Se connecter / S'enregistrer
Votre question

demande d'aide pour débutant

Tags :
  • Internet Explorer
  • Sécurité
Dernière réponse : dans Sécurité et virus
11 Mai 2008 21:04:57

Tout d'abord je tiens a remercier les bénévoles qui donnent de leur temps pour pour aider ceux qui subissent les malveillances de certain.

Bon voila, j'ai utilisé mon ordinateur prés de 2 ans sans aucune protection (je sais que certains vont déjà crier au fou).
Suite a quelques problèmes au bout de ce temps (ralentissements, plantages, écran noir, écran bleu, etc...) j'en ai eu marre de formater/réinstaller mon ordi et j'ai donc voulu scanner mon ordinateur (avec Norton), c'est là que; vu le nombre de fichier reconnus comme infectés; j'ai réaliser (beaucoup trop tard) que ma pratique est loin d'être la meilleure.

J'ai donc choisi de prendre un anti-virus (Avast) mais ça n'a pas l'air vraiment efficace; il ne veut en général ni réparer ni mettre en quarantaine mais simplement ignorer; solution qui me semble pas vraiment ultime.

après quelques recherches j'ai découvert votre site, mais voila j'ai rien trouvé pour quelqu'un de mon niveau (je ne sais pas comment avoir un report donc pas possible de le poster)

Donc si quelqu'un veux bien me donner un coup de main et me donner la marche a suivre pour être aidé sur ce site (j'ai un peu cherché sans trouver).

Merci d'avance.

Autres pages sur : demande aide debutant

a b 8 Sécurité
11 Mai 2008 21:18:02

Bonjour,

Aider dans ?
11 Mai 2008 21:26:20

hé bien, je suis infesté de toute sorte de malware mais je ne sais pas trop comment faire pour mettre un report ou autre sur le site ni le genre d'info que je doit donner
Contenus similaires
11 Mai 2008 21:44:34

Merci Angel voici le report:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:34:51, on 11/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\RoamMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\1XConfig.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\IkAgora\IkAgora.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: {7d2f673f-4f80-0a28-f744-e20d069ee048} - {840ee960-d02e-447f-82a0-08f4f376f2d7} - C:\WINDOWS\system32\odnyiywf.dll
O2 - BHO: (no name) - {8596EC6E-0CBF-48C2-93ED-635D85B332EB} - C:\WINDOWS\system32\pmnMGwwu.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\CD-R\DAEMON Tools\daemon.exe\" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [5ccb95b9] rundll32.exe "C:\WINDOWS\system32\bgsljjlf.dll",b
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IMC] C:\Program Files\FriendFinder\FriendFinder Messenger 30\imc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\WINDOWS\twain_32\ScanWiz5\SDII.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{D0D20409-C16C-46B9-8980-85B82B6A3E5B}: NameServer = 212.27.54.252,212.27.53.252
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c006BD04.dat
O20 - Winlogon Notify: opnkkhh - opnkkhh.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: RoamMgr - Intel Corporation - C:\WINDOWS\system32\RoamMgr.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe

--
End of file - 8245 bytes
a b 8 Sécurité
11 Mai 2008 22:06:20

Re,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    11 Mai 2008 22:56:39

    ComboFix 08-05-11.1 - Administrateur 2008-05-11 22:36:41.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.206 [GMT 2:00]
    Endroit: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Autorun.inf
    C:\Documents and Settings\Administrateur\Application Data\ShoppingReport
    C:\Documents and Settings\Administrateur\Application Data\ShoppingReport\cs\Config.xml
    C:\Documents and Settings\Administrateur\Application Data\ShoppingReport\cs\db\Aliases.dbs
    C:\Documents and Settings\Administrateur\Application Data\ShoppingReport\cs\db\Sites.dbs
    C:\Documents and Settings\Administrateur\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
    C:\Documents and Settings\Administrateur\Application Data\ShoppingReport\cs\report\aggr_storage.xml
    C:\Documents and Settings\Administrateur\Application Data\ShoppingReport\cs\report\send_storage.xml
    C:\Documents and Settings\Administrateur\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
    C:\Program Files\ShoppingReport
    C:\Program Files\ShoppingReport\Uninst.exe
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\abbnqdso.dll
    C:\WINDOWS\system32\abosxkwc.ini
    C:\WINDOWS\system32\abwbvtpj.dll
    C:\WINDOWS\system32\aefcjlgi.dll
    C:\WINDOWS\system32\afenydqm.ini
    C:\WINDOWS\system32\ahhmugps.ini
    C:\WINDOWS\system32\aiuemndv.ini
    C:\WINDOWS\system32\ajeuvagc.dll
    C:\WINDOWS\system32\ajfgvfir.dll
    C:\WINDOWS\system32\ajovwvve.dll
    C:\WINDOWS\system32\akgmkoha.dll
    C:\WINDOWS\system32\alcvudss.ini
    C:\WINDOWS\system32\anljbamv.dll
    C:\WINDOWS\system32\aoftinxg.dll
    C:\WINDOWS\system32\aokxvlmb.ini
    C:\WINDOWS\system32\apobgnfl.dll
    C:\WINDOWS\system32\aublyegu.ini
    C:\WINDOWS\system32\awaevklm.ini
    C:\WINDOWS\system32\awmsaosm.ini
    C:\WINDOWS\system32\axhtjivg.dll
    C:\WINDOWS\system32\balyhxfm.ini
    C:\WINDOWS\system32\basphunh.dll
    C:\WINDOWS\system32\bcrntjcc.dll
    C:\WINDOWS\system32\beeeg.bak1
    C:\WINDOWS\system32\beeeg.ini
    C:\WINDOWS\system32\bgsljjlf.dll
    C:\WINDOWS\system32\bhoduhjm.dll
    C:\WINDOWS\system32\bhsuqtgs.dll
    C:\WINDOWS\system32\biqsrcqg.ini
    C:\WINDOWS\system32\bjlxwnay.dll
    C:\WINDOWS\system32\bjphaben.dll
    C:\WINDOWS\system32\bjxqtvjc.dll
    C:\WINDOWS\system32\bkdmkwod.dll
    C:\WINDOWS\system32\bksfioel.dll
    C:\WINDOWS\system32\bmtbwgiu.ini
    C:\WINDOWS\system32\bpooexfv.dll
    C:\WINDOWS\system32\bptmfusq.dll
    C:\WINDOWS\system32\bqokaiua.dll
    C:\WINDOWS\system32\bqsuammj.ini
    C:\WINDOWS\system32\burmdgjw.dll
    C:\WINDOWS\system32\bvnsyiwr.ini
    C:\WINDOWS\system32\bxaifcuh.dll
    C:\WINDOWS\system32\byqncsay.dll
    C:\WINDOWS\system32\canftoqd.dll
    C:\WINDOWS\system32\caoejlyb.dll
    C:\WINDOWS\system32\cbrvoxqv.dll
    C:\WINDOWS\system32\ceqekbey.ini
    C:\WINDOWS\system32\cfjrysgw.ini
    C:\WINDOWS\system32\ckwnrlpj.dll
    C:\WINDOWS\system32\clrivnbe.dll
    C:\WINDOWS\system32\cmdkgtit.ini
    C:\WINDOWS\system32\cnsyjcql.dll
    C:\WINDOWS\system32\cpnjcsjk.ini
    C:\WINDOWS\system32\csdliies.ini
    C:\WINDOWS\system32\cstvucep.dll
    C:\WINDOWS\system32\cvarngrt.dll
    C:\WINDOWS\system32\cwhqndww.ini
    C:\WINDOWS\system32\cwiovxmg.ini
    C:\WINDOWS\system32\dbakbesp.dll
    C:\WINDOWS\system32\ddrgcjyf.dll
    C:\WINDOWS\system32\deafnjmd.ini
    C:\WINDOWS\system32\dfeeg.bak1
    C:\WINDOWS\system32\dfeeg.ini
    C:\WINDOWS\system32\dgppjumj.ini
    C:\WINDOWS\system32\dkkamjcm.dll
    C:\WINDOWS\system32\dmxwkjgk.dll
    C:\WINDOWS\system32\doslotxx.dll
    C:\WINDOWS\system32\dqdsysui.dll
    C:\WINDOWS\system32\dqqyjnfd.dll
    C:\WINDOWS\system32\drivers\services.exe
    C:\WINDOWS\system32\drnqnrni.dll
    C:\WINDOWS\system32\dsbtlcps.dll
    C:\WINDOWS\system32\dtfytyft.ini
    C:\WINDOWS\system32\dtmjdgiw.ini
    C:\WINDOWS\system32\dugdmpes.ini
    C:\WINDOWS\system32\duikkolj.ini
    C:\WINDOWS\system32\dulymkra.dll
    C:\WINDOWS\system32\dvmbqlai.dll
    C:\WINDOWS\system32\dxyydfko.dll
    C:\WINDOWS\system32\dyqeobku.ini
    C:\WINDOWS\system32\dyrokvoe.dll
    C:\WINDOWS\system32\eajaovsi.dll
    C:\WINDOWS\system32\earuqvyv.ini
    C:\WINDOWS\system32\ebbwjjsy.dll
    C:\WINDOWS\system32\ebtropts.dll
    C:\WINDOWS\system32\ecvbdkta.dll
    C:\WINDOWS\system32\edycvgjc.dll
    C:\WINDOWS\system32\eflsyxle.ini
    C:\WINDOWS\system32\efrpkwkx.dll
    C:\WINDOWS\system32\egylbkaa.ini
    C:\WINDOWS\system32\ehhhgrer.ini
    C:\WINDOWS\system32\elcnpukx.ini
    C:\WINDOWS\system32\eloyxmdl.dll
    C:\WINDOWS\system32\enhxnewr.ini
    C:\WINDOWS\system32\eqrwnurm.ini
    C:\WINDOWS\system32\erdqhqre.ini
    C:\WINDOWS\system32\evbplmsl.ini
    C:\WINDOWS\system32\evmrykcl.dll
    C:\WINDOWS\system32\eytlbecv.dll
    C:\WINDOWS\system32\facitcda.ini
    C:\WINDOWS\system32\fbmwtjlj.dll
    C:\WINDOWS\system32\fbowmqol.dll
    C:\WINDOWS\system32\fbrtppmw.ini
    C:\WINDOWS\system32\febcksuy.ini
    C:\WINDOWS\system32\feggclve.ini
    C:\WINDOWS\system32\FfiRAJjl.ini
    C:\WINDOWS\system32\FfiRAJjl.ini2
    C:\WINDOWS\system32\fgabvplr.dll
    C:\WINDOWS\system32\fhjjl.bak1
    C:\WINDOWS\system32\fhjjl.ini
    C:\WINDOWS\system32\fhjxyock.dll
    C:\WINDOWS\system32\fhkkj.bak1
    C:\WINDOWS\system32\fhkkj.ini
    C:\WINDOWS\system32\fkwbbiyk.ini
    C:\WINDOWS\system32\fkwbbiyk.tmp
    C:\WINDOWS\system32\fljjlsgb.ini
    C:\WINDOWS\system32\fluoclkp.dll
    C:\WINDOWS\system32\fodwwaxm.dll
    C:\WINDOWS\system32\fqcriuhe.dll
    C:\WINDOWS\system32\fqjmsqsy.ini
    C:\WINDOWS\system32\fqsybepo.ini
    C:\WINDOWS\system32\fquxeait.ini
    C:\WINDOWS\system32\frvddepn.dll
    C:\WINDOWS\system32\fucrqmrb.dll
    C:\WINDOWS\system32\fwcdwygn.dll
    C:\WINDOWS\system32\gbuobdox.ini
    C:\WINDOWS\system32\gfuulnht.dll
    C:\WINDOWS\system32\ggumqgew.dll
    C:\WINDOWS\system32\ghghyvna.dll
    C:\WINDOWS\system32\gikmp.bak1
    C:\WINDOWS\system32\gikmp.bak2
    C:\WINDOWS\system32\gikmp.ini
    C:\WINDOWS\system32\gjuvwqkt.dll
    C:\WINDOWS\system32\gjweaghs.dll
    C:\WINDOWS\system32\gkmbinqn.dll
    C:\WINDOWS\system32\gptyyfgq.dll
    C:\WINDOWS\system32\gsspyjil.dll
    C:\WINDOWS\system32\guppnabx.dll
    C:\WINDOWS\system32\gwruguhc.dll
    C:\WINDOWS\system32\gymjqlro.ini
    C:\WINDOWS\system32\hcirylrq.ini
    C:\WINDOWS\system32\hegurjxo.dll
    C:\WINDOWS\system32\hgfkeewt.dll
    C:\WINDOWS\system32\hghsqkqi.dll
    C:\WINDOWS\system32\hhpgomvc.ini
    C:\WINDOWS\system32\hkhuvryr.dll
    C:\WINDOWS\system32\hmnqsugs.dll
    C:\WINDOWS\system32\hnqloyay.dll
    C:\WINDOWS\system32\hosmexqj.dll
    C:\WINDOWS\system32\hpllfsiq.ini
    C:\WINDOWS\system32\hqcfrvug.dll
    C:\WINDOWS\system32\hqhdxsxc.ini
    C:\WINDOWS\system32\hrcivoix.dll
    C:\WINDOWS\system32\htsbrjam.ini
    C:\WINDOWS\system32\htsgwqrm.dll
    C:\WINDOWS\system32\htxesbxs.dll
    C:\WINDOWS\system32\hxfknbrd.dll
    C:\WINDOWS\system32\iagfbfcs.dll
    C:\WINDOWS\system32\iaqyysjm.dll
    C:\WINDOWS\system32\iddnoune.dll
    C:\WINDOWS\system32\idfwnvrh.dll
    C:\WINDOWS\system32\ifnjnlnw.dll
    C:\WINDOWS\system32\igrrqxej.dll
    C:\WINDOWS\system32\igvclpwi.dll
    C:\WINDOWS\system32\ihdbiupg.ini
    C:\WINDOWS\system32\iiovyfmp.dll
    C:\WINDOWS\system32\ikdofaav.ini
    C:\WINDOWS\system32\ioawrsui.dll
    C:\WINDOWS\system32\ioeydymn.ini
    C:\WINDOWS\system32\ioqvqaik.ini
    C:\WINDOWS\system32\ipwbvnde.dll
    C:\WINDOWS\system32\iqllooib.dll
    C:\WINDOWS\system32\itgqlkoi.dll
    C:\WINDOWS\system32\ithgnvss.dll
    C:\WINDOWS\system32\iwdljxdk.ini
    C:\WINDOWS\system32\iykfyoml.ini
    C:\WINDOWS\system32\iytaxspc.ini
    C:\WINDOWS\system32\jaxwjltt.dll
    C:\WINDOWS\system32\jewcxhll.dll
    C:\WINDOWS\system32\jfcitsgu.dll
    C:\WINDOWS\system32\jgdeglgp.dll
    C:\WINDOWS\system32\jhoemsda.ini
    C:\WINDOWS\system32\jhvcexta.ini
    C:\WINDOWS\system32\jhvpuvoi.dll
    C:\WINDOWS\system32\jjncottl.dll
    C:\WINDOWS\system32\jlfpqxaf.ini
    C:\WINDOWS\system32\jmduohgs.ini
    C:\WINDOWS\system32\jmkwbsrd.ini
    C:\WINDOWS\system32\jnmxvyyf.dll
    C:\WINDOWS\system32\joevhkfk.ini
    C:\WINDOWS\system32\jplrnwkc.ini
    C:\WINDOWS\system32\jqlglpvo.dll
    C:\WINDOWS\system32\jvmakfhg.ini
    C:\WINDOWS\system32\jwsiehsq.ini
    C:\WINDOWS\system32\kafbdkcl.ini
    C:\WINDOWS\system32\kahwwiew.ini
    C:\WINDOWS\system32\kalhisfj.ini
    C:\WINDOWS\system32\kasaklep.ini
    C:\WINDOWS\system32\kbjnloig.dll
    C:\WINDOWS\system32\kgcdmgdu.ini
    C:\WINDOWS\system32\khlhjnoj.dll
    C:\WINDOWS\system32\khorkpjn.dll
    C:\WINDOWS\system32\khsbmmod.dll
    C:\WINDOWS\system32\khwrchcw.dll
    C:\WINDOWS\system32\khxkrddn.ini
    C:\WINDOWS\system32\kioaqmhw.dll
    C:\WINDOWS\system32\kjiii.bak1
    C:\WINDOWS\system32\kjiii.bak2
    C:\WINDOWS\system32\kjiii.ini
    C:\WINDOWS\system32\kkolrxvq.dll
    C:\WINDOWS\system32\klptbsga.dll
    C:\WINDOWS\system32\knbbptpy.ini
    C:\WINDOWS\system32\knjxvair.dll
    C:\WINDOWS\system32\knmubvrd.dll
    C:\WINDOWS\system32\knqgqaej.dll
    C:\WINDOWS\system32\kqmmjsju.dll
    C:\WINDOWS\system32\ktmifdhk.dll
    C:\WINDOWS\system32\ktumpqns.dll
    C:\WINDOWS\system32\ktvmoufc.ini
    C:\WINDOWS\system32\kuctydel.dll
    C:\WINDOWS\system32\kwuohwnt.ini
    C:\WINDOWS\system32\kxhaguwp.dll
    C:\WINDOWS\system32\kyibbwkf.dll
    C:\WINDOWS\system32\lawhkmip.dll
    C:\WINDOWS\system32\lbmdpyka.dll
    C:\WINDOWS\system32\ldhqrcfy.dll
    C:\WINDOWS\system32\leqowqmk.dll
    C:\WINDOWS\system32\lgccwije.ini
    C:\WINDOWS\system32\lgypgeac.dll
    C:\WINDOWS\system32\liyscilc.ini
    C:\WINDOWS\system32\ljtkiucl.ini
    C:\WINDOWS\system32\llqkbofc.ini
    C:\WINDOWS\system32\lmektiuw.ini
    C:\WINDOWS\system32\lofbggta.ini
    C:\WINDOWS\system32\lpqltylw.dll
    C:\WINDOWS\system32\luddlgtr.dll
    C:\WINDOWS\system32\lupihdqt.dll
    C:\WINDOWS\system32\lvcbidsl.ini
    C:\WINDOWS\system32\lvnfqiek.dll
    C:\WINDOWS\system32\lvtgfrui.dll
    C:\WINDOWS\system32\lywqqefa.dll
    C:\WINDOWS\system32\mamyiufi.dll
    C:\WINDOWS\system32\mantdsyn.ini
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\mejjotun.ini
    C:\WINDOWS\system32\mirjdvyc.dll
    C:\WINDOWS\system32\mjqqmgwu.dll
    C:\WINDOWS\system32\mkjailej.ini
    C:\WINDOWS\system32\mljcuylx.dll
    C:\WINDOWS\system32\mmoneakk.dll
    C:\WINDOWS\system32\mniysqbg.dll
    C:\WINDOWS\system32\mpimyvgv.dll
    C:\WINDOWS\system32\mqfgqqgc.dll
    C:\WINDOWS\system32\mrakmqjq.dll
    C:\WINDOWS\system32\mrpgehsq.ini
    C:\WINDOWS\system32\msmrvacj.ini
    C:\WINDOWS\system32\mtkmgdpy.ini
    C:\WINDOWS\system32\mtrvovbj.ini
    C:\WINDOWS\system32\mudxdauo.dll
    C:\WINDOWS\system32\muivmrsa.dll
    C:\WINDOWS\system32\munnytkp.dll
    C:\WINDOWS\system32\muuddjec.ini
    C:\WINDOWS\system32\mxcwtsoy.ini
    C:\WINDOWS\system32\myrnaqyx.dll
    C:\WINDOWS\system32\naunwgfl.ini
    C:\WINDOWS\system32\nbghmntl.ini
    C:\WINDOWS\system32\ncfhoosl.ini
    C:\WINDOWS\system32\ndtltouo.dll
    C:\WINDOWS\system32\ngamfubr.dll
    C:\WINDOWS\system32\nhaksfsg.ini
    C:\WINDOWS\system32\nhhdconp.dll
    C:\WINDOWS\system32\nhnqalio.ini
    C:\WINDOWS\system32\nibwjegb.dll
    C:\WINDOWS\system32\nimbtuxi.dll
    C:\WINDOWS\system32\nlrupgjx.dll
    C:\WINDOWS\system32\nmsvixlv.dll
    C:\WINDOWS\system32\nmupktbs.dll
    C:\WINDOWS\system32\nnjyrkwd.dll
    C:\WINDOWS\system32\nnqru.bak1
    C:\WINDOWS\system32\nnqru.ini
    C:\WINDOWS\system32\noinbxsy.dll
    C:\WINDOWS\system32\noxwixni.dll
    C:\WINDOWS\system32\npdbdcug.dll
    C:\WINDOWS\system32\npdwvwic.dll
    C:\WINDOWS\system32\nqunxdmi.dll
    C:\WINDOWS\system32\nuijjtjo.dll
    C:\WINDOWS\system32\oagdhtdk.dll
    C:\WINDOWS\system32\oawcifmg.dll
    C:\WINDOWS\system32\ocisqhpr.ini
    C:\WINDOWS\system32\odnyiywf.dll
    C:\WINDOWS\system32\oeeajcfq.dll
    C:\WINDOWS\system32\offgbmyl.dll
    C:\WINDOWS\system32\offuwlsk.dll
    C:\WINDOWS\system32\ofgmsrqi.dll
    C:\WINDOWS\system32\ogupnjsm.dll
    C:\WINDOWS\system32\oiipbgui.dll
    C:\WINDOWS\system32\ojpnxqrq.ini
    C:\WINDOWS\system32\ojtmuvqu.ini
    C:\WINDOWS\system32\okmktnmt.ini
    C:\WINDOWS\system32\onaxoegf.ini
    C:\WINDOWS\system32\oomgeslt.ini
    C:\WINDOWS\system32\oonnn.bak1
    C:\WINDOWS\system32\oonnn.ini
    C:\WINDOWS\system32\owphmgyh.dll
    C:\WINDOWS\system32\oxdnwuqa.ini
    C:\WINDOWS\system32\pahynebw.ini
    C:\WINDOWS\system32\pasibipo.dll
    C:\WINDOWS\system32\pbblkcvs.ini
    C:\WINDOWS\system32\pcwftldb.ini
    C:\WINDOWS\system32\pfgixlsn.dll
    C:\WINDOWS\system32\pieepwnn.dll
    C:\WINDOWS\system32\pihbdxtm.dll
    C:\WINDOWS\system32\pkbnfmrx.dll
    C:\WINDOWS\system32\pkoydfwq.ini
    C:\WINDOWS\system32\pmnMGwwu.dll
    C:\WINDOWS\system32\pmwjupph.dll
    C:\WINDOWS\system32\pmyvoqyd.ini
    C:\WINDOWS\system32\pnmxmuxf.dll
    C:\WINDOWS\system32\poikkdaj.dll
    C:\WINDOWS\system32\pormfllq.dll
    C:\WINDOWS\system32\ppdehgct.dll
    C:\WINDOWS\system32\PWyIknnn.ini
    C:\WINDOWS\system32\PWyIknnn.ini2
    C:\WINDOWS\system32\pxlicysj.dll
    C:\WINDOWS\system32\pxtpdhga.dll
    C:\WINDOWS\system32\pygvjrmt.dll
    C:\WINDOWS\system32\qapdmrnb.dll
    C:\WINDOWS\system32\qbpgaolm.dll
    C:\WINDOWS\system32\qdgdwsle.ini
    C:\WINDOWS\system32\qfggtryo.dll
    C:\WINDOWS\system32\qfpxgpgr.dll
    C:\WINDOWS\system32\qfwnjppg.ini
    C:\WINDOWS\system32\qimiiqya.dll
    C:\WINDOWS\system32\qklwssfo.ini
    C:\WINDOWS\system32\qkobkogk.dll
    C:\WINDOWS\system32\qkwxdpqu.dll
    C:\WINDOWS\system32\qldoircq.dll
    C:\WINDOWS\system32\qlnsapoc.dll
    C:\WINDOWS\system32\qnirikdw.ini
    C:\WINDOWS\system32\qqracmmm.ini
    C:\WINDOWS\system32\qragugdo.ini
    C:\WINDOWS\system32\qwtvginv.ini
    C:\WINDOWS\system32\qxhosgac.ini
    C:\WINDOWS\system32\qygoyurx.ini
    C:\WINDOWS\system32\qyntuccl.ini
    C:\WINDOWS\system32\raykcltc.dll
    C:\WINDOWS\system32\rbjchyec.dll
    C:\WINDOWS\system32\rcswiddw.ini
    C:\WINDOWS\system32\rekrmieg.ini
    C:\WINDOWS\system32\reowbebf.dll
    C:\WINDOWS\system32\rgkltdwr.dll
    C:\WINDOWS\system32\riavxjnk.ini
    C:\WINDOWS\system32\ricykjrx.dll
    C:\WINDOWS\system32\rjckqktx.dll
    C:\WINDOWS\system32\rktecmrg.dll
    C:\WINDOWS\system32\rlqugecy.dll
    C:\WINDOWS\system32\rrbofslm.ini
    C:\WINDOWS\system32\rrnfcitl.dll
    C:\WINDOWS\system32\rrpviutd.ini
    C:\WINDOWS\system32\rrqbuxxq.dll
    C:\WINDOWS\system32\rsngllvf.dll
    C:\WINDOWS\system32\rtglddul.ini
    C:\WINDOWS\system32\rtiauqds.ini
    C:\WINDOWS\system32\ruikujkg.dll
    C:\WINDOWS\system32\ruktkyfh.dll
    C:\WINDOWS\system32\ruwgevhh.dll
    C:\WINDOWS\system32\ryhloqdd.ini
    C:\WINDOWS\system32\sfgfnpnk.dll
    C:\WINDOWS\system32\sixdmqcy.dll
    C:\WINDOWS\system32\sjqvkwck.dll
    C:\WINDOWS\system32\slbvthut.dll
    C:\WINDOWS\system32\smmraurl.ini
    C:\WINDOWS\system32\snsysdrg.ini
    C:\WINDOWS\system32\sofjhlws.ini
    C:\WINDOWS\system32\sscbcjrb.dll
    C:\WINDOWS\system32\ssgphepf.ini
    C:\WINDOWS\system32\ssndnuuc.dll
    C:\WINDOWS\system32\ssxixjby.ini
    C:\WINDOWS\system32\subsvjvw.dll
    C:\WINDOWS\system32\suptchha.dll
    C:\WINDOWS\system32\suvyb.bak1
    C:\WINDOWS\system32\suvyb.ini
    C:\WINDOWS\system32\swuxjduf.dll
    C:\WINDOWS\system32\tacrrglx.dll
    C:\WINDOWS\system32\taurddry.dll
    C:\WINDOWS\system32\tbqdtkov.dll
    C:\WINDOWS\system32\tbvbvply.ini
    C:\WINDOWS\system32\tcinsyke.dll
    C:\WINDOWS\system32\tcqswdjs.dll
    C:\WINDOWS\system32\tcxacfbc.dll
    C:\WINDOWS\system32\tesqblua.ini
    C:\WINDOWS\system32\tflkqdkv.ini
    C:\WINDOWS\system32\tfsqnnun.dll
    C:\WINDOWS\system32\tieyfwkp.ini
    C:\WINDOWS\system32\tifklecm.dll
    C:\WINDOWS\system32\tikcgnfj.ini
    C:\WINDOWS\system32\tjmemivm.ini
    C:\WINDOWS\system32\tmjlelmn.dll
    C:\WINDOWS\system32\tmoqxwlv.dll
    C:\WINDOWS\system32\tnurawoo.dll
    C:\WINDOWS\system32\tooikjdx.dll
    C:\WINDOWS\system32\tpyghkhh.dll
    C:\WINDOWS\system32\tqsxoiky.ini
    C:\WINDOWS\system32\tracxofg.dll
    C:\WINDOWS\system32\traqdcac.dll
    C:\WINDOWS\system32\trhrvybp.dll
    C:\WINDOWS\system32\trkaxwrx.dll
    C:\WINDOWS\system32\tsttnihc.dll
    C:\WINDOWS\system32\ttopotdt.dll
    C:\WINDOWS\system32\tustsvxh.ini
    C:\WINDOWS\system32\tvylwdbv.ini
    C:\WINDOWS\system32\twkqltod.dll
    C:\WINDOWS\system32\ubnudupc.dll
    C:\WINDOWS\system32\ucgtvhwa.dll
    C:\WINDOWS\system32\ucjtnspc.dll
    C:\WINDOWS\system32\uconvlhb.dll
    C:\WINDOWS\system32\udjavftx.dll
    C:\WINDOWS\system32\ufepaesy.ini
    C:\WINDOWS\system32\uioigwat.dll
    C:\WINDOWS\system32\ujyjdqft.dll
    C:\WINDOWS\system32\ukiqsilf.ini
    C:\WINDOWS\system32\ulwcrkfk.ini
    C:\WINDOWS\system32\upopfqgs.ini
    C:\WINDOWS\system32\uqcihqjm.ini
    C:\WINDOWS\system32\urclkbdb.dll
    C:\WINDOWS\system32\urfnylxn.dll
    C:\WINDOWS\system32\utunnyfw.dll
    C:\WINDOWS\system32\uunavkik.ini
    C:\WINDOWS\system32\uwwGMnmp.ini
    C:\WINDOWS\system32\uwwGMnmp.ini2
    C:\WINDOWS\system32\uxjmlffv.ini
    C:\WINDOWS\system32\uxqrcyki.dll
    C:\WINDOWS\system32\vdgylwlu.dll
    C:\WINDOWS\system32\vdvpsegv.dll
    C:\WINDOWS\system32\vefhvhlp.ini
    C:\WINDOWS\system32\veqtbgtu.dll
    C:\WINDOWS\system32\vhmnfvna.dll
    C:\WINDOWS\system32\viwrvkdn.dll
    C:\WINDOWS\system32\vjvvoscb.ini
    C:\WINDOWS\system32\vkofivnq.dll
    C:\WINDOWS\system32\vkremxjc.ini
    C:\WINDOWS\system32\vmmvubtd.ini
    C:\WINDOWS\system32\vmndpmxi.dll
    C:\WINDOWS\system32\vmnhtmts.ini
    C:\WINDOWS\system32\voktdqbt.ini
    C:\WINDOWS\system32\vqfcxtrm.dll
    C:\WINDOWS\system32\vtxmcdly.ini
    C:\WINDOWS\system32\vuygdqyh.ini
    C:\WINDOWS\system32\vvoyadyc.dll
    C:\WINDOWS\system32\vvqqlbgo.dll
    C:\WINDOWS\system32\vvvdaiat.ini
    C:\WINDOWS\system32\vxmoritk.dll
    C:\WINDOWS\system32\vyhwdevx.ini
    C:\WINDOWS\system32\wabvdont.dll
    C:\WINDOWS\system32\watdnyew.dll
    C:\WINDOWS\system32\wcttrdje.ini
    C:\WINDOWS\system32\wcvqqmet.ini
    C:\WINDOWS\system32\WGNWxyxx.ini
    C:\WINDOWS\system32\WGNWxyxx.ini2
    C:\WINDOWS\system32\whpobxau.ini
    C:\WINDOWS\system32\wilvbiqu.ini
    C:\WINDOWS\system32\wldrfkxr.ini
    C:\WINDOWS\system32\wlpvopvj.dll
    C:\WINDOWS\system32\wmegerdc.ini
    C:\WINDOWS\system32\wmhnwtap.ini
    C:\WINDOWS\system32\wpckmffc.dll
    C:\WINDOWS\system32\wqhjcnvh.ini
    C:\WINDOWS\system32\wstdlweu.dll
    C:\WINDOWS\system32\wtsmfuky.dll
    C:\WINDOWS\system32\xajbidfi.dll
    C:\WINDOWS\system32\xbubxihb.dll
    C:\WINDOWS\system32\xbuewciy.ini
    C:\WINDOWS\system32\xeaahaih.ini
    C:\WINDOWS\system32\xhnjwkyc.dll
    C:\WINDOWS\system32\xhosktbe.ini
    C:\WINDOWS\system32\xibgavaf.dll
    C:\WINDOWS\system32\xidbilwp.ini
    C:\WINDOWS\system32\ximixaug.ini
    C:\WINDOWS\system32\xkfkjhoj.dll
    C:\WINDOWS\system32\xkupncle.dll
    C:\WINDOWS\system32\xlcbvfxn.ini
    C:\WINDOWS\system32\xnbgaxut.dll
    C:\WINDOWS\system32\xnmitdej.ini
    C:\WINDOWS\system32\xnruvmda.dll
    C:\WINDOWS\system32\xrewwqye.dll
    C:\WINDOWS\system32\xrxhhhte.dll
    C:\WINDOWS\system32\xscrjdmm.dll
    C:\WINDOWS\system32\xsdocjsl.dll
    C:\WINDOWS\system32\xsulvned.dll
    C:\WINDOWS\system32\xtpxfxlp.ini
    C:\WINDOWS\system32\xuaecnrq.ini
    C:\WINDOWS\system32\xvqidsvo.dll
    C:\WINDOWS\system32\xwkobofg.dll
    C:\WINDOWS\system32\xxocwmpo.dll
    C:\WINDOWS\system32\xxylvjey.dll
    C:\WINDOWS\system32\xxyytlkx.ini
    C:\WINDOWS\system32\xycckdsp.dll
    C:\WINDOWS\system32\xycedytd.dll
    C:\WINDOWS\system32\ybkbbius.dll
    C:\WINDOWS\system32\ycfhcpyt.ini
    C:\WINDOWS\system32\ychixpdh.dll
    C:\WINDOWS\system32\ycxaarjr.ini
    C:\WINDOWS\system32\ydtfiooj.dll
    C:\WINDOWS\system32\ydwwkmqj.ini
    C:\WINDOWS\system32\yiodfjix.ini
    C:\WINDOWS\system32\yjcldpjf.dll
    C:\WINDOWS\system32\ylldixja.dll
    C:\WINDOWS\system32\ylsfvnsm.dll
    C:\WINDOWS\system32\yniwcjxv.ini
    C:\WINDOWS\system32\ypdgmktm.dll
    C:\WINDOWS\system32\ypwmpyam.dll
    C:\WINDOWS\system32\yrttrnqx.dll
    C:\WINDOWS\system32\ytnttmsg.dll
    C:\WINDOWS\system32\yuwdlgro.ini
    C:\WINDOWS\system32\yvijbhig.dll
    C:\WINDOWS\system32\yvptcgps.dll
    D:\Autorun.inf

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-11 to 2008-05-11 ))))))))))))))))))))))))))))))))))))
    .

    2008-05-11 21:33 . 2008-05-11 21:33 <REP> d-------- C:\Program Files\Trend Micro
    2008-05-09 23:18 . 2008-05-09 23:18 2,112 --a------ C:\WINDOWS\system32\xcrihwop.exe
    2008-05-08 23:21 . 2008-05-08 23:21 2,112 --a------ C:\WINDOWS\system32\devvnitl.exe
    2008-05-07 23:18 . 2008-05-07 23:18 2,112 --a------ C:\WINDOWS\system32\tdolxyjb.exe
    2008-05-06 23:15 . 2008-05-06 23:15 2,112 --a------ C:\WINDOWS\system32\aacmcjdb.exe
    2008-05-05 15:33 . 2008-05-05 16:10 <REP> d-------- C:\TEMP
    2008-05-05 15:29 . 2008-05-05 15:29 <REP> d-------- C:\Program Files\Alwil Software
    2008-05-02 18:05 . 2008-05-11 16:34 <REP> d-------- C:\Program Files\IkAgora
    2008-05-02 18:05 . 1998-07-13 00:00 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
    2008-05-02 18:05 . 2000-10-02 00:00 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
    2008-05-02 18:05 . 1998-07-13 00:00 59,904 --a------ C:\WINDOWS\system32\MSCC2FR.DLL
    2008-05-02 18:05 . 1998-07-13 00:00 40,960 --a------ C:\WINDOWS\system32\FLXGDFR.DLL
    2008-05-02 18:05 . 1998-07-13 00:00 21,504 --a------ C:\WINDOWS\system32\TABCTFR.DLL
    2008-04-30 11:54 . 2008-04-30 11:54 67 --a------ C:\WINDOWS\system32\myqlkkyu.dll
    2008-04-29 11:57 . 2008-04-29 11:57 67 --a------ C:\WINDOWS\system32\jgnoblka.dll
    2008-04-28 11:57 . 2008-04-28 11:57 67 --a------ C:\WINDOWS\system32\pxqyoetr.dll
    2008-04-27 11:51 . 2008-04-27 11:51 67 --a------ C:\WINDOWS\system32\pgmmhfjh.dll
    2008-04-26 11:51 . 2008-04-26 11:51 67 --a------ C:\WINDOWS\system32\cwlqmhpy.dll
    2008-04-25 15:07 . 2008-05-02 09:38 <REP> d-------- C:\Program Files\Fichiers communs\Symantec Shared
    2008-04-21 20:55 . 2008-04-27 13:51 <REP> d--h----- C:\Documents and Settings\Administrateur\igLoader Files
    2008-04-20 20:41 . 2008-04-20 20:45 <REP> d-------- C:\Program Files\Microsoft Silverlight
    2008-04-19 18:39 . 2008-05-11 18:26 <REP> d-------- C:\Program Files\Norton Security Scan
    2008-04-19 18:38 . 2008-04-20 14:50 <REP> d-------- C:\WINDOWS\system32\Adobe
    2008-04-18 23:12 . 2008-04-18 23:12 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\yoclient
    2008-04-14 08:16 . 2008-04-14 08:16 315,808 --a------ C:\WINDOWS\system32\nnnkIyWP.dll
    2008-04-11 07:00 . 2008-04-11 07:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Awem

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-11 20:48 --------- d-----w C:\Program Files\Wanadoo
    2008-05-11 20:33 2,112 ----a-w C:\WINDOWS\system32\idbagtwx.exe
    2008-05-05 19:58 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\WholeSecurity
    2008-05-04 21:38 --------- d-----w C:\Program Files\Metin2_France
    2008-04-23 09:48 --------- d-----w C:\Program Files\Zylom Games
    2008-04-23 09:42 --------- d-----w C:\Program Files\Java
    2008-04-15 17:13 --------- d-----w C:\Program Files\Magic Workstation
    2008-04-11 05:00 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Zylom
    2008-04-10 15:32 315,600 ----a-w C:\WINDOWS\system32\ljJARifF.dll
    2008-03-31 14:45 98,304 ----a-w C:\WINDOWS\DUMPb0c7.tmp
    2008-03-31 10:47 315,632 ----a-w C:\WINDOWS\system32\xxyxWNGW.dll
    2008-03-30 15:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
    2008-03-30 15:38 --------- d-----w C:\Program Files\Windows Live Toolbar
    2008-03-30 15:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-03-30 15:25 --------- d-----w C:\Program Files\Backgammon 3D
    2008-03-15 14:22 --------- d-----w C:\Program Files\Cheat Engine
    .

    ------- Sigcheck -------

    2006-03-25 19:20 360448 88e085a02ae1e4d4ae2b143d1325f383 C:\WINDOWS\system32\drivers\tcpip.sys

    2006-03-28 00:08 2198784 fa1ce6e0925711ea9ce2a00da3c849bd C:\WINDOWS\system32\ntkrnlpa.exe

    2006-03-28 00:08 2321408 82715cdec829f187c7cf0da33048d984 C:\WINDOWS\system32\ntoskrnl.exe
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50 122880]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
    "IMC"="C:\Program Files\FriendFinder\FriendFinder Messenger 30\imc.exe" [ ]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:54 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "SoundMan"="SOUNDMAN.EXE" [2003-05-14 14:20 55296 C:\WINDOWS\SOUNDMAN.EXE]
    "PRONoMgr.exe"="C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe" [2003-09-02 01:28 86016]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-06-23 04:34 155648]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-06-23 04:34 114688]
    "eBayToolbar"="C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2008-03-20 18:58 652528]
    "DAEMON Tools"="C:\Program Files\CD-R\DAEMON Tools\daemon.exe\ -lang 1033" [ ]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 06:54 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "nlsf"="cmd.exe" [2004-08-04 06:54 400896 C:\WINDOWS\system32\cmd.exe]
    "tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 06:37 44544]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMHelp"= 1 (0x1)
    "NoInstrumentation"= 1 (0x1)
    "NoSMConfigurePrograms"= 1 (0x1)
    "ForceStartMenuLogoff"= 0 (0x0)
    "NoResolveTrack"= 1 (0x1)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMHelp"= 1 (0x1)
    "NoInternetIcon"= 1 (0x1)
    "NoInstrumentation"= 1 (0x1)
    "NoSMConfigurePrograms"= 1 (0x1)
    "StartMenuLogoff"= 1 (0x1)
    "ForceStartMenuLogoff"= 0 (0x0)
    "NoResolveTrack"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnkkhh]
    opnkkhh.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
    C:\WINDOWS\system32\LgNotify.dll 2003-09-10 05:47 110592 C:\WINDOWS\system32\LgNotify.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.l3acm"= l3codecp.acm
    "vidc.XVID"= xvid.dll
    "msacm.imc"= imc32.acm
    "msacm.l3codecp"= l3codecp.acm
    "VIDC.i263"= i263_32.drv
    "vidc.DIV3"= DivXc32.dll
    "vidc.MJPG"= m3jpeg32.dll
    "msacm.DivXa32"= DivXa32.acm
    "vidc.div4"= DivXc32f.dll
    "vidc.dmb1"= m3jpeg32.dll
    "vidc.jpeg"= m3jpeg32.dll
    "VIDC.HFYU"= huffyuv.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\FlashFXP\\flashfxp.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\Metin2_France\\metin2.bin"=
    "C:\\Program Files\\girder\\girder.exe"=
    "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
    S3 bfastfao;bfastfao;C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bfastfao.sys []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e30d750-f31c-11db-8944-0004236c10a2}]
    \Shell\AutoRun\command - G:\SETUP.EXE -0
    \Shell\Explore\Command - G:\SETUP.EXE -E
    \Shell\Open\Command - G:\SETUP.EXE -O

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-05-11 16:27:04 C:\WINDOWS\Tasks\Norton Security Scan.job"
    - C:\Program Files\Norton Security Scan\Nss.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-11 22:46:10
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\S24EvMon.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\FTRTSVC.exe
    C:\WINDOWS\system32\RegSrvc.exe
    C:\WINDOWS\system32\RoamMgr.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\ZCfgSvc.exe
    C:\WINDOWS\system32\1XConfig.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\CD-R\DAEMON Tools\daemon.exe
    C:\WINDOWS\twain_32\ScanWiz5\SDII.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\system32\ALERTM~1\ALERTM~1.EXE
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-05-11 22:53:13 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-05-11 20:53:03

    Pre-Run: 5,194,776,576 octets libres
    Post-Run: 5,678,018,560 octets libres

    715
    12 Mai 2008 00:41:58

    Excusez moi mais je dois absolument aller me coucher, vous pouvez me donner suite de la marche a suivre, je vous répondrais demain.

    Bonne nuit et encore merci = )
    12 Mai 2008 11:54:19

    Je me permet de remonter le sujet car j'ai peur d'être oublié ^^
    a b 8 Sécurité
    12 Mai 2008 13:05:32

    Pas besoin de uper.

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    12 Mai 2008 14:10:57

    Désolé pour le up intempestif :/ 

    Voilà ce que donne le dernier rapport:

    Malwarebytes' Anti-Malware 1.12
    Version de la base de données: 742

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 56925
    Temps écoulé: 26 minute(s), 9 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 3
    Valeur(s) du Registre infectée(s): 1
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 145

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\QooBox\Quarantine\C\WINDOWS\system32\aefcjlgi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\ajeuvagc.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\basphunh.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\bhoduhjm.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\bptmfusq.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\caoejlyb.dll.vir (Trojan.AVKiller) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\eajaovsi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\ebbwjjsy.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\edycvgjc.dll.vir (Trojan.AVKiller) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\fhjxyock.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\fqcriuhe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\fucrqmrb.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\htsgwqrm.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\iaqyysjm.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\ipwbvnde.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\jjncottl.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\khlhjnoj.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\khwrchcw.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\ktmifdhk.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\kuctydel.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\kyibbwkf.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\lawhkmip.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\luddlgtr.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\mniysqbg.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\munnytkp.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\pieepwnn.dll.vir (Trojan.AVKiller) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\pihbdxtm.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\pmnMGwwu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\pormfllq.dll.vir (Trojan.AVKiller) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\pygvjrmt.dll.vir (Trojan.AVKiller) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\qlnsapoc.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\rgkltdwr.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\rrnfcitl.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\sixdmqcy.dll.vir (Trojan.AVKiller) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\tcxacfbc.dll.vir (Trojan.AVKiller) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\tfsqnnun.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\tooikjdx.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\ucgtvhwa.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\ucjtnspc.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\urfnylxn.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\vdgylwlu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\vdvpsegv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\veqtbgtu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\wlpvopvj.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\xscrjdmm.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\xwkobofg.dll.vir (Trojan.AVKiller) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\ybkbbius.dll.vir (Trojan.AVKiller) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\yrttrnqx.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c001476A.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c0019DCB.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c0023709.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c002430C.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c0026B7A.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c0027154.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c0027499.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c0029A85.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c002AF50.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c002BEA4.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c002C961.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c002D799.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c002DC7A.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c002F013.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c002F111.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c0031633.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c00322E4.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c0033444.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c00358E1.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c0038398.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c0038598.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c0038835.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c003B664.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c003B9C8.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c0041531.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c004308E.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c00457C9.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c0045D48.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c0049A59.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c0049F24.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c004D024.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c004EA4.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c00507E.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c0053E10.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c0056EEC.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c005CD39.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c0064B2C.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c006B9AC.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c006BD04.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c006D1E4.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c006FD18.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c0070E04.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c00734A2.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c0075554.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c00782E9.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c0078FE0.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c007BA03.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c007ED09.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c007FECE.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c00841A4.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c0088B9E.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c0089551.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c0089972.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c008DC41.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c008EFA4.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c009010.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c00942D1.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c0098282.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c009B149.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c009C22C.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c009D31.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c009D712.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c00A1898.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c00A1EE9.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c00A3838.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c00A4B1D.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c00A881F.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c00AAAB8.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c00ADF6B.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c00AE03F.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c00B4E9A.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c00B7039.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c00B7050.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c00B93C4.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c00BE399.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c00C0300.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c00C1B42.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c00C2BC4.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c00C665F.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c00C6E04.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c00CB521.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c00D0E40.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c00D3D2C.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c00D3F99.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c00D6174.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c00DC97C.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c00DE577.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c00EC74.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c00F07A1.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c00F3521.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c00F4346.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c00F9D92.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c00FE610.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c00FF4C4.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\nnnkIyWP.dll (Backdoor.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\xxyxWNGW.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ljJARifF.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    22 Mai 2008 09:14:29

    Je sais bien que l'on m'a dit que ce n'était pas la peine mais je me permet un petit up pour savoir ou l'on en est.
    Est-ce que je doit faire autre chose?
    a b 8 Sécurité
    22 Mai 2008 13:12:39

    Refais un scan Combofix :) 
    22 Mai 2008 15:49:18

    Voila ce que dit le machin = )



    ComboFix 08-05-21.2 - Administrateur 2008-05-22 15:37:02.2 - NTFSx86
    Endroit: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\BM5ff8a625.xml
    C:\WINDOWS\system32\aacmcjdb.exe
    C:\WINDOWS\system32\devvnitl.exe
    C:\WINDOWS\system32\idbagtwx.exe
    C:\WINDOWS\system32\tdolxyjb.exe
    C:\WINDOWS\system32\xcrihwop.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-04-22 to 2008-05-22 ))))))))))))))))))))))))))))))))))))
    .

    2008-05-12 15:10 . 2008-05-12 15:12 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
    2008-05-12 14:06 . 2008-05-12 14:06 <REP> d-------- C:\WINDOWS\system32\xircom
    2008-05-12 14:06 . 2008-05-12 14:06 <REP> d-------- C:\WINDOWS\system32\restore
    2008-05-12 14:06 . 2008-05-12 14:06 <REP> d-------- C:\WINDOWS\system32\oobe
    2008-05-12 14:06 . 2008-05-12 14:06 <REP> d-------- C:\WINDOWS\srchasst
    2008-05-12 14:06 . 2008-05-12 14:06 <REP> d-------- C:\WINDOWS\pchealth
    2008-05-12 14:06 . 2008-05-12 14:06 <REP> d-------- C:\Program Files\microsoft frontpage
    2008-05-12 13:27 . 2008-05-12 13:27 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-05-12 13:27 . 2008-05-12 13:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-05-12 13:27 . 2008-05-12 13:27 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
    2008-05-12 13:27 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-05-12 13:27 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-05-11 21:33 . 2008-05-11 21:33 <REP> d-------- C:\Program Files\Trend Micro
    2008-05-05 15:33 . 2008-05-05 16:10 <REP> d-------- C:\TEMP
    2008-05-05 15:29 . 2008-05-05 15:29 <REP> d-------- C:\Program Files\Alwil Software
    2008-05-02 18:05 . 2008-05-14 08:47 <REP> d-------- C:\Program Files\IkAgora
    2008-05-02 18:05 . 1998-07-13 00:00 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
    2008-05-02 18:05 . 2000-10-02 00:00 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
    2008-05-02 18:05 . 1998-07-13 00:00 59,904 --a------ C:\WINDOWS\system32\MSCC2FR.DLL
    2008-05-02 18:05 . 1998-07-13 00:00 40,960 --a------ C:\WINDOWS\system32\FLXGDFR.DLL
    2008-05-02 18:05 . 1998-07-13 00:00 21,504 --a------ C:\WINDOWS\system32\TABCTFR.DLL
    2008-04-30 11:54 . 2008-04-30 11:54 67 --a------ C:\WINDOWS\system32\myqlkkyu.dll
    2008-04-29 11:57 . 2008-04-29 11:57 67 --a------ C:\WINDOWS\system32\jgnoblka.dll
    2008-04-28 11:57 . 2008-04-28 11:57 67 --a------ C:\WINDOWS\system32\pxqyoetr.dll
    2008-04-27 11:51 . 2008-04-27 11:51 67 --a------ C:\WINDOWS\system32\pgmmhfjh.dll
    2008-04-26 11:51 . 2008-04-26 11:51 67 --a------ C:\WINDOWS\system32\cwlqmhpy.dll
    2008-04-25 15:07 . 2008-05-21 18:14 <REP> d-------- C:\Program Files\Fichiers communs\Symantec Shared

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-22 13:36 --------- d-----w C:\Program Files\Wanadoo
    2008-05-21 16:00 --------- d-----w C:\Program Files\Norton Security Scan
    2008-05-12 13:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-05-12 13:07 --------- d-----w C:\Program Files\Atari
    2008-05-05 19:58 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\WholeSecurity
    2008-05-04 21:38 --------- d-----w C:\Program Files\Metin2_France
    2008-04-23 09:48 --------- d-----w C:\Program Files\Zylom Games
    2008-04-23 09:42 --------- d-----w C:\Program Files\Java
    2008-04-20 18:45 --------- d-----w C:\Program Files\Microsoft Silverlight
    2008-04-18 21:12 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\yoclient
    2008-04-15 17:13 --------- d-----w C:\Program Files\Magic Workstation
    2008-04-11 05:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Awem
    2008-04-11 05:00 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Zylom
    2008-03-31 14:45 98,304 ----a-w C:\WINDOWS\DUMPb0c7.tmp
    2008-03-30 15:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
    2008-03-30 15:38 --------- d-----w C:\Program Files\Windows Live Toolbar
    2008-03-30 15:25 --------- d-----w C:\Program Files\Backgammon 3D
    .

    ------- Sigcheck -------

    2006-03-25 19:20 360448 88e085a02ae1e4d4ae2b143d1325f383 C:\WINDOWS\system32\drivers\tcpip.sys

    2006-03-28 00:08 2198784 fa1ce6e0925711ea9ce2a00da3c849bd C:\WINDOWS\system32\ntkrnlpa.exe

    2006-03-28 00:08 2321408 82715cdec829f187c7cf0da33048d984 C:\WINDOWS\system32\ntoskrnl.exe
    .
    ((((((((((((((((((((((((((((( snapshot@2008-05-11_22.52.21.77 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-05-11 20:44:04 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-05-12 12:06:25 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    - 2000-08-31 06:00:00 73,728 ----a-w C:\WINDOWS\fdsv.exe
    + 2000-08-31 06:00:00 89,504 ----a-w C:\WINDOWS\fdsv.exe
    + 2008-05-12 12:06:33 16,384 ----atw C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Perflib_Perfdata_4f0.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50 122880]
    "IMC"="C:\Program Files\FriendFinder\FriendFinder Messenger 30\imc.exe" [ ]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:54 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "SoundMan"="SOUNDMAN.EXE" [2003-05-14 14:20 55296 C:\WINDOWS\SOUNDMAN.EXE]
    "PRONoMgr.exe"="C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe" [2003-09-02 01:28 86016]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-06-23 04:34 155648]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-06-23 04:34 114688]
    "DAEMON Tools"="C:\Program Files\CD-R\DAEMON Tools\daemon.exe\ -lang 1033" [ ]
    "MSConfig"="C:\WINDOWS\system32\msconfig.exe" [2004-08-04 06:54 160768]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 06:54 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "nlsf"="cmd.exe" [2004-08-04 06:54 400896 C:\WINDOWS\system32\cmd.exe]
    "tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 06:37 44544]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Microtek Scanner Finder.lnk - C:\WINDOWS\twain_32\ScanWiz5\SDII.exe [2007-04-25 10:26:42 315392]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMHelp"= 1 (0x1)
    "NoInstrumentation"= 1 (0x1)
    "NoSMConfigurePrograms"= 1 (0x1)
    "ForceStartMenuLogoff"= 0 (0x0)
    "NoResolveTrack"= 1 (0x1)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMHelp"= 1 (0x1)
    "NoInternetIcon"= 1 (0x1)
    "NoInstrumentation"= 1 (0x1)
    "NoSMConfigurePrograms"= 1 (0x1)
    "StartMenuLogoff"= 1 (0x1)
    "ForceStartMenuLogoff"= 0 (0x0)
    "NoResolveTrack"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnkkhh]
    opnkkhh.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
    C:\WINDOWS\system32\LgNotify.dll 2003-09-10 05:47 110592 C:\WINDOWS\system32\LgNotify.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.l3acm"= l3codecp.acm
    "vidc.XVID"= xvid.dll
    "msacm.imc"= imc32.acm
    "msacm.l3codecp"= l3codecp.acm
    "VIDC.i263"= i263_32.drv
    "vidc.DIV3"= DivXc32.dll
    "vidc.MJPG"= m3jpeg32.dll
    "msacm.DivXa32"= DivXa32.acm
    "vidc.div4"= DivXc32f.dll
    "vidc.dmb1"= m3jpeg32.dll
    "vidc.jpeg"= m3jpeg32.dll
    "VIDC.HFYU"= huffyuv.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk
    backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBayToolbar]
    --a------ 2008-03-20 18:58 652528 C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    --a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\FlashFXP\\flashfxp.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\Metin2_France\\metin2.bin"=
    "C:\\Program Files\\girder\\girder.exe"=
    "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
    R3 bfastfao;bfastfao;C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bfastfao.sys [2004-11-21 22:09]
    S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-05 20:46]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e30d750-f31c-11db-8944-0004236c10a2}]
    \Shell\AutoRun\command - G:\SETUP.EXE -0
    \Shell\Explore\Command - G:\SETUP.EXE -E
    \Shell\Open\Command - G:\SETUP.EXE -O

    *Newly Created Service* - BFASTFAO
    *Newly Created Service* - CATCHME
    *Newly Created Service* - ERASERUTILDRV10741
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-05-21 16:45:41 C:\WINDOWS\Tasks\Norton Security Scan.job"
    - C:\Program Files\Norton Security Scan\Nss.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-22 15:39:32
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-05-22 15:41:54
    ComboFix-quarantined-files.txt 2008-05-22 13:41:28
    ComboFix2.txt 2008-05-11 20:53:14

    Pre-Run: 5,274,771,456 octets libres
    Post-Run: 5,338,816,512 octets libres

    187
    a b 8 Sécurité
    22 Mai 2008 15:57:58

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    C:\WINDOWS\system32\myqlkkyu.dll
    C:\WINDOWS\system32\jgnoblka.dll
    C:\WINDOWS\system32\pxqyoetr.dll
    C:\WINDOWS\system32\pgmmhfjh.dll
    C:\WINDOWS\system32\cwlqmhpy.dll


    Ouvre le Bloc-notes (Démarrer>Exécuter...>notepad) puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :


    Cela va relancer ComboFix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport HijackThis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    22 Mai 2008 16:19:38

    Voila pour combofix:

    ComboFix 08-05-21.2 - Administrateur 2008-05-22 16:11:09.3 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.174 [GMT 2:00]
    Endroit: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Administrateur\Bureau\CFScript.txt

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    C:\WINDOWS\system32\cwlqmhpy.dll
    C:\WINDOWS\system32\jgnoblka.dll
    C:\WINDOWS\system32\myqlkkyu.dll
    C:\WINDOWS\system32\pgmmhfjh.dll
    C:\WINDOWS\system32\pxqyoetr.dll
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\cwlqmhpy.dll
    C:\WINDOWS\system32\jgnoblka.dll
    C:\WINDOWS\system32\myqlkkyu.dll
    C:\WINDOWS\system32\pgmmhfjh.dll
    C:\WINDOWS\system32\pxqyoetr.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-04-22 to 2008-05-22 ))))))))))))))))))))))))))))))))))))
    .

    2008-05-22 15:49 . 2008-05-22 15:49 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Motive
    2008-05-22 15:49 . 2008-05-22 15:49 79,064 --a------ C:\WINDOWS\UnInstall.exe
    2008-05-22 15:48 . 2008-05-22 15:49 <REP> d-------- C:\Program Files\Fichiers communs\Motive
    2008-05-22 15:48 . 2008-05-22 15:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Motive
    2008-05-22 15:47 . 2008-05-22 15:49 <REP> d-------- C:\Program Files\Orange
    2008-05-22 15:43 . 2008-05-22 15:45 <REP> d-------- C:\Program Files\OrangeHSS
    2008-05-22 15:43 . 2008-01-22 22:53 65,536 --a------ C:\WINDOWS\system32\Autodial2000.dll
    2008-05-22 15:43 . 2003-09-23 10:38 34,688 --a------ C:\WINDOWS\system32\pcampr5.sys
    2008-05-22 15:42 . 2008-05-22 15:42 <REP> d-------- C:\Program Files\Fichiers communs\France Telecom
    2008-05-12 15:10 . 2008-05-12 15:12 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
    2008-05-12 14:06 . 2008-05-12 14:06 <REP> d-------- C:\WINDOWS\system32\xircom
    2008-05-12 14:06 . 2008-05-12 14:06 <REP> d-------- C:\WINDOWS\system32\restore
    2008-05-12 14:06 . 2008-05-12 14:06 <REP> d-------- C:\WINDOWS\system32\oobe
    2008-05-12 14:06 . 2008-05-12 14:06 <REP> d-------- C:\WINDOWS\srchasst
    2008-05-12 14:06 . 2008-05-12 14:06 <REP> d-------- C:\WINDOWS\pchealth
    2008-05-12 14:06 . 2008-05-12 14:06 <REP> d-------- C:\Program Files\microsoft frontpage
    2008-05-12 13:27 . 2008-05-12 13:27 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-05-12 13:27 . 2008-05-12 13:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-05-12 13:27 . 2008-05-12 13:27 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
    2008-05-12 13:27 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-05-12 13:27 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-05-11 21:33 . 2008-05-11 21:33 <REP> d-------- C:\Program Files\Trend Micro
    2008-05-05 15:33 . 2008-05-05 16:10 <REP> d-------- C:\TEMP
    2008-05-05 15:29 . 2008-05-05 15:29 <REP> d-------- C:\Program Files\Alwil Software
    2008-05-02 18:05 . 2008-05-14 08:47 <REP> d-------- C:\Program Files\IkAgora
    2008-05-02 18:05 . 1998-07-13 00:00 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
    2008-05-02 18:05 . 2000-10-02 00:00 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
    2008-05-02 18:05 . 1998-07-13 00:00 59,904 --a------ C:\WINDOWS\system32\MSCC2FR.DLL
    2008-05-02 18:05 . 1998-07-13 00:00 40,960 --a------ C:\WINDOWS\system32\FLXGDFR.DLL
    2008-05-02 18:05 . 1998-07-13 00:00 21,504 --a------ C:\WINDOWS\system32\TABCTFR.DLL
    2008-04-25 15:07 . 2008-05-21 18:14 <REP> d-------- C:\Program Files\Fichiers communs\Symantec Shared

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-22 13:43 --------- d-----w C:\Program Files\Wanadoo
    2008-05-21 16:00 --------- d-----w C:\Program Files\Norton Security Scan
    2008-05-12 13:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-05-12 13:07 --------- d-----w C:\Program Files\Atari
    2008-05-05 19:58 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\WholeSecurity
    2008-05-04 21:38 --------- d-----w C:\Program Files\Metin2_France
    2008-04-23 09:48 --------- d-----w C:\Program Files\Zylom Games
    2008-04-23 09:42 --------- d-----w C:\Program Files\Java
    2008-04-20 18:45 --------- d-----w C:\Program Files\Microsoft Silverlight
    2008-04-18 21:12 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\yoclient
    2008-04-15 17:13 --------- d-----w C:\Program Files\Magic Workstation
    2008-04-11 05:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Awem
    2008-04-11 05:00 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Zylom
    2008-03-31 14:45 98,304 ----a-w C:\WINDOWS\DUMPb0c7.tmp
    2008-03-30 15:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
    2008-03-30 15:38 --------- d-----w C:\Program Files\Windows Live Toolbar
    2008-03-30 15:25 --------- d-----w C:\Program Files\Backgammon 3D
    .

    ------- Sigcheck -------

    2006-03-25 19:20 360448 88e085a02ae1e4d4ae2b143d1325f383 C:\WINDOWS\system32\drivers\tcpip.sys

    2006-03-28 00:08 2198784 fa1ce6e0925711ea9ce2a00da3c849bd C:\WINDOWS\system32\ntkrnlpa.exe

    2006-03-28 00:08 2321408 82715cdec829f187c7cf0da33048d984 C:\WINDOWS\system32\ntoskrnl.exe
    .
    ((((((((((((((((((((((((((((( snapshot@2008-05-11_22.52.21.77 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-05-11 20:44:04 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-05-12 12:06:25 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    - 2000-08-31 06:00:00 73,728 ----a-w C:\WINDOWS\fdsv.exe
    + 2000-08-31 06:00:00 89,504 ----a-w C:\WINDOWS\fdsv.exe
    + 2008-05-12 12:06:33 16,384 ----atw C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Perflib_Perfdata_4f0.dat
    - 2003-08-04 12:22:44 16,128 ------w C:\WINDOWS\system32\PCANDIS5.SYS
    + 2006-03-01 16:53:54 32,128 ----a-w C:\WINDOWS\system32\pcandis5.sys
    - 2003-08-04 12:22:44 94,208 ----a-w C:\WINDOWS\system32\W32n50.dll
    + 2006-03-01 16:53:56 94,208 ----a-w C:\WINDOWS\system32\w32n50.dll
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMC"="C:\Program Files\FriendFinder\FriendFinder Messenger 30\imc.exe" [ ]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:54 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "SoundMan"="SOUNDMAN.EXE" [2003-05-14 14:20 55296 C:\WINDOWS\SOUNDMAN.EXE]
    "PRONoMgr.exe"="C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe" [2003-09-02 01:28 86016]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-06-23 04:34 155648]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-06-23 04:34 114688]
    "DAEMON Tools"="C:\Program Files\CD-R\DAEMON Tools\daemon.exe\ -lang 1033" [ ]
    "MSConfig"="C:\WINDOWS\system32\msconfig.exe" [2004-08-04 06:54 160768]
    "ORAHSSSessionManager"="C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe" [2008-01-22 23:28 107248]
    "Orange_McciTrayApp"="C:\Program Files\Orange\LiveAssistant.exe" [2007-12-21 15:07 1476608]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "GrpConv"="grpconv -o" []

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 06:54 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "nlsf"="cmd.exe" [2004-08-04 06:54 400896 C:\WINDOWS\system32\cmd.exe]
    "tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 06:37 44544]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Microtek Scanner Finder.lnk - C:\WINDOWS\twain_32\ScanWiz5\SDII.exe [2007-04-25 10:26:42 315392]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMHelp"= 1 (0x1)
    "NoInstrumentation"= 1 (0x1)
    "NoSMConfigurePrograms"= 1 (0x1)
    "ForceStartMenuLogoff"= 0 (0x0)
    "NoResolveTrack"= 1 (0x1)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMHelp"= 1 (0x1)
    "NoInternetIcon"= 1 (0x1)
    "NoInstrumentation"= 1 (0x1)
    "NoSMConfigurePrograms"= 1 (0x1)
    "StartMenuLogoff"= 1 (0x1)
    "ForceStartMenuLogoff"= 0 (0x0)
    "NoResolveTrack"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnkkhh]
    opnkkhh.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
    C:\WINDOWS\system32\LgNotify.dll 2003-09-10 05:47 110592 C:\WINDOWS\system32\LgNotify.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.l3acm"= l3codecp.acm
    "vidc.XVID"= xvid.dll
    "msacm.imc"= imc32.acm
    "msacm.l3codecp"= l3codecp.acm
    "VIDC.i263"= i263_32.drv
    "vidc.DIV3"= DivXc32.dll
    "vidc.MJPG"= m3jpeg32.dll
    "msacm.DivXa32"= DivXa32.acm
    "vidc.div4"= DivXc32f.dll
    "vidc.dmb1"= m3jpeg32.dll
    "vidc.jpeg"= m3jpeg32.dll
    "VIDC.HFYU"= huffyuv.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk
    backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBayToolbar]
    --a------ 2008-03-20 18:58 652528 C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    --a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\FlashFXP\\flashfxp.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\Metin2_France\\metin2.bin"=
    "C:\\Program Files\\girder\\girder.exe"=
    "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "C:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"=

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
    R2 McciCMService;McciCMService;"C:\Program Files\Fichiers communs\Motive\McciCMService.exe" [2007-10-23 10:29]
    R3 bfastfao;bfastfao;C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bfastfao.sys [2004-11-21 22:09]
    S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-05 20:46]
    S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\FICHIE~1\Motive\MREMP50.SYS [2008-03-09 23:22]
    S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:\PROGRA~1\FICHIE~1\Motive\MREMP50a64.SYS []
    S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\FICHIE~1\Motive\MRESP50.SYS [2008-03-09 23:22]
    S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:\PROGRA~1\FICHIE~1\Motive\MRESP50a64.SYS []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e30d750-f31c-11db-8944-0004236c10a2}]
    \Shell\AutoRun\command - G:\SETUP.EXE -0
    \Shell\Explore\Command - G:\SETUP.EXE -E
    \Shell\Open\Command - G:\SETUP.EXE -O

    *Newly Created Service* - BFASTFAO
    *Newly Created Service* - CATCHME
    *Newly Created Service* - ERASERUTILDRV10741
    *Newly Created Service* - FTRTSVC
    *Newly Created Service* - MCCICMSERVICE
    *Newly Created Service* - PCAMPR5
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-05-21 16:45:41 C:\WINDOWS\Tasks\Norton Security Scan.job"
    - C:\Program Files\Norton Security Scan\Nss.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-22 16:12:53
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-05-22 16:15:09
    ComboFix-quarantined-files.txt 2008-05-22 14:14:19
    ComboFix2.txt 2008-05-22 13:41:55
    ComboFix3.txt 2008-05-11 20:53:14

    Pre-Run: 5,114,142,720 octets libres
    Post-Run: 5,153,251,328 octets libres

    213




    Et maintenant HijackThis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:20:59, on 22/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\S24EvMon.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\ZCfgSvc.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\RegSrvc.exe
    C:\WINDOWS\system32\RoamMgr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\1XConfig.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\IkAgora\IkAgora.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
    C:\Program Files\OrangeHSS\systray\systrayapp.exe
    C:\Program Files\Fichiers communs\Motive\McciCMService.exe
    C:\Program Files\OrangeHSS\Launcher\Launcher.exe
    C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
    C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
    C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
    C:\WINDOWS\System32\runonce.exe
    C:\Program Files\Wanadoo\HSS-FR-LB_LA.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
    O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
    O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\CD-R\DAEMON Tools\daemon.exe\" -lang 1033
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\system32\msconfig.exe /auto
    O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
    O4 - HKLM\..\Run: [Orange_McciTrayApp] C:\Program Files\Orange\LiveAssistant.exe
    O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
    O4 - HKCU\..\Run: [IMC] C:\Program Files\FriendFinder\FriendFinder Messenger 30\imc.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
    O4 - Global Startup: Microtek Scanner Finder.lnk = C:\WINDOWS\twain_32\ScanWiz5\SDII.exe
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
    O15 - Trusted Zone: http://*.orange.fr
    O15 - Trusted Zone: http://rw.search.ke.voila.fr
    O15 - Trusted Zone: http://orange.weborama.fr
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D0D20409-C16C-46B9-8980-85B82B6A3E5B}: NameServer = 212.27.54.252,212.27.53.252
    O20 - Winlogon Notify: opnkkhh - opnkkhh.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Fichiers communs\Motive\McciCMService.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
    O23 - Service: RoamMgr - Intel Corporation - C:\WINDOWS\system32\RoamMgr.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe

    --
    End of file - 7988 bytes


    Voilou = )
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS