probleme avec pc-antispyware ( infection)

Bonjour,

Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2

merci de me répondre et de m aidé!! je suis desepéré!!

voila le rapport!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:13:12, on 03/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\ProgramData\fqpmwmls\mvkpopox.exe
C:\ProgramData\ynavkzqd\wjkvgjad.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Users\Rémy et céline\logiciel\hidjacsky\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Users\Rémy et céline\logiciel\Nouveau dossier\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [fqpmwmls] C:\ProgramData\fqpmwmls\mvkpopox.exe
O4 - HKCU\..\Run: [i6A8okNaCn] C:\ProgramData\ynavkzqd\wjkvgjad.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [mhhxwhmh] C:\ProgramData\mhhxwhmh\jqncrupq.exe
O4 - HKCU\..\Run: [llcvotdk] C:\ProgramData\llcvotdk\hupyvive.exe
O4 - HKCU\..\Run: [uacxeeqi] C:\ProgramData\uacxeeqi\ropotuji.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.ap...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jre/6u5-b15/jinstal...
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Users\Rémy et céline\logiciel\Nouveau dossier\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 11668 bytes

Re,

Poste ton rapport SmitfraudFix pour voir  

Je reviens en soirée  

voila!

SmitFraudFix v2.309

Scan done at 17:30:42,60, 03/04/2008
Run from C:\Users\R‚my et c‚line\Downloads\SmitfraudFix
OS: Microsoft Windows [version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Users\Rémy et céline\logiciel\Nouveau dossier\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\ProgramData\fqpmwmls\mvkpopox.exe
C:\ProgramData\ynavkzqd\wjkvgjad.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\R‚my et c‚line


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\R‚my et c‚line\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\RMYETC~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000000


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/Wireless 3945ABG Network Connection
DNS Server Search Order: 192.168.1.1
DNS Server Search Order: 0.0.0.0

HKLM\SYSTEM\CCS\Services\Tcpip\..\{4B050833-4CBF-4D9B-AC36-5062E08AF7B0}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\..\{4B050833-4CBF-4D9B-AC36-5062E08AF7B0}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS2\Services\Tcpip\..\{4B050833-4CBF-4D9B-AC36-5062E08AF7B0}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS3\Services\Tcpip\..\{4B050833-4CBF-4D9B-AC36-5062E08AF7B0}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

Re,

Désactive l'UAC ( Menu Démarrer \ Panneau de Configuration \ Comptes d'utilisateurs et protection des utilisateurs \ Comptes d'utilisateurs \ Activer ou désactiver le contrôle des comptes d'utilisateurs \ décoche la case Utiliser le contrôle ...
et valide par OK , il te sera demandé de redémarrer, fais le )

1) Relance HijackThis, clique sur "do a system scan only", coche ces lignes puis clique sur "Fix Checked" et referme HijackThis :



2) Télécharger OTMoveIt2 par OldTimer.

Enregistrer ce fichier sur le Bureau.

Faire un double clic sur OTMoveIt2.exe pour lancer l'exécution de l'outil. (Note: Si vous utilisez Vista, faire un clic droit sur le fichier puis choisir Exécuter en tant qu'administrateur).

Copier les lignes de la zone "Code" ci-dessous en les sélectionnant TOUTES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier):

C:\ProgramData\fqpmwmls\mvkpopox.exe
C:\ProgramData\ynavkzqd\wjkvgjad.exe
C:\ProgramData\mhhxwhmh\jqncrupq.exe
C:\ProgramData\llcvotdk\hupyvive.exe
C:\ProgramData\uacxeeqi\ropotuji.exe

Retourner dans la fenêtre de OTMoveIt2, faire un clic droit dans la zone "Paste Standard List of Files/Folders to Move" (sous la barre bleu clair) puis choisir Coller.

Cliquer sur le bouton rouge Moveit!.

Copier tout ce qui se trouve dans la zone Results (sous la barre verte) en sélectionnant TOUTES LES LIGNES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier), et coller ces résulats en réponse sur le forum.

Fermer OTMoveIt2

Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire afin de terminer le processus de déplacement. Si le redémarrage de la machine vous est demandé, choisir Oui/Yes. Dans ce cas, après le redémarrage, ouvrir le Bloc-notes (Démarrer->Tous les programmes->Accessoires->Bloc-notes), cliquer sur Fichier->Ouvrir, dans la zone "Nom du fichier" taper *.log et appuyer sur la touche Entrée, naviguer jusqu'au dossier C:\_OTMoveIt\MovedFiles, puis ouvrir le fichier .log le plus récent; ensuite faire un copier/coller du contenu de ce document en réponse sur le forum.

Si tu obtiens un message comme quoi le rapport ne peut pas être créé, copie/colle ce qui apparaît dans la colonne droite de l’outil.

 

voila le resultat!!

C:\ProgramData\fqpmwmls\mvkpopox.exe moved successfully.
C:\ProgramData\ynavkzqd\wjkvgjad.exe moved successfully.
File/Folder C:\ProgramData\mhhxwhmh\jqncrupq.exe not found.
C:\ProgramData\llcvotdk\hupyvive.exe moved successfully.
File/Folder C:\ProgramData\uacxeeqi\ropotuji.exe not found.

OTMoveIt2 by OldTimer - Version 1.0.4.0 log created on 04042008_092624

Re,

Poste un nouveau rapport hijackthis.

 

re voila!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:47:11, on 04/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Users\Rémy et céline\logiciel\Nouveau dossier\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\ProgramData\syulnuii\qdolwvax.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Users\Rémy et céline\logiciel\hidjacsky\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Users\Rémy et céline\logiciel\Nouveau dossier\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [syulnuii] C:\ProgramData\syulnuii\qdolwvax.exe
O4 - HKLM\..\Policies\Explorer\Run: [i6A8okNaCn] C:\ProgramData\ynavkzqd\wjkvgjad.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.ap...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jre/6u5-b15/jinstal...
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Users\Rémy et céline\logiciel\Nouveau dossier\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 11411 bytes

Re,

Désactive l'UAC ( Menu Démarrer \ Panneau de Configuration \ Comptes d'utilisateurs et protection des utilisateurs \ Comptes d'utilisateurs \ Activer ou désactiver le contrôle des comptes d'utilisateurs \ décoche la case Utiliser le contrôle ...
et valide par OK , il te sera demandé de redémarrer, fais le )

Désactive toute protection résidente ( antivirus…) !
Déconnecte-toi d’internet, ferme tous les programmes en cours et laisse combofix travailler : ne fais donc pas autre chose en même temps !

Télécharge Combofix de sUBs
Sauvegarde le sur ton bureau et pas ailleurs !
Redémarre en mode sans échecs : aide ici >>>
http://forum.telecharger.01net.com/telecharger/virus_et...
/!\ Ne jamais redémarrer en mode sans échec via msconfig ! /!\

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport. Il se trouve ici : C:\Combofix.txt

 

re je flipe je ne ais vraiment pas ce ke je fais!! voila le rapport:


ComboFix 08-04-03.3 - Rémy et céline 2008-04-04 10:24:19.1 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1630 [GMT 2:00]
Endroit: C:\Users\Rémy et céline\Desktop\ComboFix.exe
.
TimedOut: Windir.dat

((((((((((((((((((((((((((((( Fichiers créés 2008-03-04 to 2008-04-04 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-04 08:21 4,718,592 --sha-w C:\Users\Rémy et céline\NTUSER.DAT
2008-04-04 08:21 4,718,592 --sha-w C:\Users\Rémy et céline\NTUSER.DAT
2008-04-04 08:03 --------- d-----w C:\Users\Rémy et céline\AppData\Roaming\uTorrent
2008-04-04 07:26 --------- d-----w C:\ProgramData\ynavkzqd
2008-04-04 07:26 --------- d-----w C:\ProgramData\llcvotdk
2008-04-04 07:26 --------- d-----w C:\ProgramData\fqpmwmls
2008-04-04 07:14 28,190 ----a-w C:\Users\Rémy et céline\AppData\Roaming\nvModes.dat
2008-04-03 20:19 --------- d-----w C:\ProgramData\uacxeeqi
2008-04-03 20:19 --------- d-----w C:\ProgramData\mhhxwhmh
2008-04-03 19:53 --------- d-----w C:\ProgramData\syulnuii
2008-04-03 15:30 6,776 ----a-w C:\Windows\System32\tmp.reg
2008-04-03 14:16 --------- d-----w C:\ProgramData\Google Updater
2008-04-01 20:24 691 ----a-w C:\Users\Rémy et céline\AppData\Roaming\GetValue.vbs
2008-04-01 20:24 35 ----a-w C:\Users\Rémy et céline\AppData\Roaming\SetValue.bat
2008-04-01 13:46 --------- d-----w C:\Program Files\PC-Antispyware
2008-04-01 13:31 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-03-31 21:10 --------- d-----w C:\Program Files\HP
2008-03-31 13:33 --------- d-----w C:\Users\Rémy et céline\AppData\Roaming\Skype
2008-03-28 21:19 86,528 ----a-w C:\Windows\System32\VACFix.exe
2008-03-26 15:24 --------- d-----w C:\Users\Rémy et céline\AppData\Roaming\Hamachi
2008-03-26 06:50 82,432 ----a-w C:\Windows\System32\IEDFix.exe
2008-03-25 17:12 --------- d-----w C:\Users\Rémy et céline\AppData\Roaming\Grisoft
2008-03-25 17:11 --------- d-----w C:\ProgramData\Grisoft
2008-03-25 11:33 --------- d-----w C:\Users\Rémy et céline\AppData\Roaming\Image Zone Express
2008-03-25 08:56 --------- d-----w C:\ProgramData\Symantec
2008-03-20 16:25 --------- d-----w C:\Users\Rémy et céline\AppData\Roaming\Adobe
2008-03-18 17:12 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-03-18 17:12 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-03-15 14:55 17,480 ----a-w C:\Windows\system32\drivers\hamachi.sys
2008-03-15 09:14 --------- d-----w C:\Program Files\Java
2008-03-13 07:45 --------- d-----w C:\Program Files\Windows Mail
2008-03-12 21:55 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-11 08:06 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-09 13:42 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-09 13:40 --------- d-----w C:\Program Files\Windows Live
2008-03-08 10:38 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-08 10:38 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-08 10:31 --------- d-----w C:\ProgramData\WLInstaller
2008-03-07 12:40 13,035 ----a-w C:\Windows\system32\drivers\SymRedir.cat
2008-03-07 12:40 1,358 ----a-w C:\Windows\system32\drivers\SymRedir.inf
2008-03-07 12:39 39,984 ----a-w C:\Windows\system32\drivers\symids.sys
2008-03-07 12:39 37,936 ----a-w C:\Windows\system32\drivers\symndisv.sys
2008-03-07 12:39 27,696 ----a-w C:\Windows\system32\drivers\symredrv.sys
2008-03-07 12:39 191,536 ----a-w C:\Windows\system32\drivers\symtdi.sys
2008-03-07 12:39 145,968 ----a-w C:\Windows\system32\drivers\symfw.sys
2008-03-07 12:39 12,848 ----a-w C:\Windows\system32\drivers\symdns.sys
2008-03-06 20:32 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
2008-03-06 20:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
2008-03-06 20:32 10,537 ----a-w C:\Windows\system32\drivers\COH_Mon.cat
2008-02-28 14:12 --------- d-----w C:\Program Files\Google
2008-02-25 15:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-25 15:03 --------- d-----w C:\Program Files\Live_TV
2008-02-25 15:00 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-02-25 15:00 --------- d-----w C:\Program Files\AVS4YOU
2008-02-18 18:02 --------- d-----w C:\ProgramData\AVS4YOU
2008-02-16 16:02 --------- d-----w C:\Users\Rémy et céline\AppData\Roaming\AVS4YOU
2008-02-15 18:34 --------- d-----w C:\Program Files\uTorrent
2008-02-14 13:18 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 13:18 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-14 13:14 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-14 13:14 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-14 13:14 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-14 13:14 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 13:14 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 13:14 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 13:14 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-14 13:14 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-14 13:14 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 13:14 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-14 13:14 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-02-14 13:14 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-14 13:13 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 13:13 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 13:13 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 13:13 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 13:13 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 13:13 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-14 13:10 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-14 13:10 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-14 13:10 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-14 13:10 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-12 10:29 476 ----a-w C:\Users\Rémy et céline\AppData\Roaming\wklnhst.dat
2008-02-11 21:31 --------- d-s---w C:\Users\Rémy et céline\AppData\Roaming\Microsoft
2008-02-11 21:14 --------- d-----w C:\Program Files\MSBuild
2008-02-11 21:14 --------- d-----w C:\Program Files\Microsoft Works
2008-02-11 21:11 --------- d-----w C:\Program Files\Microsoft.NET
2008-02-11 21:06 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-02-11 09:16 --------- d-----w C:\Users\Rémy et céline\AppData\Roaming\Mozilla
2008-02-04 09:51 --------- d-----w C:\Program Files\iPod
2008-02-04 09:50 --------- d-----w C:\Program Files\QuickTime
2008-02-01 10:17 587,264 ----a-w C:\Windows\WLXPGSS.SCR
2008-01-17 14:58 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2008-01-17 14:56 22,328 ----a-w C:\Users\Rémy et céline\AppData\Roaming\PnkBstrK.sys
2008-01-17 13:48 338,432 ----a-w C:\Windows\System32\Mss32.dll
2008-01-10 05:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-01-09 09:16 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-04 21:59 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-01-04 21:58 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-01-04 21:58 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-01-04 21:58 129,784 ------w C:\Windows\System32\PxAFS.DLL
2007-08-22 19:48 22 --sha-w C:\Windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 11:16 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-28 15:50 68856]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"syulnuii"="C:\ProgramData\syulnuii\qdolwvax.exe" [2008-04-03 21:53 106496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-05-01 12:27 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-05-01 12:27 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-05-01 12:27 81920]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-25 16:33 1006264]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-16 23:34 634880]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 01:14 833072]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 19:50 4390912 C:\Windows\RtHDVCpl.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 16:37 174872]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 05:59 115816]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-04-23 18:11 176128]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 11:38 159744]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 11:54 50696]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 13:18 472776]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 16:12 317128]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 16:31 80896]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-20 12:15 185632]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 11:45 222208]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 16:27 385024]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"!AVG Anti-Spyware"="C:\Users\Rémy et céline\logiciel\Nouveau dossier\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]
"GrpConv"="grpconv -o" []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50 734872]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20 40048]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-02-28 15:50:23 125624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"i6A8okNaCn"= C:\ProgramData\ynavkzqd\wjkvgjad.exe

