Bonjour,

1. Télécharge [color=red]combofix.exe[/color] (par [color=#3366FF]sUBs[/color]) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe

sur ton Bureau.

2. Double clique sur combofix.exe pour lancer le scan.
3. Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

Télécharge [color=blue]HijackThisV2[/color] sur ton Bureau. [list]

• Double-clique sur HJTInstall.exe et suis les instructions d'installation.
• Tu trouveras un tutoriel pour l'installation et la génération d'un rapport ici: http://cybersecurite.xooit.com/t13 [...] -2-0-2.htm
• Poste le rapport généré sur le forum.[/list]

2) Rapport HIJACKTHIS :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:25:58, on 15/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Sony\FingerprintMV\BioSecure\ZF.exe
C:\Program Files\Sony\FingerprintMV\FPManager.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\Drivers\SAP\FD.exe
C:\Program Files\Sony\FingerprintMV\fphide.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\France\Mes documents\Divers\DL\Firefox 2.0 beta\Mozilla Firefox 2 Beta 2\firefox.exe
C:\Documents and Settings\France\Bureau\20080715\HiJackThis.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/countries [...] efault.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {6859cf19-06bb-d10a-1ca4-a438e71be8eb} - {be8eb17e-834a-4ac1-a01d-bb6091fc9586} - C:\WINDOWS\system32\zjxnsx.dll
O4 - HKLM\..\Run: [ZF] C:\Program Files\Sony\FingerprintMV\BioSecure\ZF.exe X X
O4 - HKLM\..\Run: [BioManager] C:\Program Files\Sony\FingerprintMV\FPManager.exe
O4 - HKLM\..\Run: [74b80da1] rundll32.exe "C:\WINDOWS\system32\ktnindai.dll",b
O4 - HKLM\..\Run: [BM778b3e3d] Rundll32.exe "C:\WINDOWS\system32\hpbsidwn.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {08F04139-8DFC-11D2-80E9-006008B066EE} (ConfigChkr Class) - https://certification.hsbc.fr/vscnfchk.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/ [...] insctl.cab
O16 - DPF: {A06BE318-C096-11D4-964F-0010A4D06F69} (TeleTVA Control) - https://tva.dgi.minefi.gouv.fr/activeX/TeleTVA.tva
O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} (HPSDDX Class) - http://www.hp.com/cpso-support-new [...] Signed.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/ [...] cgdmgr.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O23 - Service: Oracle Express Server 6.3.2.0.0 (ExpSrv632) - Oracle Corporation - C:\OraHome1\olap\oes632\service\expres63.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Oracle Express Agent (xsAgent) - Unknown owner - C:\OraHome1\bin\xsaagent.exe
O23 - Service: Visibroker Smart Agent (xsSmartAgent) - Unknown owner - C:\OraHome1\bin\osagent.exe

--
End of file - 5542 bytes

1/Affiche tout les fichiers:

Rends toi sur ce lien : [color=blue]Virus Total[/color][list]

• Clique sur Parcourir[*]Rends toi jusque sur ce fichier si tu le trouves :[/list][list]

C:\PMSSAARI_2008_05.zip[/list][list]

• Clique sur Envoyer le fichier et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.[*]Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page. [*]Lorsque l'analyse est terminée ("Situation actuelle: terminé" ), clique sur Formaté[*]Une nouvelle fenêtre de ton navigateur va apparaître puis post le resultat.

Fait la même chose avec ces fichiers/dossiers:

C:\Program Files\R2win.zip
C:\Program Files\Sap111Setup.exe
C:\WINDOWS\system32\iadnintk.ini

Poste également le résultat pour chacun d'entre eux.

@+

Re,

C'était au cas ou

@+

VirusTotal m'indique :
"Envoi de fichier
Ne fermez pas la fenêtre avant envoi complet.
Le temps nécessaire dépendra de la taille du fichier, de la charge du réseau et de la vitesse de votre connexion."
Je dois attendre c'est ca ?

1) Fichier iadnintk.ini reçu le 2008.07.16 07:32:16 (CET)

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.7.16.0 2008.07.16 -
AntiVir 7.8.0.68 2008.07.15 -
Authentium 5.1.0.4 2008.07.15 -
Avast 4.8.1195.0 2008.07.15 -
AVG 7.5.0.516 2008.07.15 -
BitDefender 7.2 2008.07.16 -
CAT-QuickHeal 9.50 2008.07.15 -
ClamAV 0.93.1 2008.07.16 -
DrWeb 4.44.0.09170 2008.07.15 -
eSafe 7.0.17.0 2008.07.15 -
eTrust-Vet 31.6.5958 2008.07.16 -
Ewido 4.0 2008.07.15 -
F-Prot 4.4.4.56 2008.07.15 -
F-Secure 7.60.13501.0 2008.07.16 -
Fortinet 3.14.0.0 2008.07.16 -
GData 2.0.7306.1023 2008.07.16 -
Ikarus T3.1.1.26.0 2008.07.16 -
Kaspersky 7.0.0.125 2008.07.16 -
McAfee 5339 2008.07.15 -
Microsoft 1.3704 2008.07.15 -
NOD32v2 3270 2008.07.15 -
Norman 5.80.02 2008.07.15 -
Panda 9.0.0.4 2008.07.15 -
Prevx1 V2 2008.07.16 -
Rising 20.53.20.00 2008.07.16 -
Sophos 4.31.0 2008.07.16 -
Sunbelt 3.1.1536.1 2008.07.15 -
Symantec 10 2008.07.16 -
TheHacker 6.2.96.381 2008.07.16 -
TrendMicro 8.700.0.1004 2008.07.16 -
VBA32 3.12.8.0 2008.07.15 -
VirusBuster 4.5.11.0 2008.07.15 -
Webwasher-Gateway 6.6.2 2008.07.16 -
Information additionnelle
File size: 414 bytes
MD5...: f3fa622e3d602e0dbc2bef33bf3644e7
SHA1..: 7ae46d66ccf3803e6c66acfbf1fecf121c06c007
SHA256: 5b944705193207b8dfdbb605098eca204910c831f7c81f9403c9a4201d1c688c
SHA512: 18f4fa690b50e87b5eb0d8917a828ef1ad9aab1d723605f831a0565122a9918b<br>234613ee84903e71cb09ae025c304ed7673f2acb10a070373e294210a93893c7
PEiD..: -
PEInfo: -

