Se connecter / S'enregistrer
Votre question

Virus Pop Up/Lenteur internet (impossible d'aller sur google)

Tags :
  • Virus
  • Sécurité
Dernière réponse : dans Sécurité et virus
26 Juin 2008 21:07:02

Bonjour,voila j'ai récemment tenté d'installer un crack nocd et j'ai chopé un virus qui me fait des pops up chiants et surtout rend mon internet LENT voir meme impossible de faire une recherche sur google.
Avec un ami informaticien nous avons déja résolu 2 problemes mais il en reste un :S

Je vais donc poster mon rapport HijackThis en espérant trouver de l'aider :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:08:59, on 26/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\PROGRA~1\FICHIE~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\RivaTuner v2.06\RivaTuner.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\FRAPS\FRAPS.EXE
C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe
C:\Program Files\Belkin\Nostromo\nost_LM.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
G:\Applications\Scanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {14370F76-7676-44A2-AD11-93A31C5FC9FC} - C:\WINDOWS\system32\ssqOhIAT.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: {59b9203d-271d-c158-3804-59548cd340d9} - {9d043dc8-4595-4083-851c-d172d3029b95} - C:\WINDOWS\system32\owuwfude.dll
O2 - BHO: (no name) - {E5F8DA84-78C8-440E-A9E4-50E61B120200} - C:\WINDOWS\system32\tuvUNdDu.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.06\RivaTuner.exe" /T
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.06\RivaTuner.exe" /S
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Giganews Accelerator.lnk = C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe
O4 - Global Startup: Loadout Manager.lnk = C:\Program Files\Belkin\Nostromo\nost_LM.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O20 - Winlogon Notify: ssqOhIAT - C:\WINDOWS\SYSTEM32\ssqOhIAT.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6765 bytes


Voila,merci d'avance.

Autres pages sur : virus pop lenteur internet impossible aller google

26 Juin 2008 21:47:59

bonsoir

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    26 Juin 2008 22:47:14

    Bonsoir.
    Merci beaucoup.
    J'ai donc fait comme il était dit,mais,l'analyse prend énormément de temps alors je la relancerai cette nuit avant de dormir :) 
    J'ai déja trouvé ca :

    Malwarebytes' Anti-Malware 1.18
    Version de la base de données: 894

    22:43:35 26/06/2008
    mbam-log-6-26-2008 (22-43-35).txt

    Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|)
    Eléments examinés: 48122
    Temps écoulé: 43 minute(s), 0 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 2
    Clé(s) du Registre infectée(s): 5
    Valeur(s) du Registre infectée(s): 1
    Elément(s) de données du Registre infecté(s): 2
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 7

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\WINDOWS\system32\tuvUNdDu.dll (Trojan.Vundo) -> Unloaded module successfully.
    C:\WINDOWS\system32\ssqOhIAT.dll (Trojan.Vundo) -> Unloaded module successfully.

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3b9b3fe9-7832-4edb-876d-c3c935db4589} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{3b9b3fe9-7832-4edb-876d-c3c935db4589} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{14370f76-7676-44a2-ad11-93a31c5fc9fc} (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14370f76-7676-44a2-ad11-93a31c5fc9fc} (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqohiat (Trojan.Vundo) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{14370f76-7676-44a2-ad11-93a31c5fc9fc} (Trojan.Vundo) -> Delete on reboot.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\tuvunddu -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\tuvunddu -> Delete on reboot.

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\mvsjkcyb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\byckjsvm.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\tuvUNdDu.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\uDdNUvut.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\uDdNUvut.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\tuvUNdDu.dll_old (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ssqOhIAT.dll (Trojan.Vundo) -> Delete on reboot.

    En tout cas merci beaucoup pour ton aide.
    Contenus similaires
    26 Juin 2008 22:49:30

    re
    Citation :
    J'ai donc fait comme il était dit,mais,l'analyse prend énormément de temps alors je la relancerai cette nuit avant de dormir

    tu n'as pas attendu la fin du scan?

    fais le en entier stp
    26 Juin 2008 22:54:23

    Vi je vais le faire mais je posterai les logs demain matin car en 45 minutes il a scan la moité de mon disque C et y'en a encore BEAUCOUP a scanner :) 
    Merci encore.
    27 Juin 2008 08:50:22

    Bonjour.
    Voila analyse terminée :


    Malwarebytes' Anti-Malware 1.18
    Version de la base de données: 894

    08:46:14 27/06/2008
    mbam-log-6-27-2008 (08-46-14).txt

    Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|)
    Eléments examinés: 193775
    Temps écoulé: 5 hour(s), 39 minute(s), 50 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 2
    Clé(s) du Registre infectée(s): 10
    Valeur(s) du Registre infectée(s): 3
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 15

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\WINDOWS\system32\tuvUNdDu.dll (Trojan.Vundo) -> Unloaded module successfully.
    C:\WINDOWS\system32\ssqOhIAT.dll (Trojan.Vundo) -> Unloaded module successfully.

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73f59a61-aff7-42f9-a95d-8e724f825259} (Trojan.Vundo) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{73f59a61-aff7-42f9-a95d-8e724f825259} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{14370f76-7676-44a2-ad11-93a31c5fc9fc} (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14370f76-7676-44a2-ad11-93a31c5fc9fc} (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqohiat (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\50a5834f (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{14370f76-7676-44a2-ad11-93a31c5fc9fc} (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM5396b0d3 (Trojan.Agent) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\rtixkvuu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\uuvkxitr.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\tuvUNdDu.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\uDdNUvut.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\uDdNUvut.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ssqOhIAT.dll (Trojan.Vundo) -> Delete on reboot.
    C:\System Volume Information\_restore{534151C7-68EF-444A-953F-E415426E42B0}\RP38\A0004290.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{534151C7-68EF-444A-953F-E415426E42B0}\RP39\A0005290.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{534151C7-68EF-444A-953F-E415426E42B0}\RP39\A0005369.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{534151C7-68EF-444A-953F-E415426E42B0}\RP40\A0005584.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{534151C7-68EF-444A-953F-E415426E42B0}\RP40\A0005798.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    E:\Mes Documents\Jeux Vidéos\PC\Battlefield 2\Battlefield.2\vtl-bf2k.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\nusbjbbh.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

    Malheureusement ca a toujours rien changé :( 
    Je sens que je suis reparti pour formater (je l'ai fait y'a 4 jours deja... >.>).
    27 Juin 2008 19:16:52

    bonjour

    non, pas de format :) 

    Désactive ton antivirus et tout autre type de protection.
    Télécharge ComboFix de sUBs :
    ComboFix.exe
    et sauvegarde le sur ton bureau et pas ailleurs!

    Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
    clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

    viens sur le forum et édition "coller"

    ajoute un nouveau rapport Hijackthis.
    27 Juin 2008 20:50:08

    Re.
    Alors j'ai apparemment résolu mon prob en utilisant Vundofix et Virtumondebegone + en supprimant des clés de registre en mode sans échec et avec la restauration systeme désactivée.
    Merci bien pour ton aide en tout cas et si j'ai le prob a nouveau j'hésiterai pas a repasser ;) 
    Et si les gens ont besoin d'infos,demandez :) 
    27 Juin 2008 22:28:10

    re
    j'attends ton rapport :) 

    27 Juin 2008 23:12:21

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:10:03, on 27/06/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0013)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\PROGRA~1\FICHIE~1\Stardock\SDMCP.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\RivaTuner v2.06\RivaTuner.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\FRAPS\FRAPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe
    C:\Program Files\Belkin\Nostromo\nost_LM.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Ventrilo\Ventrilo.exe
    G:\Applications\Scanner.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.files-ftp.com/~unicorni/phpBB2/index.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {2369AF1D-C2C5-475E-B537-B8FA07099120} - C:\WINDOWS\system32\tuvUNdDu.dll (file missing)
    O2 - BHO: {028ff773-6ea7-b26a-6754-e9e90a6b6c96} - {69c6b6a0-9e9e-4576-a62b-7ae6377ff820} - C:\WINDOWS\system32\tsyhaawx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
    O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
    O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.06\RivaTuner.exe" /T
    O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.06\RivaTuner.exe" /S
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O4 - Global Startup: Giganews Accelerator.lnk = C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe
    O4 - Global Startup: Loadout Manager.lnk = C:\Program Files\Belkin\Nostromo\nost_LM.exe
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    --
    End of file - 6337 bytes


    :) 
    27 Juin 2008 23:16:33

    re
    bah il en reste... :D 
    Citation :
    O2 - BHO: {028ff773-6ea7-b26a-6754-e9e90a6b6c96} - {69c6b6a0-9e9e-4576-a62b-7ae6377ff820} - C:\WINDOWS\system32\tsyhaawx.dll


    j'attends ton rapport:
    C:\Combofix.txt

    27 Juin 2008 23:25:23

    ComboFix 08-06-20.4 - Shuu 2008-06-27 23:17:48.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1279 [GMT 2:00]
    Endroit: G:\Applications\ComboFix.exe
    * Création d'un nouveau point de restauration
    * Resident AV is active


    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\BM5396b0d3.xml
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\enwwgltv.ini
    C:\WINDOWS\system32\irexpqed.ini
    C:\WINDOWS\system32\uDdNUvut.ini
    C:\WINDOWS\system32\uDdNUvut.ini2
    C:\WINDOWS\system32\vhihuvoc.ini

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-27 to 2008-06-27 ))))))))))))))))))))))))))))))))))))
    .