[HKLM\~\startupfolder\C:^Users^Rémy et céline^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^TribalWeb.lnk]
path=C:\Users\Rémy et céline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TribalWeb.lnk
backup=C:\Windows\pss\TribalWeb.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-03-12 13:49 153136 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 04:22 267048 C:\Users\Rémy et céline\logiciel\i tunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-09 18:53 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC-Antispyware]
C:\Program Files\PC-Antispyware\PC-Antispyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2006-07-14 00:41 20034600 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E9700DD2-050E-4830-8C93-832E14A18463}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D344DB5F-C5F3-44E3-A3CC-55968796A2F2}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{394C533B-4CC1-4246-B362-3E4670DD45AE}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{A0D656E2-4E3F-4346-9AF0-1784F49B370E}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{EC63352B-EC81-4550-8BAC-B3C5A0765FA3}"= UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{6457D4F1-1783-46B4-8921-1C3B1138AD05}"= TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{88D42F14-15AC-4734-9D60-52FAC8690088}"= UDP:C:\Users\Rémy et céline\logiciel\i tunes\iTunes.exe:iTunes
"{FA7CE72A-F078-47F7-B215-B572729B6348}"= TCP:C:\Users\Rémy et céline\logiciel\i tunes\iTunes.exe:iTunes
"{B1C2DF77-D1C1-4B1C-838B-4B68FF45FFD6}"= UDP:C:\Windows\System32\PnkBstrA.exe nkBstrA
"{C58B9D79-84CB-4C17-AA49-08228E17DFAC}"= TCP:C:\Windows\System32\PnkBstrA.exe nkBstrA
"{8A9B1B2E-4F60-49C5-A832-70A01B9A5331}"= UDP:C:\Windows\System32\PnkBstrB.exe nkBstrB
"{BF3FD0F4-1C9F-451A-A0E5-09AE9AF50746}"= TCP:C:\Windows\System32\PnkBstrB.exe nkBstrB
"{15684BB4-2D8F-4E12-A0CA-DB475CBAF55A}"= UDP:C:\Users\Rémy et céline\jeux\call of duty 4\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{4DA8C0A0-A62A-4524-B510-BDD2BA8734D9}"= TCP:C:\Users\Rémy et céline\jeux\call of duty 4\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{0450709F-86D9-4997-BC42-9CE5171F8DC6}"= UDP:C:\Users\Rémy et céline\logiciel\TribalWeb\tribalweb.exe:TribalWeb
"{94B40334-3E60-4C08-A501-933218A2FA48}"= TCP:C:\Users\Rémy et céline\logiciel\TribalWeb\tribalweb.exe:TribalWeb
"{BF9D39EB-F975-4F47-BE6D-9A424C890CA1}"= UDP:3728:tribalweb
"{D2B70217-1679-4A80-B59F-8A3DC3DA52FD}"= UDP:C:\Users\Rémy et céline\logiciel\eMule\emule.exe:emule
"{029F98AB-EC5E-4088-9E97-BC6E74E2A10F}"= TCP:C:\Users\Rémy et céline\logiciel\eMule\emule.exe:emule
"{6776598A-B891-4258-BA2D-2F0AE58D2F50}"= UDP:C:\Users\Rémy et céline\logiciel\i tunes\iTunes.exe:iTunes
"{C585A93A-155B-43DB-9210-173A751AEAF8}"= TCP:C:\Users\Rémy et céline\logiciel\i tunes\iTunes.exe:iTunes
"{BE70DD4A-B119-4FF7-9BF9-50CE55B20807}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DisableNotifications"= 1 (0x1)
"EnableFirewall"= 0 (0x0)

S1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080331.001\IDSvix86.sys [2008-02-13 18:18]
S3 BCM43XV;Pilote de la carte réseau extensible Broadcom 802.11;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 09:30]
S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\Windows\system32\DRIVERS\se59bus.sys [2006-09-05 20:07]
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\se59mdfl.sys [2006-09-05 20:07]
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\se59mdm.sys [2006-09-05 20:07]
S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\se59mgmt.sys [2006-09-05 20:08]
S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);C:\Windows\system32\DRIVERS\se59nd5.sys [2006-09-05 20:06]
S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\se59obex.sys [2006-09-05 20:09]
S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);C:\Windows\system32\DRIVERS\se59unic.sys [2006-09-05 20:06]
S3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-03-07 14:39]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
*Newly Created Service* - ECACHE
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-03 18:46:54 C:\Windows\Tasks\Norton Internet Security - Analyse système complète - Rémy et céline.job"
- c:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
"2008-04-03 19:46:28 C:\Windows\Tasks\User_Feed_Synchronization-{0564B497-BD14-40DB-9C20-DD0A848AC6DA}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-04 10:28:50
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-04 10:29:18
ComboFix-quarantined-files.txt 2008-04-04 08:29:16
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
.
2008-04-04 06:59:54 --- E O F ---

Re,

Ne t'inquiète, je sais ce que je fais   Si tu as des doutes, regarde un peu mon travail sur ce forum  

1) Rends toi sur ce lien : Virus Total

Clique sur Parcourir

Rends toi jusque sur ce fichier si tu le trouves :

C:\Windows\System32\ieUnatt.exe

Clique sur Envoyer le fichier et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.

Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.

Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté

Une nouvelle fenêtre de ton navigateur va apparaître

Clique alors sur cette image :

Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier

Enfin colle le résultat dans ta prochaine réponse.
Note : Peu importe le résultat, il est important de me communiquer le résultat de toute l'analyse.
Il est possible que tes outils de sécurité réagissent à l'envoi du fichier, en ce cas il te faudra ignorer les alertes.

2) Fais une capture d'écran du contenu du dossier suivant :

C:\ProgramData\fqpmwmls

Tutorial pour une capture d’écran : http://adub115.free.fr/Tutos/TutoCapture.pdf

 

voila


Fichier ieUnatt.exe reçu le 2008.04.04 12:46:35 (CET)Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.4.4.1 2008.04.04 -
AntiVir 7.6.0.80 2008.04.04 -
Authentium 4.93.8 2008.04.03 -
Avast 4.7.1098.0 2008.04.04 -
AVG 7.5.0.516 2008.04.04 -
BitDefender 7.2 2008.04.04 -
CAT-QuickHeal 9.50 2008.04.04 -
ClamAV 0.92.1 2008.04.04 -
DrWeb 4.44.0.09170 2008.04.04 -
eSafe 7.0.15.0 2008.04.01 -
eTrust-Vet 31.3.5670 2008.04.04 -
Ewido 4.0 2008.04.03 -
F-Prot 4.4.2.54 2008.04.03 -
F-Secure 6.70.13260.0 2008.04.04 -
FileAdvisor 1 2008.04.04 -
Fortinet 3.14.0.0 2008.04.04 -
Ikarus T3.1.1.20.0 2008.04.04 -
Kaspersky 7.0.0.125 2008.04.04 -
McAfee 5266 2008.04.03 -
Microsoft 1.3408 2008.04.03 -
NOD32v2 3002 2008.04.04 -
Norman 5.80.02 2008.04.03 -
Panda 9.0.0.4 2008.04.04 -
Prevx1 V2 2008.04.04 -
Rising 20.38.60.00 2008.04.03 -
Sophos 4.28.0 2008.04.04 -
Sunbelt 3.0.978.0 2008.03.18 -
Symantec 10 2008.04.04 -
TheHacker 6.2.92.264 2008.04.04 -
VBA32 3.12.6.3 2008.03.25 -
VirusBuster 4.3.26:9 2008.04.03 -
Webwasher-Gateway 6.6.2 2008.04.04 -

Information additionnelle
File size: 26624 bytes
MD5...: 95b16fb2464b28015fd3063b4fdf0caa
SHA1..: d540042230f88a83cb772c734bc118c7b06bd331
SHA256: 2fb196c20ac6c22350843b81f12e6e70e3b575b443128987510a48f3c04bf908
SHA512: 7727dc970befe919214894e5a67d1b2585d14a2a1026dda7017c3b888123d1b6<BR>1c194549a810b010f9067fba5eeb157e186843e986b70b56636048186a82f037
PEiD..: -
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x10055cc<BR>timedatestamp.....: 0x47575b89 (Thu Dec 06 02:16:41 2007)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x51c4 0x5200 5.82 f777bb25db74d60d77e378fa9fcf8d6e<BR>.data 0x7000 0x9d4 0x600 2.62 b73d6349b1aeff8adf00deb95c7b5e29<BR>.rsrc 0x8000 0x508 0x600 2.94 79022a3b99784ac68106b0862edb21b2<BR>.reloc 0x9000 0x5b2 0x600 5.99 2c74b3c4eec5491ccd7544a9079f6764<BR><BR>( 8 imports ) <BR>> ADVAPI32.dll: RegCloseKey, RegQueryInfoKeyW, RegDeleteKeyW, RegEnumKeyExW, RegQueryValueExW, RegOpenKeyExW, RegSetValueExW, RegCreateKeyExW<BR>> KERNEL32.dll: GetLastError, ExitProcess, LocalFree, GetCommandLineW, WritePrivateProfileStringW, lstrcmpiW, lstrlenW, GetCurrentProcess, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, GetModuleHandleA, SetUnhandledExceptionFilter, GetStartupInfoA, InterlockedCompareExchange, Sleep, InterlockedExchange, UnhandledExceptionFilter<BR>> msvcrt.dll: _except_handler4_common, _terminate@@YAXXZ, __set_app_type, _controlfp, __p__commode, _amsg_exit, _adjust_fdiv, __setusermatherr, _vsnwprintf, __3@YAXPAX@Z, _initterm, __p__fmode, _acmdln, exit, _ismbblead, _XcptFilter, _exit, _cexit, __getmainargs, _itow_s, wcsncmp, memset, __2@YAPAXI@Z<BR>> USER32.dll: LoadStringW<BR>> SHLWAPI.dll: -, StrCmpW, StrChrW, -, -, PathAppendW<BR>> SHELL32.dll: CommandLineToArgvW, SHGetFolderPathW, -<BR>> ole32.dll: CoCreateGuid<BR>> WDSCORE.dll: CurrentIP, WdsSetupLogInit, WdsSetupLogMessageW, ConstructPartialMsgVW, WdsSetupLogDestroy<BR><BR>( 0 exports ) <BR>
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=9...

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.4.4.1 2008.04.04 -
AntiVir 7.6.0.80 2008.04.04 -
Authentium 4.93.8 2008.04.03 -
Avast 4.7.1098.0 2008.04.04 -
AVG 7.5.0.516 2008.04.04 -
BitDefender 7.2 2008.04.04 -
CAT-QuickHeal 9.50 2008.04.04 -
ClamAV 0.92.1 2008.04.04 -
DrWeb 4.44.0.09170 2008.04.04 -
eSafe 7.0.15.0 2008.04.01 -
eTrust-Vet 31.3.5670 2008.04.04 -
Ewido 4.0 2008.04.03 -
F-Prot 4.4.2.54 2008.04.03 -
F-Secure 6.70.13260.0 2008.04.04 -
FileAdvisor 1 2008.04.04 -
Fortinet 3.14.0.0 2008.04.04 -
Ikarus T3.1.1.20.0 2008.04.04 -
Kaspersky 7.0.0.125 2008.04.04 -
McAfee 5266 2008.04.03 -
Microsoft 1.3408 2008.04.03 -
NOD32v2 3002 2008.04.04 -
Norman 5.80.02 2008.04.03 -
Panda 9.0.0.4 2008.04.04 -
Prevx1 V2 2008.04.04 -
Rising 20.38.60.00 2008.04.03 -
Sophos 4.28.0 2008.04.04 -
Sunbelt 3.0.978.0 2008.03.18 -
Symantec 10 2008.04.04 -
TheHacker 6.2.92.264 2008.04.04 -
VBA32 3.12.6.3 2008.03.25 -
VirusBuster 4.3.26:9 2008.04.03 -
Webwasher-Gateway 6.6.2 2008.04.04 -

Information additionnelle
File size: 26624 bytes
MD5...: 95b16fb2464b28015fd3063b4fdf0caa
SHA1..: d540042230f88a83cb772c734bc118c7b06bd331
SHA256: 2fb196c20ac6c22350843b81f12e6e70e3b575b443128987510a48f3c04bf908
SHA512: 7727dc970befe919214894e5a67d1b2585d14a2a1026dda7017c3b888123d1b6<BR>1c194549a810b010f9067fba5eeb157e186843e986b70b56636048186a82f037
PEiD..: -
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x10055cc<BR>timedatestamp.....: 0x47575b89 (Thu Dec 06 02:16:41 2007)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x51c4 0x5200 5.82 f777bb25db74d60d77e378fa9fcf8d6e<BR>.data 0x7000 0x9d4 0x600 2.62 b73d6349b1aeff8adf00deb95c7b5e29<BR>.rsrc 0x8000 0x508 0x600 2.94 79022a3b99784ac68106b0862edb21b2<BR>.reloc 0x9000 0x5b2 0x600 5.99 2c74b3c4eec5491ccd7544a9079f6764<BR><BR>( 8 imports ) <BR>> ADVAPI32.dll: RegCloseKey, RegQueryInfoKeyW, RegDeleteKeyW, RegEnumKeyExW, RegQueryValueExW, RegOpenKeyExW, RegSetValueExW, RegCreateKeyExW<BR>> KERNEL32.dll: GetLastError, ExitProcess, LocalFree, GetCommandLineW, WritePrivateProfileStringW, lstrcmpiW, lstrlenW, GetCurrentProcess, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, GetModuleHandleA, SetUnhandledExceptionFilter, GetStartupInfoA, InterlockedCompareExchange, Sleep, InterlockedExchange, UnhandledExceptionFilter<BR>> msvcrt.dll: _except_handler4_common, _terminate@@YAXXZ, __set_app_type, _controlfp, __p__commode, _amsg_exit, _adjust_fdiv, __setusermatherr, _vsnwprintf, __3@YAXPAX@Z, _initterm, __p__fmode, _acmdln, exit, _ismbblead, _XcptFilter, _exit, _cexit, __getmainargs, _itow_s, wcsncmp, memset, __2@YAPAXI@Z<BR>> USER32.dll: LoadStringW<BR>> SHLWAPI.dll: -, StrCmpW, StrChrW, -, -, PathAppendW<BR>> SHELL32.dll: CommandLineToArgvW, SHGetFolderPathW, -<BR>> ole32.dll: CoCreateGuid<BR>> WDSCORE.dll: CurrentIP, WdsSetupLogInit, WdsSetupLogMessageW, ConstructPartialMsgVW, WdsSetupLogDestroy<BR><BR>( 0 exports ) <BR>
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=9...

je nai pas ce dossier dans mo pc!

C:\ProgramData\fqpmwmls

Re,

Fais ça et regarde s'il y est  

http://www.micro-astuce.com/Forum/topic1607.html

le dossier est vide!

Re,

Oki.

Désactive toute protection résidente ( antivirus…) !

Copie le texte se situant dans le cadre ci-dessous, sans le mot citation :



Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier ComboFix-Do.txt dans Combofix.exe comme ci-dessous :



Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un nouveau rapport Hijackthis.
S'il n'y a pas de redémarrage, poste quand même les rapports.

 

salut je n ai pas eu a redemarrer voila les rapport:

combo:

ComboFix 08-04-03.3 - Rémy et céline 2008-04-05 9:37:51.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1143 [GMT 2:00]
Endroit: C:\Users\Rémy et céline\Desktop\ComboFix.exe
Command switches used :: C:\Users\R‚my et c‚line\Desktop\CFScript.txt
* Création d'un nouveau point de restauration
.

((((((((((((((((((((((((((((( Fichiers créés 2008-03-05 to 2008-04-05 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-05 07:41 4,718,592 --sha-w C:\Users\Rémy et céline\NTUSER.DAT
2008-04-05 07:41 4,718,592 --sha-w C:\Users\Rémy et céline\NTUSER.DAT
2008-04-04 21:20 --------- d-----w C:\Users\Rémy et céline\AppData\Roaming\uTorrent
2008-04-04 15:16 --------- d-----w C:\ProgramData\Google Updater
2008-04-04 07:26 --------- d-----w C:\ProgramData\ynavkzqd
2008-04-04 07:26 --------- d-----w C:\ProgramData\llcvotdk
2008-04-04 07:26 --------- d-----w C:\ProgramData\fqpmwmls
2008-04-04 07:14 28,190 ----a-w C:\Users\Rémy et céline\AppData\Roaming\nvModes.dat
2008-04-03 20:19 --------- d-----w C:\ProgramData\uacxeeqi
2008-04-03 20:19 --------- d-----w C:\ProgramData\mhhxwhmh
2008-04-03 19:53 --------- d-----w C:\ProgramData\syulnuii
2008-04-03 15:30 6,776 ----a-w C:\Windows\System32\tmp.reg
2008-04-01 20:24 691 ----a-w C:\Users\Rémy et céline\AppData\Roaming\GetValue.vbs
2008-04-01 20:24 35 ----a-w C:\Users\Rémy et céline\AppData\Roaming\SetValue.bat
2008-04-01 13:46 --------- d-----w C:\Program Files\PC-Antispyware
2008-04-01 13:31 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-03-31 21:10 --------- d-----w C:\Program Files\HP
2008-03-31 13:33 --------- d-----w C:\Users\Rémy et céline\AppData\Roaming\Skype
2008-03-28 21:19 86,528 ----a-w C:\Windows\System32\VACFix.exe
2008-03-26 15:24 --------- d-----w C:\Users\Rémy et céline\AppData\Roaming\Hamachi
2008-03-26 06:50 82,432 ----a-w C:\Windows\System32\IEDFix.exe
2008-03-25 17:12 --------- d-----w C:\Users\Rémy et céline\AppData\Roaming\Grisoft
2008-03-25 17:11 --------- d-----w C:\ProgramData\Grisoft
2008-03-25 11:33 --------- d-----w C:\Users\Rémy et céline\AppData\Roaming\Image Zone Express
2008-03-25 08:56 --------- d-----w C:\ProgramData\Symantec
2008-03-20 16:25 --------- d-----w C:\Users\Rémy et céline\AppData\Roaming\Adobe
2008-03-18 17:12 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-03-18 17:12 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-03-15 14:55 17,480 ----a-w C:\Windows\system32\drivers\hamachi.sys
2008-03-15 09:14 --------- d-----w C:\Program Files\Java
2008-03-13 07:45 --------- d-----w C:\Program Files\Windows Mail
2008-03-12 21:55 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-11 08:06 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-09 13:42 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-09 13:40 --------- d-----w C:\Program Files\Windows Live
2008-03-08 10:38 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-08 10:38 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-08 10:31 --------- d-----w C:\ProgramData\WLInstaller
2008-03-07 12:40 13,035 ----a-w C:\Windows\system32\drivers\SymRedir.cat
2008-03-07 12:40 1,358 ----a-w C:\Windows\system32\drivers\SymRedir.inf
2008-03-07 12:39 39,984 ----a-w C:\Windows\system32\drivers\symids.sys
2008-03-07 12:39 37,936 ----a-w C:\Windows\system32\drivers\symndisv.sys
2008-03-07 12:39 27,696 ----a-w C:\Windows\system32\drivers\symredrv.sys
2008-03-07 12:39 191,536 ----a-w C:\Windows\system32\drivers\symtdi.sys
2008-03-07 12:39 145,968 ----a-w C:\Windows\system32\drivers\symfw.sys
2008-03-07 12:39 12,848 ----a-w C:\Windows\system32\drivers\symdns.sys
2008-03-06 20:32 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
2008-03-06 20:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
2008-03-06 20:32 10,537 ----a-w C:\Windows\system32\drivers\COH_Mon.cat
2008-02-28 14:12 --------- d-----w C:\Program Files\Google
2008-02-25 15:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-25 15:03 --------- d-----w C:\Program Files\Live_TV
2008-02-25 15:00 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-02-25 15:00 --------- d-----w C:\Program Files\AVS4YOU
2008-02-18 18:02 --------- d-----w C:\ProgramData\AVS4YOU
2008-02-16 16:02 --------- d-----w C:\Users\Rémy et céline\AppData\Roaming\AVS4YOU
2008-02-15 18:34 --------- d-----w C:\Program Files\uTorrent
2008-02-14 13:18 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 13:18 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-14 13:14 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-14 13:14 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-14 13:14 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-14 13:14 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 13:14 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 13:14 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 13:14 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-14 13:14 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-14 13:14 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 13:14 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-14 13:14 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-02-14 13:14 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-14 13:13 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 13:13 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 13:13 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 13:13 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 13:13 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 13:13 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-14 13:10 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-14 13:10 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-14 13:10 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-14 13:10 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-12 10:29 476 ----a-w C:\Users\Rémy et céline\AppData\Roaming\wklnhst.dat
2008-02-11 21:31 --------- d-s---w C:\Users\Rémy et céline\AppData\Roaming\Microsoft
2008-02-11 21:14 --------- d-----w C:\Program Files\MSBuild
2008-02-11 21:14 --------- d-----w C:\Program Files\Microsoft Works
2008-02-11 21:11 --------- d-----w C:\Program Files\Microsoft.NET
2008-02-11 21:06 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-02-11 09:16 --------- d-----w C:\Users\Rémy et céline\AppData\Roaming\Mozilla
2008-02-01 10:17 587,264 ----a-w C:\Windows\WLXPGSS.SCR
2008-01-17 14:58 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2008-01-17 14:56 22,328 ----a-w C:\Users\Rémy et céline\AppData\Roaming\PnkBstrK.sys
2008-01-17 13:48 338,432 ----a-w C:\Windows\System32\Mss32.dll
2008-01-10 05:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-01-09 09:16 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2007-08-29 14:40 174 --sha-w C:\Program Files\desktop.ini
2007-08-22 19:48 22 --sha-w C:\Windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( snapshot@2008-04-04_10.29.10,53 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-04 08:22:38 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-04-05 07:24:42 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-04-04 08:20:24 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-04-05 07:40:42 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-04-04 08:21:29 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-04-05 07:28:38 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-04-05 07:28:38 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-04-04 08:20:40 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-04-05 07:37:12 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-04-04 08:21:29 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-04-05 07:28:33 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-04-05 07:28:33 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-04-04 08:20:22 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-04-05 07:40:39 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-04-04 08:20:22 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-05 07:40:39 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-04 08:20:22 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-05 07:40:39 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-04-04 07:45:53 104,566 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-04-05 07:30:33 104,566 ----a-w C:\Windows\System32\perfc009.dat
- 2008-04-04 07:45:53 118,276 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-04-05 07:30:33 118,276 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-04-04 07:45:53 610,784 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-04-05 07:30:33 610,784 ----a-w C:\Windows\System32\perfh009.dat
- 2008-04-04 07:45:53 692,172 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-04-05 07:30:33 692,172 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-04-04 07:41:08 10,286 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-990096617-388181133-1618056363-1000_UserData.bin
+ 2008-04-05 07:28:55 10,516 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-990096617-388181133-1618056363-1000_UserData.bin
- 2008-04-04 08:19:53 82,688 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-04-05 07:28:53 83,124 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-04-04 08:19:51 49,384 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-04-05 07:28:52 49,716 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 11:16 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-28 15:50 68856]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"syulnuii"="C:\ProgramData\syulnuii\qdolwvax.exe" [2008-04-03 21:53 106496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-05-01 12:27 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-05-01 12:27 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-05-01 12:27 81920]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-25 16:33 1006264]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-16 23:34 634880]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 01:14 833072]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 19:50 4390912 C:\Windows\RtHDVCpl.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 16:37 174872]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 05:59 115816]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-04-23 18:11 176128]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 11:38 159744]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 11:54 50696]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 13:18 472776]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 16:12 317128]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 16:31 80896]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-20 12:15 185632]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 11:45 222208]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 16:27 385024]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"!AVG Anti-Spyware"="C:\Users\Rémy et céline\logiciel\Nouveau dossier\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50 734872]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20 40048]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-02-28 15:50:23 125624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"i6A8okNaCn"= C:\ProgramData\ynavkzqd\wjkvgjad.exe

[HKLM\~\startupfolder\C:^Users^Rémy et céline^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^TribalWeb.lnk]
path=C:\Users\Rémy et céline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TribalWeb.lnk
backup=C:\Windows\pss\TribalWeb.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-03-12 13:49 153136 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 04:22 267048 C:\Users\Rémy et céline\logiciel\i tunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-09 18:53 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC-Antispyware]
C:\Program Files\PC-Antispyware\PC-Antispyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2006-07-14 00:41 20034600 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E9700DD2-050E-4830-8C93-832E14A18463}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D344DB5F-C5F3-44E3-A3CC-55968796A2F2}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{394C533B-4CC1-4246-B362-3E4670DD45AE}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{A0D656E2-4E3F-4346-9AF0-1784F49B370E}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{EC63352B-EC81-4550-8BAC-B3C5A0765FA3}"= UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{6457D4F1-1783-46B4-8921-1C3B1138AD05}"= TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{88D42F14-15AC-4734-9D60-52FAC8690088}"= UDP:C:\Users\Rémy et céline\logiciel\i tunes\iTunes.exe:iTunes
"{FA7CE72A-F078-47F7-B215-B572729B6348}"= TCP:C:\Users\Rémy et céline\logiciel\i tunes\iTunes.exe:iTunes
"{B1C2DF77-D1C1-4B1C-838B-4B68FF45FFD6}"= UDP:C:\Windows\System32\PnkBstrA.exe nkBstrA
"{C58B9D79-84CB-4C17-AA49-08228E17DFAC}"= TCP:C:\Windows\System32\PnkBstrA.exe nkBstrA
"{8A9B1B2E-4F60-49C5-A832-70A01B9A5331}"= UDP:C:\Windows\System32\PnkBstrB.exe nkBstrB
"{BF3FD0F4-1C9F-451A-A0E5-09AE9AF50746}"= TCP:C:\Windows\System32\PnkBstrB.exe nkBstrB
"{15684BB4-2D8F-4E12-A0CA-DB475CBAF55A}"= UDP:C:\Users\Rémy et céline\jeux\call of duty 4\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{4DA8C0A0-A62A-4524-B510-BDD2BA8734D9}"= TCP:C:\Users\Rémy et céline\jeux\call of duty 4\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{0450709F-86D9-4997-BC42-9CE5171F8DC6}"= UDP:C:\Users\Rémy et céline\logiciel\TribalWeb\tribalweb.exe:TribalWeb
"{94B40334-3E60-4C08-A501-933218A2FA48}"= TCP:C:\Users\Rémy et céline\logiciel\TribalWeb\tribalweb.exe:TribalWeb
"{BF9D39EB-F975-4F47-BE6D-9A424C890CA1}"= UDP:3728:tribalweb
"{D2B70217-1679-4A80-B59F-8A3DC3DA52FD}"= UDP:C:\Users\Rémy et céline\logiciel\eMule\emule.exe:emule
"{029F98AB-EC5E-4088-9E97-BC6E74E2A10F}"= TCP:C:\Users\Rémy et céline\logiciel\eMule\emule.exe:emule
"{6776598A-B891-4258-BA2D-2F0AE58D2F50}"= UDP:C:\Users\Rémy et céline\logiciel\i tunes\iTunes.exe:iTunes
"{C585A93A-155B-43DB-9210-173A751AEAF8}"= TCP:C:\Users\Rémy et céline\logiciel\i tunes\iTunes.exe:iTunes
"{BE70DD4A-B119-4FF7-9BF9-50CE55B20807}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DisableNotifications"= 1 (0x1)
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080331.001\IDSvix86.sys [2008-02-13 18:18]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-03-07 14:39]
S3 BCM43XV;Pilote de la carte réseau extensible Broadcom 802.11;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 09:30]
S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\Windows\system32\DRIVERS\se59bus.sys [2006-09-05 20:07]
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\se59mdfl.sys [2006-09-05 20:07]
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\se59mdm.sys [2006-09-05 20:07]
S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\se59mgmt.sys [2006-09-05 20:08]
S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);C:\Windows\system32\DRIVERS\se59nd5.sys [2006-09-05 20:06]
S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\se59obex.sys [2006-09-05 20:09]
S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);C:\Windows\system32\DRIVERS\se59unic.sys [2006-09-05 20:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - COMHOST
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-04 19:33:57 C:\Windows\Tasks\Norton Internet Security - Analyse système complète - Rémy et céline.job"
- c:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
"2008-04-04 20:21:22 C:\Windows\Tasks\User_Feed_Synchronization-{0564B497-BD14-40DB-9C20-DD0A848AC6DA}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-05 09:41:22
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-05 9:42:20
ComboFix-quarantined-files.txt 2008-04-05 07:42:16
ComboFix2.txt 2008-04-04 08:29:19
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
.
2008-04-04 06:59:54 --- E O F ---



hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:44:39, on 05/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Users\Rémy et céline\logiciel\Nouveau dossier\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\ProgramData\syulnuii\qdolwvax.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\Rémy et céline\logiciel\hidjacsky\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Users\Rémy et céline\logiciel\Nouveau dossier\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [syulnuii] C:\ProgramData\syulnuii\qdolwvax.exe
O4 - HKLM\..\Policies\Explorer\Run: [i6A8okNaCn] C:\ProgramData\ynavkzqd\wjkvgjad.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.ap...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jre/6u5-b15/jinstal...
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Users\Rémy et céline\logiciel\Nouveau dossier\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 11628 bytes


je serais de retour lundi dans l apres midi vers 15h30 salu et merci encore de m'aidé!!

Re,

La manip n'a pas marché   Suis bien les indications suivantes :

1) Télécharge ToolsCleaner, sur ton bureau.

Ce programme va te faire désinstaller tous les outils que je t’ai faits utiliser.

Clique sur Recherche et laisse le scan agir ...

Clique sur Suppression pour finaliser.

Tu peux, si tu le souhaites, te servir des Options facultatives.

Clique sur Quitter pour obtenir le rapport.

Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

Tutorial ici :

2) Retélécharge Combofix et enregistre-le à la racine de ton disque dur, c'est à dire ici : C:\Combofix.exe >>> Ceci est très important !!!

3) Copie le texte se situant dans le cadre ci-dessous, sans le mot citation :

Citation :

Folder::
C:\ProgramData\ynavkzqd
C:\ProgramData\llcvotdk
C:\ProgramData\fqpmwmls
C:\ProgramData\uacxeeqi
C:\ProgramData\mhhxwhmh
C:\ProgramData\syulnuii
C:\Program Files\PC-Antispyware

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"syulnuii"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"i6A8okNaCn"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC-Antispyware]

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt et enregistre-le à la racine de ton disque dur, soit sur C:\CFScript.txt >>> Très important là aussi !!!

4) Glisse maintenant le fichier ComboFix-Do.txt dans Combofix.exe comme ci-dessous :



Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un nouveau rapport Hijackthis.
S'il n'y a pas de redémarrage, poste quand même les rapports.

 

toolcleaner me marque

impossible de crée le fichier c:/tcleaner.txt . acces refuser

TELECHARGE AVG SPYWARE C LA DEMO MAI IL TENLEVERA DEJA TES SPYWAR CAR SINON IL VAUT 39.90E
http://www.01net.com/telecharger/windows/Securite/antiv...

DEMO DE 30 JOUR D ESSAI JE PRECISE BYE

Re,

Laisse tomber toolscleaner, supprime combofix manuellement puis retélécharge-le et installe-le comme demandé.

 

le pc me dis que je ne peut pas ecrire dans c: et que je dois consulter l administrateur, je ne comprend pas vu que je sui administrateur.

Re,

Oki.

Poste un nouveau rapport hijackthis que je vois ça.

 

voile le rapport



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:02:15, on 08/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Users\Rémy et céline\logiciel\Nouveau dossier\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\ProgramData\syulnuii\qdolwvax.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\Rémy et céline\logiciel\hidjacsky\HijackThis.exe
C:\Program Files\uTorrent\uTorrent.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Users\Rémy et céline\logiciel\Nouveau dossier\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [syulnuii] C:\ProgramData\syulnuii\qdolwvax.exe
O4 - HKLM\..\Policies\Explorer\Run: [i6A8okNaCn] C:\ProgramData\ynavkzqd\wjkvgjad.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.ap...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jre/6u5-b15/jinstal...
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Users\Rémy et céline\logiciel\Nouveau dossier\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 11736 bytes

Re,

Lance combofix de la façon suivante : faire un clic droit sur le fichier puis choisir Exécuter en tant qu'administrateur.

 

voila le rapport de combofix::

ComboFix 08-04-07.5 - Rémy et céline 2008-04-08 17:27:50.3 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1093 [GMT 2:00]
Endroit: C:\Users\Rémy et céline\Downloads\ComboFix.exe
* Création d'un nouveau point de restauration
.

((((((((((((((((((((((((((((( Fichiers créés 2008-03-08 to 2008-04-08 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-08 15:31 --------- d-----w C:\Users\Rémy et céline\AppData\Roaming\uTorrent
2008-04-08 15:28 4,718,592 --sha-w C:\Users\Rémy et céline\NTUSER.DAT
2008-04-08 15:28 4,718,592 --sha-w C:\Users\Rémy et céline\NTUSER.DAT
2008-04-08 14:16 --------- d-----w C:\ProgramData\Google Updater
2008-04-07 14:54 28,190 ----a-w C:\Users\Rémy et céline\AppData\Roaming\nvModes.dat
2008-04-07 14:36 --------- d-----w C:\Users\Rémy et céline\AppData\Roaming\Skype
2008-04-05 08:21 606 ----a-w C:\Users\Rémy et céline\NCO_BHO.reg
2008-04-05 08:21 606 ----a-w C:\Users\Rémy et céline\NCO_BHO.reg
2008-04-04 07:26 --------- d-----w C:\ProgramData\ynavkzqd
2008-04-04 07:26 --------- d-----w C:\ProgramData\llcvotdk
2008-04-04 07:26 --------- d-----w C:\ProgramData\fqpmwmls
2008-04-03 20:19 --------- d-----w C:\ProgramData\uacxeeqi
2008-04-03 20:19 --------- d-----w C:\ProgramData\mhhxwhmh
2008-04-03 19:53 --------- d-----w C:\ProgramData\syulnuii
2008-04-03 15:30 6,776 ----a-w C:\Windows\System32\tmp.reg
2008-04-01 20:24 691 ----a-w C:\Users\Rémy et céline\AppData\Roaming\GetValue.vbs
2008-04-01 20:24 35 ----a-w C:\Users\Rémy et céline\AppData\Roaming\SetValue.bat
2008-04-01 13:46 --------- d-----w C:\Program Files\PC-Antispyware
2008-04-01 13:31 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-03-31 21:10 --------- d-----w C:\Program Files\HP
2008-03-28 21:19 86,528 ----a-w C:\Windows\System32\VACFix.exe
2008-03-26 15:24 --------- d-----w C:\Users\Rémy et céline\AppData\Roaming\Hamachi
2008-03-26 06:50 82,432 ----a-w C:\Windows\System32\IEDFix.exe
2008-03-25 17:12 --------- d-----w C:\Users\Rémy et céline\AppData\Roaming\Grisoft
2008-03-25 17:11 --------- d-----w C:\ProgramData\Grisoft
2008-03-25 11:33 --------- d-----w C:\Users\Rémy et céline\AppData\Roaming\Image Zone Express
2008-03-25 08:56 --------- d-----w C:\ProgramData\Symantec
2008-03-20 16:25 --------- d-----w C:\Users\Rémy et céline\AppData\Roaming\Adobe
2008-03-18 17:12 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-03-18 17:12 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-03-15 14:55 17,480 ----a-w C:\Windows\system32\drivers\hamachi.sys
2008-03-15 09:14 --------- d-----w C:\Program Files\Java
2008-03-13 07:45 --------- d-----w C:\Program Files\Windows Mail
2008-03-12 21:55 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-11 08:06 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-09 13:42 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-09 13:40 --------- d-----w C:\Program Files\Windows Live
2008-03-08 10:38 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-08 10:38 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-08 10:31 --------- d-----w C:\ProgramData\WLInstaller
2008-03-07 12:40 13,035 ----a-w C:\Windows\system32\drivers\SymRedir.cat
2008-03-07 12:40 1,358 ----a-w C:\Windows\system32\drivers\SymRedir.inf
2008-03-07 12:39 39,984 ----a-w C:\Windows\system32\drivers\symids.sys
2008-03-07 12:39 37,936 ----a-w C:\Windows\system32\drivers\symndisv.sys
2008-03-07 12:39 27,696 ----a-w C:\Windows\system32\drivers\symredrv.sys
2008-03-07 12:39 191,536 ----a-w C:\Windows\system32\drivers\symtdi.sys
2008-03-07 12:39 145,968 ----a-w C:\Windows\system32\drivers\symfw.sys
2008-03-07 12:39 12,848 ----a-w C:\Windows\system32\drivers\symdns.sys
2008-03-06 20:32 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
2008-03-06 20:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
2008-03-06 20:32 10,537 ----a-w C:\Windows\system32\drivers\COH_Mon.cat
2008-02-28 14:12 --------- d-----w C:\Program Files\Google
2008-02-25 15:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-25 15:03 --------- d-----w C:\Program Files\Live_TV
2008-02-25 15:00 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-02-25 15:00 --------- d-----w C:\Program Files\AVS4YOU
2008-02-18 18:02 --------- d-----w C:\ProgramData\AVS4YOU
2008-02-16 16:02 --------- d-----w C:\Users\Rémy et céline\AppData\Roaming\AVS4YOU
2008-02-15 18:34 --------- d-----w C:\Program Files\uTorrent
2008-02-14 13:18 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 13:18 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-14 13:14 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-14 13:14 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-14 13:14 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-14 13:14 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 13:14 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 13:14 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 13:14 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-14 13:14 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-14 13:14 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 13:14 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-14 13:14 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-02-14 13:14 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-14 13:13 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 13:13 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 13:13 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 13:13 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 13:13 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 13:13 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-14 13:10 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-14 13:10 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-14 13:10 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-14 13:10 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-12 10:29 476 ----a-w C:\Users\Rémy et céline\AppData\Roaming\wklnhst.dat
2008-02-11 21:31 --------- d-s---w C:\Users\Rémy et céline\AppData\Roaming\Microsoft
2008-02-11 21:14 --------- d-----w C:\Program Files\MSBuild
2008-02-11 21:14 --------- d-----w C:\Program Files\Microsoft Works
2008-02-11 21:11 --------- d-----w C:\Program Files\Microsoft.NET
2008-02-11 21:06 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-02-11 09:16 --------- d-----w C:\Users\Rémy et céline\AppData\Roaming\Mozilla
2008-02-01 10:17 587,264 ----a-w C:\Windows\WLXPGSS.SCR
2008-01-17 14:58 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2008-01-17 14:56 22,328 ----a-w C:\Users\Rémy et céline\AppData\Roaming\PnkBstrK.sys
2008-01-17 13:48 338,432 ----a-w C:\Windows\System32\Mss32.dll
2008-01-10 05:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-01-09 09:16 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2007-08-29 14:40 174 --sha-w C:\Program Files\desktop.ini
2007-08-22 19:48 22 --sha-w C:\Windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( snapshot_2008-04-05_ 9.42.01,99 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-05 07:24:42 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-04-08 14:01:38 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-04-05 07:40:42 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-04-08 15:16:50 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-04-05 07:28:38 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-04-08 14:09:04 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-04-08 14:09:04 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-04-05 07:37:12 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-04-08 15:26:56 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-04-05 07:28:33 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-04-08 14:09:54 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-04-05 07:40:39 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-04-08 15:24:13 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-04-05 07:40:39 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-08 15:24:13 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-05 07:40:39 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-08 15:24:13 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-04-04 08:24:16 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-04-08 15:27:43 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-04-08 15:27:43 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1
- 2008-04-05 07:30:33 104,566 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-04-05 22:16:55 104,566 ----a-w C:\Windows\System32\perfc009.dat
- 2008-04-05 07:30:33 118,276 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-04-05 22:16:55 118,276 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-04-05 07:30:33 610,784 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-04-05 22:16:55 610,784 ----a-w C:\Windows\System32\perfh009.dat
- 2008-04-05 07:30:33 692,172 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-04-05 22:16:56 692,172 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-04-05 07:28:55 10,516 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-990096617-388181133-1618056363-1000_UserData.bin
+ 2008-04-08 14:10:04 10,632 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-990096617-388181133-1618056363-1000_UserData.bin
- 2008-04-05 07:28:53 83,124 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-04-08 14:10:01 83,676 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-04-05 07:28:52 49,716 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-04-08 14:09:48 49,780 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 11:16 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-28 15:50 68856]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"syulnuii"="C:\ProgramData\syulnuii\qdolwvax.exe" [2008-04-03 21:53 106496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-05-01 12:27 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-05-01 12:27 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-05-01 12:27 81920]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-25 16:33 1006264]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-16 23:34 634880]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 01:14 833072]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 19:50 4390912 C:\Windows\RtHDVCpl.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 16:37 174872]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 05:59 115816]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-04-23 18:11 176128]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 11:38 159744]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 11:54 50696]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 13:18 472776]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 16:12 317128]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 16:31 80896]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-20 12:15 185632]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 11:45 222208]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 16:27 385024]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"!AVG Anti-Spyware"="C:\Users\Rémy et céline\logiciel\Nouveau dossier\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50 734872]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20 40048]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-02-28 15:50:23 125624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"i6A8okNaCn"= C:\ProgramData\ynavkzqd\wjkvgjad.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"=
"vidc.DIV3"= divxc32.dll
"vidc.DIV4"= divxc32f.dll
"vidc.X264"= x264vfw.dll
"vidc.davc"= davcvfw.dll
"vidc.hfyu"= huffyuv.dll
"msacm.ac3acm"= AC3ACM.acm
"msacm.divxa32"= DivXa32.acm
"msacm.lameacm"= LameACM.acm
"msacm.l3codec"= l3codecp.acm
"msacm.scg726"= scg726.acm
"msacm.alf2cd"= alf2cd.acm
"vidc.dvsd"= mcdvd_32.dll

[HKLM\~\startupfolder\C:^Users^Rémy et céline^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^TribalWeb.lnk]
path=C:\Users\Rémy et céline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TribalWeb.lnk
backup=C:\Windows\pss\TribalWeb.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-03-12 13:49 153136 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 04:22 267048 C:\Users\Rémy et céline\logiciel\i tunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-09 18:53 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC-Antispyware]
C:\Program Files\PC-Antispyware\PC-Antispyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2006-07-14 00:41 20034600 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E9700DD2-050E-4830-8C93-832E14A18463}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D344DB5F-C5F3-44E3-A3CC-55968796A2F2}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{394C533B-4CC1-4246-B362-3E4670DD45AE}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{A0D656E2-4E3F-4346-9AF0-1784F49B370E}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{EC63352B-EC81-4550-8BAC-B3C5A0765FA3}"= UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{6457D4F1-1783-46B4-8921-1C3B1138AD05}"= TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{88D42F14-15AC-4734-9D60-52FAC8690088}"= UDP:C:\Users\Rémy et céline\logiciel\i tunes\iTunes.exe:iTunes
"{FA7CE72A-F078-47F7-B215-B572729B6348}"= TCP:C:\Users\Rémy et céline\logiciel\i tunes\iTunes.exe:iTunes
"{B1C2DF77-D1C1-4B1C-838B-4B68FF45FFD6}"= UDP:C:\Windows\System32\PnkBstrA.exe nkBstrA
"{C58B9D79-84CB-4C17-AA49-08228E17DFAC}"= TCP:C:\Windows\System32\PnkBstrA.exe nkBstrA
"{8A9B1B2E-4F60-49C5-A832-70A01B9A5331}"= UDP:C:\Windows\System32\PnkBstrB.exe nkBstrB
"{BF3FD0F4-1C9F-451A-A0E5-09AE9AF50746}"= TCP:C:\Windows\System32\PnkBstrB.exe nkBstrB
"{15684BB4-2D8F-4E12-A0CA-DB475CBAF55A}"= UDP:C:\Users\Rémy et céline\jeux\call of duty 4\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{4DA8C0A0-A62A-4524-B510-BDD2BA8734D9}"= TCP:C:\Users\Rémy et céline\jeux\call of duty 4\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{0450709F-86D9-4997-BC42-9CE5171F8DC6}"= UDP:C:\Users\Rémy et céline\logiciel\TribalWeb\tribalweb.exe:TribalWeb
"{94B40334-3E60-4C08-A501-933218A2FA48}"= TCP:C:\Users\Rémy et céline\logiciel\TribalWeb\tribalweb.exe:TribalWeb
"{BF9D39EB-F975-4F47-BE6D-9A424C890CA1}"= UDP:3728:tribalweb
"{D2B70217-1679-4A80-B59F-8A3DC3DA52FD}"= UDP:C:\Users\Rémy et céline\logiciel\eMule\emule.exe:emule
"{029F98AB-EC5E-4088-9E97-BC6E74E2A10F}"= TCP:C:\Users\Rémy et céline\logiciel\eMule\emule.exe:emule
"{6776598A-B891-4258-BA2D-2F0AE58D2F50}"= UDP:C:\Users\Rémy et céline\logiciel\i tunes\iTunes.exe:iTunes
"{C585A93A-155B-43DB-9210-173A751AEAF8}"= TCP:C:\Users\Rémy et céline\logiciel\i tunes\iTunes.exe:iTunes
"{BE70DD4A-B119-4FF7-9BF9-50CE55B20807}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DisableNotifications"= 1 (0x1)
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080404.001\IDSvix86.sys [2008-02-13 18:18]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-03-07 14:39]
S3 BCM43XV;Pilote de la carte réseau extensible Broadcom 802.11;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 09:30]
S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\Windows\system32\DRIVERS\se59bus.sys [2006-09-05 20:07]
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\se59mdfl.sys [2006-09-05 20:07]
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\se59mdm.sys [2006-09-05 20:07]
S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\se59mgmt.sys [2006-09-05 20:08]
S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);C:\Windows\system32\DRIVERS\se59nd5.sys [2006-09-05 20:06]
S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\se59obex.sys [2006-09-05 20:09]
S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);C:\Windows\system32\DRIVERS\se59unic.sys [2006-09-05 20:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - COMHOST
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-07 18:44:33 C:\Windows\Tasks\Norton Internet Security - Analyse système complète - Rémy et céline.job"
- c:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
"2008-04-08 14:09:30 C:\Windows\Tasks\User_Feed_Synchronization-{0564B497-BD14-40DB-9C20-DD0A848AC6DA}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-08 17:32:40
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-08 17:33:27
ComboFix-quarantined-files.txt 2008-04-08 15:33:20
ComboFix2.txt 2008-04-05 07:42:21
ComboFix3.txt 2008-04-04 08:29:19
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
.
2008-04-07 08:53:11 --- E O F ---

Re,

Télécharger OTMoveIt2 par OldTimer.

Enregistrer ce fichier sur le Bureau.

Faire un double clic sur OTMoveIt2.exe pour lancer l'exécution de l'outil. (Note: Si vous utilisez Vista, faire un clic droit sur le fichier puis choisir Exécuter en tant qu'administrateur).

Copier les lignes de la zone "Code" ci-dessous en les sélectionnant TOUTES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier):

C:\ProgramData\ynavkzqd
C:\ProgramData\llcvotdk
C:\ProgramData\fqpmwmls
C:\ProgramData\uacxeeqi
C:\ProgramData\mhhxwhmh
C:\ProgramData\syulnuii
C:\Program Files\PC-Antispyware

Retourner dans la fenêtre de OTMoveIt2, faire un clic droit dans la zone "Paste Standard List of Files/Folders to Move" (sous la barre bleu clair) puis choisir Coller.

Copier les lignes de la zone "Code" ci-dessous en les sélectionnant TOUTES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier):

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"syulnuii"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"i6A8okNaCn"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC-Antispyware]

Retourner dans la fenêtre de OTMoveIt2, faire un clic droit dans la zone "Paste Custom List of Files/Folders to moved" (sous la barre jaune clair normalement) puis choisir Coller.

Cliquer sur le bouton rouge Moveit!.

Copier tout ce qui se trouve dans la zone Results (sous la barre verte) en sélectionnant TOUTES LES LIGNES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier), et coller ces résulats en réponse sur le forum.

Fermer OTMoveIt2

Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire afin de terminer le processus de déplacement. Si le redémarrage de la machine vous est demandé, choisir Oui/Yes. Dans ce cas, après le redémarrage, ouvrir le Bloc-notes (Démarrer->Tous les programmes->Accessoires->Bloc-notes), cliquer sur Fichier->Ouvrir, dans la zone "Nom du fichier" taper *.log et appuyer sur la touche Entrée, naviguer jusqu'au dossier C:\_OTMoveIt\MovedFiles, puis ouvrir le fichier .log le plus récent; ensuite faire un copier/coller du contenu de ce document en réponse sur le forum.

Si tu obtiens un message comme quoi le rapport ne peut pas être créé, copie/colle ce qui apparaît dans la colonne droite de l’outil.

 

voila la reponse de otmoveit2

C:\ProgramData\ynavkzqd moved successfully.
C:\ProgramData\llcvotdk moved successfully.
C:\ProgramData\fqpmwmls moved successfully.
C:\ProgramData\uacxeeqi moved successfully.
C:\ProgramData\mhhxwhmh moved successfully.
C:\ProgramData\syulnuii moved successfully.
< C:\Program Files\PC-Antispyware[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] >
File/Folder C:\Program Files\PC-Antispyware[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] not found.
File/Folder "syulnuii"=- not found.
< [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] >
File/Folder [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] not found.
File/Folder "i6A8okNaCn"=- not found.
< [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC-Antispyware] >
File/Folder [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC-Antispyware] not found.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04092008_154301

Re,

1) Créé un fichier Bloc Notes avec le texte qui se trouve dans l'espace ci-dessous (copie/colle) :




-Enregistrer ce fichier dans : Bureau
-Nom du fichier : fix.reg
-Type : tous les fichiers !!!
-cliquer sur Enregistrer
-quitter le Bloc Notes

Utilisation du fichier: fix.reg
- double cliquer sur le fichier (Bureau) / Accepter l'avertissement concernant la fusion / ne pas s'étonner de ne rien voir / valider le message disant que la fusion est terminée.

2) Refais un scan normal avec combofix et poste-moi le rapport.

 

salut

mon pc ma marqué : impossible d'importerc:\user\remy rt celine\desktop\fix.reg: le fichier specifié n est pas un script du registre

vous pouvez uniquement importer des fichiers du registre dinaire à partir de l editeur du registre.

salut g fais une mise a jour de windows vista ce matin et je n ai plus de fenetre concernant pc antispyware et pc-clean pourquoi la je ne sais pas!

autre chose g norton qui n a plus de protection contre le psishing pourquoi?

Re,

Je sais pourquoi le script n'a pas marché  

Poste un nouveau rapport hijackthis qu'on fasse le point.

 

voila

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:19:55, on 10/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Users\Rémy et céline\logiciel\hidjacsky\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Users\Rémy et céline\logiciel\Nouveau dossier\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [i6A8okNaCn] C:\ProgramData\ynavkzqd\wjkvgjad.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.ap...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jre/6u5-b15/jinstal...
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Users\Rémy et céline\logiciel\Nouveau dossier\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 11158 bytes

Salut tout le monde, j'ai le mm virus, g scanné ac Spybot et Ccleaner,
voisi mon rapport. Merci de m'aider s'il vous plais

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:14:58, on 10/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\jyxwpiby.exe
C:\WINDOWS\system32\sistray.exe
C:\PVSW\Bin\w3dbsmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers/Services/resultsma...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll (file missing)
O2 - BHO: (no name) - {3F30A407-42EC-44CF-B261-015FD75AEBF5} - C:\WINDOWS\system32\qoMcayVL.dll (file missing)
O2 - BHO: (no name) - {8E1BFC0E-8AD2-424D-AC8A-06038481516E} - C:\WINDOWS\system32\cbXQhFWM.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Hotbar\bin\10.0.412.0\Weather.exe" -auto
O4 - HKCU\..\Run: [sfqwdbxj] C:\WINDOWS\system32\jyxwpiby.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Pervasive.SQL Workgroup Engine.lnk = C:\PVSW\Bin\w3dbsmgr.exe
O4 - Startup: .protected
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: .protected
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld...
O17 - HKLM\System\CCS\Services\Tcpip\..\{1A1790A1-65F1-4EF1-92EB-214D1A5576DE}: NameServer = 212.27.53.252,212.27.54.252
O20 - Winlogon Notify: cbXQhFWM - cbXQhFWM.dll (file missing)
O21 - SSODL: RomSys - {f079e0bc-6c55-4ffd-9c2e-29121ee04aa0} - C:\WINDOWS\Resources\RomSys.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

--
End of file - 7016 bytes

m@ni >

Refais un scan normal avec combofix et poste-moi le rapport.

Bonne nuit, à demain  

voila le rapport de ombofix::


ComboFix 08-04-07.5 - Rémy et céline 2008-04-11 9:23:16.4 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1180 [GMT 2:00]
Endroit: C:\Users\Rémy et céline\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2008-03-11 to 2008-04-11 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-11 07:26 4,718,592 --sha-w C:\Users\Rémy et céline\NTUSER.DAT
2008-04-11 07:26 4,718,592 --sha-w C:\Users\Rémy et céline\NTUSER.DAT
2008-04-10 20:37 --------- d-----w C:\Users\Rémy et céline\AppData\Roaming\uTorrent
2008-04-10 16:16 --------- d-----w C:\ProgramData\Google Updater
2008-04-10 08:03 --------- d-----w C:\Program Files\Windows Mail
2008-04-09 21:39 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-09 20:48 --------- d-----w C:\Users\Rémy et céline\AppData\Roaming\Image Zone Express
2008-04-07 14:54 28,190 ----a-w C:\Users\Rémy et céline\AppData\Roaming\nvModes.dat
2008-04-07 14:36 --------- d-----w C:\Users\Rémy et céline\AppData\Roaming\Skype
2008-04-05 08:21 606 ----a-w C:\Users\Rémy et céline\NCO_BHO.reg
2008-04-05 08:21 606 ----a-w C:\Users\Rémy et céline\NCO_BHO.reg
2008-04-03 15:30 6,776 ----a-w C:\Windows\System32\tmp.reg
2008-04-01 20:24 691 ----a-w C:\Users\Rémy et céline\AppData\Roaming\GetValue.vbs
2008-04-01 20:24 35 ----a-w C:\Users\Rémy et céline\AppData\Roaming\SetValue.bat
2008-04-01 13:46 --------- d-----w C:\Program Files\PC-Antispyware
2008-04-01 13:31 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-03-31 21:10 --------- d-----w C:\Program Files\HP
2008-03-28 21:19 86,528 ----a-w C:\Windows\System32\VACFix.exe
2008-03-26 15:24 --------- d-----w C:\Users\Rémy et céline\AppData\Roaming\Hamachi
2008-03-26 06:50 82,432 ----a-w C:\Windows\System32\IEDFix.exe
2008-03-25 17:12 --------- d-----w C:\Users\Rémy et céline\AppData\Roaming\Grisoft
2008-03-25 17:11 --------- d-----w C:\ProgramData\Grisoft
2008-03-25 08:56 --------- d-----w C:\ProgramData\Symantec
2008-03-20 16:25 --------- d-----w C:\Users\Rémy et céline\AppData\Roaming\Adobe
2008-03-18 17:12 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-03-18 17:12 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-03-15 14:55 17,480 ----a-w C:\Windows\system32\drivers\hamachi.sys
2008-03-15 09:14 --------- d-----w C:\Program Files\Java
2008-03-11 08:06 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-09 13:42 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-09 13:40 --------- d-----w C:\Program Files\Windows Live
2008-03-08 10:38 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-08 10:38 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-08 10:31 --------- d-----w C:\ProgramData\WLInstaller
2008-03-07 12:40 13,035 ----a-w C:\Windows\system32\drivers\SymRedir.cat
2008-03-07 12:40 1,358 ----a-w C:\Windows\system32\drivers\SymRedir.inf
2008-03-07 12:39 39,984 ----a-w C:\Windows\system32\drivers\symids.sys
2008-03-07 12:39 37,936 ----a-w C:\Windows\system32\drivers\symndisv.sys
2008-03-07 12:39 27,696 ----a-w C:\Windows\system32\drivers\symredrv.sys
2008-03-07 12:39 191,536 ----a-w C:\Windows\system32\drivers\symtdi.sys
2008-03-07 12:39 145,968 ----a-w C:\Windows\system32\drivers\symfw.sys
2008-03-07 12:39 12,848 ----a-w C:\Windows\system32\drivers\symdns.sys
2008-03-06 20:32 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
2008-03-06 20:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
2008-03-06 20:32 10,537 ----a-w C:\Windows\system32\drivers\COH_Mon.cat
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-28 14:12 --------- d-----w C:\Program Files\Google
2008-02-25 15:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-25 15:03 --------- d-----w C:\Program Files\Live_TV
2008-02-25 15:00 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-02-25 15:00 --------- d-----w C:\Program Files\AVS4YOU
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll
2008-02-18 18:02 --------- d-----w C:\ProgramData\AVS4YOU
2008-02-16 16:02 --------- d-----w C:\Users\Rémy et céline\AppData\Roaming\AVS4YOU
2008-02-15 18:34 --------- d-----w C:\Program Files\uTorrent
2008-02-14 23:19 944,184 ----a-w C:\Windows\System32\winload.exe
2008-02-14 13:18 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 13:18 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-14 13:14 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-14 13:14 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-14 13:14 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-14 13:14 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 13:14 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 13:14 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 13:14 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-14 13:14 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-14 13:14 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 13:14 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-14 13:14 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-02-14 13:14 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-14 13:13 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 13:13 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 13:13 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 13:13 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 13:13 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 13:13 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-12 10:29 476 ----a-w C:\Users\Rémy et céline\AppData\Roaming\wklnhst.dat
2008-02-11 21:31 --------- d-s---w C:\Users\Rémy et céline\AppData\Roaming\Microsoft
2008-02-11 21:14 --------- d-----w C:\Program Files\MSBuild
2008-02-11 21:14 --------- d-----w C:\Program Files\Microsoft Works
2008-02-11 21:11 --------- d-----w C:\Program Files\Microsoft.NET
2008-02-11 21:06 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-02-11 09:16 --------- d-----w C:\Users\Rémy et céline\AppData\Roaming\Mozilla
2008-02-01 10:17 587,264 ----a-w C:\Windows\WLXPGSS.SCR
2008-01-17 14:58 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2008-01-17 14:56 22,328 ----a-w C:\Users\Rémy et céline\AppData\Roaming\PnkBstrK.sys
2008-01-17 13:48 338,432 ----a-w C:\Windows\System32\Mss32.dll
2007-08-29 14:40 174 --sha-w C:\Program Files\desktop.ini
2007-08-22 19:48 22 --sha-w C:\Windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( snapshot_2008-04-08_17.33.11,29 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-08 14:01:38 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-04-11 06:48:24 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-04-01 13:22:29 146,285 ----a-w C:\Windows\hpoins18.dat
+ 2008-04-09 16:31:35 146,285 ----a-w C:\Windows\hpoins18.dat
- 2008-03-13 07:45:41 665,600 ----a-w C:\Windows\inf\drvindex.dat
+ 2008-04-10 08:02:20 665,600 ----a-w C:\Windows\inf\drvindex.dat
- 2008-03-17 18:17:13 51,200 ----a-w C:\Windows\inf\infpub.dat
+ 2008-04-10 08:03:30 51,200 ----a-w C:\Windows\inf\infpub.dat
- 2008-03-15 14:56:09 86,016 ----a-w C:\Windows\inf\infstor.dat
+ 2008-04-10 08:03:30 86,016 ----a-w C:\Windows\inf\infstor.dat
- 2008-03-17 18:17:13 143,360 ----a-w C:\Windows\inf\infstrng.dat
+ 2008-04-10 08:02:22 143,360 ----a-w C:\Windows\inf\infstrng.dat
+ 2006-10-26 22:00:12 1,841,984 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\VVIEWDWG.DLL
- 2008-03-12 21:55:43 1,165,584 ----a-r C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-04-09 21:39:20 1,165,584 ----a-r C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
- 2008-03-12 21:55:43 20,240 ----a-r C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-04-09 21:39:20 20,240 ----a-r C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-03-12 21:55:43 159,504 ----a-r C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-04-09 21:39:20 159,504 ----a-r C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
- 2008-03-12 21:55:43 217,864 ----a-r C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
+ 2008-04-09 21:39:20 217,864 ----a-r C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2008-03-12 21:55:43 18,704 ----a-r C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-04-09 21:39:20 18,704 ----a-r C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-03-12 21:55:43 35,088 ----a-r C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-04-09 21:39:21 35,088 ----a-r C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-03-12 21:55:43 845,584 ----a-r C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-04-09 21:39:20 845,584 ----a-r C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2008-03-12 21:55:43 922,384 ----a-r C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-04-09 21:39:20 922,384 ----a-r C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2008-03-12 21:55:43 272,648 ----a-r C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-04-09 21:39:20 272,648 ----a-r C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
- 2008-03-12 21:55:43 888,080 ----a-r C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-04-09 21:39:20 888,080 ----a-r C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-03-12 21:55:43 1,172,240 ----a-r C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-04-09 21:39:20 1,172,240 ----a-r C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-04-08 15:16:50 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-04-11 07:03:37 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-04-08 14:09:04 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-04-11 06:51:36 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-04-11 06:51:36 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-04-08 15:26:56 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-04-11 07:23:21 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-04-08 14:09:54 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-04-11 06:51:36 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-04-11 06:51:36 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-02-14 13:10:38 124,928 ----a-w C:\Windows\System32\advpack.dll
+ 2008-02-21 04:43:34 124,928 ----a-w C:\Windows\System32\advpack.dll
- 2008-04-08 15:24:13 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-04-11 07:21:19 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-04-08 15:24:13 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-11 07:21:19 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-08 15:24:13 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-11 07:21:19 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2006-11-02 09:46:04 162,816 ----a-w C:\Windows\System32\dnsapi.dll
+ 2007-12-16 11:42:18 162,816 ----a-w C:\Windows\System32\dnsapi.dll
- 2006-11-02 09:45:02 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe
+ 2007-12-16 11:41:39 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe
- 2006-11-02 09:46:04 83,968 ----a-w C:\Windows\System32\dnsrslvr.dll
+ 2007-12-16 11:42:18 83,968 ----a-w C:\Windows\System32\dnsrslvr.dll
- 2008-02-14 13:10:34 347,136 ----a-w C:\Windows\System32\dxtmsft.dll
+ 2008-02-21 04:43:35 347,136 ----a-w C:\Windows\System32\dxtmsft.dll
- 2008-02-14 13:10:35 214,528 ----a-w C:\Windows\System32\dxtrans.dll
+ 2008-02-21 04:43:35 214,528 ----a-w C:\Windows\System32\dxtrans.dll
- 2008-02-17 09:31:47 426,504 ----a-w C:\Windows\System32\FNTCACHE.DAT
+ 2008-04-10 08:06:16 426,504 ----a-w C:\Windows\System32\FNTCACHE.DAT
- 2008-02-14 13:10:33 63,488 ----a-w C:\Windows\System32\icardie.dll
+ 2008-02-21 04:43:35 63,488 ----a-w C:\Windows\System32\icardie.dll
- 2008-02-14 13:10:26 70,656 ----a-w C:\Windows\System32\ie4uinit.exe
+ 2008-02-21 04:43:03 70,656 ----a-w C:\Windows\System32\ie4uinit.exe
- 2008-02-14 13:10:36 383,488 ----a-w C:\Windows\System32\ieapfltr.dll
+ 2008-02-21 04:43:35 383,488 ----a-w C:\Windows\System32\ieapfltr.dll
- 2008-02-14 13:10:43 6,066,176 ----a-w C:\Windows\System32\ieframe.dll
+ 2008-02-21 04:43:35 6,066,176 ----a-w C:\Windows\System32\ieframe.dll
- 2008-02-14 13:10:26 44,544 ----a-w C:\Windows\System32\iernonce.dll
+ 2008-02-21 04:43:36 44,544 ----a-w C:\Windows\System32\iernonce.dll
- 2008-02-14 13:10:44 180,736 ----a-w C:\Windows\System32\ieui.dll
+ 2008-02-21 04:43:36 180,736 ----a-w C:\Windows\System32\ieui.dll
- 2008-02-14 13:10:37 27,648 ----a-w C:\Windows\System32\jsproxy.dll
+ 2008-02-21 04:43:36 27,648 ----a-w C:\Windows\System32\jsproxy.dll
+ 2008-03-25 03:21:18 2,889,088 ----a-w C:\Windows\System32\Macromed\Flash\NPSWF32.dll
+ 2008-03-25 03:21:20 218,496 ----a-w C:\Windows\System32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-04-09 14:40:06 70,264 ----a-w C:\Windows\System32\Macromed\Flash\uninstall_plugin.exe
- 2008-02-14 13:10:37 64,512 ----a-w C:\Windows\System32\migration\WininetPlugin.dll
+ 2008-02-21 04:43:42 64,512 ----a-w C:\Windows\System32\migration\WininetPlugin.dll
- 2008-03-05 16:30:54 19,148,408 ----a-w C:\Windows\System32\mrt.exe
+ 2008-04-06 05:56:20 19,836,024 ----a-w C:\Windows\System32\mrt.exe
- 2008-02-14 13:10:40 3,592,192 ----a-w C:\Windows\System32\mshtml.dll
+ 2008-02-21 04:43:36 3,591,680 ----a-w C:\Windows\System32\mshtml.dll
- 2008-02-14 13:10:41 478,208 ----a-w C:\Windows\System32\mshtmled.dll
+ 2008-02-21 04:43:36 478,208 ----a-w C:\Windows\System32\mshtmled.dll
- 2008-02-14 13:10:33 671,232 ----a-w C:\Windows\System32\mstime.dll
+ 2008-02-21 04:43:37 671,232 ----a-w C:\Windows\System32\mstime.dll
- 2008-04-05 22:16:55 104,566 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-04-10 16:56:32 104,566 ----a-w C:\Windows\System32\perfc009.dat
- 2008-04-05 22:16:55 118,276 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-04-10 16:56:32 118,276 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-04-05 22:16:55 610,784 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-04-10 16:56:32 610,784 ----a-w C:\Windows\System32\perfh009.dat
- 2008-04-05 22:16:56 692,172 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-04-10 16:56:32 692,172 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-02-14 13:10:38 44,544 ----a-w C:\Windows\System32\pngfilt.dll
+ 2008-02-21 04:43:38 44,544 ----a-w C:\Windows\System32\pngfilt.dll
- 2008-03-13 21:36:51 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-04-10 08:09:02 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2008-02-14 13:10:37 1,159,680 ----a-w C:\Windows\System32\urlmon.dll
+ 2008-02-21 04:43:41 1,159,680 ----a-w C:\Windows\System32\urlmon.dll
- 2008-04-08 14:10:04 10,632 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-990096617-388181133-1618056363-1000_UserData.bin
+ 2008-04-11 06:50:56 10,640 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-990096617-388181133-1618056363-1000_UserData.bin
- 2008-04-08 14:10:01 83,676 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-04-11 06:50:56 83,980 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-04-08 14:09:48 49,780 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-04-11 06:50:53 49,780 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-03-12 21:53:35 1,248,783 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-04-09 21:37:37 31,116,589 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-02-21 04:43:34 124,928 ----a-w C:\Windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.16643_none_a9bce801f5c7b8c8\advpack.dll
+ 2008-02-22 04:48:31 124,928 ----a-w C:\Windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.20777_none_aa2a16310efa11c1\advpack.dll
+ 2008-02-29 06:53:29 46,592 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.18027_none_6929f9588cd4875c\setbcdlocale.dll
+ 2008-02-29 07:11:54 988,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.18027_none_6929f9588cd4875c\winload.exe
+ 2008-02-29 07:11:56 927,288 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.18027_none_6929f9588cd4875c\winresume.exe
+ 2008-02-29 06:37:41 46,592 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.22125_none_69b1958fa5f3f478\setbcdlocale.dll
+ 2008-02-29 07:02:42 988,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.22125_none_69b1958fa5f3f478\winload.exe
+ 2008-02-29 07:02:41 927,288 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.22125_none_69b1958fa5f3f478\winresume.exe
+ 2008-02-29 06:51:24 19,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..uggertransport-1394_31bf3856ad364e35_6.0.6000.16646_none_61bfda98f6d6f5d5\kd1394.dll
+ 2008-02-29 06:54:17 19,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..uggertransport-1394_31bf3856ad364e35_6.0.6000.20782_none_621a368c1018a007\kd1394.dll
+ 2008-02-29 07:14:21 19,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..uggertransport-1394_31bf3856ad364e35_6.0.6001.18027_none_63bcb960f3ec683b\kd1394.dll
+ 2008-02-29 06:57:07 19,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..uggertransport-1394_31bf3856ad364e35_6.0.6001.22125_none_644455980d0bd557\kd1394.dll
+ 2008-02-14 23:19:24 944,184 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.16646_none_591b3d986f9b5725\winload.exe
+ 2008-02-14 13:17:27 905,400 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.16646_none_591b3d986f9b5725\winresume.exe
+ 2008-02-14 23:13:10 944,696 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.20782_none_5975998b88dd0157\winload.exe
+ 2008-02-14 13:17:27 905,400 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.20782_none_5975998b88dd0157\winresume.exe
+ 2008-02-29 07:11:54 988,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.18027_none_5b181c606cb0c98b\winload.exe
+ 2008-02-29 07:11:56 927,288 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.18027_none_5b181c606cb0c98b\winresume.exe
+ 2008-02-29 07:02:42 988,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.22125_none_5b9fb89785d036a7\winload.exe
+ 2008-02-29 07:02:41 927,288 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.22125_none_5b9fb89785d036a7\winresume.exe
+ 2008-02-19 05:10:22 620,088 ----a-w C:\Windows\winsxs\x86_microsoft-windows-codeintegrity_31bf3856ad364e35_6.0.6000.16642_none_9e68737c07b7f5c7\ci.dll
+ 2008-02-19 04:54:56 620,088 ----a-w C:\Windows\winsxs\x86_microsoft-windows-codeintegrity_31bf3856ad364e35_6.0.6000.20775_none_9ed4a16120eb3569\ci.dll
+ 2008-02-22 05:05:52 615,992 ----a-w C:\Windows\winsxs\x86_microsoft-windows-codeintegrity_31bf3856ad364e35_6.0.6001.18023_none_a065524404cd682d\ci.dll
+ 2008-02-22 04:57:25 615,992 ----a-w C:\Windows\winsxs\x86_microsoft-windows-codeintegrity_31bf3856ad364e35_6.0.6001.22120_none_a0ebee311dedbbf2\ci.dll
+ 2007-12-16 11:42:18 162,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.16615_none_dff66fbd85366d1e\dnsapi.dll
+ 2007-12-16 11:41:39 24,576 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.16615_none_dff66fbd85366d1e\dnscacheugc.exe
+ 2007-12-16 11:42:18 83,968 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.16615_none_dff66fbd85366d1e\dnsrslvr.dll
+ 2007-12-16 11:49:22 162,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.20740_none_e05a9b529e70e208\dnsapi.dll
+ 2007-12-16 09:41:27 24,576 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.20740_none_e05a9b529e70e208\dnscacheugc.exe
+ 2007-12-16 11:49:22 84,480 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.20740_none_e05a9b529e70e208\dnsrslvr.dll
+ 2008-02-21 04:43:35 296,448 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6000.16643_none_57702c844c48b643\gdi32.dll
+ 2008-02-22 04:49:18 296,448 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6000.20777_none_57dd5ab3657b0f3c\gdi32.dll
+ 2008-02-22 04:57:23 295,936 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6001.18023_none_596c0b02495f0f52\gdi32.dll
+ 2008-02-22 04:48:18 295,936 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6001.22120_none_59f2a6ef627f6317\gdi32.dll
+ 2008-02-21 04:43:38 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.16643_none_ebb7f1b116609ec7\pngfilt.dll
+ 2008-02-22 04:51:42 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.20777_none_ec251fe02f92f7c0\pngfilt.dll
+ 2008-02-21 04:43:41 1,159,680 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16643_none_b2d49a63d9c1162b\urlmon.dll
+ 2008-02-22 04:52:08 1,162,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20777_none_b341c892f2f36f24\urlmon.dll
+ 2008-02-22 05:01:33 1,166,336 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18023_none_b4d078e1d6d76f3a\urlmon.dll
+ 2008-02-22 04:52:15 1,166,336 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22120_none_b55714ceeff7c2ff\urlmon.dll
+ 2008-02-29 06:34:50 7,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..humb-shift_keyboard_31bf3856ad364e35_6.0.6000.16646_none_ebb5eec692f230bc\f3ahvoas.dll
+ 2008-02-29 06:30:51 7,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..humb-shift_keyboard_31bf3856ad364e35_6.0.6000.20782_none_ec104ab9ac33daee\f3ahvoas.dll
+ 2008-02-21 04:43:37 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.16643_none_deb7292c7f69d59a\mstime.dll
+ 2008-02-22 04:50:37 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.20777_none_df24575b989c2e93\mstime.dll
+ 2008-02-22 04:59:51 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.18023_none_e0b307aa7c802ea9\mstime.dll
+ 2008-02-22 04:50:26 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.22120_none_e139a39795a0826e\mstime.dll
+ 2008-02-29 06:35:17 6,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..rd-japanese_106_key_31bf3856ad364e35_6.0.6000.16646_none_dafbedd9168fe683\kbd106n.dll
+ 2008-02-29 06:31:23 6,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..rd-japanese_106_key_31bf3856ad364e35_6.0.6000.20782_none_db5649cc2fd190b5\kbd106n.dll
+ 2008-02-21 04:43:36 27,648 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16643_none_ffda7605a4ca3cbe\jsproxy.dll
+ 2008-02-21 04:43:42 826,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16643_none_ffda7605a4ca3cbe\wininet.dll
+ 2008-02-21 04:43:42 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16643_none_ffda7605a4ca3cbe\WininetPlugin.dll
+ 2008-02-22 04:49:41 27,648 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20777_none_0047a434bdfc95b7\jsproxy.dll
+ 2008-02-22 04:52:15 827,392 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20777_none_0047a434bdfc95b7\wininet.dll
+ 2008-02-22 04:52:15 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20777_none_0047a434bdfc95b7\WininetPlugin.dll
+ 2008-02-22 04:58:23 28,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18023_none_01d65483a1e095cd\jsproxy.dll
+ 2008-02-22 05:01:41 826,880 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18023_none_01d65483a1e095cd\wininet.dll
+ 2008-02-22 05:01:41 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18023_none_01d65483a1e095cd\WininetPlugin.dll
+ 2008-02-22 04:49:22 28,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22120_none_025cf070bb00e992\jsproxy.dll
+ 2008-02-22 04:52:21 826,880 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22120_none_025cf070bb00e992\wininet.dll
+ 2008-02-22 04:52:21 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22120_none_025cf070bb00e992\WininetPlugin.dll
+ 2007-08-25 14:26:05 2,455,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16643_none_f98398df6eb5b711\ieapfltr.dat
+ 2008-02-21 04:43:35 383,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16643_none_f98398df6eb5b711\ieapfltr.dll
+ 2007-08-25 14:26:05 2,455,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20777_none_f9f0c70e87e8100a\ieapfltr.dat
+ 2008-02-22 04:49:22 383,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20777_none_f9f0c70e87e8100a\ieapfltr.dll
+ 2008-02-21 04:43:35 347,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16643_none_95b7d197849b3d3f\dxtmsft.dll
+ 2008-02-21 04:43:35 214,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16643_none_95b7d197849b3d3f\dxtrans.dll
+ 2008-02-22 04:49:00 347,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20777_none_9624ffc69dcd9638\dxtmsft.dll
+ 2008-02-22 04:49:00 214,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20777_none_9624ffc69dcd9638\dxtrans.dll
+ 2008-02-21 04:43:36 478,208 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.16643_none_461a6bef465befcc\mshtmled.dll
+ 2008-02-22 04:50:17 478,208 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.20777_none_46879a1e5f8e48c5\mshtmled.dll
+ 2008-02-21 04:43:36 3,591,680 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16643_none_113495242520a5f4\mshtml.dll
+ 2008-02-22 04:50:17 3,593,728 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.20777_none_11a1c3533e52feed\mshtml.dll
+ 2008-02-22 04:59:30 3,578,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18023_none_133073a22236ff03\mshtml.dll
+ 2008-02-22 04:50:05 3,578,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22120_none_13b70f8f3b5752c8\mshtml.dll
+ 2008-02-21 04:43:35 63,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.16643_none_588d01ee673531fd\icardie.dll
+ 2008-02-22 04:49:21 63,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.20777_none_58fa301d80678af6\icardie.dll
+ 2008-02-21 04:43:03 26,624 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16643_none_2d5382911cf5aba1\ieUnatt.exe
+ 2008-02-21 04:43:03 625,664 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16643_none_2d5382911cf5aba1\iexplore.exe
+ 2008-02-22 02:43:50 26,624 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20777_none_2dc0b0c03628049a\ieUnatt.exe
+ 2008-02-22 02:44:11 625,664 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20777_none_2dc0b0c03628049a\iexplore.exe
+ 2008-02-21 04:43:03 70,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16643_none_c3c237ac61707446\ie4uinit.exe
+ 2008-02-21 04:43:36 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16643_none_c3c237ac61707446\iernonce.dll
+ 2008-02-21 04:43:36 56,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16643_none_c3c237ac61707446\iesetup.dll
+ 2008-02-22 02:43:42 70,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20777_none_c42f65db7aa2cd3f\ie4uinit.exe
+ 2008-02-22 04:49:24 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20777_none_c42f65db7aa2cd3f\iernonce.dll
+ 2008-02-22 04:49:24 56,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20777_none_c42f65db7aa2cd3f\iesetup.dll
+ 2008-02-21 04:43:35 52,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.16643_none_29e74e1c682049a3\iebrshim.dll
+ 2008-02-22 04:49:22 52,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.20777_none_2a547c4b8152a29c\iebrshim.dll
+ 2008-02-21 04:43:35 6,066,176 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16643_none_6293ef27b1163421\ieframe.dll
+ 2008-02-21 04:43:36 180,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16643_none_6293ef27b1163421\ieui.dll
+ 2008-02-22 04:49:24 6,067,712 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20777_none_63011d56ca488d1a\ieframe.dll
+ 2008-02-22 04:49:24 180,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20777_none_63011d56ca488d1a\ieui.dll
+ 2008-02-21 04:43:03 263,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.16643_none_e68d5ba694998859\ieinstal.exe
+ 2008-02-22 02:44:02 263,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.20777_none_e6fa89d5adcbe152\ieinstal.exe
+ 2008-02-21 04:43:03 301,568 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.16643_none_0b3590c2d714480b\ieuser.exe
+ 2008-02-22 02:44:03 301,568 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.20777_none_0ba2bef1f046a104\ieuser.exe
+ 2008-03-17 22:43:16 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16660_none_f060fbf66e8469dc\OESpamFilter.dat
+ 2008-03-17 22:16:50 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20801_none_f12c7a798770787e\OESpamFilter.dat
+ 2008-03-17 22:18:52 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18040_none_f25cda746b9ac2eb\OESpamFilter.dat
+ 2008-03-17 22:17:41 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22144_none_f2ea786784b4c811\OESpamFilter.dat
+ 2008-02-29 06:38:54 313,856 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.16646_none_44d4534db6337506\rstrui.exe
+ 2008-02-29 06:39:13 40,960 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.16646_none_44d4534db6337506\srclient.dll
+ 2008-02-29 06:39:13 371,712 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.16646_none_44d4534db6337506\srcore.dll
+ 2008-02-29 06:38:59 16,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.16646_none_44d4534db6337506\srdelayed.exe
+ 2008-02-29 04:05:40 313,856 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.20782_none_452eaf40cf751f38\rstrui.exe
+ 2008-02-29 06:33:44 40,960 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.20782_none_452eaf40cf751f38\srclient.dll
+ 2008-02-29 06:33:44 371,712 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.20782_none_452eaf40cf751f38\srcore.dll
+ 2008-02-29 04:05:32 16,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.20782_none_452eaf40cf751f38\srdelayed.exe
+ 2008-02-29 04:12:59 318,464 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.18027_none_46d13215b348e76c\rstrui.exe
+ 2008-02-29 06:53:38 40,960 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.18027_none_46d13215b348e76c\srclient.dll
+ 2008-02-29 06:53:39 378,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.18027_none_46d13215b348e76c\srcore.dll
+ 2008-02-29 04:12:53 14,848 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.18027_none_46d13215b348e76c\srdelayed.exe
+ 2008-02-29 04:06:52 318,464 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.22125_none_4758ce4ccc685488\rstrui.exe
+ 2008-02-29 06:37:51 40,960 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.22125_none_4758ce4ccc685488\srclient.dll
+ 2008-02-29 06:37:51 378,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.22125_none_4758ce4ccc685488\srcore.dll
+ 2008-02-29 04:06:46 14,848 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.22125_none_4758ce4ccc685488\srdelayed.exe
+ 2008-02-29 04:16:38 2,027,008 ----a-w C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16646_none_b6e7fd209d7b409d\win32k.sys
+ 2008-02-29 04:14:24 2,028,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.20782_none_b7425913b6bceacf\win32k.sys
+ 2008-02-29 04:21:49 2,032,128 ----a-w C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18027_none_b8e4dbe89a90b303\win32k.sys
+ 2008-02-29 04:15:56 2,032,128 ----a-w C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.22125_none_b96c781fb3b0201f\win32k.sys
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 11:16 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-28 15:50 68856]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-05-01 12:27 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-05-01 12:27 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-05-01 12:27 81920]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-25 16:33 1006264]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-16 23:34 634880]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 01:14 833072]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 19:50 4390912 C:\Windows\RtHDVCpl.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 16:37 174872]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 05:59 115816]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-04-23 18:11 176128]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 11:38 159744]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 11:54 50696]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 13:18 472776]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 16:12 317128]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 16:31 80896]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-20 12:15 185632]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 11:45 222208]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 16:27 385024]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"!AVG Anti-Spyware"="C:\Users\Rémy et céline\logiciel\Nouveau dossier\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50 734872]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20 40048]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-02-28 15:50:23 125624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"i6A8okNaCn"= C:\ProgramData\ynavkzqd\wjkvgjad.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"=
"vidc.DIV3"= divxc32.dll
"vidc.DIV4"= divxc32f.dll
"vidc.X264"= x264vfw.dll
"vidc.davc"= davcvfw.dll
"vidc.hfyu"= huffyuv.dll
"msacm.ac3acm"= AC3ACM.acm
"msacm.divxa32"= DivXa32.acm
"msacm.lameacm"= LameACM.acm
"msacm.l3codec"= l3codecp.acm
"msacm.scg726"= scg726.acm
"msacm.alf2cd"= alf2cd.acm
"vidc.dvsd"= mcdvd_32.dll

[HKLM\~\startupfolder\C:^Users^Rémy et céline^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^TribalWeb.lnk]
path=C:\Users\Rémy et céline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TribalWeb.lnk
backup=C:\Windows\pss\TribalWeb.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-03-12 13:49 153136 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 04:22 267048 C:\Users\Rémy et céline\logiciel\i tunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-09 18:53 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC-Antispyware]
C:\Program Files\PC-Antispyware\PC-Antispyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2006-07-14 00:41 20034600 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E9700DD2-050E-4830-8C93-832E14A18463}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D344DB5F-C5F3-44E3-A3CC-55968796A2F2}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{394C533B-4CC1-4246-B362-3E4670DD45AE}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{A0D656E2-4E3F-4346-9AF0-1784F49B370E}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{EC63352B-EC81-4550-8BAC-B3C5A0765FA3}"= UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{6457D4F1-1783-46B4-8921-1C3B1138AD05}"= TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{88D42F14-15AC-4734-9D60-52FAC8690088}"= UDP:C:\Users\Rémy et céline\logiciel\i tunes\iTunes.exe:iTunes
"{FA7CE72A-F078-47F7-B215-B572729B6348}"= TCP:C:\Users\Rémy et céline\logiciel\i tunes\iTunes.exe:iTunes
"{B1C2DF77-D1C1-4B1C-838B-4B68FF45FFD6}"= UDP:C:\Windows\System32\PnkBstrA.exe nkBstrA
"{C58B9D79-84CB-4C17-AA49-08228E17DFAC}"= TCP:C:\Windows\System32\PnkBstrA.exe nkBstrA
"{8A9B1B2E-4F60-49C5-A832-70A01B9A5331}"= UDP:C:\Windows\System32\PnkBstrB.exe nkBstrB
"{BF3FD0F4-1C9F-451A-A0E5-09AE9AF50746}"= TCP:C:\Windows\System32\PnkBstrB.exe nkBstrB
"{15684BB4-2D8F-4E12-A0CA-DB475CBAF55A}"= UDP:C:\Users\Rémy et céline\jeux\call of duty 4\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{4DA8C0A0-A62A-4524-B510-BDD2BA8734D9}"= TCP:C:\Users\Rémy et céline\jeux\call of duty 4\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{0450709F-86D9-4997-BC42-9CE5171F8DC6}"= UDP:C:\Users\Rémy et céline\logiciel\TribalWeb\tribalweb.exe:TribalWeb
"{94B40334-3E60-4C08-A501-933218A2FA48}"= TCP:C:\Users\Rémy et céline\logiciel\TribalWeb\tribalweb.exe:TribalWeb
"{BF9D39EB-F975-4F47-BE6D-9A424C890CA1}"= UDP:3728:tribalweb
"{D2B70217-1679-4A80-B59F-8A3DC3DA52FD}"= UDP:C:\Users\Rémy et céline\logiciel\eMule\emule.exe:emule
"{029F98AB-EC5E-4088-9E97-BC6E74E2A10F}"= TCP:C:\Users\Rémy et céline\logiciel\eMule\emule.exe:emule
"{6776598A-B891-4258-BA2D-2F0AE58D2F50}"= UDP:C:\Users\Rémy et céline\logiciel\i tunes\iTunes.exe:iTunes
"{C585A93A-155B-43DB-9210-173A751AEAF8}"= TCP:C:\Users\Rémy et céline\logiciel\i tunes\iTunes.exe:iTunes
"{BE70DD4A-B119-4FF7-9BF9-50CE55B20807}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DisableNotifications"= 1 (0x1)
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080407.003\IDSvix86.sys [2008-02-13 18:18]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-03-07 14:39]
S3 BCM43XV;Pilote de la carte réseau extensible Broadcom 802.11;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 09:30]
S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\Windows\system32\DRIVERS\se59bus.sys [2006-09-05 20:07]
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\se59mdfl.sys [2006-09-05 20:07]
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\se59mdm.sys [2006-09-05 20:07]
S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\se59mgmt.sys [2006-09-05 20:08]
S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);C:\Windows\system32\DRIVERS\se59nd5.sys [2006-09-05 20:06]
S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\se59obex.sys [2006-09-05 20:09]
S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);C:\Windows\system32\DRIVERS\se59unic.sys [2006-09-05 20:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - COMHOST
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-10 17:53:31 C:\Windows\Tasks\Norton Internet Security - Analyse système complète - Rémy et céline.job"
- c:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
"2008-04-10 16:41:33 C:\Windows\Tasks\User_Feed_Synchronization-{0564B497-BD14-40DB-9C20-DD0A848AC6DA}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-11 09:26:45
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-11 9:27:44
ComboFix-quarantined-files.txt 2008-04-11 07:27:38
ComboFix2.txt 2008-04-08 15:33:28
ComboFix3.txt 2008-04-05 07:42:21
ComboFix4.txt 2008-04-04 08:29:19
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
.
2008-04-09 21:39:27 --- E O F ---

 

Désactive toute protection résidente ( antivirus…) !

Copie le texte se situant dans le cadre ci-dessous, sans le mot citation :




Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier ComboFix-Do.txt dans Combofix.exe comme ci-dessous :



Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un nouveau rapport Hijackthis.
S'il n'y a pas de redémarrage, poste quand même les rapports.

 

voile le rapport de combo


ComboFix 08-04-07.5 - Rémy et céline 2008-04-12 9:53:50.5 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1119 [GMT 2:00]
Endroit: C:\Users\Rémy et céline\Downloads\ComboFix.exe
Command switches used :: C:\Users\R‚my et c‚line\Desktop\CFScript.txt..txt
* Création d'un nouveau point de restauration
.

((((((((((((((((((((((((((((( Fichiers créés 2008-03-12 to 2008-04-12 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-12 07:57 4,718,592 --sha-w C:\Users\Rémy et céline\NTUSER.DAT
2008-04-12 07:57 4,718,592 --sha-w C:\Users\Rémy et céline\NTUSER.DAT
2008-04-11 17:17 --------- d-----w C:\ProgramData\Google Updater
2008-04-11 10:24 --------- d-----w C:\Users\Rémy et céline\AppData\Roaming\uTorrent
2008-04-10 08:03 --------- d-----w C:\Program Files\Windows Mail
2008-04-09 21:39 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-09 20:48 --------- d-----w C:\Users\Rémy et céline\AppData\Roaming\Image Zone Express
2008-04-07 14:54 28,190 ----a-w C:\Users\Rémy et céline\AppData\Roaming\nvModes.dat
2008-04-07 14:36 --------- d-----w C:\Users\Rémy et céline\AppData\Roaming\Skype
2008-04-05 08:21 606 ----a-w C:\Users\Rémy et céline\NCO_BHO.reg
2008-04-05 08:21 606 ----a-w C:\Users\Rémy et céline\NCO_BHO.reg
2008-04-03 15:30 6,776 ----a-w C:\Windows\System32\tmp.reg
2008-04-01 20:24 691 ----a-w C:\Users\Rémy et céline\AppData\Roaming\GetValue.vbs
2008-04-01 20:24 35 ----a-w C:\Users\Rémy et céline\AppData\Roaming\SetValue.bat
2008-04-01 13:46 --------- d-----w C:\Program Files\PC-Antispyware
2008-04-01 13:31 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-03-31 21:10 --------- d-----w C:\Program Files\HP
2008-03-28 21:19 86,528 ----a-w C:\Windows\System32\VACFix.exe
2008-03-26 15:24 --------- d-----w C:\Users\Rémy et céline\AppData\Roaming\Hamachi
2008-03-26 06:50 82,432 ----a-w C:\Windows\System32\IEDFix.exe
2008-03-25 17:12 --------- d-----w C:\Users\Rémy et céline\AppData\Roaming\Grisoft
2008-03-25 17:11 --------- d-----w C:\ProgramData\Grisoft
2008-03-25 08:56 --------- d-----w C:\ProgramData\Symantec
2008-03-20 16:25 --------- d-----w C:\Users\Rémy et céline\AppData\Roaming\Adobe
2008-03-18 17:12 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-03-18 17:12 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-03-15 14:55 17,480 ----a-w C:\Windows\system32\drivers\hamachi.sys
2008-03-15 09:14 --------- d-----w C:\Program Files\Java
2008-03-11 08:06 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-09 13:42 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-09 13:40 --------- d-----w C:\Program Files\Windows Live
2008-03-08 10:38 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-08 10:38 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-08 10:31 --------- d-----w C:\ProgramData\WLInstaller
2008-03-07 12:40 13,035 ----a-w C:\Windows\system32\drivers\SymRedir.cat
2008-03-07 12:40 1,358 ----a-w C:\Windows\system32\drivers\SymRedir.inf
2008-03-07 12:39 39,984 ----a-w C:\Windows\system32\drivers\symids.sys
2008-03-07 12:39 37,936 ----a-w C:\Windows\system32\drivers\symndisv.sys
2008-03-07 12:39 27,696 ----a-w C:\Windows\system32\drivers\symredrv.sys
2008-03-07 12:39 191,536 ----a-w C:\Windows\system32\drivers\symtdi.sys
2008-03-07 12:39 145,968 ----a-w C:\Windows\system32\drivers\symfw.sys
2008-03-07 12:39 12,848 ----a-w C:\Windows\system32\drivers\symdns.sys
2008-03-06 20:32 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
2008-03-06 20:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
2008-03-06 20:32 10,537 ----a-w C:\Windows\system32\drivers\COH_Mon.cat
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-28 14:12 --------- d-----w C:\Program Files\Google
2008-02-25 15:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-25 15:03 --------- d-----w C:\Program Files\Live_TV
2008-02-25 15:00 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-02-25 15:00 --------- d-----w C:\Program Files\AVS4YOU
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll
2008-02-18 18:02 --------- d-----w C:\ProgramData\AVS4YOU
2008-02-16 16:02 --------- d-----w C:\Users\Rémy et céline\AppData\Roaming\AVS4YOU
2008-02-15 18:34 --------- d-----w C:\Program Files\uTorrent
2008-02-14 23:19 944,184 ----a-w C:\Windows\System32\winload.exe
2008-02-14 13:18 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 13:18 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-14 13:14 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-14 13:14 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-14 13:14 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-14 13:14 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 13:14 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 13:14 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 13:14 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-14 13:14 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-14 13:14 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 13:14 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-14 13:14 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-02-14 13:14 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-14 13:13 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 13:13 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 13:13 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 13:13 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 13:13 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 13:13 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-12 10:29 476 ----a-w C:\Users\Rémy et céline\AppData\Roaming\wklnhst.dat
2008-02-01 10:17 587,264 ----a-w C:\Windows\WLXPGSS.SCR
2008-01-17 14:58 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2008-01-17 14:56 22,328 ----a-w C:\Users\Rémy et céline\AppData\Roaming\PnkBstrK.sys
2008-01-17 13:48 338,432 ----a-w C:\Windows\System32\Mss32.dll
2007-08-29 14:40 174 --sha-w C:\Program Files\desktop.ini
2007-08-22 19:48 22 --sha-w C:\Windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( snapshot_2008-04-11_ 9.27.20,16 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-11 06:48:24 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-04-12 07:43:55 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-04-11 07:03:37 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-04-12 07:45:12 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-04-11 06:51:36 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-04-12 07:48:02 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-04-12 07:48:02 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-04-11 07:23:21 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-04-12 07:53:08 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-04-11 06:51:36 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-04-12 07:48:07 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-04-12 07:48:07 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-04-11 07:21:19 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-04-12 07:49:53 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-04-11 07:21:19 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-12 07:49:53 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-11 07:21:19 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-12 07:49:53 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-04-10 16:56:32 104,566 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-04-11 20:57:46 104,566 ----a-w C:\Windows\System32\perfc009.dat
- 2008-04-10 16:56:32 118,276 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-04-11 20:57:46 118,276 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-04-10 16:56:32 610,784 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-04-11 20:57:46 610,784 ----a-w C:\Windows\System32\perfh009.dat
- 2008-04-10 16:56:32 692,172 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-04-11 20:57:46 692,172 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-04-11 06:50:56 10,640 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-990096617-388181133-1618056363-1000_UserData.bin
+ 2008-04-12 07:49:00 10,640 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-990096617-388181133-1618056363-1000_UserData.bin
- 2008-04-11 06:50:56 83,980 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-04-12 07:48:59 84,142 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-04-11 06:50:53 49,780 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-04-12 07:48:58 49,852 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 11:16 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-28 15:50 68856]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-05-01 12:27 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-05-01 12:27 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-05-01 12:27 81920]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-25 16:33 1006264]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-16 23:34 634880]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 01:14 833072]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 19:50 4390912 C:\Windows\RtHDVCpl.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 16:37 174872]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 05:59 115816]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-04-23 18:11 176128]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 11:38 159744]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 11:54 50696]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 13:18 472776]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 16:12 317128]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 16:31 80896]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-20 12:15 185632]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 11:45 222208]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 16:27 385024]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"!AVG Anti-Spyware"="C:\Users\Rémy et céline\logiciel\Nouveau dossier\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50 734872]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20 40048]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-02-28 15:50:23 125624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"i6A8okNaCn"= C:\ProgramData\ynavkzqd\wjkvgjad.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"=
"vidc.DIV3"= divxc32.dll
"vidc.DIV4"= divxc32f.dll
"vidc.X264"= x264vfw.dll
"vidc.davc"= davcvfw.dll
"vidc.hfyu"= huffyuv.dll
"msacm.ac3acm"= AC3ACM.acm
"msacm.divxa32"= DivXa32.acm
"msacm.lameacm"= LameACM.acm
"msacm.l3codec"= l3codecp.acm
"msacm.scg726"= scg726.acm
"msacm.alf2cd"= alf2cd.acm
"vidc.dvsd"= mcdvd_32.dll

[HKLM\~\startupfolder\C:^Users^Rémy et céline^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^TribalWeb.lnk]
path=C:\Users\Rémy et céline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TribalWeb.lnk
backup=C:\Windows\pss\TribalWeb.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-03-12 13:49 153136 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 04:22 267048 C:\Users\Rémy et céline\logiciel\i tunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-09 18:53 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC-Antispyware]
C:\Program Files\PC-Antispyware\PC-Antispyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2006-07-14 00:41 20034600 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E9700DD2-050E-4830-8C93-832E14A18463}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D344DB5F-C5F3-44E3-A3CC-55968796A2F2}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{394C533B-4CC1-4246-B362-3E4670DD45AE}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{A0D656E2-4E3F-4346-9AF0-1784F49B370E}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{EC63352B-EC81-4550-8BAC-B3C5A0765FA3}"= UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{6457D4F1-1783-46B4-8921-1C3B1138AD05}"= TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{88D42F14-15AC-4734-9D60-52FAC8690088}"= UDP:C:\Users\Rémy et céline\logiciel\i tunes\iTunes.exe:iTunes
"{FA7CE72A-F078-47F7-B215-B572729B6348}"= TCP:C:\Users\Rémy et céline\logiciel\i tunes\iTunes.exe:iTunes
"{B1C2DF77-D1C1-4B1C-838B-4B68FF45FFD6}"= UDP:C:\Windows\System32\PnkBstrA.exe nkBstrA
"{C58B9D79-84CB-4C17-AA49-08228E17DFAC}"= TCP:C:\Windows\System32\PnkBstrA.exe nkBstrA
"{8A9B1B2E-4F60-49C5-A832-70A01B9A5331}"= UDP:C:\Windows\System32\PnkBstrB.exe nkBstrB
"{BF3FD0F4-1C9F-451A-A0E5-09AE9AF50746}"= TCP:C:\Windows\System32\PnkBstrB.exe nkBstrB
"{15684BB4-2D8F-4E12-A0CA-DB475CBAF55A}"= UDP:C:\Users\Rémy et céline\jeux\call of duty 4\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{4DA8C0A0-A62A-4524-B510-BDD2BA8734D9}"= TCP:C:\Users\Rémy et céline\jeux\call of duty 4\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{0450709F-86D9-4997-BC42-9CE5171F8DC6}"= UDP:C:\Users\Rémy et céline\logiciel\TribalWeb\tribalweb.exe:TribalWeb
"{94B40334-3E60-4C08-A501-933218A2FA48}"= TCP:C:\Users\Rémy et céline\logiciel\TribalWeb\tribalweb.exe:TribalWeb
"{BF9D39EB-F975-4F47-BE6D-9A424C890CA1}"= UDP:3728:tribalweb
"{D2B70217-1679-4A80-B59F-8A3DC3DA52FD}"= UDP:C:\Users\Rémy et céline\logiciel\eMule\emule.exe:emule
"{029F98AB-EC5E-4088-9E97-BC6E74E2A10F}"= TCP:C:\Users\Rémy et céline\logiciel\eMule\emule.exe:emule
"{6776598A-B891-4258-BA2D-2F0AE58D2F50}"= UDP:C:\Users\Rémy et céline\logiciel\i tunes\iTunes.exe:iTunes
"{C585A93A-155B-43DB-9210-173A751AEAF8}"= TCP:C:\Users\Rémy et céline\logiciel\i tunes\iTunes.exe:iTunes
"{BE70DD4A-B119-4FF7-9BF9-50CE55B20807}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DisableNotifications"= 1 (0x1)
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080407.003\IDSvix86.sys [2008-02-13 18:18]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-03-07 14:39]
S3 BCM43XV;Pilote de la carte réseau extensible Broadcom 802.11;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 09:30]
S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\Windows\system32\DRIVERS\se59bus.sys [2006-09-05 20:07]
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\se59mdfl.sys [2006-09-05 20:07]
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\se59mdm.sys [2006-09-05 20:07]
S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\se59mgmt.sys [2006-09-05 20:08]
S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);C:\Windows\system32\DRIVERS\se59nd5.sys [2006-09-05 20:06]
S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\se59obex.sys [2006-09-05 20:09]
S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);C:\Windows\system32\DRIVERS\se59unic.sys [2006-09-05 20:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - COMHOST
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-11 17:56:31 C:\Windows\Tasks\Norton Internet Security - Analyse système complète - Rémy et céline.job"
- c:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
"2008-04-11 16:52:23 C:\Windows\Tasks\User_Feed_Synchronization-{0564B497-BD14-40DB-9C20-DD0A848AC6DA}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-12 09:57:27
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-12 9:58:25
ComboFix-quarantined-files.txt 2008-04-12 07:58:20
ComboFix2.txt 2008-04-11 07:27:45
ComboFix3.txt 2008-04-08 15:33:28
ComboFix4.txt 2008-04-05 07:42:21
ComboFix5.txt 2008-04-04 08:29:19
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
.
2008-04-11 19:20:14 --- E O F ---


et voici hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:07:56, on 12/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Users\Rémy et céline\logiciel\Nouveau dossier\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Rémy et céline\logiciel\hidjacsky\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Users\Rémy et céline\logiciel\Nouveau dossier\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [i6A8okNaCn] C:\ProgramData\ynavkzqd\wjkvgjad.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.ap...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jre/6u5-b15/jinstal...
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Users\Rémy et céline\logiciel\Nouveau dossier\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 11586 bytes

Re,

La manip n'a pas marché   Suis bien les indications suivantes :

1) Télécharge ToolsCleaner, sur ton bureau.

Ce programme va te faire désinstaller tous les outils que je t’ai faits utiliser.

Clique sur Recherche et laisse le scan agir ...

Clique sur Suppression pour finaliser.

Tu peux, si tu le souhaites, te servir des Options facultatives.

Clique sur Quitter pour obtenir le rapport.

Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

Tutorial ici :

2) Retélécharge Combofix et enregistre-le à la racine de ton disque dur, c'est à dire ici : C:\Combofix.exe >>> Ceci est très important !!!

3) Copie le texte se situant dans le cadre ci-dessous, sans le mot citation :

Citation :

Folder::
C:\Program Files\PC-Antispyware

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC-Antispyware]

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt et enregistre-le à la racine de ton disque dur, soit sur C:\CFScript.txt >>> Très important là aussi !!!

4) Glisse maintenant le fichier ComboFix-Do.txt dans Combofix.exe comme ci-dessous :



Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un nouveau rapport Hijackthis.
S'il n'y a pas de redémarrage, poste quand même les rapports.