Infections Spywares,....

Merci de ta réponse rapide. Voici les 2 rapports demandés

############################################
-----------------Voici le rapport Cleannavi:-----------------------------------------
###################################################"

Clean Navipromo version 3.6.5 commencé le 03/09/2008 à 15:23:42,35

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Manu"

Mise à jour le 22.08.2008 à 17h30 par IL-MAFIOSO

Microsoft Windows Vista 6.0.6000
Internet Explorer : 7.0.6000.16711
Système de fichiers : NTFS

Mode suppression automatique
avec prise en charge résultats Catchme et GNS


Nettoyage exécuté au redémarrage de l'ordinateur

*** Creation backups fichiers trouvés par Catchme ***

Copie vers "C:\Program Files\navilog1\Backupnavi"

Copie C:\Users\Manu\AppData\Local\wsecskc.dat réalisée avec succès !
Copie C:\Users\Manu\AppData\Local\wsecskc.exe réalisée avec succès !
Copie C:\Users\Manu\AppData\Local\wsecskc_nav.dat réalisée avec succès !
Copie C:\Users\Manu\AppData\Local\wsecskc_navps.dat réalisée avec succès !

*** Suppression des fichiers trouvés avec Catchme ***

C:\Users\Manu\AppData\Local\wsecskc.dat supprimé !
C:\Users\Manu\AppData\Local\wsecskc.exe supprimé !
C:\Users\Manu\AppData\Local\wsecskc_nav.dat supprimé !
C:\Users\Manu\AppData\Local\wsecskc_navps.dat supprimé !

** 2ème passage avec résultats Catchme **

* Dans "C:\Windows\system32" *


C:\Windows\prefetch\wsecskc*.pf trouvé !
Copie C:\Windows\prefetch\wsecskc*.pf réalisée avec succès !
C:\Windows\prefetch\wsecskc*.pf supprimé !


* Dans "C:\Users\Manu\AppData\Local\Microsoft" *



* Dans "C:\Users\Manu\AppData\Local\virtualstore\windows\system32" *



* Dans "C:\Users\Manu\AppData\Local" *



*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\Windows\System32" *


* Suppression dans "C:\Users\Manu\AppData\Local\Microsoft" *


* Suppression dans "C:\Users\Manu\AppData\Local\virtualstore\windows\system32" *


* Suppression dans "C:\Users\Manu\AppData\Local" *



*** Suppression dossiers dans "C:\Windows" ***


*** Suppression dossiers dans "C:\Program Files" ***


*** Suppression dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" ***


*** Suppression dossiers dans "c:\progra~2\micros~1\windows\startm~1" ***


*** Suppression dossiers dans "C:\ProgramData" ***


*** Suppression dossiers dans c:\users\manu\appdata\roaming\micros~1\windows\startm~1\programs ***


*** Suppression dossiers dans "C:\Users\Manu\AppData\Local\virtualstore\Program Files" ***


*** Suppression dossiers dans "C:\Users\Manu\AppData\Roaming" ***



*** Suppression fichiers ***


*** Suppression fichiers temporaires ***

Nettoyage contenu C:\Windows\Temp effectué !
Nettoyage contenu C:\Users\Manu\AppData\Local\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans "C:\Windows\system32" *


* Dans "C:\Users\Manu\AppData\Local\Microsoft" *


* Dans "C:\Users\Manu\AppData\Local\virtualstore\windows\system32" *


* Dans "C:\Users\Manu\AppData\Local" *


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup supprimé !
Certificat Electronic-Group supprimé !
Certificat Montorgueil absent !
Certificat OOO-Favorit supprimé !
Certificat Sunny-Day-Design-Ltdt absent !

*** Clés RUN orphelines Navipromo ***
!! Résultats temporairement non pris en charge !!
!! Les clés trouvées ne sont pas forcément infectées !!

Clés trouvés :

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"gkeumco"="c:\\users\\manu\\appdata\\local\\gkeumco.exe gkeumco"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igiccym"="c:\\users\\manu\\appdata\\local\\igiccym.exe igiccym"



*** Nettoyage terminé le 03/09/2008 à 15:34:15,37 ***


############################################
-----------------Voici le rapport HJT suite au rapport Cleannavi-----------------------------------------
###################################################

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:40:43, on 03/09/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\conime.exe
C:\Windows\notepad.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Avast4\ashDisp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\Manu\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\logiciel\NetMeter\NetMeter.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Manu\Desktop\vpngui.exe
C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Windows\System32\wsqmcons.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www8.hp.com/fr/fr/home.html

TYPE=3&tp=iehome&locale=FR_FR&c=71&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.microsoft.com/fr-fr/?ref=go

LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www8.hp.com/fr/fr/home.html

TYPE=3&tp=iehome&locale=FR_FR&c=71&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} -

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Easy PDF Creator] C:\Program Files\Easy PDF Creator\EasyPDFCreator.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\logiciel\quicktime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [gkeumco] c:\users\manu\appdata\local\gkeumco.exe gkeumco
O4 - HKCU\..\Run: [igiccym] c:\users\manu\appdata\local\igiccym.exe igiccym
O4 - HKCU\..\Run: [ecomykk] "c:\users\manu\appdata\local\ecomykk.exe" ecomykk
O4 - HKCU\..\Run: [Google Update] "C:\Users\Manu\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [C:\Program Files\logiciel\NetMeter\NetMeter.exe] C:\Program Files\logiciel\NetMeter\NetMeter.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE

LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF8F695B-B6E2-4BD1-8DAF-B64F7C7B25A0}: Domain = insa-lyon.fr
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF8F695B-B6E2-4BD1-8DAF-B64F7C7B25A0}: NameServer =

134.214.100.6,134.214.100.245
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = insa-lyon.fr
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = insa-lyon.fr
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick

Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program

Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program

Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common

Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN

Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision

Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health

Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-

Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio

MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company -

C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia

Shared\Service\Macromedia Licensing.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0

\SharedCOM\RoxMediaDB9.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing

Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

pas ici,légitime...
O13 - Gopher Prefix: légitime sous vista
et pour O4 - Global Startup: VPN Client.lnk = ? on verra après

Voila le rapport combofix et le rapport HJT.
Pour info sur "O4 - Global Startup: VPN Client.lnk = ? on verra après", VPN correspond à un logiciel utilisé pour se connecter au net par l'intermédiaire de Cisco dans ma résidence étudiante.


########################################################
------------------------------Rapport Combofix-------------------------------------------------------------
########################################################

ComboFix 08-09-01.05 - Manu 2008-09-03 16:27:46.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.363 [GMT 2:00]
Endroit: C:\Users\Manu\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Manu\AppData\Roaming\inst.exe
C:\Users\Manu\AppData\Roaming\macromedia\Flash Player\#SharedObjects\VGX4HXFE\bin.clearspring.com
C:\Users\Manu\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Users\Manu\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Cookies\manu@2o7[1].txt
C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Cookies\manu@ad.yieldmanager[2].txt
C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Cookies\manu@clicktorrent[1].txt
C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Cookies\manu@edt02[2].txt
C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Cookies\manu@serving-sys[2].txt
C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Cookies\manu@www.clicktorrent[2].txt
C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Cookies\manu@wysistat[2].txt

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-03 to 2008-09-03 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier cr‚‚ dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-03 13:52 --------- d-----w C:\Users\Manu\AppData\Roaming\Skype
2008-09-03 13:35 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 4
2008-09-03 13:34 --------- d-----w C:\Program Files\Navilog1
2008-09-03 08:56 49,070 ----a-w C:\Users\Manu\AppData\Roaming\nvModes.dat
2008-08-31 10:19 --------- d-----w C:\ProgramData\Microsoft Help
2008-08-17 09:06 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-16 08:13 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-08-14 16:53 --------- d-----w C:\Program Files\Windows Mail
2008-08-14 12:37 --------- d-----w C:\Program Files\Microsoft Works
2008-07-30 14:48 --------- d-----w C:\Program Files\Avast4
2008-07-19 14:36 51,280 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-07-13 17:45 --------- d-----w C:\Program Files\DivX
2008-07-12 03:53 174 --sha-w C:\Program Files\desktop.ini
2008-07-05 10:08 --------- d-----w C:\Program Files\iTunes
2008-07-05 10:07 --------- d-----w C:\Program Files\iPod
2008-07-05 10:01 --------- d-----w C:\Program Files\logiciel
2008-07-05 09:54 --------- d-----w C:\Program Files\Apple Software Update
2008-06-27 03:54 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-06-12 06:54 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-06-12 06:54 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-06-12 01:21 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-01-02 11:33 47,360 ----a-w C:\Users\Manu\AppData\Roaming\pcouffin.sys
2007-05-23 18:12 926 ----a-w C:\Users\Manu\AppData\Roaming\wklnhst.dat
2007-08-14 17:07 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-08-14 17:07 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-08-14 17:07 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2006-05-03 10:06 163,328 --sh--r C:\Windows\System32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r C:\Windows\System32\msfDX.dll
2007-12-17 13:43 27,648 --sh--w C:\Windows\System32\Smab0.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 125440]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-07-14 20034600]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184]
"Google Update"="C:\Users\Manu\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-02 133104]
"C:\Program Files\logiciel\NetMeter\NetMeter.exe"="C:\Program Files\logiciel\NetMeter\NetMeter.exe" [2007-06-02 330240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-12-02 167936]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 46704]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2006-12-18 77824]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-02-28 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-02-28 7770112]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-02-28 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="C:\Program Files\logiciel\quicktime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 267048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="C:\Windows\SMINST\launcher.exe" [2006-11-07 44128]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - C:\Windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2008-02-26 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"msacm.l3acm"= l3codecp.acm
"vidc.DIV3"= DivXc32.dll
"vidc.MJPG"= m3jpeg32.dll
"msacm.DivXa32"= msaud32_divx.acm
"vidc.div4"= DivXc32f.dll
"vidc.dmb1"= m3jpeg32.dll
"vidc.jpeg"= m3jpeg32.dll
"VIDC.HFYU"= huffyuv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-124188700-1687320406-2883521384-1000]
"EnableNotificationsRef"=dword:00000002

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{050CC300-DECD-4AD7-811C-83818ECBD84C}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{4CBB9EE7-0F3A-4F8C-8D19-FF16950DA67C}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{E69EF1B0-AAE5-4ED9-B32F-E621B97A755C}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{9B1484D8-CBAC-4A19-A476-CBE636BCF346}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{7DA5CA34-4599-4620-8761-A106AE746E8D}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{76720941-65FD-4759-BEF1-A58691ACFFCC}"= UDP:45116:Emu
"{DEF02AAB-AA77-47C1-B869-E0302EF853CD}"= TCP:24136:Emu
"TCP Query User{45CBC56F-DD50-43CE-ADF4-F9C236FC4EA8}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{23A6646A-F7CA-4218-BD7D-5AEF88D3B84F}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{9E3315B1-8992-4817-A8C6-41886AF714C4}C:\\program files\\tvants\\tvants.exe"= UDP:C:\program files\tvants\tvants.exe:TVAnts
"UDP Query User{FE477B02-6A99-45F9-A142-55932E1BFA82}C:\\program files\\tvants\\tvants.exe"= TCP:C:\program files\tvants\tvants.exe:TVAnts
"TCP Query User{EFDEDC77-9D2C-4886-9861-A5E8B5BF5331}C:\\program files\\tv\\tvuplayer\\tvuplayer.exe"= UDP:C:\program files\tv\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{77A8CAE1-15CD-4BCB-BB1D-44AECA5C6CF6}C:\\program files\\tv\\tvuplayer\\tvuplayer.exe"= TCP:C:\program files\tv\tvuplayer\tvuplayer.exe:TVUPlayer Component
"TCP Query User{4D8AB1FF-1A44-42BE-8B96-B1C88486697A}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{AF5160D7-54B1-4F97-B683-0932EAD0CD32}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{9EDA90D8-36E2-4E7D-ACC2-FA535D63F2B5}C:\\program files\\tv\\sopcast\\sopcast.exe"= UDP:C:\program files\tv\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{55149E0D-0DA5-44B8-BCC0-61EDD694C8A5}C:\\program files\\tv\\sopcast\\sopcast.exe"= TCP:C:\program files\tv\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{7EA9E909-927C-4BEE-A3E4-552EA9BFD42C}C:\\users\\manu\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= UDP:C:\users\manu\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe
"UDP Query User{CD41366A-EC3F-400F-8A2F-57E1B954FDC1}C:\\users\\manu\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= TCP:C:\users\manu\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe
"TCP Query User{F4C36C0B-54BB-4275-8DE3-FA72B7435C9F}C:\\program files\\dc++\\dcplusplus.exe"= UDP:C:\program files\dc++\dcplusplus.exe:DC++
"UDP Query User{9549F2C3-7BBF-4A7D-87D5-CE679D2CAC4C}C:\\program files\\dc++\\dcplusplus.exe"= TCP:C:\program files\dc++\dcplusplus.exe:DC++
"TCP Query User{4365171B-6B9A-4B6B-A5B5-D52AD00D6119}C:\\program files\\ppmate\\ppmnet.exe"= UDP:C:\program files\ppmate\ppmnet.exe:ppmnet Module
"UDP Query User{674E2F74-8325-43EB-BA8C-A759D754F277}C:\\program files\\ppmate\\ppmnet.exe"= TCP:C:\program files\ppmate\ppmnet.exe:ppmnet Module
"TCP Query User{38F6D727-F263-491C-B237-29C4B5E29129}C:\\program files\\steam\\steam.exe"= UDP:C:\program files\steam\steam.exe:Steam
"UDP Query User{437CAC95-B019-4B57-9E31-1379CD209B32}C:\\program files\\steam\\steam.exe"= TCP:C:\program files\steam\steam.exe:Steam
"TCP Query User{41489337-2D7B-4E1E-A140-31F40D987D83}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{9303BD37-610D-4B0B-B318-80ECD9C0CDB0}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{A3DB73BF-2CA4-44D7-B5DD-8314BC7DF760}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{176915CC-B317-4736-A19D-3CF57A49DDD9}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{89BF5E67-B323-4DD9-932A-694692885B2E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{32A9C596-27B3-4355-926D-15B623E6B0EF}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{36D5295B-9BF0-40E7-9400-5818D6169E04}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{69089EFC-1744-4516-B238-55D752AB706B}C:\\program files\\valve\\hl.exe"= UDP:C:\program files\valve\hl.exe:Half-Life Launcher
"UDP Query User{76ED5E5A-971E-463A-BEF7-E2B9B3D2EA71}C:\\program files\\valve\\hl.exe"= TCP:C:\program files\valve\hl.exe:Half-Life Launcher
"TCP Query User{7A665FC1-A1C2-428F-A6B2-4E44D1653B17}C:\\program files\\valve\\hl.exe"= UDP:C:\program files\valve\hl.exe:Half-Life Launcher
"UDP Query User{C09000C0-724D-4CEC-B808-07DB0D02C523}C:\\program files\\valve\\hl.exe"= TCP:C:\program files\valve\hl.exe:Half-Life Launcher
"TCP Query User{CBA4DF1F-3F96-4D9B-9544-FA224A88D68C}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{BA676734-8711-4E46-BB07-E6BC27476F60}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{176886E1-A406-4B74-A302-F1039CA0A2FD}C:\\program files\\tvants\\tvants.exe"= UDP:C:\program files\tvants\tvants.exe:TVAnts
"UDP Query User{01FF924D-F78F-4694-95FF-26D8DC4FC87B}C:\\program files\\tvants\\tvants.exe"= TCP:C:\program files\tvants\tvants.exe:TVAnts
"TCP Query User{89F862A5-AEB4-4435-80E2-D6D960628E29}C:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{AD4489A7-4A4A-4E31-9364-5619F4450CA7}C:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{9E472CD5-728B-4BE4-8862-A71347BD3E7E}C:\\program files\\sopcast\\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{6BFB616C-0D3E-4732-A44A-51335FE73B90}C:\\program files\\sopcast\\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"{56DA606D-3671-4389-9D82-5C635CF891C2}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{0481D1C5-FB81-47BE-94FD-1EFB791734D8}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{1F4AA5F2-0410-4A7A-8E4E-4FE9E907964B}C:\\program files\\mozilla firefox 3 beta 4\\firefox.exe"= UDP:C:\program files\mozilla firefox 3 beta 4\firefox.exe:Firefox
"UDP Query User{77F13AAF-B0E7-425C-839F-2D8593983367}C:\\program files\\mozilla firefox 3 beta 4\\firefox.exe"= TCP:C:\program files\mozilla firefox 3 beta 4\firefox.exe:Firefox
"{A7B481B9-F98F-4249-AAD7-1D9B63DD20B9}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{DC5233EA-56AE-46D9-B49E-A130B8FF6CA1}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R3 vidcap;vidcap;C:\Windows\system32\DRIVERS\vidcap.sys [2006-12-27 9006]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-04-19 87288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{473c518d-1b43-11dd-83e7-001636e83f77}]
\shell\AutoRun\command - H:\loader.exe /no hidden
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-ecomykk - c:\users\manu\appdata\local\ecomykk.exe
HKLM-Run-Easy PDF Creator - C:\Program Files\Easy PDF Creator\EasyPDFCreator.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\Manu\AppData\Roaming\Mozilla\Firefox\Profiles\zx93sr10.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava11.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava12.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava13.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava14.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava32.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npoji610.dll
FF -: plugin - C:\Program Files\logiciel\quicktime\Plugins\npqtplugin.dll
FF -: plugin - C:\Program Files\logiciel\quicktime\Plugins\npqtplugin2.dll
FF -: plugin - C:\Program Files\logiciel\quicktime\Plugins\npqtplugin3.dll
FF -: plugin - C:\Program Files\logiciel\quicktime\Plugins\npqtplugin4.dll
FF -: plugin - C:\Program Files\logiciel\quicktime\Plugins\npqtplugin5.dll
FF -: plugin - C:\Program Files\logiciel\quicktime\Plugins\npqtplugin6.dll
FF -: plugin - C:\Program Files\logiciel\quicktime\Plugins\npqtplugin7.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 4\plugins\np-mswmp.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 4\plugins\np32dsw.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 4\plugins\npdivx32.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 4\plugins\npDivxPlayerPlugin.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 4\plugins\npnul32.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 4\plugins\nppl3260.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 4\plugins\npqtplugin.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 4\plugins\npqtplugin2.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 4\plugins\npqtplugin3.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 4\plugins\npqtplugin4.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 4\plugins\npqtplugin5.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 4\plugins\npqtplugin6.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 4\plugins\npqtplugin7.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 4\plugins\nprjplug.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 4\plugins\nprpjplug.dll
FF -: plugin - C:\Users\Manu\AppData\Local\Google\Update\1.2.131.11\npGoogleOneClick5.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-03 16:35:49
Windows 6.0.6000 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...