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.7.16.0 2008.07.16 -
AntiVir 7.8.0.68 2008.07.15 -
Authentium 5.1.0.4 2008.07.15 -
Avast 4.8.1195.0 2008.07.15 -
AVG 7.5.0.516 2008.07.15 -
BitDefender 7.2 2008.07.16 -
CAT-QuickHeal 9.50 2008.07.15 -
ClamAV 0.93.1 2008.07.16 -
DrWeb 4.44.0.09170 2008.07.15 -
eSafe 7.0.17.0 2008.07.15 -
eTrust-Vet 31.6.5958 2008.07.16 -
Ewido 4.0 2008.07.15 -
F-Prot 4.4.4.56 2008.07.15 -
F-Secure 7.60.13501.0 2008.07.16 -
Fortinet 3.14.0.0 2008.07.16 -
GData 2.0.7306.1023 2008.07.16 -
Ikarus T3.1.1.26.0 2008.07.16 -
Kaspersky 7.0.0.125 2008.07.16 -
McAfee 5339 2008.07.15 -
Microsoft 1.3704 2008.07.15 -
NOD32v2 3270 2008.07.15 -
Norman 5.80.02 2008.07.15 -
Panda 9.0.0.4 2008.07.15 -
Prevx1 V2 2008.07.16 -
Rising 20.53.20.00 2008.07.16 -
Sophos 4.31.0 2008.07.16 -
Sunbelt 3.1.1536.1 2008.07.15 -
Symantec 10 2008.07.16 -
TheHacker 6.2.96.381 2008.07.16 -
TrendMicro 8.700.0.1004 2008.07.16 -
VBA32 3.12.8.0 2008.07.15 -
VirusBuster 4.5.11.0 2008.07.15 -
Webwasher-Gateway 6.6.2 2008.07.16 -

Information additionnelle
File size: 414 bytes
MD5...: f3fa622e3d602e0dbc2bef33bf3644e7
SHA1..: 7ae46d66ccf3803e6c66acfbf1fecf121c06c007
SHA256: 5b944705193207b8dfdbb605098eca204910c831f7c81f9403c9a4201d1c688c
SHA512: 18f4fa690b50e87b5eb0d8917a828ef1ad9aab1d723605f831a0565122a9918b<br>234613ee84903e71cb09ae025c304ed7673f2acb10a070373e294210a93893c7
PEiD..: -
PEInfo: -

Bonjour,

Ils sont inconnu des moteurs de recherches.

1/ Ouvre le Bloc-notes ( Menu Démarrer\Tous les programmes\Accessoires\Bloc-notes)

2/ Copie ce qui est en citation ci-dessous (sans le mot citation) par sélection puis Ctrl-C :

-Enregistre ce fichier dans: Bureau
-Nom du fichier : CFScript
-Type du fichier : tous les fichiers
-clique sur Enregistrer
-quitte le Bloc Notes

• Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture

[list]

• Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort), tape 1 puis valide.
• Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
• Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

[/list]

Poste également un nouveau rapport HijackThis.

Ils sont liés aux programmes que j'utilise : je sais à quoi ils correspondent.

[2 RAPPORTS]

1) Rapport ComboFix après CFScript :

ComboFix 08-07-14.2 - France 2008-07-17 7:31:54.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.258 [GMT 2:00]
Endroit: (...)
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

FILE ::
C:\WINDOWS\pskt.ini
C:\WINDOWS\SYSTEM32\cbalmpet.dll
C:\WINDOWS\SYSTEM32\eponfgsq.dll
C:\WINDOWS\SYSTEM32\hpbsidwn.dll
C:\WINDOWS\system32\hpbsidwn.dll
C:\WINDOWS\SYSTEM32\ktnindai.dll
C:\WINDOWS\system32\ktnindai.dll
C:\WINDOWS\SYSTEM32\oapiuusj.dll
C:\WINDOWS\SYSTEM32\shjvkr.dll
C:\WINDOWS\SYSTEM32\ysgagcbv.dll
C:\WINDOWS\SYSTEM32\zjxnsx.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\pskt.ini
C:\WINDOWS\SYSTEM32\cbalmpet.dll
C:\WINDOWS\SYSTEM32\eponfgsq.dll
C:\WINDOWS\SYSTEM32\hpbsidwn.dll
C:\WINDOWS\system32\iadnintk.ini
C:\WINDOWS\system32\ktnindai.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\SYSTEM32\oapiuusj.dll
C:\WINDOWS\SYSTEM32\shjvkr.dll
C:\WINDOWS\SYSTEM32\ysgagcbv.dll
C:\WINDOWS\SYSTEM32\zjxnsx.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2008-06-17 to 2008-07-17 ))))))))))))))))))))))))))))))))))))
.

