"1506:UDP"= 1506:UDP:Windows Media Format SDK (iexplore.exe)
"2868:TCP"= 2868:TCP:@xpsp2res.dll,-22009
"80:TCP"= 80:TCP:@xpsp2res.dll,-22009
"60541:TCP"= 60541:TCP:@xpsp2res.dll,-22009
"21792:TCP"= 21792:TCP:@xpsp2res.dll,-22009
"45332:TCP"= 45332:TCP:@xpsp2res.dll,-22009
"61312:TCP"= 61312:TCP:@xpsp2res.dll,-22009
"25417:TCP"= 25417:TCP:@xpsp2res.dll,-22009
"53370:TCP"= 53370:TCP:@xpsp2res.dll,-22009
"34321:TCP"= 34321:TCP:@xpsp2res.dll,-22009
"52336:TCP"= 52336:TCP:@xpsp2res.dll,-22009
"47238:TCP"= 47238:TCP:@xpsp2res.dll,-22009
"1559:TCP"= 1559:TCP:@xpsp2res.dll,-22009
"7774:TCP"= 7774:TCP:@xpsp2res.dll,-22009
"10014:TCP"= 10014:TCP:@xpsp2res.dll,-22009
"56959:TCP"= 56959:TCP:@xpsp2res.dll,-22009
"54907:TCP"= 54907:TCP:@xpsp2res.dll,-22009
"37495:TCP"= 37495:TCP:@xpsp2res.dll,-22009
"61063:TCP"= 61063:TCP:@xpsp2res.dll,-22009
"65117:TCP"= 65117:TCP:@xpsp2res.dll,-22009
"3847:TCP"= 3847:TCP:@xpsp2res.dll,-22009
"11842:TCP"= 11842:TCP:@xpsp2res.dll,-22009
"34501:TCP"= 34501:TCP:@xpsp2res.dll,-22009
"34246:TCP"= 34246:TCP:@xpsp2res.dll,-22009
"47053:TCP"= 47053:TCP:@xpsp2res.dll,-22009
"39449:TCP"= 39449:TCP:@xpsp2res.dll,-22009
"1314:TCP"= 1314:TCP:@xpsp2res.dll,-22009
"48839:TCP"= 48839:TCP:@xpsp2res.dll,-22009
"61046:TCP"= 61046:TCP:@xpsp2res.dll,-22009
"18127:TCP"= 18127:TCP:@xpsp2res.dll,-22009
"20818:TCP"= 20818:TCP:@xpsp2res.dll,-22009
"63583:TCP"= 63583:TCP:@xpsp2res.dll,-22009
"38488:TCP"= 38488:TCP:@xpsp2res.dll,-22009
"30344:TCP"= 30344:TCP:@xpsp2res.dll,-22009
"56342:TCP"= 56342:TCP:@xpsp2res.dll,-22009
"42107:TCP"= 42107:TCP:@xpsp2res.dll,-22009
"34150:TCP"= 34150:TCP:@xpsp2res.dll,-22009
"18229:TCP"= 18229:TCP:@xpsp2res.dll,-22009
"33806:TCP"= 33806:TCP:@xpsp2res.dll,-22009
"48692:TCP"= 48692:TCP:@xpsp2res.dll,-22009
"50279:TCP"= 50279:TCP:@xpsp2res.dll,-22009
"63542:TCP"= 63542:TCP:@xpsp2res.dll,-22009
"45636:TCP"= 45636:TCP:@xpsp2res.dll,-22009
"11088:TCP"= 11088:TCP:@xpsp2res.dll,-22009
"37179:TCP"= 37179:TCP:@xpsp2res.dll,-22009
"39770:TCP"= 39770:TCP:@xpsp2res.dll,-22009
"1395:TCP"= 1395:TCP:@xpsp2res.dll,-22009
"49171:TCP"= 49171:TCP:@xpsp2res.dll,-22009
"55075:TCP"= 55075:TCP:@xpsp2res.dll,-22009
"44601:TCP"= 44601:TCP:@xpsp2res.dll,-22009
"57884:TCP"= 57884:TCP:@xpsp2res.dll,-22009
"4097:TCP"= 4097:TCP:@xpsp2res.dll,-22009
"2617:TCP"= 2617:TCP:@xpsp2res.dll,-22009
"63624:TCP"= 63624:TCP:@xpsp2res.dll,-22009
"41270:TCP"= 41270:TCP:@xpsp2res.dll,-22009
"20293:TCP"= 20293:TCP:@xpsp2res.dll,-22009
"19074:TCP"= 19074:TCP:@xpsp2res.dll,-22009
"7484:TCP"= 7484:TCP:@xpsp2res.dll,-22009
"47496:TCP"= 47496:TCP:@xpsp2res.dll,-22009
"62521:TCP"= 62521:TCP:@xpsp2res.dll,-22009
"19576:TCP"= 19576:TCP:@xpsp2res.dll,-22009
"18775:TCP"= 18775:TCP:@xpsp2res.dll,-22009