    2008-06-27 11:55 . 2008-06-27 11:55 <REP> d-------- C:\Program Files\Marsu-Fix
    2008-06-27 10:45 . 2008-06-27 10:45 <REP> d-------- C:\VundoFix Backups
    2008-06-27 10:35 . 2008-06-27 10:37 <REP> d-------- C:\Program Files\RegCure
    2008-06-27 10:27 . 2008-06-27 11:06 152 --a------ C:\WINDOWS\wininit.ini
    2008-06-27 08:59 . 2008-06-27 08:59 106,496 --a------ C:\WINDOWS\system32\tsyhaawx.dll
    2008-06-27 08:56 . 2008-06-27 08:56 1,727,338 ---hs---- C:\WINDOWS\system32\qsvjtnub.tmp
    2008-06-27 08:56 . 2008-06-27 08:56 80,896 --a------ C:\WINDOWS\system32\vtlgwwne.dll
    2008-06-27 08:53 . 2008-06-27 08:53 91,648 --a------ C:\WINDOWS\system32\xefaoyon.dll
    2008-06-27 08:52 . 2008-06-27 08:52 106,496 --a------ C:\WINDOWS\system32\lcswoifu.dll
    2008-06-27 08:52 . 2008-06-27 08:52 80,896 --------- C:\WINDOWS\system32\buntjvsq.dll
    2008-06-27 08:50 . 2008-06-27 08:50 91,648 --a------ C:\WINDOWS\system32\bnlqrhli.dll
    2008-06-26 22:49 . 2008-06-26 22:49 106,496 --a------ C:\WINDOWS\system32\mbfbflgg.dll
    2008-06-26 21:55 . 2008-06-26 21:55 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-06-26 21:55 . 2008-06-26 21:55 <REP> d-------- C:\Documents and Settings\Shuu\Application Data\Malwarebytes
    2008-06-26 21:55 . 2008-06-26 21:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-06-26 21:55 . 2008-06-19 17:55 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-06-26 21:55 . 2008-06-19 17:55 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-06-26 21:01 . 2008-06-26 21:02 <REP> d-------- C:\Program Files\Panda Security
    2008-06-26 20:18 . 2007-02-09 18:34 420,816 --a------ C:\Documents and Settings\Shuu\Application Data\wunauclt.exe
    2008-06-26 20:18 . 2008-03-15 17:57 199,445 --a------ C:\Documents and Settings\Shuu\Application Data\toolbar.dll
    2008-06-26 20:18 . 2008-05-12 11:56 92,672 --------- C:\Documents and Settings\Shuu\Application Data\dr.exe
    2008-06-26 20:18 . 2008-03-15 15:24 82,937 --a------ C:\Documents and Settings\Shuu\Application Data\space1.exe
    2008-06-26 20:18 . 2008-06-26 20:18 57,344 --a------ C:\WINDOWS\system32\ssqOhIAT.dll.vir
    2008-06-26 19:59 . 2008-06-26 19:59 <REP> d--hs---- C:\WINDOWS\ftpcache
    2008-06-26 19:55 . 2005-09-01 12:03 127,488 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
    2008-06-26 19:55 . 2005-09-01 12:03 5,888 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
    2008-06-26 19:54 . 2008-06-26 19:54 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
    2008-06-26 19:54 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
    2008-06-26 19:54 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
    2008-06-26 19:54 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
    2008-06-26 19:54 . 2004-07-09 09:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
    2008-06-26 19:54 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
    2008-06-26 19:54 . 2006-01-12 16:40 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
    2008-06-26 19:54 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
    2008-06-26 18:42 . 2008-06-26 18:42 106,496 --a------ C:\WINDOWS\system32\owuwfude.dll
    2008-06-26 18:39 . 2008-06-26 18:39 91,648 --a------ C:\WINDOWS\system32\hqftkpjw.dll
    2008-06-26 17:31 . 2008-06-27 09:42 <REP> d-------- C:\Warhammer Online - Age of Reckoning
    2008-06-26 17:15 . 2008-06-26 17:15 <REP> d-------- C:\Program Files\Fichiers communs\SWF Studio
    2008-06-26 16:15 . 2008-06-27 22:07 <REP> d-------- C:\Program Files\TubeMaster
    2008-06-26 16:09 . 2008-06-26 16:09 <REP> d-------- C:\Program Files\KC Softwares
    2008-06-25 17:05 . 2008-02-28 13:26 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll
    2008-06-25 17:05 . 2008-02-28 13:01 774,144 --a------ C:\WINDOWS\system32\NEROINSTAEC43759.DB
    2008-06-25 17:05 . 2008-06-25 17:05 0 --a------ C:\WINDOWS\Irremote.ini
    2008-06-24 17:26 . 2008-06-24 17:26 <REP> d-------- C:\Documents and Settings\Shuu\Application Data\Nokia Multimedia Player
    2008-06-23 18:36 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
    2008-06-23 18:36 . 2004-08-03 23:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
    2008-06-23 18:36 . 2008-06-23 18:36 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
    2008-06-23 18:30 . 2008-06-26 20:27 <REP> d-------- C:\Documents and Settings\Shuu\Application Data\OpenOffice.org2
    2008-06-23 18:29 . 2008-06-23 18:29 <REP> d-------- C:\Program Files\OpenOffice.org 2.4
    2008-06-23 18:29 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
    2008-06-23 18:28 . 2008-06-24 16:08 <REP> d-------- C:\Program Files\Java
    2008-06-23 18:28 . 2008-06-23 18:28 <REP> d-------- C:\Program Files\Fichiers communs\Java
    2008-06-23 18:24 . 2008-06-27 23:01 69 --a------ C:\WINDOWS\NeroDigital.ini
    2008-06-23 18:23 . 2008-06-26 23:29 <REP> d-------- C:\Documents and Settings\Shuu\.homeplayer
    2008-06-23 17:17 . 2008-06-23 17:17 <REP> d-------- C:\Program Files\Runtime Software
    2008-06-23 16:43 . 2008-06-23 16:43 <REP> d-------- C:\Program Files\RivaTuner v2.06
    2008-06-23 16:35 . 2008-06-23 16:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
    2008-06-23 16:33 . 2008-06-23 16:33 <REP> d-------- C:\Program Files\Bonjour
    2008-06-23 16:29 . 2008-06-23 16:29 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
    2008-06-23 16:27 . 2008-06-23 16:33 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
    2008-06-23 16:23 . 2008-06-23 16:23 <REP> d-------- C:\Fraps
    2008-06-23 16:23 . 2008-06-27 23:20 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-06-23 16:13 . 2008-06-26 16:08 <REP> d-------- C:\Program Files\PokerStars
    2008-06-23 15:53 . 2008-06-23 15:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2008-06-23 15:50 . 2008-06-23 15:50 <REP> d-------- C:\Program Files\NeroInstall.bak
    2008-06-23 15:49 . 2008-06-23 15:49 <REP> d-------- C:\Documents and Settings\Shuu\Application Data\Nero
    2008-06-23 15:48 . 2008-06-26 19:54 <REP> d-------- C:\Program Files\Ahead
    2008-06-23 15:47 . 2008-06-25 17:06 <REP> d-------- C:\Program Files\Fichiers communs\Nero
    2008-06-23 15:47 . 2008-06-25 17:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
    2008-06-23 14:10 . 2008-06-23 15:18 <REP> d-------- C:\Documents and Settings\Shuu\Application Data\Ventrilo
    2008-06-23 14:09 . 2004-08-04 02:54 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
    2008-06-23 14:09 . 2001-08-17 23:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
    2008-06-23 14:08 . 2004-08-04 02:39 58,496 --a------ C:\WINDOWS\system32\drivers\redbook.sys
    2008-06-23 14:07 . 2004-08-04 00:54 77,312 --a------ C:\WINDOWS\system32\usbui.dll
    2008-06-23 14:07 . 2004-08-04 00:54 77,312 --a--c--- C:\WINDOWS\system32\dllcache\usbui.dll
    2008-06-23 14:06 . 2008-06-23 14:06 <REP> d-------- C:\Documents and Settings\Shuu\Application Data\vlc
    2008-06-23 14:06 . 2008-06-23 14:06 <REP> d--h----- C:\Documents and Settings\Default User\Voisinage r‚seau
    2008-06-23 14:06 . 2008-06-23 14:06 <REP> d--h----- C:\Documents and Settings\Default User\Voisinage d'impression
    2008-06-23 14:06 . 2008-06-23 12:10 <REP> d--h----- C:\Documents and Settings\Default User\ModŠles
    2008-06-23 14:06 . 2008-06-23 14:06 <REP> d-------- C:\Documents and Settings\Default User\Mes documents
    2008-06-23 14:06 . 2008-06-23 14:06 <REP> dr------- C:\Documents and Settings\Default User\Menu D‚marrer
    2008-06-23 14:06 . 2008-06-23 12:13 <REP> d-------- C:\Documents and Settings\Default User\Favoris
    2008-06-23 14:06 . 2008-06-23 14:06 <REP> d-------- C:\Documents and Settings\Default User\Bureau
    2008-06-23 14:06 . 2008-06-23 18:29 <REP> d--h----- C:\Documents and Settings\All Users\ModŠles
    2008-06-23 14:06 . 2008-06-23 17:31 <REP> dr------- C:\Documents and Settings\All Users\Menu D‚marrer
    2008-06-23 14:06 . 2008-06-23 14:06 <REP> d-------- C:\Documents and Settings\All Users\Favoris
    2008-06-23 14:06 . 2008-06-23 16:34 <REP> dr------- C:\Documents and Settings\All Users\Documents
    2008-06-23 14:06 . 2008-06-27 11:36 <REP> d-------- C:\Documents and Settings\All Users\Bureau
    2008-06-23 14:05 . 2008-06-23 15:48 <REP> d--h----- C:\Documents and Settings\Default User
    2008-06-23 14:05 . 2008-06-23 12:13 <REP> d-------- C:\Documents and Settings\All Users
    2008-06-23 14:05 . 2008-06-23 12:16 <REP> d-------- C:\Documents and Settings
    2008-06-23 14:05 . 2008-06-23 12:15 1,264 --a------ C:\WINDOWS\system32\$winnt$.inf

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-27 20:57 --------- d-----w C:\Program Files\The KMPlayer
    2008-06-27 20:43 --------- d-----w C:\Program Files\ZGuideTV
    2008-06-27 09:55 159,839 ----a-w C:\WINDOWS\Marsu-Fix Uninstaller.exe
    2008-06-27 08:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-06-24 19:57 --------- d-----w C:\Program Files\TBC Reveil
    2008-06-23 17:26 --------- d-----w C:\Program Files\Winamp
    2008-06-23 16:36 --------- d-----w C:\Documents and Settings\Shuu\Application Data\PC Suite
    2008-06-23 16:36 --------- d-----w C:\Documents and Settings\Shuu\Application Data\Nokia
    2008-06-23 16:23 --------- d-----w C:\Program Files\HomePlayer
    2008-06-23 15:29 --------- d-----w C:\Program Files\BitComet
    2008-06-23 15:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\ma-config.com
    2008-06-23 12:14 --------- d-----w C:\Program Files\eMule
    2008-06-23 11:53 --------- d-----w C:\Documents and Settings\Shuu\Application Data\Media Player Classic
    2008-06-23 11:39 --------- d-----w C:\Program Files\Foxit Software
    2008-06-23 11:37 --------- d-----w C:\Program Files\FreeUndelete
    2008-06-23 11:35 --------- d-----w C:\Program Files\MSN Messenger
    2008-06-23 11:35 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-06-23 11:35 --------- d-----w C:\Documents and Settings\Shuu\Application Data\Screenshot Sender
    2008-06-23 11:30 --------- d-----w C:\Program Files\Giganews Accelerator
    2008-06-23 11:24 --------- d-----w C:\Program Files\GrabIt
    2008-06-23 11:21 --------- d-----w C:\Documents and Settings\Shuu\Application Data\Winamp
    2008-06-23 11:19 --------- d-----w C:\Program Files\VideoLAN
    2008-06-23 11:19 --------- d-----w C:\Program Files\Ventrilo
    2008-06-23 11:19 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-06-23 11:18 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-06-23 11:17 --------- d-----w C:\Program Files\DVD Decrypter
    2008-06-23 11:16 --------- d-----w C:\Program Files\QuickPar
    2008-06-23 11:16 --------- d-----w C:\Program Files\Belkin
    2008-06-23 11:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
    2008-06-23 11:15 --------- d-----w C:\Program Files\PC Connectivity Solution
    2008-06-23 11:15 --------- d-----w C:\Program Files\Nokia
    2008-06-23 11:15 --------- d-----w C:\Program Files\Imagenomic
    2008-06-23 11:15 --------- d-----w C:\Program Files\Fichiers communs\PCSuite
    2008-06-23 11:15 --------- d-----w C:\Program Files\Fichiers communs\Nokia
    2008-06-23 11:15 --------- d-----w C:\Program Files\DIFX
    2008-06-23 11:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
    2008-06-23 11:14 --------- d-----w C:\Program Files\ma-config.com
    2008-06-23 11:14 --------- d-----w C:\Program Files\K-Lite Codec Pack
    2008-06-23 11:12 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-06-23 11:12 --------- d-----w C:\Program Files\Executive Software
    2008-06-23 11:12 --------- d-----w C:\Program Files\DVD Shrink
    2008-06-23 11:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2008-06-23 11:10 --------- d-----w C:\Program Files\DAEMON Tools Lite
    2008-06-23 11:08 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2008-06-23 11:08 --------- d-----w C:\Documents and Settings\Shuu\Application Data\DAEMON Tools
    2008-06-23 11:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\RoboForm
    2008-06-23 11:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-06-23 11:03 --------- d-----w C:\Program Files\Lavasoft
    2008-06-23 11:03 --------- d-----w C:\Program Files\7-Zip
    2008-06-23 10:59 --------- d-----w C:\Program Files\Stardock
    2008-06-23 10:59 --------- d-----w C:\Program Files\Fichiers communs\Stardock
    2008-06-23 10:51 --------- d-----w C:\Program Files\MozBackup
    2008-06-23 10:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-06-23 10:42 --------- d-----w C:\Program Files\Realtek
    2008-06-23 10:42 --------- d-----w C:\Documents and Settings\Shuu\Application Data\InstallShield
    2008-06-23 10:41 15,600 ----a-w C:\WINDOWS\gdrv.sys
    2008-06-23 10:38 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
    2008-06-23 10:38 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
    2008-06-23 10:38 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
    2008-06-23 10:38 --------- d-----w C:\Program Files\Logitech
    2008-06-23 10:38 --------- d-----w C:\Program Files\Fichiers communs\Logitech
    2008-06-23 10:38 --------- d-----w C:\Documents and Settings\Shuu\Application Data\Logitech
    2008-06-23 10:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
    2008-06-23 10:27 --------- d-----w C:\Program Files\ESET
    2008-06-23 10:27 --------- d-----w C:\Documents and Settings\Shuu\Application Data\ESET
    2008-06-23 10:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
    2008-06-23 10:23 315,392 ----a-w C:\WINDOWS\HideWin.exe
    2008-06-23 10:22 --------- d-----w C:\Program Files\Intel
    2008-06-23 10:13 --------- d-----w C:\Program Files\microsoft frontpage
    2008-06-23 10:12 --------- d-----w C:\Program Files\Services en ligne
    2008-06-02 16:10 4,752,384 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys
    2008-05-30 12:19 507,400 ----a-w C:\WINDOWS\system32\XAudio2_1.dll
    2008-05-30 12:18 238,088 ----a-w C:\WINDOWS\system32\xactengine3_1.dll
    2008-05-30 12:17 65,032 ----a-w C:\WINDOWS\system32\XAPOFX1_0.dll
    2008-05-30 12:17 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_4.dll
    2008-05-30 12:11 467,984 ----a-w C:\WINDOWS\system32\d3dx10_38.dll
    2008-05-30 12:11 3,850,760 ----a-w C:\WINDOWS\system32\D3DX9_38.dll
    2008-05-30 12:11 1,491,992 ----a-w C:\WINDOWS\system32\D3DCompiler_38.dll
    2008-05-28 12:52 16,862,720 ----a-w C:\WINDOWS\RTHDCPL.exe
    2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
    2008-04-30 15:27 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
    2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
    2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
    2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
    2008-04-02 07:27 1,196,032 ----a-w C:\WINDOWS\RtlUpd.exe
    2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\divx.dll
    2008-03-28 17:41 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2369AF1D-C2C5-475E-B537-B8FA07099120}]
    C:\WINDOWS\system32\tuvUNdDu.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{69c6b6a0-9e9e-4576-a62b-7ae6377ff820}]
    2008-06-27 08:59 106496 --a------ C:\WINDOWS\system32\tsyhaawx.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:55 5674352]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:54 15360]
    "Fraps"="C:\FRAPS\FRAPS.EXE" [2008-01-14 14:18 3182248]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2008-05-28 14:52 16862720 C:\WINDOWS\RTHDCPL.exe]
    "egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-03-13 16:48 1443072]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 05:46 13529088]
    "nwiz"="nwiz.exe" [2008-05-03 05:46 1630208 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-03 05:46 86016]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]
    "JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 08:36 36864]
    "36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-05-25 08:07 1953792]
    "RivaTuner"="C:\Program Files\RivaTuner v2.06\RivaTuner.exe" [2007-10-30 20:05 2650112]
    "RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.06\RivaTuner.exe" [2007-10-30 20:05 2650112]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40 155648]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
    C:\PROGRA~1\FICHIE~1\Stardock\mcpstub.dll 2005-01-31 15:13 49152 C:\PROGRA~1\FICHIE~1\Stardock\MCPStub.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.YV12"= yv12vfw.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "8212:TCP"= 8212:TCP:BitComet 8212 TCP
    "8212:UDP"= 8212:UDP:BitComet 8212 UDP