2008-07-16 13:58 . 2008-07-16 13:58 <REP> d-------- C:\WINDOWS\LastGood
2008-07-16 13:57 . 2008-07-16 13:58 <REP> d-------- C:\Program Files\MSN Messenger
2008-07-16 10:11 . 2008-07-16 10:12 <REP> d-------- C:\Program Files\Mozilla Firefox 2 Beta 2
2008-07-15 14:18 . 2008-07-15 14:18 <REP> d-------- C:\Documents and Settings\PropriÚtaire
2008-07-15 09:18 . 2008-07-15 09:18 207 --a------ C:\WINDOWS\wininit.ini
2008-07-15 08:27 . 2008-07-15 08:27 <REP> d-------- C:\WINDOWS\SYSTEM32\fr-fr
2008-06-30 10:05 . 2008-06-30 10:06 71,852,872 --a------ C:\PMSSAARI_2008_05.zip

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-16 08:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-16 08:14 --------- d-----w C:\Program Files\Ontrack
2008-07-16 06:57 --------- d-----w C:\Program Files\Windows Live
2008-07-16 06:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-16 06:42 --------- d-----w C:\Program Files\OpenOffice.org 2.2
2008-07-16 06:40 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-07-16 06:31 --------- d-----w C:\Documents and Settings\France\Application Data\ESTsoft
2008-07-16 06:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESTsoft
2008-06-30 08:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-06-30 08:31 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-23 12:09 --------- d-----w C:\Documents and Settings\Giros\Application Data\ntr
2008-06-13 11:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-06-12 11:31 --------- d-----w C:\Program Files\Trend Micro
2008-06-12 10:15 --------- d-----w C:\Documents and Settings\France\Application Data\Malwarebytes
2008-06-12 10:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-12 06:03 --------- d-----w C:\Documents and Settings\France\Application Data\OpenOffice.org2
2008-06-12 05:29 --------- d-----w C:\Program Files\Avast4
2008-06-11 08:29 1,579,608 --sh--w C:\WINDOWS\SYSTEM32\bicfdiwu.tmp
2008-06-11 08:13 2,864 ----a-w C:\WINDOWS\SYSTEM32\WINSOCK.DLL
2008-06-11 08:13 2,864 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\winsock.dll
2008-06-10 07:09 1,583,937 --sh--w C:\WINDOWS\SYSTEM32\baflwxdg.tmp
2008-06-06 12:18 --------- d-----w C:\Documents and Settings\France\Application Data\SUPERAntiSpyware.com
2008-05-30 11:27 --------- d-----w C:\Documents and Settings\France\Application Data\Inkscape
2008-05-30 11:20 --------- d-----w C:\Documents and Settings\France\Application Data\gtk-2.0
2008-05-30 11:16 --------- d-----w C:\Program Files\gg
2007-10-25 08:59 108,768 ----a-w C:\Documents and Settings\France\Application Data\GDIPFONTCACHEV1.DAT
2006-12-01 09:50 100,168 ----a-w C:\Documents and Settings\Giros\Application Data\GDIPFONTCACHEV1.DAT
2006-06-12 07:07 71,128 ----a-w C:\Documents and Settings\Laure\Application Data\GDIPFONTCACHEV1.DAT
2005-09-12 19:38 25,251,455 ----a-w C:\Program Files\RUU_v1.1_OrangeFR_v3.66.2.238_ship.exe
2003-12-03 08:43 1,418,120 ----a-w C:\Program Files\j2re-1_4_2_02-windows-i586-p-iftw.exe
2003-11-05 11:28 6,086,967 ----a-w C:\Program Files\R2win.zip
2000-05-25 20:51 228,759 ----a-w C:\Program Files\Sap111Setup.exe
1998-10-15 02:20 12,124 ----a-w C:\Program Files\internet.dat
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\WINDOWS\SYSTEM32\fr-fr ----

2007-09-26 18:32 6656 --------- C:\WINDOWS\SYSTEM32\fr-fr\WinFXDocObj.exe.mui
2007-09-26 18:32 61440 --------- C:\WINDOWS\SYSTEM32\fr-fr\wininet.dll.mui
2007-09-26 18:32 57344 --------- C:\WINDOWS\SYSTEM32\fr-fr\msrating.dll.mui
2007-09-26 18:32 57344 --------- C:\WINDOWS\SYSTEM32\fr-fr\mshtmler.dll.mui
2007-09-26 18:32 49152 --------- C:\WINDOWS\SYSTEM32\fr-fr\webcheck.dll.mui
2007-09-26 18:32 40960 --------- C:\WINDOWS\SYSTEM32\fr-fr\urlmon.dll.mui
2007-09-26 18:32 3584 --------- C:\WINDOWS\SYSTEM32\fr-fr\mshtmled.dll.mui
2007-09-26 18:32 20480 --------- C:\WINDOWS\SYSTEM32\fr-fr\occache.dll.mui
2007-09-26 18:31 81920 --------- C:\WINDOWS\SYSTEM32\fr-fr\iedkcs32.dll.mui
2007-09-26 18:31 8192 --------- C:\WINDOWS\SYSTEM32\fr-fr\ieakeng.dll.mui
2007-09-26 18:31 7168 --------- C:\WINDOWS\SYSTEM32\fr-fr\iesetup.dll.mui
2007-09-26 18:31 5632 --------- C:\WINDOWS\SYSTEM32\fr-fr\iernonce.dll.mui
2007-09-26 18:31 49152 --------- C:\WINDOWS\SYSTEM32\fr-fr\ieaksie.dll.mui
2007-09-26 18:31 4608 --------- C:\WINDOWS\SYSTEM32\fr-fr\iepeers.dll.mui
2007-09-26 18:31 4096 --------- C:\WINDOWS\SYSTEM32\fr-fr\licmgr10.dll.mui
2007-09-26 18:31 4096 --------- C:\WINDOWS\SYSTEM32\fr-fr\ie4uinit.exe.mui
2007-09-26 18:31 3584 --------- C:\WINDOWS\SYSTEM32\fr-fr\inseng.dll.mui
2007-09-26 18:31 2560 --------- C:\WINDOWS\SYSTEM32\fr-fr\mshta.exe.mui
2007-09-26 18:31 2560 --------- C:\WINDOWS\SYSTEM32\fr-fr\ieunatt.exe.mui
2007-09-26 18:31 159744 --------- C:\WINDOWS\SYSTEM32\fr-fr\ieakui.dll.mui
2007-09-26 18:31 12288 --------- C:\WINDOWS\SYSTEM32\fr-fr\mshtml.dll.mui
2007-09-26 18:31 118784 --------- C:\WINDOWS\SYSTEM32\fr-fr\inetcpl.cpl.mui
2007-09-26 18:31 1048576 --------- C:\WINDOWS\SYSTEM32\fr-fr\ieframe.dll.mui
2007-09-26 18:30 9728 --------- C:\WINDOWS\SYSTEM32\fr-fr\extmgr.dll.mui
2007-09-26 18:30 8704 --------- C:\WINDOWS\SYSTEM32\fr-fr\icardie.dll.mui
2007-09-26 18:30 3584 --------- C:\WINDOWS\SYSTEM32\fr-fr\admparse.dll.mui
2007-09-26 18:30 12288 --------- C:\WINDOWS\SYSTEM32\fr-fr\html.iec.mui
2007-08-13 18:36 2560 --------- C:\WINDOWS\SYSTEM32\fr-fr\msfeedsbs.dll.mui
2007-08-13 18:11 3584 --------- C:\WINDOWS\SYSTEM32\fr-fr\ieui.dll.mui


((((((((((((((((((((((((((((( snapshot@2008-07-15_14.16.02.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-16 11:58:43 29,926 ----a-r C:\WINDOWS\Installer\{626C0733-8A5C-49EB-BB7C-7008C85BDBB9}\MsblIco.Exe
- 2007-10-18 10:31:46 51,224 ----a-w C:\WINDOWS\SYSTEM32\sirenacm.dll
+ 2006-10-24 08:17:10 48,424 ----a-w C:\WINDOWS\SYSTEM32\sirenacm.dll
- 2006-06-05 13:14:28 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll
+ 2006-06-05 12:14:28 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll
- 2006-06-05 13:14:28 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll
+ 2006-06-05 12:14:28 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll
- 2006-06-05 13:14:28 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll
+ 2006-06-05 12:14:28 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZF"="C:\Program Files\Sony\FingerprintMV\BioSecure\ZF.exe" [2004-07-25 08:27 310784]
"BioManager"="C:\Program Files\Sony\FingerprintMV\FPManager.exe" [2004-07-25 08:27 271872]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-20 01:09 160768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\^.recently-used.xbel]
path=\.recently-used.xbel
backup=C:\WINDOWS\pss\.recently-used.xbelCommon Startup

[HKLM\~\startupfolder\^dot4]
path=\dot4
backup=C:\WINDOWS\pss\dot4Common Startup

[HKLM\~\startupfolder\^gsview32.ini]
path=\gsview32.ini
backup=C:\WINDOWS\pss\gsview32.iniCommon Startup

[HKLM\~\startupfolder\^intlname.ols]
path=\intlname.ols
backup=C:\WINDOWS\pss\intlname.olsCommon Startup

[HKLM\~\startupfolder\^NTUSER.DAT]
path=\NTUSER.DAT
backup=C:\WINDOWS\pss\NTUSER.DATCommon Startup

[HKLM\~\startupfolder\^ntuser.dat.LOG]
path=\ntuser.dat.LOG
backup=C:\WINDOWS\pss\ntuser.dat.LOGCommon Startup

[HKLM\~\startupfolder\^NTUSER.INI]
path=\NTUSER.INI
backup=C:\WINDOWS\pss\NTUSER.INICommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TCASUTIEXE]
TCAUDIAG -off [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
--a------ 2001-09-04 17:31 655360 C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\Directcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-20 01:09 15360 C:\WINDOWS\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTouch]
--a------ 2001-09-23 09:14 163840 C:\WINDOWS\DellMMKb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FD_SAP]
--a------ 2004-07-25 08:31 196608 C:\WINDOWS\SYSTEM32\DRIVERS\SAP\FD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2006-10-24 10:18 5646632 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowIcon_Linpo_USB Product Driver v2.05r010]
--a------ 2003-12-11 18:54 73728 C:\Program Files\USB Product Driver v2.05r010\shwicon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MPS9"=2 (0x2)
"mcusrmgr"=2 (0x2)
"McTskshd.exe"=2 (0x2)
"McProxy"=2 (0x2)
"McLogManagerService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"=
"C:\\Documents and Settings\\Giros\\Bureau\\inquiero.exe"=
"C:\\OraHome1\\olap\\pex632\\service\\pexpress.exe"=
"C:\\WINDOWS\\SYSTEM32\\mmc.exe"=
"<NO NAME>"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6346:TCP"= 6346:TCP:LPM01P1
"6346:UDP"= 6346:UDP:LPMO012

R1 FD;FD;C:\WINDOWS\system32\drivers\FD.sys [2004-07-25 08:31]
R1 FG;FG;C:\WINDOWS\SYSTEM32\Drivers\FG.SYS [2008-03-18 09:42]
R2 Nhksrv;Netropa NHK Server;C:\WINDOWS\Nhksrv.exe [2001-08-06 15:41]
R2 tcaicchg;tcaicchg;C:\WINDOWS\System32\tcaicchg.sys [2000-06-06 20:08]
R2 TCAITDI;TCAITDI Protocol;C:\WINDOWS\system32\DRIVERS\TCAITDI.sys [2001-09-04 13:22]
R3 FLMCKUSB;AuthenTec TruePrint USB Driver (AES3400, AES3500, AES4000);C:\WINDOWS\system32\Drivers\FLMckUSB.sys [2003-07-25 06:39]
R3 Msikbd2k;DellTouch;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2000-10-03 17:18]
S3 ExpSrv632;Oracle Express Server 6.3.2.0.0;C:\OraHome1\olap\oes632\service\expres63.exe [2000-07-24 19:41]
S3 xsAgent;Oracle Express Agent;C:\OraHome1\bin\xsaagent.exe [2000-08-11 17:28]
S3 xsSmartAgent;Visibroker Smart Agent;C:\OraHome1\bin\osagent.exe [1999-07-30 15:31]
S4 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2001-08-17 23:52]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-msnmsgr - C:\Program Files\Windows Live\Messenger\msnmsgr.exe
MSConfigStartUp-googletalk - C:\Program Files\Google\Google Talk\googletalk.exe
MSConfigStartUp-PLFFAP - C:\WINDOWS\System32\HotFixQ0306270.exe
MSConfigStartUp-SpybotSD TeaTimer - C:\Documents and Settings\France\Mes documents\Persos\Antivirus\Spybot - Search & Destroy\TeaTimer.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-17 07:33:45
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-07-17 7:36:38
ComboFix-quarantined-files.txt 2008-07-17 05:36:25
ComboFix2.txt 2008-07-15 12:18:01

Pre-Run: 1,879,269,376 octets libres
Post-Run: 1,865,580,544 octets libres

243 --- E O F --- 2008-05-17 01:04:04

2) Rapport HijackThis après CFScript :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:59:13, on 17/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sony\FingerprintMV\BioSecure\ZF.exe
C:\Program Files\Sony\FingerprintMV\FPManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\Drivers\SAP\FD.exe
C:\Program Files\Sony\FingerprintMV\fphide.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\France\Bureau\20080715\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/countries [...] efault.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [ZF] C:\Program Files\Sony\FingerprintMV\BioSecure\ZF.exe X X
O4 - HKLM\..\Run: [BioManager] C:\Program Files\Sony\FingerprintMV\FPManager.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {08F04139-8DFC-11D2-80E9-006008B066EE} - https://certification.hsbc.fr/vscnfchk.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/ [...] insctl.cab
O16 - DPF: {A06BE318-C096-11D4-964F-0010A4D06F69} (TeleTVA Control) - https://tva.dgi.minefi.gouv.fr/activeX/TeleTVA.tva
O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} - http://www.hp.com/cpso-support-new [...] Signed.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/ [...] cgdmgr.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - http://support.f-secure.com/ols/fscax.cab
O23 - Service: Oracle Express Server 6.3.2.0.0 (ExpSrv632) - Oracle Corporation - C:\OraHome1\olap\oes632\service\expres63.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Oracle Express Agent (xsAgent) - Unknown owner - C:\OraHome1\bin\xsaagent.exe
O23 - Service: Visibroker Smart Agent (xsSmartAgent) - Unknown owner - C:\OraHome1\bin\osagent.exe

--
End of file - 4800 bytes

Je sais J'en avais installés.

C'est un PC professionnel et quand un de mes supérieurs est venu sur mon PC, il m'a tout enlevé car il jugeait que ces programmes n'avaient rien à faire sur mon PC...
Il a tout supprimé...

[1 RAPPORT]

ComboFix 08-07-14.2 - France 2008-07-17 13:27:16.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.75 [GMT 2:00]
Endroit: C:\Documents and Settings\France\Bureau\20080715\ComboFix.exe
Command switches used :: C:\Documents and Settings\France\Bureau\20080715\CFScript.txt
* Création d'un nouveau point de restauration

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]

FILE ::
C:\WINDOWS\SYSTEM32\baflwxdg.tmp
C:\WINDOWS\SYSTEM32\bicfdiwu.tmp
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\SYSTEM32\baflwxdg.tmp
C:\WINDOWS\SYSTEM32\bicfdiwu.tmp

.
((((((((((((((((((((((((((((( Fichiers créés 2008-06-17 to 2008-07-17 ))))))))))))))))))))))))))))))))))))
.

2008-07-17 07:59 . 2008-07-17 07:59 <REP> d-------- C:\WINDOWS\LastGood
2008-07-16 13:57 . 2008-07-16 13:58 <REP> d-------- C:\Program Files\MSN Messenger
2008-07-16 10:11 . 2008-07-16 10:12 <REP> d-------- C:\Program Files\Mozilla Firefox 2 Beta 2
2008-07-15 14:18 . 2008-07-15 14:18 <REP> d-------- C:\Documents and Settings\PropriÚtaire
2008-07-15 09:18 . 2008-07-15 09:18 207 --a------ C:\WINDOWS\wininit.ini
2008-07-15 08:27 . 2008-07-15 08:27 <REP> d-------- C:\WINDOWS\SYSTEM32\fr-fr
2008-06-30 10:05 . 2008-06-30 10:06 71,852,872 --a------ C:\PMSSAARI_2008_05.zip

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-16 08:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-16 08:14 --------- d-----w C:\Program Files\Ontrack
2008-07-16 06:57 --------- d-----w C:\Program Files\Windows Live
2008-07-16 06:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-16 06:42 --------- d-----w C:\Program Files\OpenOffice.org 2.2
2008-07-16 06:40 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-07-16 06:31 --------- d-----w C:\Documents and Settings\France\Application Data\ESTsoft
2008-07-16 06:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESTsoft
2008-06-30 08:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-06-30 08:31 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-23 12:09 --------- d-----w C:\Documents and Settings\Giros\Application Data\ntr
2008-06-13 11:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-06-12 11:31 --------- d-----w C:\Program Files\Trend Micro
2008-06-12 10:15 --------- d-----w C:\Documents and Settings\France\Application Data\Malwarebytes
2008-06-12 10:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-12 06:03 --------- d-----w C:\Documents and Settings\France\Application Data\OpenOffice.org2
2008-06-12 05:29 --------- d-----w C:\Program Files\Avast4
2008-06-11 08:13 2,864 ----a-w C:\WINDOWS\SYSTEM32\WINSOCK.DLL
2008-06-11 08:13 2,864 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\winsock.dll
2008-06-06 12:18 --------- d-----w C:\Documents and Settings\France\Application Data\SUPERAntiSpyware.com
2008-05-30 11:27 --------- d-----w C:\Documents and Settings\France\Application Data\Inkscape
2008-05-30 11:20 --------- d-----w C:\Documents and Settings\France\Application Data\gtk-2.0
2008-05-30 11:16 --------- d-----w C:\Program Files\gg
2007-10-25 08:59 108,768 ----a-w C:\Documents and Settings\France\Application Data\GDIPFONTCACHEV1.DAT
2006-12-01 09:50 100,168 ----a-w C:\Documents and Settings\Giros\Application Data\GDIPFONTCACHEV1.DAT
2006-06-12 07:07 71,128 ----a-w C:\Documents and Settings\Laure\Application Data\GDIPFONTCACHEV1.DAT
2005-09-12 19:38 25,251,455 ----a-w C:\Program Files\RUU_v1.1_OrangeFR_v3.66.2.238_ship.exe
2003-12-03 08:43 1,418,120 ----a-w C:\Program Files\j2re-1_4_2_02-windows-i586-p-iftw.exe
2003-11-05 11:28 6,086,967 ----a-w C:\Program Files\R2win.zip
2000-05-25 20:51 228,759 ----a-w C:\Program Files\Sap111Setup.exe
1998-10-15 02:20 12,124 ----a-w C:\Program Files\internet.dat
.

((((((((((((((((((((((((((((( snapshot@2008-07-15_14.16.02.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-16 11:58:43 29,926 ----a-r C:\WINDOWS\Installer\{626C0733-8A5C-49EB-BB7C-7008C85BDBB9}\MsblIco.Exe
- 2007-10-18 10:31:46 51,224 ----a-w C:\WINDOWS\SYSTEM32\sirenacm.dll
+ 2006-10-24 08:17:10 48,424 ----a-w C:\WINDOWS\SYSTEM32\sirenacm.dll
- 2008-07-15 12:09:48 102,400 ----a-w C:\WINDOWS\Temp\PlfinPK.dll
+ 2008-07-17 05:56:16 102,400 ----a-w C:\WINDOWS\TEMP\PlfinPK.dll
- 2006-06-05 13:14:28 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll
+ 2006-06-05 12:14:28 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll
- 2006-06-05 13:14:28 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll
+ 2006-06-05 12:14:28 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll
- 2006-06-05 13:14:28 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll
+ 2006-06-05 12:14:28 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZF"="C:\Program Files\Sony\FingerprintMV\BioSecure\ZF.exe" [2004-07-25 08:27 310784]
"BioManager"="C:\Program Files\Sony\FingerprintMV\FPManager.exe" [2004-07-25 08:27 271872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\^.recently-used.xbel]
path=\.recently-used.xbel
backup=C:\WINDOWS\pss\.recently-used.xbelCommon Startup

[HKLM\~\startupfolder\^dot4]
path=\dot4
backup=C:\WINDOWS\pss\dot4Common Startup

[HKLM\~\startupfolder\^gsview32.ini]
path=\gsview32.ini
backup=C:\WINDOWS\pss\gsview32.iniCommon Startup

[HKLM\~\startupfolder\^intlname.ols]
path=\intlname.ols
backup=C:\WINDOWS\pss\intlname.olsCommon Startup

[HKLM\~\startupfolder\^NTUSER.DAT]
path=\NTUSER.DAT
backup=C:\WINDOWS\pss\NTUSER.DATCommon Startup

[HKLM\~\startupfolder\^ntuser.dat.LOG]
path=\ntuser.dat.LOG
backup=C:\WINDOWS\pss\ntuser.dat.LOGCommon Startup

[HKLM\~\startupfolder\^NTUSER.INI]
path=\NTUSER.INI
backup=C:\WINDOWS\pss\NTUSER.INICommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TCASUTIEXE]
TCAUDIAG -off [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
--a------ 2001-09-04 17:31 655360 C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\Directcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-20 01:09 15360 C:\WINDOWS\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTouch]
--a------ 2001-09-23 09:14 163840 C:\WINDOWS\DellMMKb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FD_SAP]
--a------ 2004-07-25 08:31 196608 C:\WINDOWS\SYSTEM32\DRIVERS\SAP\FD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2006-10-24 10:18 5646632 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowIcon_Linpo_USB Product Driver v2.05r010]
--a------ 2003-12-11 18:54 73728 C:\Program Files\USB Product Driver v2.05r010\shwicon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MPS9"=2 (0x2)
"mcusrmgr"=2 (0x2)
"McTskshd.exe"=2 (0x2)
"McProxy"=2 (0x2)
"McLogManagerService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"=
"C:\\Documents and Settings\\Giros\\Bureau\\inquiero.exe"=
"C:\\OraHome1\\olap\\pex632\\service\\pexpress.exe"=
"C:\\WINDOWS\\SYSTEM32\\mmc.exe"=
"<NO NAME>"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6346:TCP"= 6346:TCP:LPM01P1
"6346:UDP"= 6346:UDP:LPMO012

R1 FD;FD;C:\WINDOWS\system32\drivers\FD.sys [2004-07-25 08:31]
R1 FG;FG;C:\WINDOWS\SYSTEM32\Drivers\FG.SYS [2008-03-18 09:42]
R2 Nhksrv;Netropa NHK Server;C:\WINDOWS\Nhksrv.exe [2001-08-06 15:41]
R2 tcaicchg;tcaicchg;C:\WINDOWS\System32\tcaicchg.sys [2000-06-06 20:08]
R2 TCAITDI;TCAITDI Protocol;C:\WINDOWS\system32\DRIVERS\TCAITDI.sys [2001-09-04 13:22]
R3 FLMCKUSB;AuthenTec TruePrint USB Driver (AES3400, AES3500, AES4000);C:\WINDOWS\system32\Drivers\FLMckUSB.sys [2003-07-25 06:39]
R3 Msikbd2k;DellTouch;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2000-10-03 17:18]
S3 ExpSrv632;Oracle Express Server 6.3.2.0.0;C:\OraHome1\olap\oes632\service\expres63.exe [2000-07-24 19:41]
S4 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2001-08-17 23:52]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-17 13:31:22
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...


**************************************************************************
.
Temps d'accomplissement: 2008-07-17 13:36:53
ComboFix-quarantined-files.txt 2008-07-17 11:35:47
ComboFix2.txt 2008-07-17 05:36:39
ComboFix3.txt 2008-07-15 12:18:01

Pre-Run: 1,708,634,112 octets libres
Post-Run: 1,694,679,040 octets libres

181 --- E O F --- 2008-05-17 01:04:04

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:49:45, on 18/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sony\FingerprintMV\BioSecure\ZF.exe
C:\Program Files\Sony\FingerprintMV\FPManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\Drivers\SAP\FD.exe
C:\Program Files\Sony\FingerprintMV\fphide.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Documents and Settings\France\Mes documents\Persos\Firefox\Mozilla Firefox 2 Beta 2\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\France\LOCALS~1\Temp\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/countries [...] efault.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [ZF] C:\Program Files\Sony\FingerprintMV\BioSecure\ZF.exe X X
O4 - HKLM\..\Run: [BioManager] C:\Program Files\Sony\FingerprintMV\FPManager.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {08F04139-8DFC-11D2-80E9-006008B066EE} - https://certification.hsbc.fr/vscnfchk.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/ [...] insctl.cab
O16 - DPF: {A06BE318-C096-11D4-964F-0010A4D06F69} (TeleTVA Control) - https://tva.dgi.minefi.gouv.fr/activeX/TeleTVA.tva
O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} - http://www.hp.com/cpso-support-new [...] Signed.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/ [...] cgdmgr.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - http://support.f-secure.com/ols/fscax.cab
O23 - Service: Oracle Express Server 6.3.2.0.0 (ExpSrv632) - Oracle Corporation - C:\OraHome1\olap\oes632\service\expres63.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Oracle Express Agent (xsAgent) - Unknown owner - C:\OraHome1\bin\xsaagent.exe
O23 - Service: Visibroker Smart Agent (xsSmartAgent) - Unknown owner - C:\OraHome1\bin\osagent.exe

--
End of file - 4997 bytes

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT Monday, July 21, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, July 18, 2008 08:43:16
Records in database: 967880
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
Z:\

Scan statistics:
Files scanned: 111555
Threat name: 18
Infected objects: 80
Suspicious objects: 0
Duration of the scan: 08:31:11


File name / Threat name / Threats count
C:\ALLSHARE Pierre\ALLSHARE Pierre.zip Infected: Virus.MSWord.Ethan 8
C:\ALLSHARE Pierre\MES DOCUMENT\Microsoft\Mail\Outlook Express\Hays.dbx Infected: Virus.MSWord.Ethan 2
C:\ALLSHARE Pierre\MES DOCUMENT\Microsoft\Mail\Outlook Express\PEE.dbx Infected: Virus.MSWord.Ethan 1
C:\ALLSHARE Pierre\MES DOCUMENT\Microsoft\Mail\Outlook Express\Unibéton.dbx Infected: Virus.MSWord.Ethan 1
C:\ALLSHARE Pierre\MES DOCUMENT\Microsoft\Mail\Outlook Express\Waterman.dbx Infected: Virus.MSWord.Ethan 4
C:\Documents and Settings\France\Mes documents\Divers\DL\Set\Setup.exe Infected: not-a-virus:AdTool.Win32.Zango.s 1
C:\Documents and Settings\France\Mes documents\Persos\Analyse Antivirus.zip Infected: not-a-virus:FraudTool.Win32.SpyNoMore.g 1
C:\Documents and Settings\France\Mes documents\Persos\Analyse Antivirus.zip Infected: not-a-virus:AdWare.Win32.Virtumonde.ymn 1
C:\Documents and Settings\France\Mes documents\Persos\Analyse Antivirus.zip Infected: not-a-virus:AdWare.Win32.Virtumonde.ymm 1
C:\Documents and Settings\Giros\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Infected: Virus.MSWord.Ethan 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\bjftlofx.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aama 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\cizsle.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.bqf 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\crxztu.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.bqg 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\cwklhmdo.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.bqh 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\dfbltbju.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.bqh 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\etbmra.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.bqi 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\hzhpfg.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.bqf 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\iacyhwml.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.bqi 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\icjmdudl.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.bqm 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\lhbsgn.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.bqh 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\mqicaujn.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.bqg 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ncsafhem.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.bqf 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ngfwfpfb.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.bql 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\nlmurgno.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.bqf 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\octjtr.dll.vir Infected: Trojan.Win32.Agent.udn 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\pnqocwtl.dll.vir Infected: Trojan.Win32.Monder.ajn 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\rcyccihe.dll.vir Infected: Trojan.Win32.Agent.udn 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\tcslfbab.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.bqi 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\uztnrj.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.bqh 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\vdfdedwi.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.yyr 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\vqcwdist.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.bqj 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\xfucyryp.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.yyr 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\xltiwmmc.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.bqm 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ypxzbr.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.bqi 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ywoojjrh.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.bql 1
C:\System Volume Information\_restore{E76E0855-6E35-4275-83F4-FA20D9EFDF4F}\RP49\A0009758.exe Infected: not-a-virus:FraudTool.Win32.SpyNoMore.g 1
C:\System Volume Information\_restore{E76E0855-6E35-4275-83F4-FA20D9EFDF4F}\RP49\A0009772.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ymn 1
C:\System Volume Information\_restore{E76E0855-6E35-4275-83F4-FA20D9EFDF4F}\RP49\A0009778.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ymm 1
C:\System Volume Information\_restore{E76E0855-6E35-4275-83F4-FA20D9EFDF4F}\RP49\A0010693.dll Infected: Trojan.Win32.Monder.ajn 1
C:\System Volume Information\_restore{E76E0855-6E35-4275-83F4-FA20D9EFDF4F}\RP58\A0011957.dll Infected: Trojan.Win32.Agent.rwi 1
C:\System Volume Information\_restore{E76E0855-6E35-4275-83F4-FA20D9EFDF4F}\RP59\A0012030.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aama 1
C:\System Volume Information\_restore{E76E0855-6E35-4275-83F4-FA20D9EFDF4F}\RP59\A0012033.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.bqf 1
C:\System Volume Information\_restore{E76E0855-6E35-4275-83F4-FA20D9EFDF4F}\RP59\A0012034.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.bqg 1
C:\System Volume Information\_restore{E76E0855-6E35-4275-83F4-FA20D9EFDF4F}\RP59\A0012035.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.bqh 1
C:\System Volume Information\_restore{E76E0855-6E35-4275-83F4-FA20D9EFDF4F}\RP59\A0012036.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.bqh 1
C:\System Volume Information\_restore{E76E0855-6E35-4275-83F4-FA20D9EFDF4F}\RP59\A0012039.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.bqi 1
C:\System Volume Information\_restore{E76E0855-6E35-4275-83F4-FA20D9EFDF4F}\RP59\A0012045.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.bqf 1
C:\System Volume Information\_restore{E76E0855-6E35-4275-83F4-FA20D9EFDF4F}\RP59\A0012046.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.bqi 1
C:\System Volume Information\_restore{E76E0855-6E35-4275-83F4-FA20D9EFDF4F}\RP59\A0012047.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.bqm 1
C:\System Volume Information\_restore{E76E0855-6E35-4275-83F4-FA20D9EFDF4F}\RP59\A0012050.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.bqh 1
C:\System Volume Information\_restore{E76E0855-6E35-4275-83F4-FA20D9EFDF4F}\RP59\A0012052.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.bqg 1
C:\System Volume Information\_restore{E76E0855-6E35-4275-83F4-FA20D9EFDF4F}\RP59\A0012053.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.bqf 1
C:\System Volume Information\_restore{E76E0855-6E35-4275-83F4-FA20D9EFDF4F}\RP59\A0012054.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.bql 1
C:\System Volume Information\_restore{E76E0855-6E35-4275-83F4-FA20D9EFDF4F}\RP59\A0012055.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.bqf 1
C:\System Volume Information\_restore{E76E0855-6E35-4275-83F4-FA20D9EFDF4F}\RP59\A0012056.dll Infected: Trojan.Win32.Agent.udn 1
C:\System Volume Information\_restore{E76E0855-6E35-4275-83F4-FA20D9EFDF4F}\RP59\A0012059.dll Infected: Trojan.Win32.Monder.ajn 1
C:\System Volume Information\_restore{E76E0855-6E35-4275-83F4-FA20D9EFDF4F}\RP59\A0012064.dll Infected: Trojan.Win32.Agent.udn 1
C:\System Volume Information\_restore{E76E0855-6E35-4275-83F4-FA20D9EFDF4F}\RP59\A0012068.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.bqi 1
C:\System Volume Information\_restore{E76E0855-6E35-4275-83F4-FA20D9EFDF4F}\RP59\A0012070.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.bqh 1
C:\System Volume Information\_restore{E76E0855-6E35-4275-83F4-FA20D9EFDF4F}\RP59\A0012071.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.yyr 1
C:\System Volume Information\_restore{E76E0855-6E35-4275-83F4-FA20D9EFDF4F}\RP59\A0012072.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.bqj 1
C:\System Volume Information\_restore{E76E0855-6E35-4275-83F4-FA20D9EFDF4F}\RP59\A0012074.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.yyr 1
C:\System Volume Information\_restore{E76E0855-6E35-4275-83F4-FA20D9EFDF4F}\RP59\A0012075.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.bqm 1
C:\System Volume Information\_restore{E76E0855-6E35-4275-83F4-FA20D9EFDF4F}\RP59\A0012079.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.bqi 1
C:\System Volume Information\_restore{E76E0855-6E35-4275-83F4-FA20D9EFDF4F}\RP59\A0012081.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.bql 1
Z:\Software\utilitaires\vnc-4_1_2-x86_win32.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 4

The selected area was scanned.

Euh là tu me demandes de supprimer des dossiers importants pour moi ....
C'est normal ??

J'en ai besoin ! Pas possible de les désinfecter ?

Il me faut garder :
ALLSHARE Pierre.zip
Outlook.pst
Hays.dbx
PEE.dbx
Unibéton.dbx
Waterman.dbx

Et :
Analyse Antivirus.zip est le fichier dans lequel j'ai sauvegardé les rapport de nos analyses ... Des virus dedans ?

Mon PC va désormais correctement sur Internet, les pubs semblent avoir disparues ...
Les logiciels qui buggaient ne bugguent plus ...

Ca à l'air correct...

Je fais l'activation / désactivation de la restauration ...

OK.
Quel malware m'a donc infecté en conclusion ?