R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\system32\DRIVERS\bsstor.sys [2002-06-05 18:07]
R0 mfchtxkj;mfchtxkj;C:\WINDOWS\system32\drivers\mfchtxkj.sys [2006-03-02 14:00]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
S0 Hns40;Hns40;C:\WINDOWS\system32\Drivers\Hns40.sys []
S3 FXDRV;FXDRV;D:\Fxdrv.sys []
S4 BsUDF;InCD UDF Driver;C:\WINDOWS\system32\drivers\BsUDF.sys [2002-08-09 06:00]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

2008-05-06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 15:21]
.
- - - - ORPHANS REMOVED - - - -

BHO-{BE59BEFC-0358-4F9A-A1F4-4738B60C68EF} - C:\DOCUME~1\MAURIC~1.MAU\LOCALS~1\Temp\dm4.dll
HKLM-Run-Adobe Photo Downloader - C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
HKU-Default-Run-Picasa Media Detector - C:\Program Files\Picasa2\PicasaMediaDetector.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.wanadoo.fr/
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R0 -: HKLM-Main,Default_Search_URL = hxxp://www.google.com/ie
R0 -: HKCU-Search,SearchAssistant = hxxp://www.google.com/ie
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
R0 -: HKLM-Search,SearchAssistant = hxxp://www.google.com/ie
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O16 -: {88764F69-3831-4EC1-B40B-FF21D8381345} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
C:\WINDOWS\Downloaded Program Files\AdSignerADP.inf
C:\WINDOWS\system32\msvcp60.dll
C:\WINDOWS\system32\atl.dll
C:\WINDOWS\Downloaded Program Files\AdVerifierADP.dll
C:\WINDOWS\Downloaded Program Files\AdSignerADP.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-28 17:42:59
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\FinePixViewerS\QuickDCF2.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-28 17:47:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-28 15:47:15

Pre-Run: 32,520,851,456 octets libres
Post-Run: 33,128,939,520 octets libres

bonjour
voici le rapport comfix




ComboFix 08-07-27.5 - maurice2 2008-07-28 17:29:44.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.499 [GMT 2:00]
Endroit: C:\Documents and Settings\maurice2\Mes documents\Documents\vrac\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\qdlzvsw.dll . . . . Echec de suppression

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TCPSR
-------\Legacy_VRGLGBXO
-------\Service_vrglgbxo


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-28 to 2008-07-28 ))))))))))))))))))))))))))))))))))))
.

2008-07-28 10:53 . 2008-07-28 10:53 <REP> d-------- C:\Documents and Settings\jessie\Application Data\Malwarebytes
2008-07-26 14:21 . 2008-07-26 14:22 <REP> d-------- C:\Documents and Settings\jessie\Application Data\kwkkphjy
2008-07-26 11:40 . 2008-07-28 17:43 3,374,222 --a------ C:\WINDOWS\{00000002-00000000-00000008-00001102-00000002-80651102}.BAK
2008-07-26 11:39 . 2008-07-26 11:39 <REP> d-------- C:\Documents and Settings\maurice2_2.MAURICE.001\Application Data\Malwarebytes
2008-07-26 08:30 . 2008-07-26 08:30 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-26 08:30 . 2008-07-26 08:30 <REP> d-------- C:\Documents and Settings\maurice2\Application Data\Malwarebytes
2008-07-26 08:30 . 2008-07-26 08:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-26 08:30 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-26 08:30 . 2008-07-23 20:09 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-25 09:34 . 2008-07-25 09:34 <REP> d-------- C:\Documents and Settings\maurice2\Application Data\AVGTOOLBAR
2008-07-25 09:33 . 2008-07-25 09:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-25 08:00 . 2008-07-25 08:00 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-25 08:00 . 2008-07-25 08:00 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-24 07:38 . 2008-07-24 07:38 <REP> d-------- C:\Documents and Settings\maurice2_2.MAURICE.001\Application Data\kwkkphjy
2008-07-23 08:36 . 2006-12-07 12:37 <REP> d--h----- C:\Documents and Settings\maurice2_2.MAURICE.001\Voisinage r‚seau
2008-07-23 08:36 . 2006-12-07 12:37 <REP> d--h----- C:\Documents and Settings\maurice2_2.MAURICE.001\Voisinage d'impression
2008-07-23 08:36 . 2006-12-07 11:52 <REP> d--h----- C:\Documents and Settings\maurice2_2.MAURICE.001\ModŠles
2008-07-23 08:36 . 2008-07-24 07:45 <REP> dr------- C:\Documents and Settings\maurice2_2.MAURICE.001\Mes documents
2008-07-23 08:36 . 2006-12-07 12:37 <REP> dr------- C:\Documents and Settings\maurice2_2.MAURICE.001\Menu D‚marrer
2008-07-23 08:36 . 2008-07-23 08:37 <REP> dr------- C:\Documents and Settings\maurice2_2.MAURICE.001\Favoris
2008-07-23 08:36 . 2006-12-07 12:37 <REP> d-------- C:\Documents and Settings\maurice2_2.MAURICE.001\Bureau
2008-07-23 08:36 . 2008-07-27 08:00 <REP> d-------- C:\Documents and Settings\maurice2_2.MAURICE.001
2008-07-22 18:22 . 2008-07-22 18:22 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\kwkkphjy
2008-07-22 10:09 . 2008-07-22 10:09 <REP> d-------- C:\Program Files\CCleaner
2008-07-22 08:06 . 2008-07-22 08:06 <REP> d-------- C:\Documents and Settings\maurice2\Application Data\kwkkphjy
2008-07-21 08:49 . 2008-07-23 08:35 <REP> d-------- C:\Documents and Settings\maurice2_2.MAURICE.000
2008-07-21 07:40 . 2008-05-28 14:26 16,896 --a------ C:\WINDOWS\system32\rkx5b6zwk.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-28 15:22 --------- d-----w C:\Program Files\Wanadoo
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-04 18:32 --------- d-----w C:\Documents and Settings\famille.MAURICE\Application Data\Canon
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7A970955-A749-47F0-AD00-DD776594EDAC}]
2006-03-02 14:00 103936 --a------ c:\windows\system32\qdlzvsw.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-20 16:27 68856]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 21:45 1211176]
"AdobeUpdater"="C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 10:37 2321600]
"rkx5b6zwk"="C:\WINDOWS\system32\rkx5b6zwk.exe" [2008-05-28 14:26 16896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 02:00 28672]
"WooCnxMon"="C:\PROGRA~1\Wanadoo\CnxMon.exe" [2004-10-13 17:12 24576]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 12:38 866816]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-10-13 17:12 24576]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [2004-10-13 17:12 49152]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00 49152]
"OPSE reminder"="C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" [2003-07-07 10:30 729088]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 16:57 282624]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"rkx5b6zwk"="C:\WINDOWS\system32\rkx5b6zwk.exe" [2008-05-28 14:26 16896]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 18:56 24576 C:\WINDOWS\system32\CTHELPER.EXE]
"SoundMan"="SOUNDMAN.EXE" [2006-03-01 17:22 577536 C:\WINDOWS\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hns40.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\msncall.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\WINDOWS\\system32\\rkx5b6zwk.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1504:UDP"= 1504:UDP:Windows Media Format SDK (iexplore.exe)
"1505:UDP"= 1505:UDP:Windows Media Format SDK (iexplore.exe)
"1506:UDP"= 1506:UDP:Windows Media Format SDK (iexplore.exe)
"2868:TCP"= 2868:TCP:@xpsp2res.dll,-22009
"80:TCP"= 80:TCP:@xpsp2res.dll,-22009
"60541:TCP"= 60541:TCP:@xpsp2res.dll,-22009
"21792:TCP"= 21792:TCP:@xpsp2res.dll,-22009
"45332:TCP"= 45332:TCP:@xpsp2res.dll,-22009
"61312:TCP"= 61312:TCP:@xpsp2res.dll,-22009
"25417:TCP"= 25417:TCP:@xpsp2res.dll,-22009
"53370:TCP"= 53370:TCP:@xpsp2res.dll,-22009
"34321:TCP"= 34321:TCP:@xpsp2res.dll,-22009
"52336:TCP"= 52336:TCP:@xpsp2res.dll,-22009
"47238:TCP"= 47238:TCP:@xpsp2res.dll,-22009
"1559:TCP"= 1559:TCP:@xpsp2res.dll,-22009
"7774:TCP"= 7774:TCP:@xpsp2res.dll,-22009
"10014:TCP"= 10014:TCP:@xpsp2res.dll,-22009
"56959:TCP"= 56959:TCP:@xpsp2res.dll,-22009
"54907:TCP"= 54907:TCP:@xpsp2res.dll,-22009
"37495:TCP"= 37495:TCP:@xpsp2res.dll,-22009
"61063:TCP"= 61063:TCP:@xpsp2res.dll,-22009
"65117:TCP"= 65117:TCP:@xpsp2res.dll,-22009
"3847:TCP"= 3847:TCP:@xpsp2res.dll,-22009
"11842:TCP"= 11842:TCP:@xpsp2res.dll,-22009
"34501:TCP"= 34501:TCP:@xpsp2res.dll,-22009
"34246:TCP"= 34246:TCP:@xpsp2res.dll,-22009
"47053:TCP"= 47053:TCP:@xpsp2res.dll,-22009
"39449:TCP"= 39449:TCP:@xpsp2res.dll,-22009
"1314:TCP"= 1314:TCP:@xpsp2res.dll,-22009
"48839:TCP"= 48839:TCP:@xpsp2res.dll,-22009
"61046:TCP"= 61046:TCP:@xpsp2res.dll,-22009
"18127:TCP"= 18127:TCP:@xpsp2res.dll,-22009
"20818:TCP"= 20818:TCP:@xpsp2res.dll,-22009
"63583:TCP"= 63583:TCP:@xpsp2res.dll,-22009
"38488:TCP"= 38488:TCP:@xpsp2res.dll,-22009
"30344:TCP"= 30344:TCP:@xpsp2res.dll,-22009
"56342:TCP"= 56342:TCP:@xpsp2res.dll,-22009
"42107:TCP"= 42107:TCP:@xpsp2res.dll,-22009
"34150:TCP"= 34150:TCP:@xpsp2res.dll,-22009
"18229:TCP"= 18229:TCP:@xpsp2res.dll,-22009
"33806:TCP"= 33806:TCP:@xpsp2res.dll,-22009
"48692:TCP"= 48692:TCP:@xpsp2res.dll,-22009
"50279:TCP"= 50279:TCP:@xpsp2res.dll,-22009
"63542:TCP"= 63542:TCP:@xpsp2res.dll,-22009
"45636:TCP"= 45636:TCP:@xpsp2res.dll,-22009
"11088:TCP"= 11088:TCP:@xpsp2res.dll,-22009
"37179:TCP"= 37179:TCP:@xpsp2res.dll,-22009
"39770:TCP"= 39770:TCP:@xpsp2res.dll,-22009
"1395:TCP"= 1395:TCP:@xpsp2res.dll,-22009
"49171:TCP"= 49171:TCP:@xpsp2res.dll,-22009
"55075:TCP"= 55075:TCP:@xpsp2res.dll,-22009
"44601:TCP"= 44601:TCP:@xpsp2res.dll,-22009
"57884:TCP"= 57884:TCP:@xpsp2res.dll,-22009
"4097:TCP"= 4097:TCP:@xpsp2res.dll,-22009
"2617:TCP"= 2617:TCP:@xpsp2res.dll,-22009
"63624:TCP"= 63624:TCP:@xpsp2res.dll,-22009
"41270:TCP"= 41270:TCP:@xpsp2res.dll,-22009
"20293:TCP"= 20293:TCP:@xpsp2res.dll,-22009
"19074:TCP"= 19074:TCP:@xpsp2res.dll,-22009
"7484:TCP"= 7484:TCP:@xpsp2res.dll,-22009
"47496:TCP"= 47496:TCP:@xpsp2res.dll,-22009
"62521:TCP"= 62521:TCP:@xpsp2res.dll,-22009
"19576:TCP"= 19576:TCP:@xpsp2res.dll,-22009
"18775:TCP"= 18775:TCP:@xpsp2res.dll,-22009

R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\system32\DRIVERS\bsstor.sys [2002-06-05 18:07]
R0 mfchtxkj;mfchtxkj;C:\WINDOWS\system32\drivers\mfchtxkj.sys [2006-03-02 14:00]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
S0 Hns40;Hns40;C:\WINDOWS\system32\Drivers\Hns40.sys []
S3 FXDRV;FXDRV;D:\Fxdrv.sys []
S4 BsUDF;InCD UDF Driver;C:\WINDOWS\system32\drivers\BsUDF.sys [2002-08-09 06:00]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

2008-05-06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 15:21]
.
- - - - ORPHANS REMOVED - - - -

BHO-{BE59BEFC-0358-4F9A-A1F4-4738B60C68EF} - C:\DOCUME~1\MAURIC~1.MAU\LOCALS~1\Temp\dm4.dll
HKLM-Run-Adobe Photo Downloader - C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
HKU-Default-Run-Picasa Media Detector - C:\Program Files\Picasa2\PicasaMediaDetector.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.wanadoo.fr/
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R0 -: HKLM-Main,Default_Search_URL = hxxp://www.google.com/ie
R0 -: HKCU-Search,SearchAssistant = hxxp://www.google.com/ie
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
R0 -: HKLM-Search,SearchAssistant = hxxp://www.google.com/ie
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O16 -: {88764F69-3831-4EC1-B40B-FF21D8381345} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
C:\WINDOWS\Downloaded Program Files\AdSignerADP.inf
C:\WINDOWS\system32\msvcp60.dll
C:\WINDOWS\system32\atl.dll
C:\WINDOWS\Downloaded Program Files\AdVerifierADP.dll
C:\WINDOWS\Downloaded Program Files\AdSignerADP.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-28 17:42:59
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\FinePixViewerS\QuickDCF2.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-28 17:47:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-28 15:47:15

Pre-Run: 32,520,851,456 octets libres
Post-Run: 33,128,939,520 octets libres

bonjour
voici le rapport comfix




ComboFix 08-07-27.5 - maurice2 2008-07-28 17:29:44.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.499 [GMT 2:00]
Endroit: C:\Documents and Settings\maurice2\Mes documents\Documents\vrac\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\qdlzvsw.dll . . . . Echec de suppression

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TCPSR
-------\Legacy_VRGLGBXO
-------\Service_vrglgbxo


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-28 to 2008-07-28 ))))))))))))))))))))))))))))))))))))
.

2008-07-28 10:53 . 2008-07-28 10:53 <REP> d-------- C:\Documents and Settings\jessie\Application Data\Malwarebytes
2008-07-26 14:21 . 2008-07-26 14:22 <REP> d-------- C:\Documents and Settings\jessie\Application Data\kwkkphjy
2008-07-26 11:40 . 2008-07-28 17:43 3,374,222 --a------ C:\WINDOWS\{00000002-00000000-00000008-00001102-00000002-80651102}.BAK
2008-07-26 11:39 . 2008-07-26 11:39 <REP> d-------- C:\Documents and Settings\maurice2_2.MAURICE.001\Application Data\Malwarebytes
2008-07-26 08:30 . 2008-07-26 08:30 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-26 08:30 . 2008-07-26 08:30 <REP> d-------- C:\Documents and Settings\maurice2\Application Data\Malwarebytes
2008-07-26 08:30 . 2008-07-26 08:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-26 08:30 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-26 08:30 . 2008-07-23 20:09 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-25 09:34 . 2008-07-25 09:34 <REP> d-------- C:\Documents and Settings\maurice2\Application Data\AVGTOOLBAR
2008-07-25 09:33 . 2008-07-25 09:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-25 08:00 . 2008-07-25 08:00 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-25 08:00 . 2008-07-25 08:00 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-24 07:38 . 2008-07-24 07:38 <REP> d-------- C:\Documents and Settings\maurice2_2.MAURICE.001\Application Data\kwkkphjy
2008-07-23 08:36 . 2006-12-07 12:37 <REP> d--h----- C:\Documents and Settings\maurice2_2.MAURICE.001\Voisinage r‚seau
2008-07-23 08:36 . 2006-12-07 12:37 <REP> d--h----- C:\Documents and Settings\maurice2_2.MAURICE.001\Voisinage d'impression
2008-07-23 08:36 . 2006-12-07 11:52 <REP> d--h----- C:\Documents and Settings\maurice2_2.MAURICE.001\ModŠles
2008-07-23 08:36 . 2008-07-24 07:45 <REP> dr------- C:\Documents and Settings\maurice2_2.MAURICE.001\Mes documents
2008-07-23 08:36 . 2006-12-07 12:37 <REP> dr------- C:\Documents and Settings\maurice2_2.MAURICE.001\Menu D‚marrer
2008-07-23 08:36 . 2008-07-23 08:37 <REP> dr------- C:\Documents and Settings\maurice2_2.MAURICE.001\Favoris
2008-07-23 08:36 . 2006-12-07 12:37 <REP> d-------- C:\Documents and Settings\maurice2_2.MAURICE.001\Bureau
2008-07-23 08:36 . 2008-07-27 08:00 <REP> d-------- C:\Documents and Settings\maurice2_2.MAURICE.001
2008-07-22 18:22 . 2008-07-22 18:22 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\kwkkphjy
2008-07-22 10:09 . 2008-07-22 10:09 <REP> d-------- C:\Program Files\CCleaner
2008-07-22 08:06 . 2008-07-22 08:06 <REP> d-------- C:\Documents and Settings\maurice2\Application Data\kwkkphjy
2008-07-21 08:49 . 2008-07-23 08:35 <REP> d-------- C:\Documents and Settings\maurice2_2.MAURICE.000
2008-07-21 07:40 . 2008-05-28 14:26 16,896 --a------ C:\WINDOWS\system32\rkx5b6zwk.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-28 15:22 --------- d-----w C:\Program Files\Wanadoo
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-04 18:32 --------- d-----w C:\Documents and Settings\famille.MAURICE\Application Data\Canon
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7A970955-A749-47F0-AD00-DD776594EDAC}]
2006-03-02 14:00 103936 --a------ c:\windows\system32\qdlzvsw.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-20 16:27 68856]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 21:45 1211176]
"AdobeUpdater"="C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 10:37 2321600]
"rkx5b6zwk"="C:\WINDOWS\system32\rkx5b6zwk.exe" [2008-05-28 14:26 16896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 02:00 28672]
"WooCnxMon"="C:\PROGRA~1\Wanadoo\CnxMon.exe" [2004-10-13 17:12 24576]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 12:38 866816]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-10-13 17:12 24576]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [2004-10-13 17:12 49152]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00 49152]
"OPSE reminder"="C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" [2003-07-07 10:30 729088]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 16:57 282624]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"rkx5b6zwk"="C:\WINDOWS\system32\rkx5b6zwk.exe" [2008-05-28 14:26 16896]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 18:56 24576 C:\WINDOWS\system32\CTHELPER.EXE]
"SoundMan"="SOUNDMAN.EXE" [2006-03-01 17:22 577536 C:\WINDOWS\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hns40.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\msncall.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\WINDOWS\\system32\\rkx5b6zwk.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1504:UDP"= 1504:UDP:Windows Media Format SDK (iexplore.exe)
"1505:UDP"= 1505:UDP:Windows Media Format SDK (iexplore.exe)
"1506:UDP"= 1506:UDP:Windows Media Format SDK (iexplore.exe)
"2868:TCP"= 2868:TCP:@xpsp2res.dll,-22009
"80:TCP"= 80:TCP:@xpsp2res.dll,-22009
"60541:TCP"= 60541:TCP:@xpsp2res.dll,-22009
"21792:TCP"= 21792:TCP:@xpsp2res.dll,-22009
"45332:TCP"= 45332:TCP:@xpsp2res.dll,-22009
"61312:TCP"= 61312:TCP:@xpsp2res.dll,-22009
"25417:TCP"= 25417:TCP:@xpsp2res.dll,-22009
"53370:TCP"= 53370:TCP:@xpsp2res.dll,-22009
"34321:TCP"= 34321:TCP:@xpsp2res.dll,-22009
"52336:TCP"= 52336:TCP:@xpsp2res.dll,-22009
"47238:TCP"= 47238:TCP:@xpsp2res.dll,-22009
"1559:TCP"= 1559:TCP:@xpsp2res.dll,-22009
"7774:TCP"= 7774:TCP:@xpsp2res.dll,-22009
"10014:TCP"= 10014:TCP:@xpsp2res.dll,-22009
"56959:TCP"= 56959:TCP:@xpsp2res.dll,-22009
"54907:TCP"= 54907:TCP:@xpsp2res.dll,-22009
"37495:TCP"= 37495:TCP:@xpsp2res.dll,-22009
"61063:TCP"= 61063:TCP:@xpsp2res.dll,-22009
"65117:TCP"= 65117:TCP:@xpsp2res.dll,-22009
"3847:TCP"= 3847:TCP:@xpsp2res.dll,-22009
"11842:TCP"= 11842:TCP:@xpsp2res.dll,-22009
"34501:TCP"= 34501:TCP:@xpsp2res.dll,-22009
"34246:TCP"= 34246:TCP:@xpsp2res.dll,-22009
"47053:TCP"= 47053:TCP:@xpsp2res.dll,-22009
"39449:TCP"= 39449:TCP:@xpsp2res.dll,-22009
"1314:TCP"= 1314:TCP:@xpsp2res.dll,-22009
"48839:TCP"= 48839:TCP:@xpsp2res.dll,-22009
"61046:TCP"= 61046:TCP:@xpsp2res.dll,-22009
"18127:TCP"= 18127:TCP:@xpsp2res.dll,-22009
"20818:TCP"= 20818:TCP:@xpsp2res.dll,-22009
"63583:TCP"= 63583:TCP:@xpsp2res.dll,-22009
"38488:TCP"= 38488:TCP:@xpsp2res.dll,-22009
"30344:TCP"= 30344:TCP:@xpsp2res.dll,-22009
"56342:TCP"= 56342:TCP:@xpsp2res.dll,-22009
"42107:TCP"= 42107:TCP:@xpsp2res.dll,-22009
"34150:TCP"= 34150:TCP:@xpsp2res.dll,-22009
"18229:TCP"= 18229:TCP:@xpsp2res.dll,-22009
"33806:TCP"= 33806:TCP:@xpsp2res.dll,-22009
"48692:TCP"= 48692:TCP:@xpsp2res.dll,-22009
"50279:TCP"= 50279:TCP:@xpsp2res.dll,-22009
"63542:TCP"= 63542:TCP:@xpsp2res.dll,-22009
"45636:TCP"= 45636:TCP:@xpsp2res.dll,-22009
"11088:TCP"= 11088:TCP:@xpsp2res.dll,-22009
"37179:TCP"= 37179:TCP:@xpsp2res.dll,-22009
"39770:TCP"= 39770:TCP:@xpsp2res.dll,-22009
"1395:TCP"= 1395:TCP:@xpsp2res.dll,-22009
"49171:TCP"= 49171:TCP:@xpsp2res.dll,-22009
"55075:TCP"= 55075:TCP:@xpsp2res.dll,-22009
"44601:TCP"= 44601:TCP:@xpsp2res.dll,-22009
"57884:TCP"= 57884:TCP:@xpsp2res.dll,-22009
"4097:TCP"= 4097:TCP:@xpsp2res.dll,-22009
"2617:TCP"= 2617:TCP:@xpsp2res.dll,-22009
"63624:TCP"= 63624:TCP:@xpsp2res.dll,-22009
"41270:TCP"= 41270:TCP:@xpsp2res.dll,-22009
"20293:TCP"= 20293:TCP:@xpsp2res.dll,-22009
"19074:TCP"= 19074:TCP:@xpsp2res.dll,-22009
"7484:TCP"= 7484:TCP:@xpsp2res.dll,-22009
"47496:TCP"= 47496:TCP:@xpsp2res.dll,-22009
"62521:TCP"= 62521:TCP:@xpsp2res.dll,-22009
"19576:TCP"= 19576:TCP:@xpsp2res.dll,-22009
"18775:TCP"= 18775:TCP:@xpsp2res.dll,-22009

R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\system32\DRIVERS\bsstor.sys [2002-06-05 18:07]
R0 mfchtxkj;mfchtxkj;C:\WINDOWS\system32\drivers\mfchtxkj.sys [2006-03-02 14:00]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
S0 Hns40;Hns40;C:\WINDOWS\system32\Drivers\Hns40.sys []
S3 FXDRV;FXDRV;D:\Fxdrv.sys []
S4 BsUDF;InCD UDF Driver;C:\WINDOWS\system32\drivers\BsUDF.sys [2002-08-09 06:00]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

2008-05-06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 15:21]
.
- - - - ORPHANS REMOVED - - - -

BHO-{BE59BEFC-0358-4F9A-A1F4-4738B60C68EF} - C:\DOCUME~1\MAURIC~1.MAU\LOCALS~1\Temp\dm4.dll
HKLM-Run-Adobe Photo Downloader - C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
HKU-Default-Run-Picasa Media Detector - C:\Program Files\Picasa2\PicasaMediaDetector.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.wanadoo.fr/
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R0 -: HKLM-Main,Default_Search_URL = hxxp://www.google.com/ie
R0 -: HKCU-Search,SearchAssistant = hxxp://www.google.com/ie
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
R0 -: HKLM-Search,SearchAssistant = hxxp://www.google.com/ie
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O16 -: {88764F69-3831-4EC1-B40B-FF21D8381345} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
C:\WINDOWS\Downloaded Program Files\AdSignerADP.inf
C:\WINDOWS\system32\msvcp60.dll
C:\WINDOWS\system32\atl.dll
C:\WINDOWS\Downloaded Program Files\AdVerifierADP.dll
C:\WINDOWS\Downloaded Program Files\AdSignerADP.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-28 17:42:59
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\FinePixViewerS\QuickDCF2.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-28 17:47:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-28 15:47:15

Pre-Run: 32,520,851,456 octets libres
Post-Run: 33,128,939,520 octets libres

C'est effectivement conformé par le scan de Malwarebyte 3 clef infectées et 4 fichiers
Malwarebytes' Anti-Malware 1.23
Version de la base de données: 985
Windows 5.1.2600 Service Pack 2

21:13:27 30/07/2008
mbam-log-7-30-2008 (21-13-00).txt

Type de recherche: Examen rapide
Eléments examinés: 50527
Temps écoulé: 6 minute(s), 29 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7a970955-a749-47f0-ad00-dd776594edac} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7a970955-a749-47f0-ad00-dd776594edac} (Trojan.BHO) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\WINDOWS\system32\qdlzvsw.dll (Trojan.BHO) -> No action taken.

bonjour
je confirme que le menu démarrer est bien configurer comme indiqué ci-dessus et cependant le répétoire DOCUME~1
et le fichier HNS40.sys n'apparaissent avec l'explorateur
Une recherche sous windows ne trouve rien