salut a tous petite infection en perspective, besoin d'un réel coup de

Depuis quelques temps mon ordinateur ne fonctionne plus correctement je crois qu'il est infecté mais je n'y connais pas grand chose.. Je vous poste mon rapport hijack, merci d'avance de votre aide qui me serait vraiment précieuse!!

Re,

Télécharge Navilog1.exe (IL-MAFIOSO)
Enregistre-le sur ton Bureau.
Lance l'installation en double cliquant sur navilog.exe.
Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.
(Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau)

Laisse-toi guider par l'utilitaire. Choisis l'option 4 puis valide.

Il va te demander de saisir le nom de fichier. Saisie ce qui est en gras ci-dessous et rien d'autre puis valide :
efotaqm
Retape le nom de fichier quand cela te sera demandé.

L'utilitaire va t'informer qu'il va redémarrer l'ordinateur.
**Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts**
Appuie maintenant sur une touche, comme demandé.
(si ton PC ne redémarre pas automatiquement, fais-le manuellement)

Patiente jusqu'à l'apparition de ce message :
"*** Nettoyage Termine le ..... ***"

Le Bloc-notes va s'ouvrir.
Sauvegarde le rapport de manière à le retrouver.
Referme le Bloc-notes. Ton bureau va maintenant réapparaître.

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.

Poste le rapport sauvegardé auparavant (C:\cleannavi.txt)
Ainsi qu'un nouveau rapport Hijackthis.

Ferme Internet Explorer puis Démarrer/Panneau de Configuration/Options Internet.
Choisis l'onglet Contenu puis onglet Certificats.
Regarde si tu trouves les programmes suivant (en particulier dans Editeurs approuvés):

Montorgueil
VIP

Si tu les trouves, fais ceci :
* Sélectionne chacun de ces certificats et clique sur exporter. Enregistre le/les sur ton bureau.
* Supprime ensuite ceux présents dans l'onglet "certificats" des options de ton naviguateur.

Ensuite pour chacun des certificats présents sur ton bureau :
* Va sur le site Web :
http://www.bleepingcomputer.com/su [...] channel=35
* Copie/colle ceci dans la case 'Link to Topic' :
le nom du certificat (Montorgueil ,......)
* Copie/colle ceci dans la case 'Browse to the File' :
Le certificat correspondant que tu avais exportés vers ton bureau

Si c'est fait, supprime enfin le certificat présent sur ton bureau.

alors,
ca yest jarrive a lancer navilog
je choisit le langue tt tres bien..
et la:

"erreur en entrée: impossible de trouver le fichier script cgetpaths.vbs"
Setpaths.bat n'est pas reconnu en tant que commande interne ou externe, un programme exécutable ou un fichier de comandes.
impossible de trouver Csetpaths.bat

help!!!
je ny comprends rien!

et voici le rapport hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:30:00, on 30/03/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\C&E\OSD\osd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\ProgramData\lygllklm\bazqzenq.exe
C:\ProgramData\bifiteha\zyxefovs.exe
C:\Windows\System32\p2phost.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\chrisama\AppData\Local\efotaqm.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig?hl=fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: PC-Antispyware Site Blocker Button - {10F0C2A9-8E38-43e3-204D-45524C494E20} - C:\Program Files\PC-Antispyware\IeExtension.dll (file missing)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [OSD] C:\Program Files\C&E\OSD\osd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [recinfo227] c:\RecInfo\RecInfo.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [MBPlayer] "C:\Program Files\MB application\MBPlayer.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [lygllklm] C:\ProgramData\lygllklm\bazqzenq.exe
O4 - HKCU\..\Run: [Je07uun31y] C:\ProgramData\bifiteha\zyxefovs.exe
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [uimanjpk] C:\ProgramData\uimanjpk\kruxolcp.exe
O4 - HKCU\..\Run: [efotaqm] c:\users\chrisama\appdata\local\efotaqm.exe efotaqm
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: .protected
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe

--
End of file - 10020 bytes

et pa de nouvelles de VIP ou montorgueil dans les certificats

re

voici le rapport malwarebytes:
besoin rapport hijack?

Malwarebytes' Anti-Malware 1.09
Version de la base de données: 578

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 116295
Temps écoulé: 16 minute(s), 57 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 18
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{10f0c2a9-8e38-43e3-204d-45524c494e20} (Rogue.PC-Antispyware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10f0c2a9-8e38-43e3-204d-45524c494e20} (Rogue.PC-Antispyware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Classes\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorertoolbar (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\PC-Antispyware (Rogue.PC-Antispyware) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

re..re..re..Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:30:00, on 30/03/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\C&E\OSD\osd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\ProgramData\lygllklm\bazqzenq.exe
C:\ProgramData\bifiteha\zyxefovs.exe
C:\Windows\System32\p2phost.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\chrisama\AppData\Local\efotaqm.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig?hl=fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: PC-Antispyware Site Blocker Button - {10F0C2A9-8E38-43e3-204D-45524C494E20} - C:\Program Files\PC-Antispyware\IeExtension.dll (file missing)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [OSD] C:\Program Files\C&E\OSD\osd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [recinfo227] c:\RecInfo\RecInfo.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [MBPlayer] "C:\Program Files\MB application\MBPlayer.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [lygllklm] C:\ProgramData\lygllklm\bazqzenq.exe
O4 - HKCU\..\Run: [Je07uun31y] C:\ProgramData\bifiteha\zyxefovs.exe
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [uimanjpk] C:\ProgramData\uimanjpk\kruxolcp.exe
O4 - HKCU\..\Run: [efotaqm] c:\users\chrisama\appdata\local\efotaqm.exe efotaqm
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: .protected
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe

--
End of file - 10020 bytes
bonne lecture et re merci

je crois ke j ai n tit peu "merdé" je sais pas ce ke ça va donner ...

en tout cas voila le rapport .... merci


ComboFix 08-04-01.2 - chrisama 2008-04-01 22:49:47.3 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1289 [GMT 2:00]
Endroit: C:\Users\chrisama\Desktop\ComboFix.exe
.
TimedOut: Windir.dat

((((((((((((((((((((((((((((( Fichiers créés 2008-03-01 to 2008-04-01 ))))))))))))))))))))))))))))))))))))
.

2008-04-01 20:48 . 2008-04-01 22:19 <REP> d-------- C:\Users\All Users\Google Updater
2008-04-01 20:48 . 2008-04-01 22:19 <REP> d-------- C:\ProgramData\Google Updater
2008-04-01 20:35 . 2008-04-01 20:35 <REP> d-------- C:\Program Files\Picasa2
2008-04-01 20:35 . 2006-10-05 04:42 2,560 --------- C:\Windows\System32\drivers\cdralw2k.sys
2008-04-01 20:35 . 2006-10-05 04:42 2,432 --------- C:\Windows\System32\drivers\cdr4_xp.sys
2008-04-01 18:55 . 2008-04-01 18:55 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-04-01 18:55 . 2008-04-01 18:55 <REP> d-------- C:\ProgramData\Malwarebytes
2008-04-01 18:54 . 2008-04-01 20:07 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-01 01:21 . 2008-04-01 01:21 <REP> d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-04-01 00:31 . 2008-04-01 20:09 <REP> d-------- C:\Program Files\Alwil Software
2008-04-01 00:31 . 2008-03-29 19:45 1,146,232 --a------ C:\Windows\System32\aswBoot.exe
2008-04-01 00:31 . 2004-01-09 10:13 380,928 --a------ C:\Windows\System32\actskin4.ocx
2008-04-01 00:31 . 2008-03-29 19:23 95,608 --a------ C:\Windows\System32\AvastSS.scr
2008-04-01 00:31 . 2008-03-29 19:31 75,856 --a------ C:\Windows\System32\drivers\aswSP.sys
2008-04-01 00:31 . 2008-03-29 19:32 50,768 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-04-01 00:31 . 2008-03-29 19:27 42,912 --a------ C:\Windows\System32\drivers\aswTdi.sys
2008-04-01 00:31 . 2008-03-29 19:29 23,152 --a------ C:\Windows\System32\drivers\aswRdr.sys
2008-04-01 00:31 . 2008-03-29 19:35 20,560 --a------ C:\Windows\System32\drivers\aswFsBlk.sys
2008-03-30 18:02 . 2008-03-30 18:17 <REP> d-------- C:\Program Files\Navilog1
2008-03-30 16:24 . 2008-04-01 00:28 <REP> d-------- C:\Users\All Users\Avira
2008-03-30 16:24 . 2008-04-01 00:28 <REP> d-------- C:\ProgramData\Avira
2008-03-30 15:29 . 2008-04-01 20:06 <REP> d-------- C:\Program Files\Trend Micro
2008-03-29 12:54 . 2008-03-30 18:51 <REP> d-------- C:\Users\All Users\pkhbvwkb
2008-03-29 12:54 . 2008-03-30 18:51 <REP> d-------- C:\ProgramData\pkhbvwkb
2008-03-29 03:36 . 2008-03-29 03:36 <REP> d-------- C:\Users\All Users\Apple Computer
2008-03-29 03:36 . 2008-03-29 03:36 <REP> d-------- C:\ProgramData\Apple Computer
2008-03-29 03:36 . 2008-03-29 03:37 <REP> d-------- C:\Program Files\QuickTime
2008-03-29 03:35 . 2008-03-29 03:35 <REP> d-------- C:\Users\All Users\Apple
2008-03-29 03:35 . 2008-03-29 03:35 <REP> d-------- C:\ProgramData\Apple
2008-03-29 03:35 . 2008-03-29 03:35 <REP> d-------- C:\Program Files\Apple Software Update
2008-03-29 00:08 . 2008-03-29 00:08 319,456 --a------ C:\Windows\DIFxAPI.dll
2008-03-27 02:14 . 2008-03-27 02:14 <REP> d-------- C:\Program Files\Common Files\xing shared
2008-03-27 02:12 . 2008-03-27 02:12 3,431 --a------ C:\Windows\mozver.dat
2008-03-26 17:02 . 2008-03-30 18:38 <REP> d-------- C:\Users\All Users\uimanjpk
2008-03-26 17:02 . 2008-03-30 18:38 <REP> d-------- C:\ProgramData\uimanjpk
2008-03-26 16:17 . 2008-03-26 16:17 945 --a------ C:\Windows\wininit.ini
2008-03-26 15:48 . 2008-03-26 16:07 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-03-26 15:48 . 2008-03-26 16:07 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-03-26 15:48 . 2008-03-26 15:48 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-26 15:34 . 2008-03-26 16:18 131,072 --a------ C:\Windows\SPInstall.etl
2008-03-26 14:51 . 2008-03-26 14:51 <REP> d-------- C:\Windows\WLTB Custom Button Feeds
2008-03-25 12:25 . 2008-03-30 18:37 <REP> d-------- C:\Users\All Users\lygllklm
2008-03-25 12:25 . 2008-03-30 16:47 <REP> d-------- C:\Users\All Users\bifiteha
2008-03-25 12:25 . 2008-03-30 18:37 <REP> d-------- C:\ProgramData\lygllklm
2008-03-25 12:25 . 2008-03-30 16:47 <REP> d-------- C:\ProgramData\bifiteha
2008-03-25 01:57 . 2008-03-25 10:47 <REP> d-a------ C:\Users\All Users\TEMP
2008-03-25 01:57 . 2008-03-25 10:47 <REP> d-a------ C:\ProgramData\TEMP
2008-03-25 01:40 . 2008-03-25 01:40 <REP> d-------- C:\Users\All Users\Mozilla
2008-03-20 21:03 . 2008-03-20 21:03 <REP> d-------- C:\Program Files\Windows Live Favorites
2008-03-19 18:52 . 2008-03-29 00:25 <REP> d-------- C:\PerfLogs
2008-03-19 18:25 . 2008-01-19 09:33 2,623,488 --a------ C:\Windows\System32\SLsvc.exe
2008-03-19 18:25 . 2008-01-19 09:36 1,541,120 --a------ C:\Windows\System32\onex.dll
2008-03-19 18:25 . 2008-01-19 09:44 986,680 --a------ C:\Windows\System32\winload.exe
2008-03-19 18:23 . 2008-01-19 09:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-03-19 18:22 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-03-19 18:21 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-03-19 18:21 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-03-19 18:21 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-03-19 18:21 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-03-19 18:21 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-03-19 18:21 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-03-19 18:21 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-03-19 18:21 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-03-19 18:21 . 2006-11-02 11:39 6,656 --a------ C:\Windows\System32\kbd106.dll
2008-03-11 21:05 . 2008-03-11 21:06 <REP> d-------- C:\Program Files\Java
2008-03-11 21:05 . 2008-03-11 21:05 <REP> d-------- C:\Program Files\Common Files\Java
2008-03-11 01:51 . 2008-03-06 22:32 23,904 --a------ C:\Windows\System32\drivers\COH_Mon.sys
2008-03-11 01:51 . 2008-03-06 22:32 10,537 --a------ C:\Windows\System32\drivers\COH_Mon.cat
2008-03-11 01:51 . 2008-03-06 22:32 706 --a------ C:\Windows\System32\drivers\COH_Mon.inf
2008-03-08 22:35 . 2008-03-26 09:02 <REP> d-------- C:\Users\All Users\Google
2008-03-08 22:34 . 2008-03-08 22:34 <REP> d-------- C:\Program Files\Real
2008-03-08 22:34 . 2008-04-01 20:50 <REP> d-------- C:\Program Files\Google
2008-03-08 22:34 . 2008-03-27 02:13 <REP> d-------- C:\Program Files\Common Files\Real
2008-03-07 15:43 . 2008-03-07 15:43 <REP> d-------- C:\Users\All Users\Downloaded Installations
2008-03-07 15:43 . 2008-03-07 15:43 <REP> d-------- C:\ProgramData\Downloaded Installations
2008-03-06 22:56 . 2008-03-06 22:56 <REP> d-------- C:\Program Files\Microsoft Silverlight
2008-03-06 10:35 . 2008-03-06 10:35 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-03-05 18:53 . 2008-03-24 12:43 <REP> d----c--- C:\Windows\System32\DRVSTORE
2008-03-05 18:52 . 2006-11-29 14:06 3,426,072 --a------ C:\Windows\System32\d3dx9_32.dll
2008-03-05 18:51 . 2008-03-20 21:03 <REP> d-------- C:\Program Files\Windows Live Toolbar
2008-03-05 18:39 . 2008-03-20 20:57 <REP> d-------- C:\Users\All Users\WLInstaller
2008-03-05 18:39 . 2008-03-20 20:57 <REP> d-------- C:\ProgramData\WLInstaller
2008-03-05 18:39 . 2008-03-24 12:43 <REP> d-------- C:\Program Files\Windows Live
2008-03-05 18:39 . 2008-03-18 15:12 <REP> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-04 19:50 . 2008-03-04 19:50 <REP> d-------- C:\Users\All Users\fsc-reg
2008-03-04 19:50 . 2008-03-04 19:50 <REP> d-------- C:\Users\All Users\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2008-03-04 19:50 . 2008-03-04 19:50 <REP> d-------- C:\ProgramData\fsc-reg
2008-03-04 19:50 . 2008-03-04 19:50 <REP> d-------- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2008-03-04 19:50 . 2008-03-04 19:50 <REP> d-------- C:\Program Files\MB application
2008-03-04 19:50 . 2008-03-04 19:50 <REP> d-------- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
2008-03-04 19:48 . 2008-03-08 22:49 <REP> dr------- C:\Users\chrisama\Videos
2008-03-04 19:48 . 2008-03-04 19:48 <REP> dr------- C:\Users\chrisama\Searches
2008-03-04 19:48 . 2008-03-04 19:56 <REP> dr------- C:\Users\chrisama\Saved Games
2008-03-04 19:48 . 2008-04-01 20:13 <REP> dr------- C:\Users\chrisama\Pictures
2008-03-04 19:48 . 2008-03-24 23:02 <REP> dr------- C:\Users\chrisama\Music
2008-03-04 19:48 . 2008-03-04 19:48 <REP> dr------- C:\Users\chrisama\Links
2008-03-04 19:48 . 2008-04-01 20:15 <REP> dr------- C:\Users\chrisama\Downloads
2008-03-04 19:48 . 2008-04-01 21:12 <REP> dr------- C:\Users\chrisama\Documents
2008-03-04 19:48 . 2008-03-20 17:22 <REP> dr------- C:\Users\chrisama\Contacts
2008-03-04 19:48 . 2008-03-04 19:48 <REP> d--h----- C:\Users\chrisama\AppData

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-30 15:11 --------- d-----w C:\ProgramData\Symantec
2008-03-30 15:10 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-19 17:02 174 --sha-w C:\Program Files\desktop.ini
2008-03-19 16:54 --------- d-----w C:\Program Files\Windows Sidebar
2008-03-19 16:54 --------- d-----w C:\Program Files\Windows Mail
2008-03-19 16:54 --------- d-----w C:\Program Files\Windows Calendar
2008-03-19 16:53 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-03-19 16:53 --------- d-----w C:\Program Files\Windows Journal
2008-03-19 16:53 --------- d-----w C:\Program Files\Windows Defender
2008-03-19 16:53 --------- d-----w C:\Program Files\Windows Collaboration
2008-03-19 16:35 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-03-19 16:35 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-03-12 14:51 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-04 17:44 --------- d-sh--w C:\ProgramData\Modèles
2008-03-04 17:44 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-03-04 17:44 --------- d-sh--w C:\ProgramData\Favoris
2008-03-04 17:44 --------- d-sh--w C:\ProgramData\Bureau
2008-03-04 17:44 --------- d-sh--w C:\Program Files\Fichiers communs
2008-02-23 02:38 43,872 ------w C:\Windows\system32\drivers\pxhelp20.sys
2008-02-01 10:17 587,264 ----a-w C:\Windows\WLXPGSS.SCR
2008-01-19 07:44 926,776 ----a-w C:\Windows\System32\winresume.exe
2008-01-19 07:43 614,968 ----a-w C:\Windows\System32\ci.dll
2008-01-19 07:43 376,376 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-01-19 07:43 3,600,440 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-01-19 07:43 3,548,728 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-01-19 07:42 94,776 ----a-w C:\Windows\System32\MigAutoPlay.exe
2008-01-19 07:42 51,768 ----a-w C:\Windows\System32\PSHED.DLL
2008-01-19 07:42 247,352 ----a-w C:\Windows\System32\clfs.sys
2008-01-19 07:42 177,208 ----a-w C:\Windows\System32\halmacpi.dll
2008-01-19 07:42 141,880 ----a-w C:\Windows\System32\halacpi.dll
2008-01-19 07:41 24,120 ----a-w C:\Windows\System32\BOOTVID.DLL
2008-01-19 07:41 21,560 ----a-w C:\Windows\System32\kdusb.dll
2008-01-19 07:41 19,512 ----a-w C:\Windows\System32\kdcom.dll
2008-01-19 07:38 46,080 ----a-w C:\Windows\System32\NAPCRYPT.DLL
2008-01-19 07:38 4,595,712 ----a-w C:\Windows\System32\AuthFWSnapin.dll
2008-01-19 07:38 242,744 ----a-w C:\Windows\System32\rsaenh.dll
2008-01-19 07:38 155,704 ----a-w C:\Windows\System32\dssenh.dll
2008-01-19 07:38 131,640 ----a-w C:\Windows\System32\basecsp.dll
2008-01-19 07:38 103,936 ----a-w C:\Windows\System32\NAPHLPR.DLL
2008-01-19 07:38 1,203,792 ----a-w C:\Windows\System32\ntdll.dll
2008-01-19 07:36 996,352 ----a-w C:\Windows\System32\WMNetMgr.dll
2008-01-19 07:35 98,304 ----a-w C:\Windows\System32\mssitlb.dll
2008-01-19 07:34 98,816 ----a-w C:\Windows\System32\mfps.dll
2008-01-19 07:33 98,304 ----a-w C:\Windows\System32\makecab.exe
2008-01-19 07:32 879,616 ----a-w C:\Windows\System32\Bubbles.scr
2008-01-19 07:32 704,512 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-01-19 07:32 5,714,432 ----a-w C:\Windows\System32\logon.scr
2008-01-19 07:32 258,048 ----a-w C:\Windows\System32\winspool.drv
2008-01-19 07:32 221,184 ----a-w C:\Windows\System32\Mystify.scr
2008-01-19 07:32 220,672 ----a-w C:\Windows\System32\Ribbons.scr
2008-01-19 07:32 21,504 ----a-w C:\Windows\System32\msacm32.drv
2008-01-19 07:32 166,912 ----a-w C:\Windows\System32\wdmaud.drv
2008-01-19 07:32 1,370,624 ----a-w C:\Windows\System32\Aurora.scr
2008-01-19 07:31 7,680 ----a-w C:\Windows\System32\spwizres.dll
2008-01-19 07:31 57,856 ----a-w C:\Windows\System32\nlsbres.dll
2008-01-19 07:31 118,272 ----a-w C:\Windows\System32\RDPENCDD.dll
2008-01-19 07:30 17,920 ----a-w C:\Windows\System32\netevent.dll
2008-01-19 07:29 705,536 ----a-w C:\Windows\System32\imagesp1.dll
2008-01-19 07:29 58,880 ----a-w C:\Windows\System32\msobjs.dll
2008-01-19 07:28 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-01-19 07:26 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-01-19 06:01 14,336 ----a-w C:\Windows\System32\tsddd.dll
2008-01-19 06:01 134,656 ----a-w C:\Windows\System32\rdpdd.dll
2008-01-19 05:52 56,320 ----a-w C:\Windows\System32\vga256.dll
2008-01-19 05:52 21,504 ----a-w C:\Windows\System32\vga64k.dll
2008-01-19 05:52 11,776 ----a-w C:\Windows\System32\framebuf.dll
2008-01-19 05:52 10,752 ----a-w C:\Windows\System32\vga.dll
2008-01-19 05:50 14,848 ----a-w C:\Windows\System32\iscsilog.dll
2008-01-19 05:48 20,992 ----a-w C:\Windows\System32\msdtcVSp1res.dll
2008-01-19 05:48 1,291,264 ----a-w C:\Windows\System32\comres.dll
2008-01-19 05:46 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-19 05:39 13,312 ----a-w C:\Windows\System32\WsmRes.dll
2008-01-19 05:37 2,031,616 ----a-w C:\Windows\System32\win32k.sys
2008-01-19 05:36 289,792 ----a-w C:\Windows\System32\atmfd.dll
2008-01-19 05:33 56,320 ----a-w C:\Windows\System32\graftabl.com
2008-01-19 05:31 8,322,048 ----a-w C:\Windows\System32\spwizimg.dll
2008-01-19 05:27 8,704 ----a-w C:\Windows\System32\kd1394.dll
2008-01-19 05:26 605,696 ----a-w C:\Windows\System32\adtschema.dll
2008-01-19 03:17 100,043 ----a-w C:\Windows\System32\StructuredQuerySchema.bin
2008-01-05 11:36 195,122 ----a-w C:\Windows\System32\winrm.vbs
2008-01-05 11:35 80,047 ----a-w C:\Windows\System32\slmgr.vbs
2008-01-05 11:34 15,181 ----a-w C:\Windows\System32\gatherWirelessInfo.vbs
2008-01-05 11:27 96,760 ----a-w C:\Windows\System32\dfshim.dll
2008-01-05 11:27 84,480 ----a-w C:\Windows\System32\mscories.dll
2008-01-05 11:27 282,112 ----a-w C:\Windows\System32\mscoree.dll
2008-01-05 11:27 158,720 ----a-w C:\Windows\System32\mscorier.dll
2008-01-05 11:21 779,800 ----a-w C:\Windows\System32\PresentationNative_v0300.dll
2008-01-05 11:21 579,584 ----a-w C:\Windows\System32\icardagt.exe
2008-01-05 11:21 350,744 ----a-w C:\Windows\System32\PresentationHost.exe
2008-01-05 11:21 33,304 ----a-w C:\Windows\System32\PresentationHostProxy.dll
2008-01-05 11:21 28,672 ----a-w C:\Windows\System32\TsWpfWrp.exe
2008-01-05 11:21 12,198 ----a-w C:\Windows\System32\gatherWiredInfo.vbs
2008-01-05 11:21 11,776 ----a-w C:\Windows\System32\icardres.dll
2008-01-05 11:21 106,520 ----a-w C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
.

((((((((((((((((((((((((((((( snapshot@2008-04-01_22.39.49.84 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-01 19:46:35 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-04-01 20:42:32 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-04-01 19:54:29 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
+ 2008-04-01 20:44:04 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
- 2008-04-01 17:40:58 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-04-01 20:43:32 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-04-01 20:43:32 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-04-01 20:36:24 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
+ 2008-04-01 20:49:53 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
- 2008-04-01 17:40:53 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-04-01 20:43:27 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-04-01 20:43:27 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-04-01 20:19:39 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-04-01 20:45:32 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-04-01 20:19:39 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-01 20:45:32 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-01 20:19:39 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-01 20:45:32 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-04-01 19:49:55 101,250 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-04-01 20:47:03 101,250 ----a-w C:\Windows\System32\perfc009.dat
- 2008-04-01 19:49:55 123,556 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-04-01 20:47:03 123,556 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-04-01 19:49:55 587,178 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-04-01 20:47:03 587,178 ----a-w C:\Windows\System32\perfh009.dat
- 2008-04-01 19:49:55 669,578 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-04-01 20:47:03 669,578 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-04-01 17:41:20 9,742 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3212120266-2321494857-432322071-1000_UserData.bin
+ 2008-04-01 20:44:22 9,766 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3212120266-2321494857-432322071-1000_UserData.bin
- 2008-04-01 17:41:20 73,274 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-04-01 20:44:22 73,440 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-04-01 17:41:18 44,116 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-04-01 20:44:21 44,718 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"MBPlayer"="C:\Program Files\MB application\MBPlayer.exe" [2006-12-19 16:32 48640]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]
"Je07uun31y"="C:\ProgramData\bifiteha\zyxefovs.exe" [ ]
"CollaborationHost"="C:\Windows\system32\p2phost.exe" [2008-01-19 09:33 192000]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33 202240]
"uimanjpk"="C:\ProgramData\uimanjpk\kruxolcp.exe" [ ]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 09:38 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 17:10 4468736 C:\Windows\RtHDVCpl.exe]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 18:31 630784]
"OSD"="C:\Program Files\C&E\OSD\osd.exe" [2007-07-10 18:29 557056]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-02-26 20:46 153136]
"recinfo227"="c:\RecInfo\RecInfo.exe" [2007-09-14 14:53 2768896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Skytel"="Skytel.exe" [2007-05-07 18:51 1826816 C:\Windows\SkyTel.exe]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-19 01:31 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-19 01:31 8466432]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-19 01:31 81920]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-27 02:13 185896]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 16:27 385024]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-01 20:48:29 124400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8EDC0976-A8DD-4A27-AB90-94576D26EAAA}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F9C2233C-5E57-419B-8145-F15E94C0DA81}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{60289FB4-1AE7-4C8D-AA51-9C0DE1C1DFAE}"= C:\Program Files\CyberLink\PowerDV\PowerDV.exe:CyberLink PowerDV
"{5BCEDDEC-846A-4613-B413-7CC3A67D6B79}"= Profile=Public|C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{724A0F51-6057-4659-8DDB-34538D52EF53}"= Profile=Public|C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F08475B1-D207-4305-971A-341924B0C42F}"= Profile=Public|C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C416B0BF-E128-4467-AD72-E2624A913971}"= Profile=Public|C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{24266AB6-E61F-495D-85BD-D1EB7666D9F2}"= Profile=Public|C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{DE8072D9-5CA3-468C-A377-A486C8993257}"= Profile=Public|C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D07BFF1A-E31C-4DCE-9FAF-02021A353F87}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E8F61A44-4316-4F58-8F23-8874FF472390}"= Disabled:C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9344DBD9-264D-4DB2-9B46-B4B66A8EBE0F}"= Disabled:C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{78E394E4-ECDC-4DE0-9ED8-F9A06957A1AA}"= Disabled:C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0C41C101-C5CB-4BFB-BDB0-701CEC9A6A63}"= Disabled:C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{DB1AFE60-C43C-4CA5-83F5-2895BA6BC4BF}"= Disabled:C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{988CA820-A521-43E1-ABB7-EBA6D1F32AED}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{BFB507FC-A936-4215-BB78-93379176CC55}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{68FB2283-B44B-41FF-A018-B56ECCEBACAF}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{2B286345-8171-49BE-831A-A20EDB41689A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C1CDB8B1-19AE-4C48-A5B9-CCC09AD8B792}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{87435F6C-E5AF-439C-8896-F46A5954BE52}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

R0 Si3531;SiI-3531 SATA Controller;C:\Windows\system32\DRIVERS\Si3531.sys [2007-06-01 19:29]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 19:32]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 12:43]
R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler;C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-12-08 10:52]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys [2007-04-04 05:57]
S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-03-19 18:31]
S4 nvrd32;NVIDIA nForce RAID Driver;C:\Windows\system32\drivers\nvrd32.sys [2007-07-02 17:37]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-01 17:28:27 C:\Windows\Tasks\User_Feed_Synchronization-{FEBC6F36-1544-48B2-A6AD-1719527A11DC}.job"
- C:\Windows\system32\msfeedssync.exe
"2008-03-20 19:03:25 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-01 22:52:52
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-01 22:53:44
ComboFix-quarantined-files.txt 2008-04-01 20:53:40
ComboFix2.txt 2008-04-01 20:40:10
Pre-Run: 115,626,831,872 octets libres
Post-Run: 115,596,390,400 octets libres
.
2008-03-28 09:35:59 --- E O F ---

Re,

Désactive tes protections résidentes (antivirus...) !
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.

et voici le rapport hijack


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:30:00, on 30/03/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\C&E\OSD\osd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\ProgramData\lygllklm\bazqzenq.exe
C:\ProgramData\bifiteha\zyxefovs.exe
C:\Windows\System32\p2phost.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\chrisama\AppData\Local\efotaqm.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig?hl=fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: PC-Antispyware Site Blocker Button - {10F0C2A9-8E38-43e3-204D-45524C494E20} - C:\Program Files\PC-Antispyware\IeExtension.dll (file missing)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [OSD] C:\Program Files\C&E\OSD\osd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [recinfo227] c:\RecInfo\RecInfo.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [MBPlayer] "C:\Program Files\MB application\MBPlayer.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [lygllklm] C:\ProgramData\lygllklm\bazqzenq.exe
O4 - HKCU\..\Run: [Je07uun31y] C:\ProgramData\bifiteha\zyxefovs.exe
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [uimanjpk] C:\ProgramData\uimanjpk\kruxolcp.exe
O4 - HKCU\..\Run: [efotaqm] c:\users\chrisama\appdata\local\efotaqm.exe efotaqm
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: .protected
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe

--
End of file - 10020 bytes

re... je croyais avoir tout bien fait ! c est quoi que j ai loupé stp

merci