Win32 Trojan-Gen

Bonjour,

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".

Afin de lancer la recherche, clic sur"Rechercher".

Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

AIDE : Tuto en images sur MBAM

J'ai tout installé en mode sans echec puis je lancé directement le scan complet de MBAM ou dois je quand meme rebooter ?

Nan, pas besoin de reboot  

Voila le résultat :

Malwarebytes' Anti-Malware 1.17
Version de la base de données: 869

21:07:16 19/06/2008
mbam-log-6-19-2008 (21-07-16).txt

Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 251519
Temps écoulé: 1 hour(s), 18 minute(s), 53 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 13

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\Windows\System32\jkkHYOEu.dll (Trojan.Vundo) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9de09fb8-0134-42a1-8aeb-b973d3d5c5f0} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{9de09fb8-0134-42a1-8aeb-b973d3d5c5f0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0f8f84cf-dcba-4426-ac18-30a8ab00c526} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4271af06 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{0f8f84cf-dcba-4426-ac18-30a8ab00c526} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Vundo) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\jkkhyoeu -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\jkkhyoeu -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Windows\System32\gebBrspO.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\OpsrBbeg.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\OpsrBbeg.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\imitxhoa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\aohxtimi.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\jkkHYOEu.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\uEOYHkkj.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\uEOYHkkj.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\tuvULCuU.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\kEvaR\AppData\Local\Temp\tmp0000dfa4 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\kEvaR\AppData\Local\Temp\tmp00014587 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\17PHolmes1535.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

Reposte un rapport Hijackthis.

Le voila :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:15:07, on 19/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SyncServer.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer optimisé pour MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {D160F7F2-6562-478B-B3E5-CF1F29BA14F5} - C:\Windows\system32\jkkHYOEu.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/cert...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUpload...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: L Ile Noyee Drivers Auto Removal (pr2ajbeb) (pr2ajbeb) - Micro Application - C:\Windows\system32\pr2ajbeb.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 9806 bytes

Alors ça s'annonce comment ?  
Merci pour ton aide en tout cas !!!

Re,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.

Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.

Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer

le voila !!!

ComboFix 08-06-19.4 - kEvaR 2008-06-20 20:56:52.1 - NTFSx86
Microsoft® Windows Vista™ Édition Intégrale 6.0.6001.1.1252.1.1036.18.1092 [GMT 2:00]
Endroit: C:\Users\kEvaR\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\jkkHYOEu.dll
C:\Windows\system32\pvxrjboy.ini
C:\Windows\system32\rpdwdsxb.ini
C:\Windows\System32\uEOYHkkj.ini
C:\Windows\System32\uEOYHkkj.ini2

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-20 to 2008-06-20 ))))))))))))))))))))))))))))))))))))
.

2008-06-21 00:35 . 2008-06-21 00:35 294 ---hs---- C:\Windows\System32\pvxrjboy.ini
2008-06-19 21:55 . 2008-06-19 21:55 <REP> d-------- C:\Program Files\WinSCP
2008-06-19 21:18 . 2008-06-19 21:18 86,016 --------- C:\Windows\System32\yobjrxvp.dll
2008-06-19 19:41 . 2008-06-19 19:41 <REP> d-------- C:\Users\kEvaR\AppData\Roaming\Malwarebytes
2008-06-19 19:41 . 2008-06-19 19:41 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-06-19 19:41 . 2008-06-19 19:41 <REP> d-------- C:\ProgramData\Malwarebytes
2008-06-19 19:41 . 2008-06-19 19:41 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-19 19:41 . 2008-06-10 19:02 34,296 --------- C:\Windows\System32\drivers\mbamcatchme.sys
2008-06-19 19:41 . 2008-06-10 19:02 15,864 --------- C:\Windows\System32\drivers\mbam.sys
2008-06-19 19:40 . 2008-06-19 19:40 <REP> d-------- C:\Users\kEvaR\AppData\Roaming\Download Manager
2008-06-19 18:58 . 2008-06-19 18:58 <REP> d-------- C:\Program Files\Trend Micro
2008-06-16 17:29 . 2008-06-16 17:29 <REP> d-------- C:\Program Files\AviSynth 2.5
2008-06-16 17:28 . 2008-06-16 17:28 <REP> d-------- C:\Program Files\Red Kawa
2008-06-14 19:56 . 2008-06-14 19:56 <REP> d-------- C:\Program Files\Apple Software Update
2008-06-14 18:43 . 2008-04-23 06:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-06-14 18:43 . 2008-04-23 06:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-06-14 18:43 . 2008-04-23 06:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-14 18:43 . 2008-04-23 06:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-13 23:30 . 2008-06-13 23:30 0 --------- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-06-13 22:15 . 2008-06-14 20:10 <REP> d-------- C:\Users\kEvaR\AppData\Roaming\Apple Computer
2008-06-13 22:15 . 2008-06-13 22:15 <REP> d-------- C:\Program Files\iPod
2008-06-13 22:14 . 2008-06-13 22:15 <REP> d-------- C:\Program Files\iTunes
2008-06-13 22:13 . 2008-06-13 22:14 <REP> d-------- C:\Users\All Users\Apple Computer
2008-06-13 22:13 . 2008-06-13 22:14 <REP> d-------- C:\ProgramData\Apple Computer
2008-06-13 22:13 . 2008-06-13 22:14 <REP> d-------- C:\Program Files\QuickTime
2008-06-13 22:12 . 2008-06-13 22:12 <REP> d-------- C:\Users\All Users\Apple
2008-06-13 22:12 . 2008-06-13 22:12 <REP> d-------- C:\ProgramData\Apple
2008-06-13 22:12 . 2008-06-13 22:12 <REP> d-------- C:\Program Files\Common Files\Apple
2008-06-11 11:25 . 2008-04-25 04:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-06-11 11:25 . 2008-04-26 10:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-06-11 11:25 . 2008-04-25 06:35 826,880 --a------ C:\Windows\System32\wininet.dll
2008-06-11 11:25 . 2008-05-10 03:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-07 21:24 . 2008-06-07 21:24 0 --------- C:\Windows\System32\drivers\Msft_Kernel_xusb21_01005.Wdf
2008-06-06 01:28 . 2008-06-08 14:50 <REP> d-------- C:\Users\kEvaR\AppData\Roaming\LimeWire
2008-06-05 23:05 . 2008-06-05 23:05 <REP> d-------- C:\Users\All Users\Codemasters
2008-06-05 23:05 . 2008-06-05 23:05 <REP> d-------- C:\ProgramData\Codemasters
2008-06-05 23:00 . 2008-03-05 15:56 3,786,760 --------- C:\Windows\System32\D3DX9_37.dll
2008-06-05 23:00 . 2008-03-05 15:56 1,420,824 --------- C:\Windows\System32\D3DCompiler_37.dll
2008-06-05 23:00 . 2008-04-28 15:53 805,400 --------- C:\Windows\System32\tmp4FE1.tmp
2008-06-05 23:00 . 2008-03-05 16:03 479,752 --------- C:\Windows\System32\XAudio2_0.dll
2008-06-05 23:00 . 2008-02-05 23:07 462,864 --------- C:\Windows\System32\d3dx10_37.dll
2008-06-05 23:00 . 2008-03-05 16:03 238,088 --------- C:\Windows\System32\xactengine3_0.dll
2008-06-05 23:00 . 2008-03-05 16:00 25,608 --------- C:\Windows\System32\X3DAudio1_3.dll
2008-06-05 22:59 . 2008-04-28 15:53 805,400 --------- C:\Windows\System32\tmp4FD0.tmp
2008-06-02 20:30 . 2008-06-20 20:46 <REP> d-------- C:\Users\kEvaR\Tracing
2008-05-27 22:45 . 2008-03-08 04:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-27 22:45 . 2008-03-08 06:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
2008-05-27 10:50 . 2008-05-27 10:50 90,112 --------- C:\Windows\System32\QuickTimeVR.qtx
2008-05-27 10:50 . 2008-05-27 10:50 57,344 --------- C:\Windows\System32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-19 19:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-19 19:35 --------- d-----w C:\ProgramData\ViaMichelin
2008-06-19 14:18 --------- d-----w C:\Users\kEvaR\AppData\Roaming\Skype
2008-06-19 14:02 --------- d-----w C:\Users\kEvaR\AppData\Roaming\skypePM
2008-06-19 13:38 --------- d-----w C:\Program Files\Everest Poker
2008-06-13 20:14 --------- d-----w C:\Program Files\Bonjour
2008-06-12 01:08 --------- d-----w C:\Program Files\Windows Mail
2008-06-09 17:22 --------- d-----w C:\Users\kEvaR\AppData\Roaming\FileZilla
2008-06-09 16:46 --------- d-----w C:\Program Files\FileZilla Client
2008-06-05 21:00 444,952 ------w C:\Windows\System32\wrap_oal.dll
2008-06-05 21:00 109,080 ------w C:\Windows\System32\OpenAL32.dll
2008-06-05 21:00 --------- d-----w C:\Program Files\OpenAL
2008-06-02 19:59 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-06-02 19:00 --------- d-----w C:\Program Files\Windows Live
2008-06-01 03:28 --------- d-----w C:\Program Files\Everest Casino
2008-05-19 18:44 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-17 12:30 22,328 ------w C:\Windows\system32\drivers\PnkBstrK.sys
2008-05-17 12:30 107,832 ------w C:\Windows\System32\PnkBstrB.exe
2008-05-16 07:55 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-15 23:18 50,768 ------w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-04 21:16 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-04 21:05 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-05-03 01:01 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-05-02 17:32 --------- d-----w C:\Users\kEvaR\AppData\Roaming\ScanSoft
2008-05-02 17:32 --------- d-----w C:\ProgramData\ScanSoft
2008-05-02 17:32 --------- d-----w C:\ProgramData\InstallShield
2008-05-02 17:31 --------- d-----w C:\Program Files\ScanSoft
2008-05-02 17:31 --------- d-----w C:\Program Files\Common Files\ScanSoft Shared
2008-05-02 17:31 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-01 22:07 --------- d-----w C:\Program Files\adslTV
2008-04-23 02:49 --------- d-----w C:\Users\kEvaR\AppData\Roaming\GrabIt
2008-04-21 16:16 0 ------w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-04-21 11:00 174 --sha-w C:\Program Files\desktop.ini
2008-04-21 10:53 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-21 10:53 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-04-21 10:53 --------- d-----w C:\Program Files\Windows Journal
2008-04-21 10:53 --------- d-----w C:\Program Files\Windows Defender
2008-04-21 10:53 --------- d-----w C:\Program Files\Windows Collaboration
2008-04-21 10:53 --------- d-----w C:\Program Files\Windows Calendar
2008-04-21 10:44 101,888 ------w C:\Windows\System32\ifxcardm.dll
2008-04-21 10:43 82,432 ------w C:\Windows\System32\axaltocm.dll
2008-04-21 10:23 47,560 ------w C:\Windows\System32\SPReview.exe
2008-04-21 10:23 152,576 ------w C:\Windows\System32\SPWizUI.dll
2008-04-11 15:23 38,400 ------w C:\Windows\System32\SoundSchemes.exe
2008-03-26 18:05 446,976 ------w C:\Windows\System32\ShellMPD.dll
2007-12-19 13:42 32 ----a-w C:\Users\All Users\ezsid.dat
2007-12-19 13:42 32 ----a-w C:\ProgramData\ezsid.dat
2007-11-13 16:32 22,328 ----a-w C:\Users\kEvaR\AppData\Roaming\PnkBstrK.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 23:33 1233920]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2008-06-03 22:15 3739672]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03 152872]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [ ]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 23:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 05:28 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 05:28 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-12 05:28 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 21:34 868352]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 09:03 210472]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 12:02 79400]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 11:13 267048]
"4271af06"="C:\Windows\system32\yobjrxvp.dll" [2008-06-19 21:18 86016]
"Windows Mobile-based device management"="C:\Windows\WindowsMobile\wmdcBase.exe" [2007-05-31 10:21 648072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [ ]

C:\Users\kEvaR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MSN Pictures Displayer.lnk - C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe [2008-03-26 20:05:33 4571136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-444878932-217695702-3584570681-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{4593CA59-C2BC-46C6-9E39-DA221B6F2F2D}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{A0E282B4-1F94-41EC-8F28-F50E3E621989}C:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:C:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{E0A28576-9B2F-4F37-8C5C-B77062DF0204}C:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:C:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{CEBEE4A6-3A5F-42BB-A8EC-4315D3256CE2}C:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:C:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{60981EE3-F071-4E9C-A6A9-C092A3B322A4}C:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:C:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"TCP Query User{7E2D338A-5FF9-48E4-8DAC-903036D9C157}E:\\emule\\emule.exe"= UDP:E:\emule\emule.exe:eMule
"UDP Query User{7A8162CA-2418-41CA-BE2C-4E647F9EBB8C}E:\\emule\\emule.exe"= TCP:E:\emule\emule.exe:eMule
"TCP Query User{D4755B87-0D5A-40CF-93AB-99246D368754}D:\\abc\\abc.exe"= UDP :\abc\abc.exe:abc
"UDP Query User{7062939E-F6F6-4E72-A212-B17617677BFF}D:\\abc\\abc.exe"= TCP :\abc\abc.exe:abc
"{A40E842C-D2DB-4EA7-91E6-BBC4E14D439D}"= UDP :\Games\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{C14F9D5C-CD6B-4695-BC59-439141A98DB7}"= TCP :\Games\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{6F16F40E-2BE1-4A24-85B7-B3779FA183E1}"= UDP :\Games\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{76FC3BBA-721B-49E5-9964-DF32C67AF0F7}"= TCP :\Games\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"TCP Query User{2F5B1C4C-CD2D-46D5-A506-09DD8DE53DE6}D:\\steam\\steamapps\\kevar_senik\\counter-strike\\hl.exe"= UDP :\steam\steamapps\kevar_senik\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{F44DB5B6-D590-47A0-AD28-E0D6F51EDC61}D:\\steam\\steamapps\\kevar_senik\\counter-strike\\hl.exe"= TCP :\steam\steamapps\kevar_senik\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{16FBC449-B6FD-4FD4-A9EC-01246C1F89EE}D:\\steam\\steam.exe"= UDP :\steam\steam.exe:Steam
"UDP Query User{8FE13A69-EE97-47C9-8C8E-85E1CB750C76}D:\\steam\\steam.exe"= TCP :\steam\steam.exe:Steam
"TCP Query User{BFB59F33-F370-4F09-BDA5-4D421C0A411A}D:\\games\\dirt\\dirt.exe"= UDP :\games\dirt\dirt.exe iRT Executable
"UDP Query User{C639E12C-F3EE-46CB-B976-AA358DE97A26}D:\\games\\dirt\\dirt.exe"= TCP :\games\dirt\dirt.exe iRT Executable
"TCP Query User{56C287C2-1663-41A5-84F4-4EB7B1614E94}D:\\steam\\steamapps\\kevar_senik\\condition zero\\hl.exe"= UDP :\steam\steamapps\kevar_senik\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{D0650B12-4BD0-4D80-9BD7-F579C9B08015}D:\\steam\\steamapps\\kevar_senik\\condition zero\\hl.exe"= TCP :\steam\steamapps\kevar_senik\condition zero\hl.exe:Half-Life Launcher
"TCP Query User{53BD29FC-9B34-45AB-BFC6-FED9F766C456}C:\\program files\\abc\\abc.exe"= UDP:C:\program files\abc\abc.exe:abc
"UDP Query User{09171DE0-9DA7-4490-B634-1F147940C9DE}C:\\program files\\abc\\abc.exe"= TCP:C:\program files\abc\abc.exe:abc
"TCP Query User{7B438B6F-5434-4B76-BF70-6374E24112C6}D:\\games\\lost planet extreme condition\\lostplanetdx10.exe"= UDP :\games\lost planet extreme condition\lostplanetdx10.exe:LostPlanetDx10
"UDP Query User{D704AB03-A0DD-451F-BC0C-82EA0CEF3271}D:\\games\\lost planet extreme condition\\lostplanetdx10.exe"= TCP :\games\lost planet extreme condition\lostplanetdx10.exe:LostPlanetDx10
"TCP Query User{1FA75243-8D6A-4DCF-81AF-42BCFF3E6FE2}G:\\crack\\lostplanetdx9.exe"= UDP:G:\crack\lostplanetdx9.exe:LostPlanetDx9
"UDP Query User{7637F2BB-17EB-4AB2-8E52-E46FEFE5A35C}G:\\crack\\lostplanetdx9.exe"= TCP:G:\crack\lostplanetdx9.exe:LostPlanetDx9
"TCP Query User{D6D03439-E20E-486E-9964-7A904D115B66}G:\\crack\\lostplanetdx10.exe"= UDP:G:\crack\lostplanetdx10.exe:LostPlanetDx10
"UDP Query User{6EF641F8-53E1-4D2D-AF6B-6E6CEE9BD52E}G:\\crack\\lostplanetdx10.exe"= TCP:G:\crack\lostplanetdx10.exe:LostPlanetDx10
"TCP Query User{96913A94-CE4E-4B91-8E16-FAC74CD0E6E4}D:\\games\\lost planet extreme condition\\lostplanetdx9.exe"= UDP :\games\lost planet extreme condition\lostplanetdx9.exe:LostPlanetDx9
"UDP Query User{14723429-4755-4492-B032-B4B99B10BEC8}D:\\games\\lost planet extreme condition\\lostplanetdx9.exe"= TCP :\games\lost planet extreme condition\lostplanetdx9.exe:LostPlanetDx9
"{FDBC3791-218A-4DD7-9633-DC3DD0CA0804}"= UDP :\Games\Stranglehold\Binaries\Retail-Stranglehold.exe:Stranglehold
"{71DD5EB9-D9CD-473D-BC9F-3D4BF6513A20}"= TCP :\Games\Stranglehold\Binaries\Retail-Stranglehold.exe:Stranglehold
"TCP Query User{E3EF6C10-376A-411B-9A6E-19DC26A88806}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{A2655D22-8DDD-4777-8C4F-90DD5A629649}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{FCC4672A-89A0-42A9-956E-020700FDE958}"= UDP:C:\Windows\System32\PnkBstrA.exe nkBstrA
"{D5822315-CC0A-48D0-983E-175E0E425CC0}"= TCP:C:\Windows\System32\PnkBstrA.exe nkBstrA
"{7D509C50-B4C3-4270-A842-AA6919DB3B55}"= UDP:C:\Windows\System32\PnkBstrB.exe nkBstrB
"{250E6FE9-A0C3-4BE3-A8EB-43570ECBD480}"= TCP:C:\Windows\System32\PnkBstrB.exe nkBstrB
"{9CA77D64-7119-4732-809F-ACAC6583D43F}"= UDP :\Games\Crysis\Bin32\Crysis.exe:Crysis_32
"{ADF79E4B-6A06-49A5-87D7-5A369A6853E4}"= TCP :\Games\Crysis\Bin32\Crysis.exe:Crysis_32
"{4C4A34E2-8DBD-4EF6-A83B-ECC87A690CE1}"= UDP :\Games\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{5B834DE3-2775-4756-836C-F19A28B69A0E}"= TCP :\Games\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{808FFF8D-1C01-4127-9590-DB209D19B9F6}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{29739777-0E86-418F-82C2-CAE2A8D5B528}"= UDP :\Games\Kane and Lynch Dead Men\kaneandlynch.exe:Kane & Lynch: Dead Men
"{5DC8560F-7631-4453-AD21-AC4E6B18F8E8}"= TCP :\Games\Kane and Lynch Dead Men\kaneandlynch.exe:Kane & Lynch: Dead Men
"{9C31C3BE-CF92-4968-8669-CB28EBC82542}"= UDP :\Games\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{23FFDC3C-C1FA-45C6-BA46-9E794F8DE460}"= TCP :\Games\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{8DFE96B1-FC69-40F4-A1C0-9C8C9D4752E0}"= UDP :\Games\Battlefield 2\BF2.exe:Battlefield 2
"{7AB049B2-C86C-4430-B087-9167E45E5CA9}"= TCP :\Games\Battlefield 2\BF2.exe:Battlefield 2
"{794CFD8C-BB21-4268-BF74-2716BBB7EAD4}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{0BAC581A-9D94-4BEE-BD9F-D140113C4022}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{DFEB9265-5375-4309-B272-D335F95310A9}C:\\program files\\adsltv\\adsltv.exe"= UDP:C:\program files\adsltv\adsltv.exe:adsltv
"UDP Query User{7F982220-7961-4B1A-8935-DC4C2EEDF0E8}C:\\program files\\adsltv\\adsltv.exe"= TCP:C:\program files\adsltv\adsltv.exe:adsltv
"TCP Query User{7D45042A-F582-45CF-8F7F-4FC336359E24}C:\\program files\\the all-seeing eye\\eye.exe"= UDP:C:\program files\the all-seeing eye\eye.exe:Yahoo! All-Seeing Eye
"UDP Query User{C159279E-3925-4ADC-BF01-89D9667FAC5B}C:\\program files\\the all-seeing eye\\eye.exe"= TCP:C:\program files\the all-seeing eye\eye.exe:Yahoo! All-Seeing Eye
"TCP Query User{144858AC-450F-4E38-B626-7EC38BA06765}C:\\users\\kevar\\desktop\\eye.exe"= UDP:C:\users\kevar\desktop\eye.exe:eye.exe
"UDP Query User{DD9EE265-E29D-4C8A-A792-EC900CACC894}C:\\users\\kevar\\desktop\\eye.exe"= TCP:C:\users\kevar\desktop\eye.exe:eye.exe
"TCP Query User{7C5D2324-48F0-4792-9CE1-7573E8662823}D:\\games\\call of duty 2\\cod2mp_s.exe"= UDP :\games\call of duty 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{BFC9ACA4-1917-479A-9EA5-5CAF5E72CE2A}D:\\games\\call of duty 2\\cod2mp_s.exe"= TCP :\games\call of duty 2\cod2mp_s.exe:CoD2MP_s
"TCP Query User{EDD25F34-AFF1-4682-BACF-E688E2F27B45}D:\\steam\\steamapps\\kevar_senik\\counter-strike\\hl.exe"= UDP :\steam\steamapps\kevar_senik\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{7F2D9E13-85CC-4143-8745-0945B0A3FA50}D:\\steam\\steamapps\\kevar_senik\\counter-strike\\hl.exe"= TCP :\steam\steamapps\kevar_senik\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{AF3D4D91-D89E-4867-B17F-4CA476EA0E5E}E:\\emule\\emule.exe"= UDP:E:\emule\emule.exe:eMule
"UDP Query User{9298F132-F39C-4F01-B27A-FC08D0901880}E:\\emule\\emule.exe"= TCP:E:\emule\emule.exe:eMule
"{45ECD757-44A9-40FB-ADD8-B2D62A8CEB47}"= UDP :\Games\LOST\Lost Via Domus\Yeti_Final_Win32.exe:Lost Via Domus Game
"{A8318DB4-4E4B-4136-9C80-0EE1C8CD1F25}"= TCP :\Games\LOST\Lost Via Domus\Yeti_Final_Win32.exe:Lost Via Domus Game
"{0EACB1FE-2A26-45A8-92B6-EBF652EB1E2D}"= UDP :\Games\LOST\Lost Via Domus\gu.exe:Lost Via Domus Updater
"{F96DF8F2-ADD9-45B7-964D-30EA70300C22}"= TCP :\Games\LOST\Lost Via Domus\gu.exe:Lost Via Domus Updater
"{3071754D-0EC0-4E22-BE70-6F3F94CD4F96}"= UDP :\Games\LOST\Lost Via Domus\detection\Launcher.exe:Lost Via Domus Requirements Tool
"{C96185F0-74D6-45F2-8FCA-1179B322D567}"= TCP :\Games\LOST\Lost Via Domus\detection\Launcher.exe:Lost Via Domus Requirements Tool
"{C7DAC412-96F2-49B5-AD59-D01729F8A1CF}"= UDP :\Games\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{A70CA707-6A7D-428D-A937-FA6F0DF687FE}"= TCP :\Games\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{088B075D-B0BE-45D2-A27E-68028C7C62A6}"= UDP :\Games\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{B6165AF2-D881-4D0A-864F-0EE3AD7971A7}"= TCP :\Games\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{DDF8CB46-42C3-41F6-8C25-E18BDEAF5B9B}"= UDP :\Games\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{7EDEFC3F-B2C8-4D12-9AE7-1606FEE9B177}"= TCP :\Games\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"TCP Query User{3ED88077-9A70-4DAD-B0A2-50E75BE4AC26}C:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:C:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{E3BA35F6-2A52-4B23-8B42-B356C92F7357}C:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:C:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{A227EF08-3097-42A8-BF7D-566AFF20C7CF}C:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:C:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{70421EFF-B78C-4479-98C4-4B9699676166}C:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:C:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"TCP Query User{D13AFC2F-2BB9-4B1E-B18D-DF4450C993B7}C:\\program files\\freeplayer\\vlc\\vlc.exe"= UDP:C:\program files\freeplayer\vlc\vlc.exe:VLC media player
"UDP Query User{15493773-B1A2-4A0A-AA64-5339A90A2723}C:\\program files\\freeplayer\\vlc\\vlc.exe"= TCP:C:\program files\freeplayer\vlc\vlc.exe:VLC media player
"TCP Query User{5DB95920-0EF8-4B3D-9265-20C4F15FD2B4}F:\\nettool 0.8.exe"= UDP:F:\nettool 0.8.exe:NetTool
"UDP Query User{DB2D50D3-3043-433F-9719-1605EF2EBA03}F:\\nettool 0.8.exe"= TCP:F:\nettool 0.8.exe:NetTool
"TCP Query User{BD4AD5FD-7938-491C-88F2-44A1BE1D1E4B}F:\\nettool 0.8.exe"= UDP:F:\nettool 0.8.exe:NetTool
"UDP Query User{CF029ADA-5A9B-4A4C-A30F-8CE20288EAB5}F:\\nettool 0.8.exe"= TCP:F:\nettool 0.8.exe:NetTool
"TCP Query User{E9D7B322-03D8-4C16-92AB-161EC6EAA440}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{EE76FED4-ED34-4994-A7CB-D4B890CACD58}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{C3108524-DD9D-4DBA-9D61-76887482EA2A}C:\\program files\\adsltv\\adsltv.exe"= UDP:C:\program files\adsltv\adsltv.exe:adsltv
"UDP Query User{4D0F8B03-7E14-4F2E-BC19-C227AC2E06C4}C:\\program files\\adsltv\\adsltv.exe"= TCP:C:\program files\adsltv\adsltv.exe:adsltv
"{277B92A1-79FD-4DEC-937F-8EAB330E13BF}"= C:\Program Files\Windows Live\Messenger\wlcsdk.exe:Windows Live Messenger (Phone)
"{2DA904F0-D6FA-4007-8A1A-88AF34F47758}"= UDP :\Games\GRID\GRID.exe:GRID
"{5C35EF89-D93D-4F61-81EC-AD6A756E3BC8}"= TCP :\Games\GRID\GRID.exe:GRID
"{8BAC004D-A462-4445-8B71-641865A3D2E3}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{35527D0E-91EA-490B-9E0A-6900E9AD03C2}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{37FFD859-05C9-4CC5-8335-8CF495708B4B}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{361022B7-0BF8-4123-93CF-C3920F0C92CB}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{9A8272DA-E51B-4E2C-9E6D-CD4F2AA5CC94}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{8F308FF5-17C0-469D-AA24-23668EA395C0}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{D4A3AB73-E9D6-4FEE-94EE-1A3320B1AF69}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{FDDFD9DB-4539-4C1A-A19A-5DFBC178F476}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype

R0 pe3ajbeb;L Ile Noyee Environment Driver (pe3ajbeb);C:\Windows\system32\drivers\pe3ajbeb.sys [2007-08-22 18:31]
R0 ps7ajbeb;L Ile Noyee Synchronization Driver (ps7ajbeb);C:\Windows\system32\drivers\ps7ajbeb.sys [2007-08-22 18:30]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2008-01-18 23:33]
R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2008-01-18 23:33]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;C:\Windows\system32\drivers\libusb0.sys [2005-03-09 20:50]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 09:51]
S0 OemBiosDevice;Royalty OEM Bios Extension;C:\Windows\system32\drivers\royal.sys [2007-09-29 16:51]
S2 pr2ajbeb;L Ile Noyee Drivers Auto Removal (pr2ajbeb);C:\Windows\system32\pr2ajbeb.exe svc []
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187.sys [2006-06-16 09:30]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-05-17 14:08]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
GPSvcGroup REG_MULTI_SZ GPSvc


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-21 00:35:28
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\Windows\Explorer.exe
-> C:\Windows\system32\yobjrxvp.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\libusbd-nt.exe
C:\Windows\System32\PnkBstrA.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SyncServer.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-21 0:39:26 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-20 22:39:04

Pre-Run: 50,007,191,552 octets libres
Post-Run: 57,351,192,576 octets libres

323 --- E O F --- 2008-06-18 11:00:06

Par contre une fois rebooté avast ne se lance plus... c'est normal ?
windows defender a détecté le trojan au demarrage puis plus rien... Je pense que le pc est encore boiteu...  

Re,

Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :



Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]

Voila pour Combofix :

ComboFix 08-06-19.4 - kEvaR 2008-06-21 13:59:20.2 - NTFSx86
Microsoft® Windows Vista™ Édition Intégrale 6.0.6001.1.1252.1.1036.18.1072 [GMT 2:00]
Endroit: C:\Users\kEvaR\Desktop\ComboFix.exe
Command switches used :: C:\Users\kEvaR\Desktop\CFScript.txt
* Création d'un nouveau point de restauration

FILE ::
C:\Windows\System32\pvxrjboy.ini
C:\Windows\System32\yobjrxvp.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\System32\pvxrjboy.ini
C:\Windows\System32\yobjrxvp.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-21 to 2008-06-21 ))))))))))))))))))))))))))))))))))))
.

2008-06-19 21:55 . 2008-06-19 21:55 <REP> d-------- C:\Program Files\WinSCP
2008-06-19 19:41 . 2008-06-19 19:41 <REP> d-------- C:\Users\kEvaR\AppData\Roaming\Malwarebytes
2008-06-19 19:41 . 2008-06-19 19:41 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-06-19 19:41 . 2008-06-19 19:41 <REP> d-------- C:\ProgramData\Malwarebytes
2008-06-19 19:41 . 2008-06-19 19:41 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-19 19:41 . 2008-06-10 19:02 34,296 --------- C:\Windows\System32\drivers\mbamcatchme.sys
2008-06-19 19:41 . 2008-06-10 19:02 15,864 --------- C:\Windows\System32\drivers\mbam.sys
2008-06-19 19:40 . 2008-06-19 19:40 <REP> d-------- C:\Users\kEvaR\AppData\Roaming\Download Manager
2008-06-19 18:58 . 2008-06-19 18:58 <REP> d-------- C:\Program Files\Trend Micro
2008-06-16 17:29 . 2008-06-16 17:29 <REP> d-------- C:\Program Files\AviSynth 2.5
2008-06-16 17:28 . 2008-06-16 17:28 <REP> d-------- C:\Program Files\Red Kawa
2008-06-14 19:56 . 2008-06-14 19:56 <REP> d-------- C:\Program Files\Apple Software Update
2008-06-14 18:43 . 2008-04-23 06:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-06-14 18:43 . 2008-04-23 06:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-06-14 18:43 . 2008-04-23 06:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-14 18:43 . 2008-04-23 06:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-13 23:30 . 2008-06-13 23:30 0 --------- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-06-13 22:15 . 2008-06-14 20:10 <REP> d-------- C:\Users\kEvaR\AppData\Roaming\Apple Computer
2008-06-13 22:15 . 2008-06-13 22:15 <REP> d-------- C:\Program Files\iPod
2008-06-13 22:14 . 2008-06-13 22:15 <REP> d-------- C:\Program Files\iTunes
2008-06-13 22:13 . 2008-06-13 22:14 <REP> d-------- C:\Users\All Users\Apple Computer
2008-06-13 22:13 . 2008-06-13 22:14 <REP> d-------- C:\ProgramData\Apple Computer
2008-06-13 22:13 . 2008-06-13 22:14 <REP> d-------- C:\Program Files\QuickTime
2008-06-13 22:12 . 2008-06-13 22:12 <REP> d-------- C:\Users\All Users\Apple
2008-06-13 22:12 . 2008-06-13 22:12 <REP> d-------- C:\ProgramData\Apple
2008-06-13 22:12 . 2008-06-13 22:12 <REP> d-------- C:\Program Files\Common Files\Apple
2008-06-11 11:25 . 2008-04-25 04:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-06-11 11:25 . 2008-04-26 10:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-06-11 11:25 . 2008-04-25 06:35 826,880 --a------ C:\Windows\System32\wininet.dll
2008-06-11 11:25 . 2008-05-10 03:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-07 21:24 . 2008-06-07 21:24 0 --------- C:\Windows\System32\drivers\Msft_Kernel_xusb21_01005.Wdf
2008-06-06 01:28 . 2008-06-08 14:50 <REP> d-------- C:\Users\kEvaR\AppData\Roaming\LimeWire
2008-06-05 23:05 . 2008-06-05 23:05 <REP> d-------- C:\Users\All Users\Codemasters
2008-06-05 23:05 . 2008-06-05 23:05 <REP> d-------- C:\ProgramData\Codemasters
2008-06-05 23:00 . 2008-03-05 15:56 3,786,760 --------- C:\Windows\System32\D3DX9_37.dll
2008-06-05 23:00 . 2008-03-05 15:56 1,420,824 --------- C:\Windows\System32\D3DCompiler_37.dll
2008-06-05 23:00 . 2008-04-28 15:53 805,400 --------- C:\Windows\System32\tmp4FE1.tmp
2008-06-05 23:00 . 2008-03-05 16:03 479,752 --------- C:\Windows\System32\XAudio2_0.dll
2008-06-05 23:00 . 2008-02-05 23:07 462,864 --------- C:\Windows\System32\d3dx10_37.dll
2008-06-05 23:00 . 2008-03-05 16:03 238,088 --------- C:\Windows\System32\xactengine3_0.dll
2008-06-05 23:00 . 2008-03-05 16:00 25,608 --------- C:\Windows\System32\X3DAudio1_3.dll
2008-06-05 22:59 . 2008-04-28 15:53 805,400 --------- C:\Windows\System32\tmp4FD0.tmp
2008-06-02 20:30 . 2008-06-21 12:46 <REP> d-------- C:\Users\kEvaR\Tracing
2008-05-27 22:45 . 2008-03-08 04:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-27 22:45 . 2008-03-08 06:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
2008-05-27 10:50 . 2008-05-27 10:50 90,112 --------- C:\Windows\System32\QuickTimeVR.qtx
2008-05-27 10:50 . 2008-05-27 10:50 57,344 --------- C:\Windows\System32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-21 12:05 --------- d-----w C:\Program Files\Everest Poker
2008-06-19 19:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-19 19:35 --------- d-----w C:\ProgramData\ViaMichelin
2008-06-19 14:18 --------- d-----w C:\Users\kEvaR\AppData\Roaming\Skype
2008-06-19 14:02 --------- d-----w C:\Users\kEvaR\AppData\Roaming\skypePM
2008-06-13 20:14 --------- d-----w C:\Program Files\Bonjour
2008-06-12 01:08 --------- d-----w C:\Program Files\Windows Mail
2008-06-09 17:22 --------- d-----w C:\Users\kEvaR\AppData\Roaming\FileZilla
2008-06-09 16:46 --------- d-----w C:\Program Files\FileZilla Client
2008-06-05 21:00 --------- d-----w C:\Program Files\OpenAL
2008-06-02 19:59 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-06-02 19:00 --------- d-----w C:\Program Files\Windows Live
2008-06-01 03:28 --------- d-----w C:\Program Files\Everest Casino
2008-05-19 18:44 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-17 12:30 22,328 ------w C:\Windows\system32\drivers\PnkBstrK.sys
2008-05-16 07:55 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-15 23:18 50,768 ------w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-04 21:16 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-04 21:05 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-05-03 01:01 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-05-02 17:32 --------- d-----w C:\Users\kEvaR\AppData\Roaming\ScanSoft
2008-05-02 17:32 --------- d-----w C:\ProgramData\ScanSoft
2008-05-02 17:32 --------- d-----w C:\ProgramData\InstallShield
2008-05-02 17:31 --------- d-----w C:\Program Files\ScanSoft
2008-05-02 17:31 --------- d-----w C:\Program Files\Common Files\ScanSoft Shared
2008-05-02 17:31 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-01 22:07 --------- d-----w C:\Program Files\adslTV
2008-04-23 02:49 --------- d-----w C:\Users\kEvaR\AppData\Roaming\GrabIt
2008-04-21 16:16 0 ------w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-04-21 11:00 174 --sha-w C:\Program Files\desktop.ini
2008-04-21 10:53 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-21 10:53 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-04-21 10:53 --------- d-----w C:\Program Files\Windows Journal
2008-04-21 10:53 --------- d-----w C:\Program Files\Windows Defender
2008-04-21 10:53 --------- d-----w C:\Program Files\Windows Collaboration
2008-04-21 10:53 --------- d-----w C:\Program Files\Windows Calendar
2007-12-19 13:42 32 ----a-w C:\Users\All Users\ezsid.dat
2007-12-19 13:42 32 ----a-w C:\ProgramData\ezsid.dat
2007-11-13 16:32 22,328 ----a-w C:\Users\kEvaR\AppData\Roaming\PnkBstrK.sys
.

((((((((((((((((((((((((((((( snapshot@2008-06-21_ 0.38.33.98 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-20 19:06:44 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-06-21 12:04:15 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-06-20 19:17:21 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-06-21 12:04:30 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-06-21 12:04:30 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-06-20 19:16:55 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-06-21 12:04:32 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-06-21 12:04:32 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-06-20 22:35:23 16,384 ------w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-06-21 12:05:01 16,384 ------w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-20 22:35:23 32,768 ------w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-21 12:05:01 32,768 ------w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-20 22:35:23 16,384 ------w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-21 12:05:01 16,384 ------w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-06-20 19:11:16 105,586 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-06-21 10:50:38 105,586 ----a-w C:\Windows\System32\perfc009.dat
- 2008-06-20 19:11:16 128,676 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-06-21 10:50:38 128,676 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-06-20 19:11:16 598,212 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-06-21 10:50:38 598,212 ----a-w C:\Windows\System32\perfh009.dat
- 2008-06-20 19:11:16 681,486 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-06-21 10:50:38 681,486 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-06-20 18:47:40 6,822 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-444878932-217695702-3584570681-1000_UserData.bin
+ 2008-06-21 10:48:14 6,846 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-444878932-217695702-3584570681-1000_UserData.bin
- 2008-06-20 18:47:39 70,904 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-06-21 10:48:14 71,254 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-06-20 18:47:37 38,766 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-06-21 10:48:13 38,990 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 23:33 1233920]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2008-06-03 22:15 3739672]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03 152872]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [ ]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 23:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 05:28 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 05:28 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-12 05:28 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 21:34 868352]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 09:03 210472]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 12:02 79400]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 11:13 267048]
"Windows Mobile-based device management"="C:\Windows\WindowsMobile\wmdcBase.exe" [2007-05-31 10:21 648072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [ ]

C:\Users\kEvaR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MSN Pictures Displayer.lnk - C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe [2008-03-26 20:05:33 4571136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-444878932-217695702-3584570681-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{4593CA59-C2BC-46C6-9E39-DA221B6F2F2D}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{A0E282B4-1F94-41EC-8F28-F50E3E621989}C:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:C:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{E0A28576-9B2F-4F37-8C5C-B77062DF0204}C:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:C:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{CEBEE4A6-3A5F-42BB-A8EC-4315D3256CE2}C:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:C:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{60981EE3-F071-4E9C-A6A9-C092A3B322A4}C:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:C:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"TCP Query User{7E2D338A-5FF9-48E4-8DAC-903036D9C157}E:\\emule\\emule.exe"= UDP:E:\emule\emule.exe:eMule
"UDP Query User{7A8162CA-2418-41CA-BE2C-4E647F9EBB8C}E:\\emule\\emule.exe"= TCP:E:\emule\emule.exe:eMule
"TCP Query User{D4755B87-0D5A-40CF-93AB-99246D368754}D:\\abc\\abc.exe"= UDP :\abc\abc.exe:abc
"UDP Query User{7062939E-F6F6-4E72-A212-B17617677BFF}D:\\abc\\abc.exe"= TCP :\abc\abc.exe:abc
"{A40E842C-D2DB-4EA7-91E6-BBC4E14D439D}"= UDP :\Games\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{C14F9D5C-CD6B-4695-BC59-439141A98DB7}"= TCP :\Games\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{6F16F40E-2BE1-4A24-85B7-B3779FA183E1}"= UDP :\Games\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{76FC3BBA-721B-49E5-9964-DF32C67AF0F7}"= TCP :\Games\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"TCP Query User{2F5B1C4C-CD2D-46D5-A506-09DD8DE53DE6}D:\\steam\\steamapps\\kevar_senik\\counter-strike\\hl.exe"= UDP :\steam\steamapps\kevar_senik\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{F44DB5B6-D590-47A0-AD28-E0D6F51EDC61}D:\\steam\\steamapps\\kevar_senik\\counter-strike\\hl.exe"= TCP :\steam\steamapps\kevar_senik\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{16FBC449-B6FD-4FD4-A9EC-01246C1F89EE}D:\\steam\\steam.exe"= UDP :\steam\steam.exe:Steam
"UDP Query User{8FE13A69-EE97-47C9-8C8E-85E1CB750C76}D:\\steam\\steam.exe"= TCP :\steam\steam.exe:Steam
"TCP Query User{BFB59F33-F370-4F09-BDA5-4D421C0A411A}D:\\games\\dirt\\dirt.exe"= UDP :\games\dirt\dirt.exe iRT Executable
"UDP Query User{C639E12C-F3EE-46CB-B976-AA358DE97A26}D:\\games\\dirt\\dirt.exe"= TCP :\games\dirt\dirt.exe iRT Executable
"TCP Query User{56C287C2-1663-41A5-84F4-4EB7B1614E94}D:\\steam\\steamapps\\kevar_senik\\condition zero\\hl.exe"= UDP :\steam\steamapps\kevar_senik\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{D0650B12-4BD0-4D80-9BD7-F579C9B08015}D:\\steam\\steamapps\\kevar_senik\\condition zero\\hl.exe"= TCP :\steam\steamapps\kevar_senik\condition zero\hl.exe:Half-Life Launcher
"TCP Query User{53BD29FC-9B34-45AB-BFC6-FED9F766C456}C:\\program files\\abc\\abc.exe"= UDP:C:\program files\abc\abc.exe:abc
"UDP Query User{09171DE0-9DA7-4490-B634-1F147940C9DE}C:\\program files\\abc\\abc.exe"= TCP:C:\program files\abc\abc.exe:abc
"TCP Query User{7B438B6F-5434-4B76-BF70-6374E24112C6}D:\\games\\lost planet extreme condition\\lostplanetdx10.exe"= UDP :\games\lost planet extreme condition\lostplanetdx10.exe:LostPlanetDx10
"UDP Query User{D704AB03-A0DD-451F-BC0C-82EA0CEF3271}D:\\games\\lost planet extreme condition\\lostplanetdx10.exe"= TCP :\games\lost planet extreme condition\lostplanetdx10.exe:LostPlanetDx10
"TCP Query User{1FA75243-8D6A-4DCF-81AF-42BCFF3E6FE2}G:\\crack\\lostplanetdx9.exe"= UDP:G:\crack\lostplanetdx9.exe:LostPlanetDx9
"UDP Query User{7637F2BB-17EB-4AB2-8E52-E46FEFE5A35C}G:\\crack\\lostplanetdx9.exe"= TCP:G:\crack\lostplanetdx9.exe:LostPlanetDx9
"TCP Query User{D6D03439-E20E-486E-9964-7A904D115B66}G:\\crack\\lostplanetdx10.exe"= UDP:G:\crack\lostplanetdx10.exe:LostPlanetDx10
"UDP Query User{6EF641F8-53E1-4D2D-AF6B-6E6CEE9BD52E}G:\\crack\\lostplanetdx10.exe"= TCP:G:\crack\lostplanetdx10.exe:LostPlanetDx10
"TCP Query User{96913A94-CE4E-4B91-8E16-FAC74CD0E6E4}D:\\games\\lost planet extreme condition\\lostplanetdx9.exe"= UDP :\games\lost planet extreme condition\lostplanetdx9.exe:LostPlanetDx9
"UDP Query User{14723429-4755-4492-B032-B4B99B10BEC8}D:\\games\\lost planet extreme condition\\lostplanetdx9.exe"= TCP :\games\lost planet extreme condition\lostplanetdx9.exe:LostPlanetDx9
"{FDBC3791-218A-4DD7-9633-DC3DD0CA0804}"= UDP :\Games\Stranglehold\Binaries\Retail-Stranglehold.exe:Stranglehold
"{71DD5EB9-D9CD-473D-BC9F-3D4BF6513A20}"= TCP :\Games\Stranglehold\Binaries\Retail-Stranglehold.exe:Stranglehold
"TCP Query User{E3EF6C10-376A-411B-9A6E-19DC26A88806}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{A2655D22-8DDD-4777-8C4F-90DD5A629649}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{FCC4672A-89A0-42A9-956E-020700FDE958}"= UDP:C:\Windows\System32\PnkBstrA.exe nkBstrA
"{D5822315-CC0A-48D0-983E-175E0E425CC0}"= TCP:C:\Windows\System32\PnkBstrA.exe nkBstrA
"{7D509C50-B4C3-4270-A842-AA6919DB3B55}"= UDP:C:\Windows\System32\PnkBstrB.exe nkBstrB
"{250E6FE9-A0C3-4BE3-A8EB-43570ECBD480}"= TCP:C:\Windows\System32\PnkBstrB.exe nkBstrB
"{9CA77D64-7119-4732-809F-ACAC6583D43F}"= UDP :\Games\Crysis\Bin32\Crysis.exe:Crysis_32
"{ADF79E4B-6A06-49A5-87D7-5A369A6853E4}"= TCP :\Games\Crysis\Bin32\Crysis.exe:Crysis_32
"{4C4A34E2-8DBD-4EF6-A83B-ECC87A690CE1}"= UDP :\Games\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{5B834DE3-2775-4756-836C-F19A28B69A0E}"= TCP :\Games\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{808FFF8D-1C01-4127-9590-DB209D19B9F6}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{29739777-0E86-418F-82C2-CAE2A8D5B528}"= UDP :\Games\Kane and Lynch Dead Men\kaneandlynch.exe:Kane & Lynch: Dead Men
"{5DC8560F-7631-4453-AD21-AC4E6B18F8E8}"= TCP :\Games\Kane and Lynch Dead Men\kaneandlynch.exe:Kane & Lynch: Dead Men
"{9C31C3BE-CF92-4968-8669-CB28EBC82542}"= UDP :\Games\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{23FFDC3C-C1FA-45C6-BA46-9E794F8DE460}"= TCP :\Games\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{8DFE96B1-FC69-40F4-A1C0-9C8C9D4752E0}"= UDP :\Games\Battlefield 2\BF2.exe:Battlefield 2
"{7AB049B2-C86C-4430-B087-9167E45E5CA9}"= TCP :\Games\Battlefield 2\BF2.exe:Battlefield 2
"{794CFD8C-BB21-4268-BF74-2716BBB7EAD4}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{0BAC581A-9D94-4BEE-BD9F-D140113C4022}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{DFEB9265-5375-4309-B272-D335F95310A9}C:\\program files\\adsltv\\adsltv.exe"= UDP:C:\program files\adsltv\adsltv.exe:adsltv
"UDP Query User{7F982220-7961-4B1A-8935-DC4C2EEDF0E8}C:\\program files\\adsltv\\adsltv.exe"= TCP:C:\program files\adsltv\adsltv.exe:adsltv
"TCP Query User{7D45042A-F582-45CF-8F7F-4FC336359E24}C:\\program files\\the all-seeing eye\\eye.exe"= UDP:C:\program files\the all-seeing eye\eye.exe:Yahoo! All-Seeing Eye
"UDP Query User{C159279E-3925-4ADC-BF01-89D9667FAC5B}C:\\program files\\the all-seeing eye\\eye.exe"= TCP:C:\program files\the all-seeing eye\eye.exe:Yahoo! All-Seeing Eye
"TCP Query User{144858AC-450F-4E38-B626-7EC38BA06765}C:\\users\\kevar\\desktop\\eye.exe"= UDP:C:\users\kevar\desktop\eye.exe:eye.exe
"UDP Query User{DD9EE265-E29D-4C8A-A792-EC900CACC894}C:\\users\\kevar\\desktop\\eye.exe"= TCP:C:\users\kevar\desktop\eye.exe:eye.exe
"TCP Query User{7C5D2324-48F0-4792-9CE1-7573E8662823}D:\\games\\call of duty 2\\cod2mp_s.exe"= UDP :\games\call of duty 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{BFC9ACA4-1917-479A-9EA5-5CAF5E72CE2A}D:\\games\\call of duty 2\\cod2mp_s.exe"= TCP :\games\call of duty 2\cod2mp_s.exe:CoD2MP_s
"TCP Query User{EDD25F34-AFF1-4682-BACF-E688E2F27B45}D:\\steam\\steamapps\\kevar_senik\\counter-strike\\hl.exe"= UDP :\steam\steamapps\kevar_senik\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{7F2D9E13-85CC-4143-8745-0945B0A3FA50}D:\\steam\\steamapps\\kevar_senik\\counter-strike\\hl.exe"= TCP :\steam\steamapps\kevar_senik\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{AF3D4D91-D89E-4867-B17F-4CA476EA0E5E}E:\\emule\\emule.exe"= UDP:E:\emule\emule.exe:eMule
"UDP Query User{9298F132-F39C-4F01-B27A-FC08D0901880}E:\\emule\\emule.exe"= TCP:E:\emule\emule.exe:eMule
"{45ECD757-44A9-40FB-ADD8-B2D62A8CEB47}"= UDP :\Games\LOST\Lost Via Domus\Yeti_Final_Win32.exe:Lost Via Domus Game
"{A8318DB4-4E4B-4136-9C80-0EE1C8CD1F25}"= TCP :\Games\LOST\Lost Via Domus\Yeti_Final_Win32.exe:Lost Via Domus Game
"{0EACB1FE-2A26-45A8-92B6-EBF652EB1E2D}"= UDP :\Games\LOST\Lost Via Domus\gu.exe:Lost Via Domus Updater
"{F96DF8F2-ADD9-45B7-964D-30EA70300C22}"= TCP :\Games\LOST\Lost Via Domus\gu.exe:Lost Via Domus Updater
"{3071754D-0EC0-4E22-BE70-6F3F94CD4F96}"= UDP :\Games\LOST\Lost Via Domus\detection\Launcher.exe:Lost Via Domus Requirements Tool
"{C96185F0-74D6-45F2-8FCA-1179B322D567}"= TCP :\Games\LOST\Lost Via Domus\detection\Launcher.exe:Lost Via Domus Requirements Tool
"{C7DAC412-96F2-49B5-AD59-D01729F8A1CF}"= UDP :\Games\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{A70CA707-6A7D-428D-A937-FA6F0DF687FE}"= TCP :\Games\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{088B075D-B0BE-45D2-A27E-68028C7C62A6}"= UDP :\Games\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{B6165AF2-D881-4D0A-864F-0EE3AD7971A7}"= TCP :\Games\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{DDF8CB46-42C3-41F6-8C25-E18BDEAF5B9B}"= UDP :\Games\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{7EDEFC3F-B2C8-4D12-9AE7-1606FEE9B177}"= TCP :\Games\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"TCP Query User{3ED88077-9A70-4DAD-B0A2-50E75BE4AC26}C:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:C:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{E3BA35F6-2A52-4B23-8B42-B356C92F7357}C:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:C:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{A227EF08-3097-42A8-BF7D-566AFF20C7CF}C:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:C:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{70421EFF-B78C-4479-98C4-4B9699676166}C:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:C:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"TCP Query User{D13AFC2F-2BB9-4B1E-B18D-DF4450C993B7}C:\\program files\\freeplayer\\vlc\\vlc.exe"= UDP:C:\program files\freeplayer\vlc\vlc.exe:VLC media player
"UDP Query User{15493773-B1A2-4A0A-AA64-5339A90A2723}C:\\program files\\freeplayer\\vlc\\vlc.exe"= TCP:C:\program files\freeplayer\vlc\vlc.exe:VLC media player
"TCP Query User{5DB95920-0EF8-4B3D-9265-20C4F15FD2B4}F:\\nettool 0.8.exe"= UDP:F:\nettool 0.8.exe:NetTool
"UDP Query User{DB2D50D3-3043-433F-9719-1605EF2EBA03}F:\\nettool 0.8.exe"= TCP:F:\nettool 0.8.exe:NetTool
"TCP Query User{BD4AD5FD-7938-491C-88F2-44A1BE1D1E4B}F:\\nettool 0.8.exe"= UDP:F:\nettool 0.8.exe:NetTool
"UDP Query User{CF029ADA-5A9B-4A4C-A30F-8CE20288EAB5}F:\\nettool 0.8.exe"= TCP:F:\nettool 0.8.exe:NetTool
"TCP Query User{E9D7B322-03D8-4C16-92AB-161EC6EAA440}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{EE76FED4-ED34-4994-A7CB-D4B890CACD58}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{C3108524-DD9D-4DBA-9D61-76887482EA2A}C:\\program files\\adsltv\\adsltv.exe"= UDP:C:\program files\adsltv\adsltv.exe:adsltv
"UDP Query User{4D0F8B03-7E14-4F2E-BC19-C227AC2E06C4}C:\\program files\\adsltv\\adsltv.exe"= TCP:C:\program files\adsltv\adsltv.exe:adsltv
"{277B92A1-79FD-4DEC-937F-8EAB330E13BF}"= C:\Program Files\Windows Live\Messenger\wlcsdk.exe:Windows Live Messenger (Phone)
"{2DA904F0-D6FA-4007-8A1A-88AF34F47758}"= UDP :\Games\GRID\GRID.exe:GRID
"{5C35EF89-D93D-4F61-81EC-AD6A756E3BC8}"= TCP :\Games\GRID\GRID.exe:GRID
"{8BAC004D-A462-4445-8B71-641865A3D2E3}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{35527D0E-91EA-490B-9E0A-6900E9AD03C2}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{37FFD859-05C9-4CC5-8335-8CF495708B4B}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{361022B7-0BF8-4123-93CF-C3920F0C92CB}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{9A8272DA-E51B-4E2C-9E6D-CD4F2AA5CC94}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{8F308FF5-17C0-469D-AA24-23668EA395C0}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{D4A3AB73-E9D6-4FEE-94EE-1A3320B1AF69}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{FDDFD9DB-4539-4C1A-A19A-5DFBC178F476}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype

R0 pe3ajbeb;L Ile Noyee Environment Driver (pe3ajbeb);C:\Windows\system32\drivers\pe3ajbeb.sys [2007-08-22 18:31]
R0 ps7ajbeb;L Ile Noyee Synchronization Driver (ps7ajbeb);C:\Windows\system32\drivers\ps7ajbeb.sys [2007-08-22 18:30]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2008-01-18 23:33]
R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2008-01-18 23:33]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;C:\Windows\system32\drivers\libusb0.sys [2005-03-09 20:50]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 09:51]
S0 OemBiosDevice;Royalty OEM Bios Extension;C:\Windows\system32\drivers\royal.sys [2007-09-29 16:51]
S2 pr2ajbeb;L Ile Noyee Drivers Auto Removal (pr2ajbeb);C:\Windows\system32\pr2ajbeb.exe svc []
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187.sys [2006-06-16 09:30]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-05-17 14:08]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
GPSvcGroup REG_MULTI_SZ GPSvc


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-21 14:04:46
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\libusbd-nt.exe
C:\Windows\System32\PnkBstrA.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Everest Poker\Everest Poker.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\System32\wbem\WMIADAP.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-21 14:09:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-21 12:09:18
ComboFix2.txt 2008-06-20 22:39:27

Pre-Run: 52,941,500,416 octets libres
Post-Run: 52,835,164,160 octets libres

336 --- E O F --- 2008-06-21 00:14:37

et voila pour HijackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:11:24, on 21/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Everest Poker\Everest Poker.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\Explorer.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/cert...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUpload...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: L Ile Noyee Drivers Auto Removal (pr2ajbeb) (pr2ajbeb) - Micro Application - C:\Windows\system32\pr2ajbeb.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 7941 bytes

Re,

Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir

Fais un scan complet puis poste le rapport en fin d'analyse.
AIDE : Tutorial sur l'antivirus AntiVir Personal Edition Classic

Voili voilou !!!



Avira AntiVir Personal
Report file date: samedi 21 juin 2008 14:51

Scanning for 1349608 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (Service Pack 1) [6.0.6001]
Boot mode: Normally booted
Username: SYSTEM
Computer name: PC-DE-KEVAR

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58
ANTIVIR2.VDF : 7.0.4.195 2546176 Bytes 14/06/2008 12:49:42
ANTIVIR3.VDF : 7.0.4.232 250880 Bytes 20/06/2008 12:49:44
Engineversion : 8.1.0.59
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.44 278907 Bytes 21/06/2008 12:49:56
AESCN.DLL : 8.1.0.22 119157 Bytes 21/06/2008 12:49:55
AERDL.DLL : 8.1.0.20 418165 Bytes 21/06/2008 12:49:54
AEPACK.DLL : 8.1.1.6 364918 Bytes 21/06/2008 12:49:53
AEOFFICE.DLL : 8.1.0.20 192891 Bytes 21/06/2008 12:49:52
AEHEUR.DLL : 8.1.0.32 1274231 Bytes 21/06/2008 12:49:51
AEHELP.DLL : 8.1.0.15 115063 Bytes 21/06/2008 12:49:48
AEGEN.DLL : 8.1.0.29 307573 Bytes 21/06/2008 12:49:47
AEEMU.DLL : 8.1.0.6 430451 Bytes 21/06/2008 12:49:46
AECORE.DLL : 8.1.0.31 168310 Bytes 21/06/2008 12:49:45
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, E:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: samedi 21 juin 2008 14:51

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'VSSVC.exe' - '1' Module(s) have been scanned
Scan process 'TrustedInstaller.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexStoreSvr.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexingService.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'libusbd-nt.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'wmdcBase.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'OpWareSE4.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'smax4pnp.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
60 processes with 60 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '11' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\QooBox\Quarantine\C\Windows\System32\jkkHYOEu.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '48c7ff1c.qua'!
C:\QooBox\Quarantine\C\Windows\System32\yobjrxvp.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '48beff26.qua'!
C:\Windows\System32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <Mega>
Begin scan in 'E:\' <eMule>


End of the scan: samedi 21 juin 2008 15:57
Used time: 1:06:29 min

The scan has been done completely.

22327 Scanning directories
563103 Files were scanned
2 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
2 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
563101 Files not concerned
2135 Archives were scanned
3 Warnings
2 Notes

Reposte un rapport Hijackthis.

Le voila !!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:37:36, on 21/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SyncServer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/cert...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUpload...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: L Ile Noyee Drivers Auto Removal (pr2ajbeb) (pr2ajbeb) - Micro Application - C:\Windows\system32\pr2ajbeb.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 8135 bytes

Encore des soucis ?

Ba l'anti virus a detecté 2 virus mis en quarantaine...
Le PC a l'air de tourner rond
que dois je faire de ces fichiers en quarantaine ?
Le log HijackThis est clean ?

Tu peux laisser les fichiers en quarantaine. Ton pc est apparemment ok.

Merci beaucoup pour ton aide !!!
Je vais tester ça un moment pour voir si tout tourne rond  

Merci !!!

No problem.