**************************************************************************

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"C:\\Program Files\\logiciel\\NetMeter\\NetMeter.exe"="C:\\Program Files\\logiciel\\NetMeter\\NetMeter.exe"
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-09-03 16:46:57 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-03 14:45:28

Pre-Run: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Post-Run: 5,751,095,296 octets libres

254 --- E O F --- 2008-08-21 20:25:26


########################################################
------------------------------Rapport HJT Retour a la ligné décoché-------------------------------------------------------------
########################################################



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:00:30, on 03/09/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\Manu\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\logiciel\NetMeter\NetMeter.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Users\Manu\Desktop\vpngui.exe
C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\logiciel\quicktime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [Google Update] "C:\Users\Manu\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [C:\Program Files\logiciel\NetMeter\NetMeter.exe] C:\Program Files\logiciel\NetMeter\NetMeter.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF8F695B-B6E2-4BD1-8DAF-B64F7C7B25A0}: Domain = insa-lyon.fr
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF8F695B-B6E2-4BD1-8DAF-B64F7C7B25A0}: NameServer = 134.214.100.6,134.214.100.245
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = insa-lyon.fr
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = insa-lyon.fr
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Arf... , j'ai un petit soucis pour lancer le script RunThis.bat: apès le double-clic, une fenêtre s'ouvre puis se referme aussitôt. Je ne peux donc pas appuyer sur la touche "Y". Est-ce normal? Que dois-je faire?

Merci

Apparemment, cette action de change rien chez moi: même avec la case décochée, la fenêtre se ferme toujours après le lancement du script...

voilà le rapport mais pas d'éléments infectés:

Malwarebytes' Anti-Malware 1.26
Version de la base de données: 1110
Windows 6.0.6000

03/09/2008 21:26:41
mbam-log-2008-09-03 (21-26-41).txt

Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 196384
Temps écoulé: 52 minute(s), 17 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Alors en redémarrant en mode sans échec, j'ai toujours le même problème. En revanche, en mode normal, je peux lancer l'application. Aue dois-je faire: lancer l'application en mode normal?

Je n'ai pas envie de faire une mauvaise manip'. Voilà ce que me propose SDFIX au lancement de RunThis en mode normal:
1. Download/Run a-squared from EMSI Software
2. Download/Run Norman Malware Cleaner from Norman
3. Download/Run SAV32CLI from Sophos
4. DL/Run AVPTool from kapersky

A. Create System report
B. Create Service/Driver List
C; Create Catchme Log
D. Export Safeboot Key

H. Add Windows Default Hosts file
R. Repair Safeboot Key

U. DL latest version of SDFix


Quelle opérations dois-je lancer?

Voilà le rapport LOP:


--------------------\\ Lop S&D 4.2.4-0 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6000 )
X86-based PC ( Multiprocessor Free : Genuine Intel(R) CPU T2060 @ 1.60GHz )
BIOS : Ver 1.00PARTTBLv
USER : Manu ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 080903-0] 4.8.1229 (Activated)

"C:\Lop SD" ( MAJ : 04-09-2008|09:55 )
Option : [1] ( 04/09/2008|14:50 )

[ UAC => 0 ]

--------------------\\ Listing des dossiers dans Local

[09/02/2008|18:26] C:\Users\Manu\AppData\Local\Adobe
[22/08/2007|14:40] C:\Users\Manu\AppData\Local\Apple
[13/03/2008|23:01] C:\Users\Manu\AppData\Local\Apple Computer
[01/05/2007|10:47] C:\Users\Manu\AppData\Local\Application Data
[01/05/2007|11:09] C:\Users\Manu\AppData\Local\AtStart.txt
[05/08/2008|19:15] C:\Users\Manu\AppData\Local\d3d9caps.dat
[03/09/2008|15:42] C:\Users\Manu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[01/05/2007|11:09] C:\Users\Manu\AppData\Local\DSwitch.txt
[01/09/2007|11:08] C:\Users\Manu\AppData\Local\eMule
[13/02/2008|18:09] C:\Users\Manu\AppData\Local\GDIPFONTCACHEV1.DAT
[08/10/2007|14:44] C:\Users\Manu\AppData\Local\GlobalSCAPE
[04/09/2008|11:15] C:\Users\Manu\AppData\Local\Google
[01/05/2007|10:47] C:\Users\Manu\AppData\Local\Historique
[12/02/2008|09:23] C:\Users\Manu\AppData\Local\Installer304
[12/02/2008|09:45] C:\Users\Manu\AppData\Local\Installer4376
[08/05/2007|19:26] C:\Users\Manu\AppData\Local\IsolatedStorage
[21/05/2007|19:28] C:\Users\Manu\AppData\Local\Macromedia
[03/09/2008|15:34] C:\Users\Manu\AppData\Local\Microsoft
[02/05/2007|17:25] C:\Users\Manu\AppData\Local\Microsoft Games
[30/09/2007|11:47] C:\Users\Manu\AppData\Local\Microsoft Help
[19/10/2007|09:11] C:\Users\Manu\AppData\Local\Mozilla
[22/08/2008|14:42] C:\Users\Manu\AppData\Local\nmscah.bat
[01/05/2007|11:09] C:\Users\Manu\AppData\Local\QSwitch.txt
[20/05/2007|16:28] C:\Users\Manu\AppData\Local\QuickPlay
[13/09/2007|15:07] C:\Users\Manu\AppData\Local\Steam
[04/09/2008|14:49] C:\Users\Manu\AppData\Local\Temp
[01/05/2007|10:47] C:\Users\Manu\AppData\Local\Temporary Internet Files
[06/05/2007|20:32] C:\Users\Manu\AppData\Local\VirtualStore

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[03/09/2008 10:55][--a------] C:\Windows\tasks\GoogleUpdateTaskUser.job
[03/09/2008 23:51][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{C8E34DB8-239A-4EDE-8C89-7B88A33DC4CA}.job
[04/09/2008 11:15][--ah-----] C:\Windows\tasks\SA.DAT
[04/09/2008 11:10][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[03/04/2008|20:03] C:\ProgramData\Adobe
[22/08/2007|14:40] C:\ProgramData\Apple
[13/03/2008|22:58] C:\ProgramData\Apple Computer
[02/11/2006|15:02] C:\ProgramData\Application Data
[24/11/2005|22:19] C:\ProgramData\Bureau
[30/06/2007|18:15] C:\ProgramData\CyberLink
[02/11/2006|15:02] C:\ProgramData\Desktop
[02/11/2006|15:02] C:\ProgramData\Documents
[01/09/2007|11:09] C:\ProgramData\eMule
[24/11/2005|22:19] C:\ProgramData\Favoris
[02/11/2006|15:02] C:\ProgramData\Favorites
[09/02/2008|18:02] C:\ProgramData\FLEXnet
[08/10/2007|14:44] C:\ProgramData\GlobalSCAPE
[01/05/2007|12:54] C:\ProgramData\Google
[13/06/2007|21:31] C:\ProgramData\GRETECH
[18/12/2006|23:58] C:\ProgramData\Hewlett-Packard
[01/05/2007|19:53] C:\ProgramData\HP
[18/12/2006|23:12] C:\ProgramData\InstallShield
[02/07/2008|18:06] C:\ProgramData\LauncherAccess.dt
[19/06/2008|17:58] C:\ProgramData\Lavasoft
[03/09/2008|20:29] C:\ProgramData\Malwarebytes
[24/11/2005|22:19] C:\ProgramData\Menu D‚marrer
[08/03/2008|17:59] C:\ProgramData\Microsoft
[31/08/2008|12:19] C:\ProgramData\Microsoft Help
[24/11/2005|22:19] C:\ProgramData\ModŠles
[07/05/2007|17:49] C:\ProgramData\NVIDIA
[18/12/2006|23:19] C:\ProgramData\Roxio
[20/08/2007|23:24] C:\ProgramData\Skype
[30/05/2007|20:54] C:\ProgramData\Sonic
[16/08/2008|10:13] C:\ProgramData\Spybot - Search & Destroy
[02/11/2006|15:02] C:\ProgramData\Start Menu
[01/05/2007|13:01] C:\ProgramData\Symantec
[30/09/2007|19:47] C:\ProgramData\TEMP
[02/11/2006|15:02] C:\ProgramData\Templates
[10/03/2008|19:32] C:\ProgramData\WLInstaller

--------------------\\ Listing des dossiers dans C:\Program Files

[27/05/2008|18:22] C:\Program Files\Abexo
[30/07/2008|16:51] C:\Program Files\Adobe
[05/07/2008|11:54] C:\Program Files\Apple Software Update
[30/07/2008|16:48] C:\Program Files\Avast4
[11/09/2007|13:51] C:\Program Files\AviSynth 2.5
[13/03/2008|22:56] C:\Program Files\Bonjour
[03/01/2008|21:12] C:\Program Files\Broadcom
[08/03/2008|10:33] C:\Program Files\CamStudio
[02/02/2008|14:35] C:\Program Files\Cisco Systems
[02/01/2008|13:33] C:\Program Files\common
[03/09/2008|16:30] C:\Program Files\Common Files
[18/12/2006|23:01] C:\Program Files\CONEXANT
[02/01/2008|13:33] C:\Program Files\ConvertXtoDVD
[13/07/2008|19:45] C:\Program Files\DivX
[01/09/2007|11:08] C:\Program Files\eMule
[11/09/2007|13:44] C:\Program Files\eRightSoft
[24/11/2005|22:19] C:\Program Files\Fichiers communs [c:\Program Files\Common Files]
[25/01/2008|13:42] C:\Program Files\Flash Slideshow Maker Professional
[13/11/2007|16:57] C:\Program Files\FlashGet
[04/04/2008|18:11] C:\Program Files\FLV Player
[08/01/2008|20:50] C:\Program Files\Free Download Manager
[28/01/2008|19:14] C:\Program Files\Free Easy Burner
[15/05/2008|19:24] C:\Program Files\GomPlayer
[11/09/2007|11:20] C:\Program Files\Google
[18/12/2006|23:55] C:\Program Files\Hewlett-Packard
[03/09/2008|17:00] C:\Program Files\HijackThis
[18/12/2006|23:41] C:\Program Files\HP
[18/12/2006|23:48] C:\Program Files\HPQ
[12/11/2007|19:49] C:\Program Files\Image Resizer
[10/06/2008|18:49] C:\Program Files\InstallShield Installation Information
[14/08/2008|18:53] C:\Program Files\Internet Explorer
[05/07/2008|12:07] C:\Program Files\iPod
[05/07/2008|12:08] C:\Program Files\iTunes
[18/12/2006|23:58] C:\Program Files\Java
[13/04/2008|18:33] C:\Program Files\Jeux
[05/07/2008|12:01] C:\Program Files\logiciel
[21/05/2007|19:26] C:\Program Files\Macromedia
[03/09/2008|20:29] C:\Program Files\Malwarebytes' Anti-Malware
[12/05/2008|11:23] C:\Program Files\Matroska Playback Pack
[15/03/2008|09:40] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[02/11/2006|14:37] C:\Program Files\Microsoft Games
[10/06/2007|16:12] C:\Program Files\Microsoft Office
[10/06/2007|16:12] C:\Program Files\Microsoft Visual Studio
[10/06/2007|16:07] C:\Program Files\Microsoft Visual Studio 8
[14/08/2008|14:37] C:\Program Files\Microsoft Works
[10/06/2007|16:10] C:\Program Files\Microsoft.NET
[02/11/2006|14:42] C:\Program Files\Movie Maker
[29/08/2008|17:51] C:\Program Files\Mozilla Firefox
[04/09/2008|12:32] C:\Program Files\Mozilla Firefox 3 Beta 4
[10/06/2007|16:13] C:\Program Files\MSBuild
[16/11/2007|16:57] C:\Program Files\MSECache
[02/11/2006|14:37] C:\Program Files\MSN
[18/06/2007|21:04] C:\Program Files\MSXML 4.0
[03/09/2008|15:34] C:\Program Files\Navilog1
[03/04/2008|18:46] C:\Program Files\Opera
[09/02/2008|15:50] C:\Program Files\PowerISO
[07/06/2008|18:17] C:\Program Files\Real
[02/11/2006|14:37] C:\Program Files\Reference Assemblies
[10/06/2008|18:49] C:\Program Files\Rockstar Games
[18/12/2006|23:23] C:\Program Files\Roxio
[28/12/2007|16:45] C:\Program Files\SAGEM
[01/05/2007|13:07] C:\Program Files\Samsung
[05/03/2008|21:03] C:\Program Files\Save Flash
[18/12/2006|23:46] C:\Program Files\Services en ligne
[20/08/2007|23:24] C:\Program Files\Skype
[01/05/2007|18:45] C:\Program Files\SLD CODEC PACK 1.5.3
[17/08/2008|11:06] C:\Program Files\Spybot - Search & Destroy
[04/09/2008|11:13] C:\Program Files\Steam
[14/10/2007|11:39] C:\Program Files\Subtitle Workshop
[18/12/2006|22:59] C:\Program Files\Synaptics
[29/12/2007|20:59] C:\Program Files\Total Training
[02/11/2006|15:01] C:\Program Files\Uninstall Information
[03/09/2007|10:39] C:\Program Files\uTorrent
[13/04/2008|18:51] C:\Program Files\Valve
[10/02/2008|17:00] C:\Program Files\Video Recorder
[01/05/2007|19:49] C:\Program Files\VLC
[28/01/2008|19:19] C:\Program Files\vso
[30/08/2007|12:44] C:\Program Files\Windows Calendar
[02/11/2006|14:42] C:\Program Files\Windows Collaboration
[18/06/2007|22:30] C:\Program Files\Windows Defender
[02/11/2006|14:42] C:\Program Files\Windows Journal
[10/03/2008|19:38] C:\Program Files\Windows Live
[14/08/2008|18:53] C:\Program Files\Windows Mail
[11/10/2007|23:22] C:\Program Files\Windows Media Player
[24/11/2005|22:19] C:\Program Files\Windows NT
[02/11/2006|14:42] C:\Program Files\Windows Photo Gallery
[10/01/2008|15:58] C:\Program Files\Windows Sidebar
[13/04/2008|18:28] C:\Program Files\Zero G Registry

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[03/04/2008|20:04] C:\Program Files\Common Files\Adobe
[13/03/2008|22:43] C:\Program Files\Common Files\Apple
[10/06/2007|16:12] C:\Program Files\Common Files\DESIGNER
[26/02/2008|18:48] C:\Program Files\Common Files\Deterministic Networks
[28/12/2007|16:30] C:\Program Files\Common Files\France Telecom
[10/02/2008|17:11] C:\Program Files\Common Files\InstallShield
[18/12/2006|23:58] C:\Program Files\Common Files\Java
[10/02/2008|17:13] C:\Program Files\Common Files\LanguageFile
[18/12/2006|23:48] C:\Program Files\Common Files\LightScribe
[21/05/2007|19:28] C:\Program Files\Common Files\Macromedia
[21/05/2007|19:29] C:\Program Files\Common Files\Macromedia Shared
[09/02/2008|17:23] C:\Program Files\Common Files\Macrovision Shared
[21/08/2008|22:19] C:\Program Files\Common Files\microsoft shared
[04/01/2008|15:39] C:\Program Files\Common Files\PX Storage Engine
[07/06/2008|18:17] C:\Program Files\Common Files\Real
[18/12/2006|23:19] C:\Program Files\Common Files\Roxio Shared
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[18/12/2006|23:20] C:\Program Files\Common Files\Sonic Shared
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[19/04/2008|15:37] C:\Program Files\Common Files\Steam
[18/12/2006|23:23] C:\Program Files\Common Files\SureThing Shared
[23/03/2008|12:03] C:\Program Files\Common Files\SWF Studio
[01/05/2007|13:02] C:\Program Files\Common Files\Symantec Shared
[06/10/2007|21:56] C:\Program Files\Common Files\Synacast
[18/06/2007|22:30] C:\Program Files\Common Files\System
[10/03/2008|19:34] C:\Program Files\Common Files\WindowsLiveInstaller
[07/06/2008|18:17] C:\Program Files\Common Files\xing shared

--------------------\\ Process

( 71 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\Users\Manu\AppData\Roaming\MICROS~1\Windows\Cookies\manu@advertstream[2].txt
C:\Users\Manu\AppData\Roaming\MICROS~1\Windows\Cookies\manu@d2.advertserve[1].txt
C:\Users\Manu\AppData\Roaming\MICROS~1\Windows\Cookies\manu@adultfriendfinder[1].txt
C:\Users\Manu\AppData\Roaming\MICROS~1\Windows\Cookies\manu@advertising[2].txt
C:\Users\Manu\AppData\Roaming\MICROS~1\Windows\Cookies\manu@internationaljournalofadvertising[1].txt
C:\Users\Manu\AppData\Roaming\MICROS~1\Windows\Cookies\manu@adin.bigpoint[2].txt
C:\Users\Manu\AppData\Roaming\MICROS~1\Windows\Cookies\manu@bigpoint[2].txt
C:\Users\Manu\AppData\Roaming\MICROS~1\Windows\Cookies\manu@fr.bigpoint[2].txt
C:\Users\Manu\AppData\Roaming\MICROS~1\Windows\Cookies\manu@fr1.darkorbit.bigpoint[2].txt
C:\Users\Manu\AppData\Roaming\MICROS~1\Windows\Cookies\manu@fr1.seafight.bigpoint[2].txt
C:\Users\Manu\AppData\Roaming\MICROS~1\Windows\Cookies\manu@banner.cotedazurpalace[2].txt
C:\Users\Manu\AppData\Roaming\MICROS~1\Windows\Cookies\manu@cotedazurpalace[2].txt
C:\Users\Manu\AppData\Roaming\MICROS~1\Windows\Cookies\manu@adopt.euroclick[1].txt
C:\Users\Manu\AppData\Roaming\MICROS~1\Windows\Cookies\manu@partypoker[2].txt
C:\Users\Manu\AppData\Roaming\MICROS~1\Windows\Cookies\manu@fr1.seafight.bigpoint[2].txt
C:\Users\Manu\AppData\Roaming\MICROS~1\Windows\Cookies\manu@2xmoinscher[2].txt
C:\Users\Manu\AppData\Roaming\MICROS~1\Windows\Cookies\manu@www.2xmoinscher[2].txt

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-04 14:50:42
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 1

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\Users\Manu\AppData\Roaming\uTorrent\Photoshop CS3 Extended Incl Keygen.torrent
C:\Users\Manu\Documents\Downloads\Photoshop CS3 Extended Incl Keygen
C:\Users\Manu\Documents\Downloads\After Effects CS3\AE Crack
C:\Users\Manu\Documents\Downloads\After Effects CS3\keygen
C:\Users\Manu\Documents\Downloads\After Effects CS3\AE Crack\AfterFX.dll
C:\Users\Manu\Documents\Downloads\After Effects CS3\AE Crack\MKDEV TEAM serial.NFO
C:\Users\Manu\Documents\Downloads\After Effects CS3\keygen\Adobe After Effects CS3 (ZWT).exe
C:\Users\Manu\Documents\Downloads\Photoshop CS3 Extended Incl Keygen\Adobe PhotoShop CS3.daa
C:\Users\Manu\Documents\Downloads\Premiere Pro CS3\crack
C:\Users\Manu\Documents\Downloads\Premiere Pro CS3\crack\asneu.dll
C:\Users\Manu\Documents\Downloads\Premiere Pro CS3\crack\Premiere.dll
C:\Users\Manu\Downloads\eMule\Incoming\Adobe Photoshop CS 9 + Keygen.iso


[F:17][D:4]-> C:\Users\Manu\AppData\Local\Temp
[F:1131][D:0]-> C:\Users\Manu\AppData\Roaming\MICROS~1\Windows\Cookies
[F:282][D:8]-> C:\Users\Manu\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:5][D:3]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 04/09/2008|14:53 - Option : [1]

--------------------\\ Fin du rapport a 14:53:35
[ UAC => 1 ]

Bonjour, désolé de cette réponse tardive. Voilà le premier rapport:


#################################
-----------Rapport OTMoveIt2------------------------------------
################################"

DllUnregisterServer procedure not found in C:\Windows\System32\Smab0.dll
C:\Windows\System32\Smab0.dll NOT unregistered.
C:\Windows\System32\Smab0.dll moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09042008_174649


#################################
-----------Rapport virus total------------------------------------
################################"
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.9.4.2 2008.09.04 -
AntiVir 7.8.1.28 2008.09.04 -
Authentium 5.1.0.4 2008.09.03 -
Avast 4.8.1195.0 2008.09.04 -
AVG 8.0.0.161 2008.09.04 -
BitDefender 7.2 2008.09.04 -
CAT-QuickHeal 9.50 2008.09.02 -
ClamAV 0.93.1 2008.09.04 -
DrWeb 4.44.0.09170 2008.09.04 -
eSafe 7.0.17.0 2008.09.03 -
eTrust-Vet 31.6.6069 2008.09.04 -
Ewido 4.0 2008.09.04 -
F-Prot 4.4.4.56 2008.09.03 -
F-Secure 8.0.14332.0 2008.09.04 -
Fortinet 3.14.0.0 2008.09.03 -
GData 19 2008.09.04 -
Ikarus T3.1.1.34.0 2008.09.04 -
K7AntiVirus 7.10.441 2008.09.04 -
Kaspersky 7.0.0.125 2008.09.04 -
McAfee 5376 2008.09.03 -
Microsoft 1.3903 2008.09.04 -
NOD32v2 3415 2008.09.04 -
Norman 5.80.02 2008.09.04 -
Panda 9.0.0.4 2008.09.03 -
PCTools 4.4.2.0 2008.09.04 -
Prevx1 V2 2008.09.04 -
Rising 20.60.31.00 2008.09.04 -
Sophos 4.33.0 2008.09.04 -
Sunbelt 3.1.1582.1 2008.09.02 -
Symantec 10 2008.09.04 -
TheHacker 6.3.0.8.072 2008.09.04 -
TrendMicro 8.700.0.1004 2008.09.04 -
VBA32 3.12.8.5 2008.09.04 -
ViRobot 2008.9.4.1363 2008.09.04 -
VirusBuster 4.5.11.0 2008.09.04 -
Webwasher-Gateway 6.6.2 2008.09.04 -

Information additionnelle
File size: 926 bytes

MD5...: dd84d945fa3c1a3dd770d53b8462a047








PAr contre, je n'ai pas pu installer f secure backlink car au moment de l'installation, un message me disait que la période d'évaluation de cette version était expirée.