    R3 bcgame;Nostromo HID Device Minidriver;C:\WINDOWS\system32\drivers\bcgame.sys [2003-07-24 02:16]
    S3 maconfservice;Ma-Config Service;"C:\Program Files\ma-config.com\maconfservice.exe" [2008-06-19 15:24]

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-06-26 06:00:00 C:\WINDOWS\Tasks\At1.job"
    - C:\Documents
    "2008-06-26 18:00:00 C:\WINDOWS\Tasks\At2.job"
    - C:\Documents
    "2008-06-26 12:00:00 C:\WINDOWS\Tasks\At3.job"
    - C:\Documents
    "2008-06-27 21:20:41 C:\WINDOWS\Tasks\RegCure Program Check.job"
    - C:\Program Files\RegCure\RegCure.exe
    "2008-06-27 08:36:42 C:\WINDOWS\Tasks\RegCure.job"
    - C:\Program Files\RegCure\RegCure.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-27 23:20:46
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\PROGRA~1\FICHIE~1\Stardock\SDMCP.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe
    C:\Program Files\Belkin\Nostromo\nost_LM.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.exe
    C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-06-27 23:22:04 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-06-27 21:21:59

    Pre-Run: 55,831,924,736 octets libres
    Post-Run: 57,363,517,440 octets libres

    295


    Voili voila :) 
    28 Juin 2008 00:12:15

    re
    faudrait se calmer sur le P2P
    cracks/P2P

    RegCure est un rogue:
    http://assiste.com.free.fr/p/craptheque/regcure.html



    Copie (Ctrl+C) le texte ci-dessous :
    File::
    C:\WINDOWS\system32\tsyhaawx.dll
    C:\WINDOWS\system32\qsvjtnub.tmp
    C:\WINDOWS\system32\vtlgwwne.dll
    C:\WINDOWS\system32\xefaoyon.dll
    C:\WINDOWS\system32\lcswoifu.dll
    C:\WINDOWS\system32\buntjvsq.dll
    C:\WINDOWS\system32\bnlqrhli.dll
    C:\WINDOWS\system32\mbfbflgg.dll
    C:\Documents and Settings\Shuu\Application Data\wunauclt.exe
    C:\Documents and Settings\Shuu\Application Data\toolbar.dll
    C:\Documents and Settings\Shuu\Application Data\dr.exe
    C:\Documents and Settings\Shuu\Application Data\space1.exe
    C:\WINDOWS\system32\ssqOhIAT.dll.vir
    C:\WINDOWS\system32\owuwfude.dll
    C:\WINDOWS\system32\hqftkpjw.dll
    C:\WINDOWS\system32\tuvUNdDu.dll
    C:\WINDOWS\system32\tsyhaawx.dll
    C:\WINDOWS\Tasks\At1.job
    C:\WINDOWS\Tasks\At1.job
    C:\WINDOWS\Tasks\At1.job


    Folder::
    C:\Program Files\Marsu-Fix
    C:\VundoFix Backups
    C:\Program Files\RegCure
    C:\WINDOWS\Marsu-Fix Uninstaller.exe

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2369AF1D-C2C5-475E-B537-B8FA07099120}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{69c6b6a0-9e9e-4576-a62b-7ae6377ff820}]



    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
    Sauvegarde ce fichier sous le nom de CFScript.txt

    Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture


  • Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
  • Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    28 Juin 2008 00:29:22

    Hum j'ai fait comme tu as dis,ca a simplement refait un scan,mais regcure est parti ceci dit.
    Niveau P2P,a part DL des mangas et des MMOs...,j'en fais pas grand chose.
    ComboFix 08-06-20.4 - Shuu 2008-06-28 0:18:38.3 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1412 [GMT 2:00]
    Endroit: G:\Applications\ComboFix.exe
    Command switches used :: G:\Applications\CFScript.txt
    * Création d'un nouveau point de restauration
    * Resident AV is active


    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    C:\Documents and Settings\Shuu\Application Data\dr.exe
    C:\Documents and Settings\Shuu\Application Data\space1.exe
    C:\Documents and Settings\Shuu\Application Data\toolbar.dll
    C:\Documents and Settings\Shuu\Application Data\wunauclt.exe
    C:\WINDOWS\system32\bnlqrhli.dll
    C:\WINDOWS\system32\buntjvsq.dll
    C:\WINDOWS\system32\hqftkpjw.dll
    C:\WINDOWS\system32\lcswoifu.dll
    C:\WINDOWS\system32\mbfbflgg.dll
    C:\WINDOWS\system32\owuwfude.dll
    C:\WINDOWS\system32\qsvjtnub.tmp
    C:\WINDOWS\system32\ssqOhIAT.dll.vir
    C:\WINDOWS\system32\tsyhaawx.dll
    C:\WINDOWS\system32\tuvUNdDu.dll
    C:\WINDOWS\system32\vtlgwwne.dll
    C:\WINDOWS\system32\xefaoyon.dll
    C:\WINDOWS\Tasks\At1.job
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\Marsu-Fix Uninstaller.exe\
    .
    ---- Previous Run -------
    .
    C:\Documents and Settings\Shuu\Application Data\dr.exe
    C:\Documents and Settings\Shuu\Application Data\space1.exe
    C:\Documents and Settings\Shuu\Application Data\toolbar.dll
    C:\Documents and Settings\Shuu\Application Data\wunauclt.exe
    C:\Program Files\Marsu-Fix
    C:\Program Files\RegCure
    C:\Program Files\RegCure\0_days.htm
    C:\Program Files\RegCure\1_days.htm
    C:\Program Files\RegCure\15_days.htm
    C:\Program Files\RegCure\2_days.htm
    C:\Program Files\RegCure\30_days.htm
    C:\Program Files\RegCure\5_days.htm
    C:\Program Files\RegCure\Animated-Bar.gif
    C:\Program Files\RegCure\AutoUpdate.dll
    C:\Program Files\RegCure\Backup\RegCureBak_June_27_08_10_37_47.bak
    C:\Program Files\RegCure\Backup\RegCureBak_June_27_08_10_37_47.reg
    C:\Program Files\RegCure\Backup\RegCureBak_June_27_08_10_37_47\Mass Effect.lnk
    C:\Program Files\RegCure\Backup\RegCureBak_June_27_08_10_37_47\Tutorial.lnk
    C:\Program Files\RegCure\Backup\RegCureBak_June_27_08_10_37_47\Visit the GrabIt website.lnk
    C:\Program Files\RegCure\buttonfill.jpg
    C:\Program Files\RegCure\buttonfill_expire.jpg
    C:\Program Files\RegCure\buttonfill_mo.jpg
    C:\Program Files\RegCure\buttonfill_mo_expire.jpg
    C:\Program Files\RegCure\config.xml
    C:\Program Files\RegCure\contentwrapper.gif
    C:\Program Files\RegCure\expire.css
    C:\Program Files\RegCure\footerbar.gif
    C:\Program Files\RegCure\help.chm
    C:\Program Files\RegCure\info_bubble.jpg
    C:\Program Files\RegCure\Logs\Regcure-27-06-08-10-37-52.zip
    C:\Program Files\RegCure\Logs\SystemInfo.zip
    C:\Program Files\RegCure\LogSettings.xml
    C:\Program Files\RegCure\main.css
    C:\Program Files\RegCure\process-animation.gif
    C:\Program Files\RegCure\RegCure.exe
    C:\Program Files\RegCure\RegCure.exe.BAK
    C:\Program Files\RegCure\settings.xml
    C:\Program Files\RegCure\subtitlebar.gif
    C:\Program Files\RegCure\tile_titlebar.jpg
    C:\Program Files\RegCure\uninst.exe
    C:\Program Files\RegCure\whitelist.dat
    C:\Program Files\RegCure\zlibwapi.dll
    C:\WINDOWS\Marsu-Fix Uninstaller.exe\
    C:\WINDOWS\system32\bnlqrhli.dll
    C:\WINDOWS\system32\buntjvsq.dll
    C:\WINDOWS\system32\hqftkpjw.dll
    C:\WINDOWS\system32\lcswoifu.dll
    C:\WINDOWS\system32\mbfbflgg.dll
    C:\WINDOWS\system32\owuwfude.dll
    C:\WINDOWS\system32\qsvjtnub.tmp
    C:\WINDOWS\system32\ssqOhIAT.dll.vir
    C:\WINDOWS\system32\tsyhaawx.dll
    C:\WINDOWS\system32\vtlgwwne.dll
    C:\WINDOWS\system32\xefaoyon.dll
    C:\WINDOWS\Tasks\At1.job

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-05-27 to 2008-06-27 ))))))))))))))))))))))))))))))))))))
    .

    2008-06-27 10:27 . 2008-06-27 11:06 152 --a------ C:\WINDOWS\wininit.ini
    2008-06-26 21:55 . 2008-06-26 21:55 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-06-26 21:55 . 2008-06-26 21:55 <REP> d-------- C:\Documents and Settings\Shuu\Application Data\Malwarebytes
    2008-06-26 21:55 . 2008-06-26 21:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-06-26 21:55 . 2008-06-19 17:55 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-06-26 21:55 . 2008-06-19 17:55 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-06-26 21:01 . 2008-06-27 23:26 <REP> d-------- C:\Program Files\Panda Security
    2008-06-26 19:59 . 2008-06-26 19:59 <REP> d--hs---- C:\WINDOWS\ftpcache
    2008-06-26 19:55 . 2005-09-01 12:03 127,488 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
    2008-06-26 19:55 . 2005-09-01 12:03 5,888 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
    2008-06-26 19:54 . 2008-06-26 19:54 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
    2008-06-26 19:54 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
    2008-06-26 19:54 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
    2008-06-26 19:54 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
    2008-06-26 19:54 . 2004-07-09 09:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
    2008-06-26 19:54 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
    2008-06-26 19:54 . 2006-01-12 16:40 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
    2008-06-26 19:54 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
    2008-06-26 17:31 . 2008-06-27 23:59 <REP> d-------- C:\Warhammer Online - Age of Reckoning
    2008-06-26 17:15 . 2008-06-26 17:15 <REP> d-------- C:\Program Files\Fichiers communs\SWF Studio
    2008-06-26 16:15 . 2008-06-27 22:07 <REP> d-------- C:\Program Files\TubeMaster
    2008-06-26 16:09 . 2008-06-26 16:09 <REP> d-------- C:\Program Files\KC Softwares
    2008-06-25 17:05 . 2008-02-28 13:26 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll
    2008-06-25 17:05 . 2008-02-28 13:01 774,144 --a------ C:\WINDOWS\system32\NEROINSTAEC43759.DB
    2008-06-25 17:05 . 2008-06-25 17:05 0 --a------ C:\WINDOWS\Irremote.ini
    2008-06-24 17:26 . 2008-06-24 17:26 <REP> d-------- C:\Documents and Settings\Shuu\Application Data\Nokia Multimedia Player
    2008-06-23 18:36 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
    2008-06-23 18:36 . 2004-08-03 23:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
    2008-06-23 18:36 . 2008-06-23 18:36 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
    2008-06-23 18:30 . 2008-06-26 20:27 <REP> d-------- C:\Documents and Settings\Shuu\Application Data\OpenOffice.org2
    2008-06-23 18:29 . 2008-06-23 18:29 <REP> d-------- C:\Program Files\OpenOffice.org 2.4
    2008-06-23 18:29 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
    2008-06-23 18:28 . 2008-06-24 16:08 <REP> d-------- C:\Program Files\Java
    2008-06-23 18:28 . 2008-06-23 18:28 <REP> d-------- C:\Program Files\Fichiers communs\Java
    2008-06-23 18:24 . 2008-06-27 23:01 69 --a------ C:\WINDOWS\NeroDigital.ini
    2008-06-23 18:23 . 2008-06-26 23:29 <REP> d-------- C:\Documents and Settings\Shuu\.homeplayer
    2008-06-23 17:17 . 2008-06-23 17:17 <REP> d-------- C:\Program Files\Runtime Software
    2008-06-23 16:43 . 2008-06-23 16:43 <REP> d-------- C:\Program Files\RivaTuner v2.06
    2008-06-23 16:35 . 2008-06-23 16:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
    2008-06-23 16:33 . 2008-06-23 16:33 <REP> d-------- C:\Program Files\Bonjour
    2008-06-23 16:29 . 2008-06-23 16:29 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
    2008-06-23 16:27 . 2008-06-23 16:33 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
    2008-06-23 16:23 . 2008-06-23 16:23 <REP> d-------- C:\Fraps
    2008-06-23 16:23 . 2008-06-28 00:16 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-06-23 16:13 . 2008-06-26 16:08 <REP> d-------- C:\Program Files\PokerStars
    2008-06-23 15:53 . 2008-06-23 15:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2008-06-23 15:50 . 2008-06-23 15:50 <REP> d-------- C:\Program Files\NeroInstall.bak
    2008-06-23 15:49 . 2008-06-23 15:49 <REP> d-------- C:\Documents and Settings\Shuu\Application Data\Nero
    2008-06-23 15:48 . 2008-06-26 19:54 <REP> d-------- C:\Program Files\Ahead
    2008-06-23 15:47 . 2008-06-25 17:06 <REP> d-------- C:\Program Files\Fichiers communs\Nero
    2008-06-23 15:47 . 2008-06-25 17:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
    2008-06-23 14:10 . 2008-06-23 15:18 <REP> d-------- C:\Documents and Settings\Shuu\Application Data\Ventrilo
    2008-06-23 14:09 . 2004-08-04 02:54 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
    2008-06-23 14:09 . 2001-08-17 23:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
    2008-06-23 14:08 . 2004-08-04 02:39 58,496 --a------ C:\WINDOWS\system32\drivers\redbook.sys
    2008-06-23 14:07 . 2004-08-04 00:54 77,312 --a------ C:\WINDOWS\system32\usbui.dll
    2008-06-23 14:07 . 2004-08-04 00:54 77,312 --a--c--- C:\WINDOWS\system32\dllcache\usbui.dll
    2008-06-23 14:06 . 2008-06-23 14:06 <REP> d-------- C:\Documents and Settings\Shuu\Application Data\vlc
    2008-06-23 14:06 . 2008-06-23 14:06 <REP> d--h----- C:\Documents and Settings\Default User\Voisinage réseau
    2008-06-23 14:06 . 2008-06-23 14:06 <REP> d--h----- C:\Documents and Settings\Default User\Voisinage d'impression
    2008-06-23 14:06 . 2008-06-23 12:10 <REP> d--h----- C:\Documents and Settings\Default User\Modèles
    2008-06-23 14:06 . 2008-06-23 14:06 <REP> d-------- C:\Documents and Settings\Default User\Mes documents
    2008-06-23 14:06 . 2008-06-23 14:06 <REP> dr------- C:\Documents and Settings\Default User\Menu Démarrer
    2008-06-23 14:06 . 2008-06-23 12:13 <REP> d-------- C:\Documents and Settings\Default User\Favoris
    2008-06-23 14:06 . 2008-06-23 14:06 <REP> d-------- C:\Documents and Settings\Default User\Bureau
    2008-06-23 14:06 . 2008-06-23 18:29 <REP> d--h----- C:\Documents and Settings\All Users\Modèles
    2008-06-23 14:06 . 2008-06-23 17:31 <REP> dr------- C:\Documents and Settings\All Users\Menu Démarrer
    2008-06-23 14:06 . 2008-06-23 14:06 <REP> d-------- C:\Documents and Settings\All Users\Favoris
    2008-06-23 14:06 . 2008-06-23 16:34 <REP> dr------- C:\Documents and Settings\All Users\Documents
    2008-06-23 14:06 . 2008-06-27 11:36 <REP> d-------- C:\Documents and Settings\All Users\Bureau
    2008-06-23 14:05 . 2008-06-23 15:48 <REP> d--h----- C:\Documents and Settings\Default User
    2008-06-23 14:05 . 2008-06-23 12:13 <REP> d-------- C:\Documents and Settings\All Users
    2008-06-23 14:05 . 2008-06-23 12:16 <REP> d-------- C:\Documents and Settings
    2008-06-23 14:05 . 2008-06-23 12:15 1,264 --a------ C:\WINDOWS\system32\$winnt$.inf

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-27 20:57 --------- d-----w C:\Program Files\The KMPlayer
    2008-06-27 20:43 --------- d-----w C:\Program Files\ZGuideTV
    2008-06-27 09:55 159,839 ----a-w C:\WINDOWS\Marsu-Fix Uninstaller.exe
    2008-06-27 08:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-06-24 19:57 --------- d-----w C:\Program Files\TBC Reveil
    2008-06-23 17:26 --------- d-----w C:\Program Files\Winamp
    2008-06-23 16:36 --------- d-----w C:\Documents and Settings\Shuu\Application Data\PC Suite
    2008-06-23 16:36 --------- d-----w C:\Documents and Settings\Shuu\Application Data\Nokia
    2008-06-23 16:23 --------- d-----w C:\Program Files\HomePlayer
    2008-06-23 15:29 --------- d-----w C:\Program Files\BitComet
    2008-06-23 15:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\ma-config.com
    2008-06-23 12:14 --------- d-----w C:\Program Files\eMule
    2008-06-23 11:53 --------- d-----w C:\Documents and Settings\Shuu\Application Data\Media Player Classic
    2008-06-23 11:39 --------- d-----w C:\Program Files\Foxit Software
    2008-06-23 11:37 --------- d-----w C:\Program Files\FreeUndelete
    2008-06-23 11:35 --------- d-----w C:\Program Files\MSN Messenger
    2008-06-23 11:35 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-06-23 11:35 --------- d-----w C:\Documents and Settings\Shuu\Application Data\Screenshot Sender
    2008-06-23 11:30 --------- d-----w C:\Program Files\Giganews Accelerator
    2008-06-23 11:24 --------- d-----w C:\Program Files\GrabIt
    2008-06-23 11:21 --------- d-----w C:\Documents and Settings\Shuu\Application Data\Winamp
    2008-06-23 11:19 --------- d-----w C:\Program Files\VideoLAN
    2008-06-23 11:19 --------- d-----w C:\Program Files\Ventrilo
    2008-06-23 11:19 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-06-23 11:18 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-06-23 11:17 --------- d-----w C:\Program Files\DVD Decrypter
    2008-06-23 11:16 --------- d-----w C:\Program Files\QuickPar
    2008-06-23 11:16 --------- d-----w C:\Program Files\Belkin
    2008-06-23 11:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
    2008-06-23 11:15 --------- d-----w C:\Program Files\PC Connectivity Solution
    2008-06-23 11:15 --------- d-----w C:\Program Files\Nokia
    2008-06-23 11:15 --------- d-----w C:\Program Files\Imagenomic
    2008-06-23 11:15 --------- d-----w C:\Program Files\Fichiers communs\PCSuite
    2008-06-23 11:15 --------- d-----w C:\Program Files\Fichiers communs\Nokia
    2008-06-23 11:15 --------- d-----w C:\Program Files\DIFX
    2008-06-23 11:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
    2008-06-23 11:14 --------- d-----w C:\Program Files\ma-config.com
    2008-06-23 11:14 --------- d-----w C:\Program Files\K-Lite Codec Pack
    2008-06-23 11:12 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-06-23 11:12 --------- d-----w C:\Program Files\Executive Software
    2008-06-23 11:12 --------- d-----w C:\Program Files\DVD Shrink
    2008-06-23 11:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2008-06-23 11:10 --------- d-----w C:\Program Files\DAEMON Tools Lite
    2008-06-23 11:08 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2008-06-23 11:08 --------- d-----w C:\Documents and Settings\Shuu\Application Data\DAEMON Tools
    2008-06-23 11:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\RoboForm
    2008-06-23 11:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-06-23 11:03 --------- d-----w C:\Program Files\Lavasoft
    2008-06-23 11:03 --------- d-----w C:\Program Files\7-Zip
    2008-06-23 10:59 --------- d-----w C:\Program Files\Stardock
    2008-06-23 10:59 --------- d-----w C:\Program Files\Fichiers communs\Stardock
    2008-06-23 10:51 --------- d-----w C:\Program Files\MozBackup
    2008-06-23 10:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-06-23 10:42 --------- d-----w C:\Program Files\Realtek
    2008-06-23 10:42 --------- d-----w C:\Documents and Settings\Shuu\Application Data\InstallShield
    2008-06-23 10:41 15,600 ----a-w C:\WINDOWS\gdrv.sys
    2008-06-23 10:38 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
    2008-06-23 10:38 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
    2008-06-23 10:38 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
    2008-06-23 10:38 --------- d-----w C:\Program Files\Logitech
    2008-06-23 10:38 --------- d-----w C:\Program Files\Fichiers communs\Logitech
    2008-06-23 10:38 --------- d-----w C:\Documents and Settings\Shuu\Application Data\Logitech
    2008-06-23 10:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
    2008-06-23 10:27 --------- d-----w C:\Program Files\ESET
    2008-06-23 10:27 --------- d-----w C:\Documents and Settings\Shuu\Application Data\ESET
    2008-06-23 10:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
    2008-06-23 10:23 315,392 ----a-w C:\WINDOWS\HideWin.exe
    2008-06-23 10:22 --------- d-----w C:\Program Files\Intel
    2008-06-23 10:13 --------- d-----w C:\Program Files\microsoft frontpage
    2008-06-23 10:12 --------- d-----w C:\Program Files\Services en ligne
    2008-06-02 16:10 4,752,384 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys
    2008-05-30 12:19 507,400 ----a-w C:\WINDOWS\system32\XAudio2_1.dll
    2008-05-30 12:18 238,088 ----a-w C:\WINDOWS\system32\xactengine3_1.dll
    2008-05-30 12:17 65,032 ----a-w C:\WINDOWS\system32\XAPOFX1_0.dll
    2008-05-30 12:17 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_4.dll
    2008-05-30 12:11 467,984 ----a-w C:\WINDOWS\system32\d3dx10_38.dll
    2008-05-30 12:11 3,850,760 ----a-w C:\WINDOWS\system32\D3DX9_38.dll
    2008-05-30 12:11 1,491,992 ----a-w C:\WINDOWS\system32\D3DCompiler_38.dll
    2008-05-28 12:52 16,862,720 ----a-w C:\WINDOWS\RTHDCPL.exe
    2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
    2008-04-30 15:27 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
    2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
    2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
    2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
    2008-04-02 07:27 1,196,032 ----a-w C:\WINDOWS\RtlUpd.exe
    2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\divx.dll
    2008-03-28 17:41 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:55 5674352]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:54 15360]
    "Fraps"="C:\FRAPS\FRAPS.EXE" [2008-01-14 14:18 3182248]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2008-05-28 14:52 16862720 C:\WINDOWS\RTHDCPL.exe]
    "egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-03-13 16:48 1443072]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 05:46 13529088]
    "nwiz"="nwiz.exe" [2008-05-03 05:46 1630208 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-03 05:46 86016]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]
    "JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 08:36 36864]
    "36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-05-25 08:07 1953792]
    "RivaTuner"="C:\Program Files\RivaTuner v2.06\RivaTuner.exe" [2007-10-30 20:05 2650112]
    "RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.06\RivaTuner.exe" [2007-10-30 20:05 2650112]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40 155648]

    C:\Documents and Settings\Shuu\Menu D‚marrer\Programmes\D‚marrage\
    Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-06-23 12:59:36 1871941]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Giganews Accelerator.lnk - C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe [2007-12-18 08:52:20 1085440]
    Loadout Manager.lnk - C:\Program Files\Belkin\Nostromo\nost_LM.exe [2004-04-06 15:49:02 454656]
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-06-23 12:38:13 688128]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
    C:\PROGRA~1\FICHIE~1\Stardock\mcpstub.dll 2005-01-31 15:13 49152 C:\PROGRA~1\FICHIE~1\Stardock\MCPStub.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.YV12"= yv12vfw.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "8212:TCP"= 8212:TCP:BitComet 8212 TCP
    "8212:UDP"= 8212:UDP:BitComet 8212 UDP

    R3 bcgame;Nostromo HID Device Minidriver;C:\WINDOWS\system32\drivers\bcgame.sys [2003-07-24 02:16]
    S3 maconfservice;Ma-Config Service;"C:\Program Files\ma-config.com\maconfservice.exe" [2008-06-19 15:24]

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-06-26 18:00:00 C:\WINDOWS\Tasks\At2.job"
    - C:\Documents
    "2008-06-26 12:00:00 C:\WINDOWS\Tasks\At3.job"
    - C:\Documents
    "2008-06-27 21:20:41 C:\WINDOWS\Tasks\RegCure Program Check.job"
    - C:\Program Files\RegCure\RegCure.exe
    "2008-06-27 08:36:42 C:\WINDOWS\Tasks\RegCure.job"
    - C:\Program Files\RegCure\RegCure.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-28 00:19:26
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-06-28 0:19:46
    ComboFix-quarantined-files.txt 2008-06-27 22:19:43
    ComboFix2.txt 2008-06-27 21:22:05

    Pre-Run: 57,409,703,936 octets libres
    Post-Run: 57,420,034,048 octets libres

    329

    28 Juin 2008 13:33:51

    re

    tu fais pas comme je t'ai expliqué:
    Citation :
    Command switches used :: G:\Applications\CFScript.txt
    * Création d'un nouveau point de restauration
    * Resident AV is active


    L'antivirus doit être désactivé
    ComboFix doit être sur le bureau

    Recommence avec mon script stp
    28 Juin 2008 13:52:14

    Re.
    Effectivement,désolé j'avais zappé :S

    ComboFix 08-06-20.4 - Shuu 2008-06-28 13:47:16.4 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1239 [GMT 2:00]
    Endroit: C:\Documents and Settings\Shuu\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Shuu\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    C:\Documents and Settings\Shuu\Application Data\dr.exe
    C:\Documents and Settings\Shuu\Application Data\space1.exe
    C:\Documents and Settings\Shuu\Application Data\toolbar.dll
    C:\Documents and Settings\Shuu\Application Data\wunauclt.exe
    C:\WINDOWS\system32\bnlqrhli.dll
    C:\WINDOWS\system32\buntjvsq.dll
    C:\WINDOWS\system32\hqftkpjw.dll
    C:\WINDOWS\system32\lcswoifu.dll
    C:\WINDOWS\system32\mbfbflgg.dll
    C:\WINDOWS\system32\owuwfude.dll
    C:\WINDOWS\system32\qsvjtnub.tmp
    C:\WINDOWS\system32\ssqOhIAT.dll.vir
    C:\WINDOWS\system32\tsyhaawx.dll
    C:\WINDOWS\system32\tuvUNdDu.dll
    C:\WINDOWS\system32\vtlgwwne.dll
    C:\WINDOWS\system32\xefaoyon.dll
    C:\WINDOWS\Tasks\At1.job
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\Marsu-Fix Uninstaller.exe\

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-05-28 to 2008-06-28 ))))))))))))))))))))))))))))))))))))
    .

    2008-06-27 10:27 . 2008-06-27 11:06 152 --a------ C:\WINDOWS\wininit.ini
    2008-06-26 21:55 . 2008-06-26 21:55 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-06-26 21:55 . 2008-06-26 21:55 <REP> d-------- C:\Documents and Settings\Shuu\Application Data\Malwarebytes
    2008-06-26 21:55 . 2008-06-26 21:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-06-26 21:55 . 2008-06-19 17:55 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-06-26 21:55 . 2008-06-19 17:55 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-06-26 21:01 . 2008-06-27 23:26 <REP> d-------- C:\Program Files\Panda Security
    2008-06-26 19:59 . 2008-06-26 19:59 <REP> d--hs---- C:\WINDOWS\ftpcache
    2008-06-26 19:55 . 2005-09-01 12:03 127,488 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
    2008-06-26 19:55 . 2005-09-01 12:03 5,888 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
    2008-06-26 19:54 . 2008-06-26 19:54 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
    2008-06-26 19:54 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
    2008-06-26 19:54 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
    2008-06-26 19:54 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
    2008-06-26 19:54 . 2004-07-09 09:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
    2008-06-26 19:54 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
    2008-06-26 19:54 . 2006-01-12 16:40 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
    2008-06-26 19:54 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
    2008-06-26 17:31 . 2008-06-27 23:59 <REP> d-------- C:\Warhammer Online - Age of Reckoning
    2008-06-26 17:15 . 2008-06-26 17:15 <REP> d-------- C:\Program Files\Fichiers communs\SWF Studio
    2008-06-26 16:15 . 2008-06-27 22:07 <REP> d-------- C:\Program Files\TubeMaster
    2008-06-26 16:09 . 2008-06-26 16:09 <REP> d-------- C:\Program Files\KC Softwares
    2008-06-25 17:05 . 2008-02-28 13:26 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll
    2008-06-25 17:05 . 2008-02-28 13:01 774,144 --a------ C:\WINDOWS\system32\NEROINSTAEC43759.DB
    2008-06-25 17:05 . 2008-06-25 17:05 0 --a------ C:\WINDOWS\Irremote.ini
    2008-06-24 17:26 . 2008-06-24 17:26 <REP> d-------- C:\Documents and Settings\Shuu\Application Data\Nokia Multimedia Player
    2008-06-23 18:36 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
    2008-06-23 18:36 . 2004-08-03 23:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
    2008-06-23 18:36 . 2008-06-23 18:36 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
    2008-06-23 18:30 . 2008-06-26 20:27 <REP> d-------- C:\Documents and Settings\Shuu\Application Data\OpenOffice.org2
    2008-06-23 18:29 . 2008-06-23 18:29 <REP> d-------- C:\Program Files\OpenOffice.org 2.4
    2008-06-23 18:29 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
    2008-06-23 18:28 . 2008-06-24 16:08 <REP> d-------- C:\Program Files\Java
    2008-06-23 18:28 . 2008-06-23 18:28 <REP> d-------- C:\Program Files\Fichiers communs\Java
    2008-06-23 18:24 . 2008-06-28 13:38 69 --a------ C:\WINDOWS\NeroDigital.ini
    2008-06-23 18:23 . 2008-06-28 01:17 <REP> d-------- C:\Documents and Settings\Shuu\.homeplayer
    2008-06-23 17:17 . 2008-06-23 17:17 <REP> d-------- C:\Program Files\Runtime Software
    2008-06-23 16:43 . 2008-06-23 16:43 <REP> d-------- C:\Program Files\RivaTuner v2.06
    2008-06-23 16:35 . 2008-06-23 16:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
    2008-06-23 16:33 . 2008-06-23 16:33 <REP> d-------- C:\Program Files\Bonjour
    2008-06-23 16:29 . 2008-06-23 16:29 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
    2008-06-23 16:27 . 2008-06-23 16:33 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
    2008-06-23 16:23 . 2008-06-23 16:23 <REP> d-------- C:\Fraps
    2008-06-23 16:23 . 2008-06-28 00:21 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-06-23 16:13 . 2008-06-26 16:08 <REP> d-------- C:\Program Files\PokerStars
    2008-06-23 15:53 . 2008-06-23 15:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2008-06-23 15:50 . 2008-06-23 15:50 <REP> d-------- C:\Program Files\NeroInstall.bak
    2008-06-23 15:49 . 2008-06-23 15:49 <REP> d-------- C:\Documents and Settings\Shuu\Application Data\Nero
    2008-06-23 15:48 . 2008-06-26 19:54 <REP> d-------- C:\Program Files\Ahead
    2008-06-23 15:47 . 2008-06-25 17:06 <REP> d-------- C:\Program Files\Fichiers communs\Nero
    2008-06-23 15:47 . 2008-06-25 17:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
    2008-06-23 14:10 . 2008-06-23 15:18 <REP> d-------- C:\Documents and Settings\Shuu\Application Data\Ventrilo
    2008-06-23 14:09 . 2004-08-04 02:54 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
    2008-06-23 14:09 . 2001-08-17 23:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
    2008-06-23 14:08 . 2004-08-04 02:39 58,496 --a------ C:\WINDOWS\system32\drivers\redbook.sys
    2008-06-23 14:07 . 2004-08-04 00:54 77,312 --a------ C:\WINDOWS\system32\usbui.dll
    2008-06-23 14:07 . 2004-08-04 00:54 77,312 --a--c--- C:\WINDOWS\system32\dllcache\usbui.dll
    2008-06-23 14:06 . 2008-06-23 14:06 <REP> d-------- C:\Documents and Settings\Shuu\Application Data\vlc
    2008-06-23 14:06 . 2008-06-23 14:06 <REP> d--h----- C:\Documents and Settings\Default User\Voisinage réseau
    2008-06-23 14:06 . 2008-06-23 14:06 <REP> d--h----- C:\Documents and Settings\Default User\Voisinage d'impression
    2008-06-23 14:06 . 2008-06-23 12:10 <REP> d--h----- C:\Documents and Settings\Default User\Modèles
    2008-06-23 14:06 . 2008-06-23 14:06 <REP> d-------- C:\Documents and Settings\Default User\Mes documents
    2008-06-23 14:06 . 2008-06-23 14:06 <REP> dr------- C:\Documents and Settings\Default User\Menu Démarrer
    2008-06-23 14:06 . 2008-06-23 12:13 <REP> d-------- C:\Documents and Settings\Default User\Favoris
    2008-06-23 14:06 . 2008-06-23 14:06 <REP> d-------- C:\Documents and Settings\Default User\Bureau
    2008-06-23 14:06 . 2008-06-23 18:29 <REP> d--h----- C:\Documents and Settings\All Users\Modèles
    2008-06-23 14:06 . 2008-06-23 17:31 <REP> dr------- C:\Documents and Settings\All Users\Menu Démarrer
    2008-06-23 14:06 . 2008-06-23 14:06 <REP> d-------- C:\Documents and Settings\All Users\Favoris
    2008-06-23 14:06 . 2008-06-23 16:34 <REP> dr------- C:\Documents and Settings\All Users\Documents
    2008-06-23 14:06 . 2008-06-27 11:36 <REP> d-------- C:\Documents and Settings\All Users\Bureau
    2008-06-23 14:05 . 2008-06-23 15:48 <REP> d--h----- C:\Documents and Settings\Default User
    2008-06-23 14:05 . 2008-06-23 12:13 <REP> d-------- C:\Documents and Settings\All Users
    2008-06-23 14:05 . 2008-06-23 12:16 <REP> d-------- C:\Documents and Settings
    2008-06-23 14:05 . 2008-06-23 12:15 1,264 --a------ C:\WINDOWS\system32\$winnt$.inf

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-27 20:57 --------- d-----w C:\Program Files\The KMPlayer
    2008-06-27 20:43 --------- d-----w C:\Program Files\ZGuideTV
    2008-06-27 09:55 159,839 ----a-w C:\WINDOWS\Marsu-Fix Uninstaller.exe
    2008-06-27 08:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-06-24 19:57 --------- d-----w C:\Program Files\TBC Reveil
    2008-06-23 17:26 --------- d-----w C:\Program Files\Winamp
    2008-06-23 16:36 --------- d-----w C:\Documents and Settings\Shuu\Application Data\PC Suite
    2008-06-23 16:36 --------- d-----w C:\Documents and Settings\Shuu\Application Data\Nokia
    2008-06-23 16:23 --------- d-----w C:\Program Files\HomePlayer
    2008-06-23 15:29 --------- d-----w C:\Program Files\BitComet
    2008-06-23 15:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\ma-config.com
    2008-06-23 12:14 --------- d-----w C:\Program Files\eMule
    2008-06-23 11:53 --------- d-----w C:\Documents and Settings\Shuu\Application Data\Media Player Classic
    2008-06-23 11:39 --------- d-----w C:\Program Files\Foxit Software
    2008-06-23 11:37 --------- d-----w C:\Program Files\FreeUndelete
    2008-06-23 11:35 --------- d-----w C:\Program Files\MSN Messenger
    2008-06-23 11:35 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-06-23 11:35 --------- d-----w C:\Documents and Settings\Shuu\Application Data\Screenshot Sender
    2008-06-23 11:30 --------- d-----w C:\Program Files\Giganews Accelerator
    2008-06-23 11:24 --------- d-----w C:\Program Files\GrabIt
    2008-06-23 11:21 --------- d-----w C:\Documents and Settings\Shuu\Application Data\Winamp
    2008-06-23 11:19 --------- d-----w C:\Program Files\VideoLAN
    2008-06-23 11:19 --------- d-----w C:\Program Files\Ventrilo
    2008-06-23 11:19 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-06-23 11:18 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-06-23 11:17 --------- d-----w C:\Program Files\DVD Decrypter
    2008-06-23 11:16 --------- d-----w C:\Program Files\QuickPar
    2008-06-23 11:16 --------- d-----w C:\Program Files\Belkin
    2008-06-23 11:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
    2008-06-23 11:15 --------- d-----w C:\Program Files\PC Connectivity Solution
    2008-06-23 11:15 --------- d-----w C:\Program Files\Nokia
    2008-06-23 11:15 --------- d-----w C:\Program Files\Imagenomic
    2008-06-23 11:15 --------- d-----w C:\Program Files\Fichiers communs\PCSuite
    2008-06-23 11:15 --------- d-----w C:\Program Files\Fichiers communs\Nokia
    2008-06-23 11:15 --------- d-----w C:\Program Files\DIFX
    2008-06-23 11:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
    2008-06-23 11:14 --------- d-----w C:\Program Files\ma-config.com
    2008-06-23 11:14 --------- d-----w C:\Program Files\K-Lite Codec Pack
    2008-06-23 11:12 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-06-23 11:12 --------- d-----w C:\Program Files\Executive Software
    2008-06-23 11:12 --------- d-----w C:\Program Files\DVD Shrink
    2008-06-23 11:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2008-06-23 11:10 --------- d-----w C:\Program Files\DAEMON Tools Lite
    2008-06-23 11:08 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2008-06-23 11:08 --------- d-----w C:\Documents and Settings\Shuu\Application Data\DAEMON Tools
    2008-06-23 11:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\RoboForm
    2008-06-23 11:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-06-23 11:03 --------- d-----w C:\Program Files\Lavasoft
    2008-06-23 11:03 --------- d-----w C:\Program Files\7-Zip
    2008-06-23 10:59 --------- d-----w C:\Program Files\Stardock
    2008-06-23 10:59 --------- d-----w C:\Program Files\Fichiers communs\Stardock
    2008-06-23 10:51 --------- d-----w C:\Program Files\MozBackup
    2008-06-23 10:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-06-23 10:42 --------- d-----w C:\Program Files\Realtek
    2008-06-23 10:42 --------- d-----w C:\Documents and Settings\Shuu\Application Data\InstallShield
    2008-06-23 10:41 15,600 ----a-w C:\WINDOWS\gdrv.sys
    2008-06-23 10:38 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
    2008-06-23 10:38 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
    2008-06-23 10:38 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
    2008-06-23 10:38 --------- d-----w C:\Program Files\Logitech
    2008-06-23 10:38 --------- d-----w C:\Program Files\Fichiers communs\Logitech
    2008-06-23 10:38 --------- d-----w C:\Documents and Settings\Shuu\Application Data\Logitech
    2008-06-23 10:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
    2008-06-23 10:27 --------- d-----w C:\Program Files\ESET
    2008-06-23 10:27 --------- d-----w C:\Documents and Settings\Shuu\Application Data\ESET
    2008-06-23 10:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
    2008-06-23 10:23 315,392 ----a-w C:\WINDOWS\HideWin.exe
    2008-06-23 10:22 --------- d-----w C:\Program Files\Intel
    2008-06-23 10:13 --------- d-----w C:\Program Files\microsoft frontpage
    2008-06-23 10:12 --------- d-----w C:\Program Files\Services en ligne
    2008-06-02 16:10 4,752,384 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys
    2008-05-30 12:19 507,400 ----a-w C:\WINDOWS\system32\XAudio2_1.dll
    2008-05-30 12:18 238,088 ----a-w C:\WINDOWS\system32\xactengine3_1.dll
    2008-05-30 12:17 65,032 ----a-w C:\WINDOWS\system32\XAPOFX1_0.dll
    2008-05-30 12:17 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_4.dll
    2008-05-30 12:11 467,984 ----a-w C:\WINDOWS\system32\d3dx10_38.dll
    2008-05-30 12:11 3,850,760 ----a-w C:\WINDOWS\system32\D3DX9_38.dll
    2008-05-30 12:11 1,491,992 ----a-w C:\WINDOWS\system32\D3DCompiler_38.dll
    2008-05-28 12:52 16,862,720 ----a-w C:\WINDOWS\RTHDCPL.exe
    2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
    2008-04-30 15:27 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
    2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
    2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
    2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
    2008-04-02 07:27 1,196,032 ----a-w C:\WINDOWS\RtlUpd.exe
    2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\divx.dll
    2008-03-28 17:41 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:55 5674352]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:54 15360]
    "Fraps"="C:\FRAPS\FRAPS.EXE" [2008-01-14 14:18 3182248]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2008-05-28 14:52 16862720 C:\WINDOWS\RTHDCPL.exe]
    "egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-03-13 16:48 1443072]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 05:46 13529088]
    "nwiz"="nwiz.exe" [2008-05-03 05:46 1630208 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-03 05:46 86016]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]
    "JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 08:36 36864]
    "36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-05-25 08:07 1953792]
    "RivaTuner"="C:\Program Files\RivaTuner v2.06\RivaTuner.exe" [2007-10-30 20:05 2650112]
    "RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.06\RivaTuner.exe" [2007-10-30 20:05 2650112]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40 155648]

    C:\Documents and Settings\Shuu\Menu D‚marrer\Programmes\D‚marrage\
    Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-06-23 12:59:36 1871941]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Giganews Accelerator.lnk - C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe [2007-12-18 08:52:20 1085440]
    Loadout Manager.lnk - C:\Program Files\Belkin\Nostromo\nost_LM.exe [2004-04-06 15:49:02 454656]
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-06-23 12:38:13 688128]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
    C:\PROGRA~1\FICHIE~1\Stardock\mcpstub.dll 2005-01-31 15:13 49152 C:\PROGRA~1\FICHIE~1\Stardock\MCPStub.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.YV12"= yv12vfw.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "8212:TCP"= 8212:TCP:BitComet 8212 TCP
    "8212:UDP"= 8212:UDP:BitComet 8212 UDP

    R3 bcgame;Nostromo HID Device Minidriver;C:\WINDOWS\system32\drivers\bcgame.sys [2003-07-24 02:16]
    S3 maconfservice;Ma-Config Service;"C:\Program Files\ma-config.com\maconfservice.exe" [2008-06-19 15:24]

    *Newly Created Service* - CATCHME
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-06-26 18:00:00 C:\WINDOWS\Tasks\At2.job"
    - C:\Documents
    "2008-06-26 12:00:00 C:\WINDOWS\Tasks\At3.job"
    - C:\Documents
    "2008-06-27 22:21:47 C:\WINDOWS\Tasks\RegCure Program Check.job"
    - C:\Program Files\RegCure\RegCure.exe
    "2008-06-27 08:36:42 C:\WINDOWS\Tasks\RegCure.job"
    - C:\Program Files\RegCure\RegCure.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-28 13:48:14
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-06-28 13:48:47
    ComboFix-quarantined-files.txt 2008-06-28 11:48:44
    ComboFix2.txt 2008-06-27 22:19:47

    Pre-Run: 56,841,949,184 octets libres
    Post-Run: 56,833,511,424 octets libres

    271
    28 Juin 2008 22:17:37

    re

    Copie (Ctrl+C) le texte ci-dessous :
    File::
    C:\WINDOWS\Tasks\At2.job
    C:\WINDOWS\Tasks\At3.job
    C:\WINDOWS\Tasks\RegCure Program Check.job
    C:\WINDOWS\Tasks\RegCure.job
    Folder::
    C:\Program Files\RegCure



    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
    Sauvegarde ce fichier sous le nom de CFScript.txt

    Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture


  • Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
  • Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS