Se connecter / S'enregistrer
Votre question

Problème de virus [Résolu]

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
21 Avril 2008 19:47:31

Bonjour,
J'ai depuis quelques temps des soucis duent à la présence de virus sur mon pc. J'ai passé un coup de kaspersky et spybot mais les ralentissements et bugs inexpliqués percistent. J'ai fait un rapport hijackthis .

Merci d'avance de vos réponses.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:32:17, on 21/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Maxtor\Schedule2\schedul2.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.00\SiSWLSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox2\firefox.exe
C:\Utilitaires\Nouveau dossier\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://jeuxvideo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CmjBrowserHelperObject Object - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O2 - BHO: (no name) - {1B01D706-B209-44D1-B357-2436A91D911E} - (no file)
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {3FA85C2D-FD5D-428B-96B0-6F9DF0EB6028} - C:\WINDOWS\system32\yayxxUKd.dll (file missing)
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B0EA280D-F29F-44F6-B39F-C83E4934A124} - C:\WINDOWS\system32\ljJcDsqq.dll (file missing)
O2 - BHO: (no name) - {EEC73EA5-1367-49D1-93F4-CA1D8C22E9F9} - C:\WINDOWS\system32\cbXOeffG.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7870] command /c del "C:\WINDOWS\system32\yayxxUKd.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1173] cmd /c del "C:\WINDOWS\system32\yayxxUKd.dll_old"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: AutorunsDisabled
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.15\MediaManager\grab.html
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Envoyer à Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O20 - Winlogon Notify: cbXOeffG - C:\WINDOWS\SYSTEM32\cbXOeffG.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Maxtor\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table M

Autres pages sur : probleme virus resolu

a b 8 Sécurité
21 Avril 2008 20:02:20

Bonjour,

Analyse le fichier suivant sur VirusTotal puis poste le rapport :
C:\WINDOWS\SYSTEM32\cbXOeffG.dll
21 Avril 2008 20:31:51

Merci pour la rapidité de réponse !

Rapport d'après l'analyse sur VirusTotal :


Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.4.19.0 2008.04.18 -
AntiVir 7.8.0.8 2008.04.18 TR/Crypt.XPACK.Gen
Authentium 4.93.8 2008.04.20 -
Avast 4.8.1169.0 2008.04.20 Win32:TratBHO
AVG 7.5.0.516 2008.04.19 Generic10.LBI
BitDefender 7.2 2008.04.20 Trojan.Vundo.EFK
CAT-QuickHeal 9.50 2008.04.19 AdWare.Virtumonde.oiu (Not a Virus)
ClamAV 0.92.1 2008.04.20 Trojan.Vundo-2378
DrWeb 4.44.0.09170 2008.04.20 Trojan.Virtumod.based
eSafe 7.0.15.0 2008.04.17 -
eTrust-Vet 31.3.5714 2008.04.19 -
Ewido 4.0 2008.04.20 -
F-Prot 4.4.2.54 2008.04.20 W32/Virtumonde.G.gen!Eldorado
F-Secure 6.70.13260.0 2008.04.19 -
FileAdvisor 1 2008.04.20 -
Fortinet 3.14.0.0 2008.04.20 -
Ikarus T3.1.1.26 2008.04.20 Trojan.Crypt.XPACK
Kaspersky 7.0.0.125 2008.04.20 -
McAfee 5277 2008.04.18 -
Microsoft 1.3408 2008.04.20 Trojan:Win32/Vundo.gen!D
NOD32v2 3041 2008.04.19 Win32/Adware.Virtumonde
Norman 5.80.02 2008.04.18 -
Panda 9.0.0.4 2008.04.20 Spyware/Virtumonde
Prevx1 V2 2008.04.20 Downloader.Zlob
Rising 20.40.62.00 2008.04.20 Trojan.Win32.VUNDO.bcq
Sophos 4.28.0 2008.04.20 Troj/Virtum-Gen
Sunbelt 3.0.1056.0 2008.04.17 -
Symantec 10 2008.04.20 Trojan.Vundo
TheHacker 6.2.92.285 2008.04.19 -
VBA32 3.12.6.4 2008.04.16 -
VirusBuster 4.3.26:9 2008.04.20 -
Webwasher-Gateway 6.6.2 2008.04.18 Trojan.Crypt.XPACK.Gen
Information additionnelle
File size: 38400 bytes
MD5...: d555120d2206c067b317a58961dbb4d5
SHA1..: 132946df6882d038485944b6b6854dc7f6472165
SHA256: 8667d198f7e6d00062a971164181044fa070c76e429e36266c7f47de9053a0f6
SHA512: 5995f02472bf29b7f27449e6b7b6702f13d0b74549df1b18f933763bbfd4edcc
33671f067aea61dc0d8300065c16bfb7cc130b51a41515a3ee3efb395b2bba2e
PEiD..: tElock 0.99 - 1.0 private -> tE!
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x10005249
timedatestamp.....: 0x323169a6 (Sat Sep 07 12:25:10 1996)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1e000 0x4400 7.23 6e4416a6ac02e12e41f8df04f543ab96
.data 0x1f000 0x5000 0x4200 7.97 147b4bbce733063139bd465f8535365f
.rdata 0x24000 0x1000 0x400 5.82 b42f34dab801afc66c660019fe71b569
.idata 0x25000 0x1000 0x800 3.75 e4d97fa7cda380a04599debb1fcfba88

( 3 imports )
> user32.dll: ShowOwnedPopups, SetMenuInfo, OemToCharA, LoadMenuA, LoadAcceleratorsW, IsCharLowerA, GetDlgItem, FillRect, EqualRect, EnableScrollBar, EnableMenuItem, EmptyClipboard, DestroyMenu, CreateMDIWindowA, CreateIconFromResourceEx, CreateDialogIndirectParamA, CopyRect, CharUpperBuffA, CharToOemA, CharPrevA, ChangeMenuA, ActivateKeyboardLayout, wsprintfA
> kernel32.dll: CloseHandle, GetPrivateProfileStringA, GetStartupInfoA, GetVersionExA, LocalAlloc, MapViewOfFile, OpenFileMappingA, lstrlenA, lstrcpynA, lstrcpyA, VirtualFree, SetEndOfFile, SetCurrentDirectoryA, ReadFile, RaiseException, GetFileSize
> oleaut32.dll: SafeArrayAllocData, SafeArrayAllocDescriptor, SysFreeString, VarBstrCat, RevokeActiveObject, OleLoadPicturePath

( 0 exports )
packers: PE_Patch
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=32D8E4C6...
Contenus similaires
a b 8 Sécurité
21 Avril 2008 20:59:46

C'est bien une infection.

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

  • Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
    21 Avril 2008 21:55:26

    Voivi le rapport combofix :



    ComboFix 08-04-20.5 - Arnaud 2008-04-21 21:32:43.3 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1560 [GMT 2:00]
    Endroit: C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\cbLRCJlm.ini
    C:\WINDOWS\system32\cbLRCJlm.ini2
    C:\WINDOWS\system32\cbXOeffG.dll
    C:\WINDOWS\system32\dfeegfii.ini
    C:\WINDOWS\system32\dfeegfii.ini2
    C:\WINDOWS\system32\dKUxxyay.ini
    C:\WINDOWS\system32\dKUxxyay.ini2
    C:\WINDOWS\system32\hllwhcnt.ini
    C:\WINDOWS\system32\huxgwceh.dll
    C:\WINDOWS\system32\iifgeefd.dll
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\qqsDcJjl.ini
    C:\WINDOWS\system32\qqsDcJjl.ini2
    C:\WINDOWS\system32\swamyoam.dll
    C:\WINDOWS\system32\tnchwllh.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_6TO4
    -------\Service_6to4


    ((((((((((((((((((((((((((((( Fichiers créés 2008-03-21 to 2008-04-21 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-21 18:27 . 2008-04-21 18:27 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\GlarySoft
    2008-04-21 18:23 . 2008-04-21 18:24 3,392 --a------ C:\WINDOWS\system32\tmp.reg
    2008-04-21 10:30 . 2008-04-21 18:14 466 ---hs---- C:\WINDOWS\system32\oxbdvslc.ini
    2008-04-20 22:17 . 2008-04-20 22:23 96,645 --a------ C:\WINDOWS\system32\drivers\klin.dat
    2008-04-20 22:17 . 2008-04-20 22:23 87,941 --a------ C:\WINDOWS\system32\drivers\klick.dat
    2008-04-20 22:16 . 2008-04-20 22:16 <REP> d-------- C:\Program Files\Kaspersky Lab
    2008-04-20 22:16 . 2008-04-21 21:41 10,051,360 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
    2008-04-20 22:16 . 2008-04-21 21:41 43,292 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
    2008-04-20 22:16 . 2008-04-21 21:41 13,600 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
    2008-04-20 22:16 . 2008-04-21 21:41 2,204 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
    2008-04-20 22:15 . 2008-04-21 21:43 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
    2008-04-20 20:28 . 2008-04-20 22:05 1,066 ---hs---- C:\WINDOWS\system32\nqwnvtoe.ini
    2008-04-20 14:52 . 2008-04-20 14:52 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Maxtor
    2008-04-20 14:49 . 2008-04-20 14:49 400,864 --a------ C:\WINDOWS\system32\drivers\timntr.sys
    2008-04-20 14:49 . 2008-04-20 14:49 120,992 --a------ C:\WINDOWS\system32\drivers\snapman.sys
    2008-04-20 14:49 . 2008-04-20 14:49 32,768 --a------ C:\WINDOWS\system32\drivers\tifsfilt.sys
    2008-04-20 14:48 . 2008-04-20 14:48 <REP> d-------- C:\Program Files\Maxtor
    2008-04-20 14:48 . 2008-04-20 14:48 <REP> d-------- C:\Program Files\Fichiers communs\Maxtor
    2008-04-19 20:27 . 2008-04-20 20:27 1,006 ---hs---- C:\WINDOWS\system32\ulltowkr.ini
    2008-04-19 20:22 . 2008-04-21 21:17 109,781 --a------ C:\WINDOWS\BMbf9979e9.xml
    2008-04-18 12:49 . 2008-04-18 12:49 <REP> d-------- C:\Program Files\Runtime Software
    2008-04-18 12:09 . 2008-04-18 12:09 <REP> d-------- C:\Program Files\PC Inspector File Recovery
    2008-04-18 12:09 . 2002-02-18 18:40 6,200 --a------ C:\WINDOWS\system32\INT13EXT.VXD
    2008-04-18 11:57 . 2008-04-20 14:34 <REP> d-------- C:\Program Files\Seagate
    2008-04-18 11:51 . 2008-04-20 10:45 <REP> d-------- C:\Program Files\Ontrack
    2008-04-18 11:51 . 2008-04-20 10:45 634 --a------ C:\WINDOWS\system32\MAPISVC.INF
    2008-04-15 17:05 . 2008-04-21 17:37 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-04-15 17:05 . 2008-04-15 17:05 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-04-14 22:36 . 2008-04-14 22:36 <REP> d-------- C:\Program Files\MSXML 6.0
    2008-04-13 15:10 . 2008-04-13 15:10 <REP> d-------- C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\Ubisoft
    2008-04-13 15:10 . 2008-04-13 15:10 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ubisoft
    2008-04-13 14:50 . 2008-04-13 14:50 <REP> d-------- C:\Program Files\Ubisoft
    2008-04-11 22:51 . 2008-04-11 22:52 <REP> d-------- C:\Program Files\Microsoft MapPoint Europe
    2008-04-07 15:11 . 2008-04-07 15:51 <REP> d-------- C:\Program Files\ASE
    2008-04-03 13:37 . 2003-07-21 05:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
    2008-04-03 13:37 . 2005-01-04 20:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
    2008-04-03 13:26 . 2008-04-03 13:26 <REP> d-------- C:\Program Files\Acclaim
    2008-03-30 14:40 . 2008-03-30 14:40 <REP> d-------- C:\Program Files\Mindjet
    2008-03-30 14:40 . 2008-03-30 14:40 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Mindjet
    2008-03-30 14:40 . 2002-12-28 10:26 20,569 --a------ C:\WINDOWS\system32\pxc25pm.dll
    2008-03-28 01:22 . 2008-03-28 01:22 385 --a------ C:\WINDOWS\ODBC.INI
    2008-03-26 22:08 . 2008-03-26 22:09 <REP> d-------- C:\Program Files\SopCast
    2008-03-26 21:07 . 2008-03-26 21:07 <REP> d-------- C:\Program Files\Vstplugins
    2008-03-26 21:05 . 2008-03-26 21:05 <REP> d-------- C:\Program Files\MSBuild
    2008-03-26 21:03 . 2008-03-26 21:03 <REP> d-------- C:\WINDOWS\system32\XPSViewer
    2008-03-26 21:03 . 2008-03-26 21:03 <REP> d-------- C:\Program Files\Reference Assemblies
    2008-03-26 21:02 . 2006-06-29 14:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
    2008-03-24 23:27 . 2008-03-24 23:27 <REP> d-------- C:\Program Files\iPod

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-21 19:00 --------- d-----w C:\Program Files\Mozilla Firefox2
    2008-04-21 19:00 --------- d-----w C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\uTorrent
    2008-04-21 16:42 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
    2008-04-20 19:50 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files
    2008-04-20 12:34 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-04-20 07:35 --------- d-----w C:\Program Files\FlashGet
    2008-04-20 07:35 --------- d-----w C:\Program Files\BestGameEver
    2008-04-19 11:47 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2008-04-18 10:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-14 20:40 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
    2008-04-13 14:53 --------- d-----w C:\Program Files\CapCom
    2008-04-12 07:27 --------- d-----w C:\Program Files\Glary Utilities
    2008-04-11 20:54 --------- d-----w C:\Program Files\Sony
    2008-04-03 09:22 --------- d-----w C:\Program Files\Winamp
    2008-03-26 19:26 --------- d-----w C:\Program Files\Bulent's Screen Recorder 4
    2008-03-26 19:25 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Sony
    2008-03-26 19:00 --------- d-----w C:\Program Files\Sony Setup
    2008-03-26 19:00 --------- d-----w C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\Sony Setup
    2008-03-25 16:15 --------- d-----w C:\Program Files\FeedReader30
    2008-03-24 21:27 --------- d-----w C:\Program Files\iTunes
    2008-03-24 21:26 --------- d-----w C:\Program Files\QuickTime
    2008-03-24 21:23 --------- d-----w C:\Program Files\iArt
    2008-03-21 07:38 --------- d-----w C:\Program Files\Starcraft
    2008-03-20 12:53 --------- d-----w C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\FastStone
    2008-03-20 12:44 --------- d-----w C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\River Past G5
    2008-03-20 12:44 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\River Past G5
    2008-03-20 12:38 68,096 ----a-w C:\WINDOWS\ScUnin.exe
    2008-03-11 11:26 --------- d-----w C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\Dealio
    2008-03-09 14:49 --------- d-----w C:\Program Files\Micro Application
    2008-03-03 21:51 --------- d-----w C:\Program Files\MSN Messenger
    2008-03-03 21:50 --------- d-----w C:\Program Files\Windows Live
    2008-03-03 21:47 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
    2008-03-02 19:21 --------- d-----w C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\iCloner
    2008-03-02 19:17 --------- d-----w C:\Program Files\WindSolutions
    2008-03-02 19:17 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\CopyTransControlCenter
    2008-03-02 14:07 --------- d-----w C:\Program Files\Xilisoft
    2008-03-02 14:01 --------- d-----w C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\CopyTransControlCenter
    2008-03-01 21:54 --------- d-----w C:\Program Files\Acoustica DJ Twist And Burn
    2008-02-28 19:51 --------- d-----w C:\Program Files\Classic Menu for Office
    2008-02-26 19:59 --------- d-----w C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\mIRC
    2008-02-26 17:46 --------- d-----w C:\Program Files\mIRC
    2008-02-26 14:29 --------- d--h--w C:\Documents and Settings\All Users.WINDOWS\Application Data\{0E8E33D8-193A-414A-A909-0F101A142D26}
    2008-02-26 14:25 --------- d-----w C:\Program Files\Stardock Games
    2008-02-25 22:06 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WindowsLiveInstaller
    2008-02-25 08:02 --------- d-----w C:\Program Files\WiPen
    2008-02-24 16:01 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-02-24 16:00 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
    2008-02-21 17:53 --------- d-----w C:\Program Files\Fichiers communs\SWF Studio
    2008-02-16 11:50 691,545 ----a-w C:\WINDOWS\unins000.exe
    2007-11-12 19:21 22,328 ----a-w C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\PnkBstrK.sys
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3FA85C2D-FD5D-428B-96B0-6F9DF0EB6028}]
    C:\WINDOWS\system32\yayxxUKd.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B0EA280D-F29F-44F6-B39F-C83E4934A124}]
    C:\WINDOWS\system32\ljJcDsqq.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 12:29 220544]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
    "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXOeffG]
    cbXOeffG.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.ctmp3"= C:\WINDOWS\system32\ctmp3.acm
    "vidc.yv12"= yv12vfw.dll
    "msacm.lameacm"= LameACM.acm
    "MIDI2"= myokent.dll
    "VIDC.MJPG"= Pvmjpg30.dll
    "VIDC.PIM1"= pclepim1.dll
    "msacm.scg726"= scg726.acm
    "msacm.alf2cd"= alf2cd.acm
    "msacm.ac3acm"= AC3ACM.acm
    "vidc.dvsd"= mcdvd_32.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^Arnaud.ARNAUD-C169A0C2^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
    backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    --a------ 2007-12-05 02:41 8523776 C:\WINDOWS\system32\NvCpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    -rahs---- 2008-01-28 12:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TaskTray]
    --a------ 2001-06-29 02:00 163840 C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    "BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    "PinnacleDriverCheck"=C:\WINDOWS\system32\\PSDrvCheck.exe
    "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" -startup
    "WiPen"=C:\Program Files\WiPen\wpmanage.exe
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
    "MMReminderService"=C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe
    "Acronis Scheduler2 Service"="C:\Program Files\Fichiers communs\Maxtor\Schedule2\schedhlp.exe"
    "MaxBlastMonitor.exe"=C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
    "AcronisTimounterMonitor"=C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
    "BMbf9979e9"=Rundll32.exe "C:\WINDOWS\system32\cvnnnfym.dll",s
    "bcaa4a75"=rundll32.exe "C:\WINDOWS\system32\clsvdbxo.dll",b

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\Program Files\\mIRC\\mirc.exe"=
    "C:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
    "C:\\Program Files\\Valve\\Steam\\SteamApps\\coco640\\counter-strike source\\hl2.exe"=
    "C:\\Program Files\\Valve\\Steam\\SteamApps\\coco640\\team fortress 2\\hl2.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Documents and Settings\\Arnaud.ARNAUD-C169A0C2\\Bureau\\eMule0.48a-SharkX-BIN\\emule.exe"=
    "C:\\Jeux\\KONAMI\\PES2008\\PES2008.exe"=
    "C:\\Program Files\\DAP\\DAP.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
    "C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
    "C:\\Jeux\\ut3\\Binaries\\UT3.exe"=
    "C:\\Program Files\\Mozilla Firefox2\\firefox.exe"=
    "C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP4a\\RpcSandraSrv.exe"=
    "C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP4a\\Win32\\RpcDataSrv.exe"=
    "C:\\Program Files\\FlashGet\\FlashGet.exe"=
    "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
    "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
    "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
    "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
    "C:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
    "C:\\Jeux\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
    "C:\\Program Files\\Anno 1701\\Anno1701.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Jeux\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
    "C:\\Program Files\\TrackMania Nations ESWC Special Edition\\TmNationsESWC.exe"=
    "C:\\Program Files\\DreamCatcher\\Painkiller Overdose\\Bin\\Overdose.exe"=
    "C:\\Program Files\\DreamCatcher\\Painkiller Overdose\\Bin\\OverdoseEditor.exe"=
    "C:\\Program Files\\DreamCatcher\\Painkiller Overdose\\Bin\\OverdoseServer.exe"=
    "C:\\Warhammer Online - Age of Reckoning\\warpatch.exe"=
    "C:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
    "C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
    "C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "4662:TCP"= 4662:TCP:emule4
    "4672:UDP"= 4672:UDP:emule
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    R2 SCNDRVP;SCNDRVP;C:\WINDOWS\system32\drivers\SCNDRVP.sys [1999-07-05 14:57]
    R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-10-23 00:00]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
    S3 C-Dilla;C-Dilla;C:\WINDOWS\system32\drivers\CDANT.SYS [2001-07-10 00:12]
    S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2007-08-11 22:23]
    S3 p2pgasvc;Authentification de groupe réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-05 14:00]
    S3 p2pimsvc;Gestionnaire d'identité réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-05 14:00]
    S3 p2psvc;Réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-05 14:00]
    S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2004-05-17 14:15]
    S3 PNRPSvc;Protocole de résolution de noms d'homologues;C:\WINDOWS\system32\svchost.exe [2004-08-05 14:00]
    S3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2004-10-01 11:14]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
    \Shell\AutoRun\command - G:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e8dcc2d-dca2-11dc-a891-004f4e09fba3}]
    \Shell\AutoRun\command - G:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd016103-4761-11dc-85b2-004f4e09fba3}]
    \Shell\AutoRun\command - E:\autorun_PES2008.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-04-21 19:42:47 C:\WINDOWS\Tasks\GlaryInitialize.job"
    - C:\Program Files\Glary Utilities\initialize.exe
    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-21 21:43:23
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 642

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Fichiers communs\Maxtor\Schedule2\schedul2.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\drivers\CDANTSRV.EXE
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.00\SiSWLSvc.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-04-21 21:52:14 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-04-21 19:52:11
    ComboFix2.txt 2007-11-01 13:18:30

    Pre-Run: 59,114,692,608 octets libres
    Post-Run: 59,337,883,648 octets libres

    299 --- E O F --- 2008-04-14 20:40:53
    a b 8 Sécurité
    22 Avril 2008 11:37:40

    On va faire un petit ménage.

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    30 Avril 2008 12:29:45

    Bonjour,

    Voici le rapport de MalwareByte's :

    Malwarebytes' Anti-Malware 1.11
    Version de la base de données: 700

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 324948
    Temps écoulé: 2 hour(s), 2 minute(s), 55 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 2
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 4

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\qoobox\Quarantine\C\WINDOWS\system32\cbXOeffG.dll.vir (Trojan.Vundo) -> No action taken.
    C:\qoobox\Quarantine\C\WINDOWS\system32\huxgwceh.dll.vir (Trojan.Vundo) -> No action taken.
    C:\qoobox\Quarantine\C\WINDOWS\system32\iifgeefd.dll.vir (Trojan.Vundo) -> No action taken.
    C:\qoobox\Quarantine\C\WINDOWS\system32\swamyoam.dll.vir (Trojan.Vundo) -> No action taken.
    a b 8 Sécurité
    30 Avril 2008 15:55:33

    Tu as bien supprimé les infections ?
    30 Avril 2008 17:27:19

    oui
    a b 8 Sécurité
    30 Avril 2008 17:35:39

    Reposte un rapport Hijackthis.
    1 Mai 2008 09:04:13

    ok en revoila un nouveau :


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 09:02:48, on 01/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
    C:\Program Files\Fichiers communs\Maxtor\Schedule2\schedul2.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.00\SiSWLSvc.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Utilitaires\Nouveau dossier\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://jeuxvideo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {3FA85C2D-FD5D-428B-96B0-6F9DF0EB6028} - C:\WINDOWS\system32\yayxxUKd.dll (file missing)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {B0EA280D-F29F-44F6-B39F-C83E4934A124} - C:\WINDOWS\system32\ljJcDsqq.dll (file missing)
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
    O4 - Global Startup: AutorunsDisabled
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.15\MediaManager\grab.html
    O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Envoyer à Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin...
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O20 - Winlogon Notify: cbXOeffG - cbXOeffG.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Maxtor\Schedule2\schedul2.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe
    O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.00\SiSWLSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

    --
    End of file - 10313 bytes
    a b 8 Sécurité
    1 Mai 2008 14:21:17

    Scan Combofix et on termine :) 
    1 Mai 2008 18:23:24

    Voici voila le comboifix :



    ComboFix 08-04-20.5 - Arnaud 2008-05-01 18:13:00.5 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1420 [GMT 2:00]
    Endroit: C:\Utilitaires\Nouveau dossier\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-04-01 to 2008-05-01 ))))))))))))))))))))))))))))))))))))
    .

    2008-05-01 15:23 . 2008-05-01 15:23 <REP> d-------- C:\WINDOWS\LastGood
    2008-04-30 13:00 . 2008-04-30 13:00 <REP> d-------- C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\Nokia Multimedia Player
    2008-04-29 20:36 . 2008-04-30 12:48 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Suite
    2008-04-29 20:33 . 2008-04-29 20:33 <REP> d-------- C:\Program Files\Fichiers communs\PCSuite
    2008-04-29 20:33 . 2008-04-29 20:33 <REP> d-------- C:\Program Files\Fichiers communs\Nokia
    2008-04-29 20:33 . 2008-04-29 20:33 <REP> d-------- C:\Program Files\DIFX
    2008-04-29 20:33 . 2008-04-29 20:36 <REP> d-------- C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\Nokia
    2008-04-29 20:32 . 2008-04-29 20:32 <REP> d-------- C:\Program Files\PC Connectivity Solution
    2008-04-29 20:32 . 2008-04-29 20:33 <REP> d-------- C:\Program Files\Nokia
    2008-04-29 20:32 . 2008-04-29 20:32 <REP> d-------- C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\PC Suite
    2008-04-29 20:32 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
    2008-04-29 20:32 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
    2008-04-29 20:32 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
    2008-04-29 20:32 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
    2008-04-29 20:32 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
    2008-04-29 20:31 . 2008-04-29 20:31 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Installations
    2008-04-24 14:02 . 2008-04-24 14:02 <REP> d-------- C:\Program Files\Runtime Software
    2008-04-23 17:47 . 2008-04-26 09:04 <REP> d-------- C:\Program Files\FILERECOVERY PRO DEMO
    2008-04-22 14:02 . 2008-04-22 14:02 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
    2008-04-22 13:48 . 2008-04-22 13:48 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-04-22 13:48 . 2008-04-22 13:48 <REP> d-------- C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\Malwarebytes
    2008-04-22 13:48 . 2008-04-22 13:48 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
    2008-04-21 18:27 . 2008-04-21 18:27 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\GlarySoft
    2008-04-21 18:23 . 2008-04-21 18:24 3,392 --a------ C:\WINDOWS\system32\tmp.reg
    2008-04-21 10:30 . 2008-04-21 18:14 466 ---hs---- C:\WINDOWS\system32\oxbdvslc.ini
    2008-04-20 22:17 . 2008-04-20 22:23 96,645 --a------ C:\WINDOWS\system32\drivers\klin.dat
    2008-04-20 22:17 . 2008-04-20 22:23 87,941 --a------ C:\WINDOWS\system32\drivers\klick.dat
    2008-04-20 22:16 . 2008-04-20 22:16 <REP> d-------- C:\Program Files\Kaspersky Lab
    2008-04-20 22:16 . 2008-05-01 18:15 13,474,080 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
    2008-04-20 22:16 . 2008-05-01 15:09 185,780 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
    2008-04-20 22:16 . 2008-05-01 18:16 154,656 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
    2008-04-20 22:16 . 2008-05-01 15:09 18,176 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
    2008-04-20 22:15 . 2008-05-01 18:09 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
    2008-04-20 20:28 . 2008-04-20 22:05 1,066 ---hs---- C:\WINDOWS\system32\nqwnvtoe.ini
    2008-04-20 14:52 . 2008-04-20 14:52 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Maxtor
    2008-04-20 14:49 . 2008-04-20 14:49 400,864 --a------ C:\WINDOWS\system32\drivers\timntr.sys
    2008-04-20 14:49 . 2008-04-20 14:49 120,992 --a------ C:\WINDOWS\system32\drivers\snapman.sys
    2008-04-20 14:49 . 2008-04-20 14:49 32,768 --a------ C:\WINDOWS\system32\drivers\tifsfilt.sys
    2008-04-20 14:48 . 2008-04-20 14:48 <REP> d-------- C:\Program Files\Maxtor
    2008-04-20 14:48 . 2008-04-20 14:48 <REP> d-------- C:\Program Files\Fichiers communs\Maxtor
    2008-04-19 20:27 . 2008-04-20 20:27 1,006 ---hs---- C:\WINDOWS\system32\ulltowkr.ini
    2008-04-19 20:22 . 2008-04-21 21:17 109,781 --a------ C:\WINDOWS\BMbf9979e9.xml
    2008-04-18 11:57 . 2008-04-26 09:09 <REP> d-------- C:\Program Files\Seagate
    2008-04-18 11:51 . 2008-04-26 09:07 <REP> d-------- C:\Program Files\Ontrack
    2008-04-18 11:51 . 2008-04-20 10:45 634 --a------ C:\WINDOWS\system32\MAPISVC.INF
    2008-04-14 22:36 . 2008-04-14 22:36 <REP> d-------- C:\Program Files\MSXML 6.0
    2008-04-13 15:10 . 2008-04-13 15:10 <REP> d-------- C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\Ubisoft
    2008-04-13 15:10 . 2008-04-13 15:10 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ubisoft
    2008-04-13 14:50 . 2008-04-13 14:50 <REP> d-------- C:\Program Files\Ubisoft
    2008-04-11 22:51 . 2008-04-11 22:52 <REP> d-------- C:\Program Files\Microsoft MapPoint Europe
    2008-04-07 15:11 . 2008-04-07 15:51 <REP> d-------- C:\Program Files\ASE
    2008-04-03 13:37 . 2003-07-21 05:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
    2008-04-03 13:37 . 2005-01-04 20:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
    2008-04-03 13:26 . 2008-04-03 13:26 <REP> d-------- C:\Program Files\Acclaim

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-01 16:09 --------- d-----w C:\Program Files\Mozilla Firefox2
    2008-05-01 15:31 --------- d-----w C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\uTorrent
    2008-05-01 13:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-26 17:31 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2008-04-26 17:31 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
    2008-04-26 07:08 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-04-23 18:54 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
    2008-04-20 19:50 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files
    2008-04-20 07:35 --------- d-----w C:\Program Files\FlashGet
    2008-04-20 07:35 --------- d-----w C:\Program Files\BestGameEver
    2008-04-14 20:40 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
    2008-04-13 14:53 --------- d-----w C:\Program Files\CapCom
    2008-04-12 07:27 --------- d-----w C:\Program Files\Glary Utilities
    2008-04-11 20:54 --------- d-----w C:\Program Files\Sony
    2008-04-03 09:22 --------- d-----w C:\Program Files\Winamp
    2008-03-30 12:40 --------- d-----w C:\Program Files\Mindjet
    2008-03-30 12:40 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Mindjet
    2008-03-26 20:09 --------- d-----w C:\Program Files\SopCast
    2008-03-26 19:26 --------- d-----w C:\Program Files\Bulent's Screen Recorder 4
    2008-03-26 19:25 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Sony
    2008-03-26 19:07 --------- d-----w C:\Program Files\Vstplugins
    2008-03-26 19:05 --------- d-----w C:\Program Files\MSBuild
    2008-03-26 19:03 --------- d-----w C:\Program Files\Reference Assemblies
    2008-03-26 19:00 --------- d-----w C:\Program Files\Sony Setup
    2008-03-26 19:00 --------- d-----w C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\Sony Setup
    2008-03-25 16:15 --------- d-----w C:\Program Files\FeedReader30
    2008-03-24 21:27 --------- d-----w C:\Program Files\iTunes
    2008-03-24 21:27 --------- d-----w C:\Program Files\iPod
    2008-03-24 21:26 --------- d-----w C:\Program Files\QuickTime
    2008-03-24 21:23 --------- d-----w C:\Program Files\iArt
    2008-03-21 07:38 --------- d-----w C:\Program Files\Starcraft
    2008-03-20 12:53 --------- d-----w C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\FastStone
    2008-03-20 12:44 --------- d-----w C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\River Past G5
    2008-03-20 12:44 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\River Past G5
    2008-03-20 12:38 68,096 ----a-w C:\WINDOWS\ScUnin.exe
    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-03-11 11:26 --------- d-----w C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\Dealio
    2008-03-10 22:25 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
    2008-03-09 14:49 --------- d-----w C:\Program Files\Micro Application
    2008-03-03 21:51 --------- d-----w C:\Program Files\MSN Messenger
    2008-03-03 21:50 --------- d-----w C:\Program Files\Windows Live
    2008-03-03 21:47 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
    2008-03-02 19:21 --------- d-----w C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\iCloner
    2008-03-02 19:17 --------- d-----w C:\Program Files\WindSolutions
    2008-03-02 19:17 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\CopyTransControlCenter
    2008-03-02 14:07 --------- d-----w C:\Program Files\Xilisoft
    2008-03-02 14:01 --------- d-----w C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\CopyTransControlCenter
    2008-03-01 21:54 --------- d-----w C:\Program Files\Acoustica DJ Twist And Burn
    2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
    2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
    2008-02-16 14:59 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
    2008-02-16 11:50 691,545 ----a-w C:\WINDOWS\unins000.exe
    2008-02-16 09:02 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-02-08 16:37 219,664 ----a-w C:\WINDOWS\system32\klogon.dll
    2008-02-06 21:20 114,688 ----a-w C:\WINDOWS\system32\wmatimer.dll
    2007-11-12 19:21 22,328 ----a-w C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\PnkBstrK.sys
    .

    ((((((((((((((((((((((((((((( snapshot@2008-04-21_21.51.27.62 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-04-21 19:42:39 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-05-01 13:10:50 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-04-29 18:32:22 3,262 ----a-r C:\WINDOWS\Installer\{0A3D3C54-2EC0-4D67-B265-FF17926E6D67}\ARPPRODUCTICON.exe
    + 2008-04-29 18:33:20 15,086 ----a-r C:\WINDOWS\Installer\{29466F9C-7C6A-419C-B301-F440FAF78760}\ARPPRODUCTICON.exe
    + 2008-04-29 18:32:54 10,134 ----a-r C:\WINDOWS\Installer\{BA084E7C-8ABA-4670-BDE8-B85E689A5C1B}\ARPPRODUCTICON.exe
    + 2007-08-07 15:40:38 98,944 ----a-w C:\WINDOWS\LastGood\system32\DRIVERS\Rtenicxp.sys
    - 2007-03-01 08:05:14 90,240 ----a-r C:\WINDOWS\OPTIONS\CABS\Rtenic.sys
    + 2008-01-03 20:10:12 103,680 ----a-w C:\WINDOWS\OPTIONS\CABS\Rtenic.sys
    - 2007-03-01 08:06:02 135,680 ----a-r C:\WINDOWS\OPTIONS\CABS\Rtenic64.sys
    + 2008-01-03 20:10:18 125,440 ----a-w C:\WINDOWS\OPTIONS\CABS\Rtenic64.sys
    - 2007-03-01 08:05:38 90,496 ----a-r C:\WINDOWS\OPTIONS\CABS\Rtenicxp.sys
    + 2008-01-03 20:10:16 105,856 ----a-w C:\WINDOWS\OPTIONS\CABS\Rtenicxp.sys
    + 2007-03-29 20:00:40 203,264 ----a-r C:\WINDOWS\system32\CddbCdda.dll
    - 2007-08-07 15:40:38 98,944 ----a-w C:\WINDOWS\system32\drivers\Rtenicxp.sys
    + 2008-01-03 20:10:16 105,856 ----a-w C:\WINDOWS\system32\drivers\Rtenicxp.sys
    + 2007-11-06 07:26:20 535,040 ----a-w C:\WINDOWS\system32\drivers\UMDF\PCCSWpdDriver.dll
    - 2006-09-28 16:55:50 77,568 ----a-w C:\WINDOWS\system32\drivers\WudfPf.sys
    + 2006-09-15 20:29:52 76,544 ----a-w C:\WINDOWS\system32\drivers\WudfPf.sys
    - 2006-09-28 17:00:34 82,944 ----a-w C:\WINDOWS\system32\drivers\WudfRd.sys
    + 2006-09-15 20:30:10 82,688 ----a-w C:\WINDOWS\system32\drivers\WudfRd.sys
    + 2007-02-22 08:15:56 137,216 -c--a-w C:\WINDOWS\system32\DRVSTORE\nmwcd_5AE0C638A38F4B9FC78463CF339D97056F20BF69\nmwcd.sys
    + 2007-02-22 08:15:12 90,624 -c--a-w C:\WINDOWS\system32\DRVSTORE\nmwcd_5AE0C638A38F4B9FC78463CF339D97056F20BF69\nmwcdcls.dll
    + 2007-02-22 08:15:12 65,536 -c--a-w C:\WINDOWS\system32\DRVSTORE\nmwcd_5AE0C638A38F4B9FC78463CF339D97056F20BF69\nmwcdcocls.dll
    + 2007-02-22 08:15:14 8,320 -c--a-w C:\WINDOWS\system32\DRVSTORE\nmwcdc_5AE0C638A38F4B9FC78463CF339D97056F20BF69\nmwcdc.sys
    + 2007-02-22 08:15:14 12,288 -c--a-w C:\WINDOWS\system32\DRVSTORE\nmwcdcj_5AE0C638A38F4B9FC78463CF339D97056F20BF69\nmwcdcj.sys
    + 2007-02-22 08:15:14 12,288 -c--a-w C:\WINDOWS\system32\DRVSTORE\nmwcdm2k_5AE0C638A38F4B9FC78463CF339D97056F20BF69\nmwcdcm.sys
    + 2007-11-06 07:26:20 535,040 -c--a-w C:\WINDOWS\system32\DRVSTORE\pccswpddri_4B5D882780830B9245673D197146B7FF82A23CFB\PCCSWpdDriver.dll
    + 2007-11-06 07:20:02 831,048 -c--a-w C:\WINDOWS\system32\DRVSTORE\pccswpddri_4B5D882780830B9245673D197146B7FF82A23CFB\WudfUpdate_01005.dll
    + 2007-08-07 15:40:38 98,944 ----a-w C:\WINDOWS\system32\ReinstallBackups\0027\DriverFiles\Rtenicxp.sys
    + 2001-08-23 15:45:10 26,624 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\EP24RES.DLL
    - 2006-09-28 18:13:26 95,344 ----a-w C:\WINDOWS\system32\WUDFCoinstaller.dll
    + 2006-09-15 21:30:16 87,040 ----a-w C:\WINDOWS\system32\WUDFCoinstaller.dll
    - 2006-09-28 16:56:38 146,432 ----a-w C:\WINDOWS\system32\WudfHost.exe
    + 2006-09-15 21:30:06 142,848 ----a-w C:\WINDOWS\system32\WudfHost.exe
    - 2006-09-28 16:56:16 165,376 ----a-w C:\WINDOWS\system32\WudfPlatform.dll
    + 2006-09-15 20:29:54 163,840 ----a-w C:\WINDOWS\system32\WudfPlatform.dll
    - 2006-09-28 16:56:14 55,808 ----a-w C:\WINDOWS\system32\WudfSvc.dll
    + 2006-09-15 21:30:16 55,296 ----a-w C:\WINDOWS\system32\WudfSvc.dll
    + 2007-11-06 07:20:02 831,048 ----a-w C:\WINDOWS\system32\WudfUpdate_01005.dll
    - 2006-09-28 16:56:38 316,416 ----a-w C:\WINDOWS\system32\WUDFx.dll
    + 2006-09-15 21:30:16 308,224 ----a-w C:\WINDOWS\system32\WUDFx.dll
    + 2008-05-01 13:11:05 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_7d0.dat
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3FA85C2D-FD5D-428B-96B0-6F9DF0EB6028}]
    C:\WINDOWS\system32\yayxxUKd.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B0EA280D-F29F-44F6-B39F-C83E4934A124}]
    C:\WINDOWS\system32\ljJcDsqq.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 12:29 220544]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
    "PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12 695808]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
    "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXOeffG]
    cbXOeffG.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.ctmp3"= C:\WINDOWS\system32\ctmp3.acm
    "vidc.yv12"= yv12vfw.dll
    "msacm.lameacm"= LameACM.acm
    "MIDI2"= myokent.dll
    "VIDC.MJPG"= Pvmjpg30.dll
    "VIDC.PIM1"= pclepim1.dll
    "msacm.scg726"= scg726.acm
    "msacm.alf2cd"= alf2cd.acm
    "msacm.ac3acm"= AC3ACM.acm
    "vidc.dvsd"= mcdvd_32.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^Arnaud.ARNAUD-C169A0C2^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
    backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    --a------ 2007-12-05 02:41 8523776 C:\WINDOWS\system32\NvCpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    -rahs---- 2008-01-28 12:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TaskTray]
    --a------ 2001-06-29 02:00 163840 C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    "BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    "PinnacleDriverCheck"=C:\WINDOWS\system32\\PSDrvCheck.exe
    "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" -startup
    "WiPen"=C:\Program Files\WiPen\wpmanage.exe
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
    "MMReminderService"=C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe
    "Acronis Scheduler2 Service"="C:\Program Files\Fichiers communs\Maxtor\Schedule2\schedhlp.exe"
    "MaxBlastMonitor.exe"=C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
    "AcronisTimounterMonitor"=C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
    "BMbf9979e9"=Rundll32.exe "C:\WINDOWS\system32\cvnnnfym.dll",s
    "bcaa4a75"=rundll32.exe "C:\WINDOWS\system32\clsvdbxo.dll",b

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\Program Files\\mIRC\\mirc.exe"=
    "C:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
    "C:\\Program Files\\Valve\\Steam\\SteamApps\\coco640\\counter-strike source\\hl2.exe"=
    "C:\\Program Files\\Valve\\Steam\\SteamApps\\coco640\\team fortress 2\\hl2.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Documents and Settings\\Arnaud.ARNAUD-C169A0C2\\Bureau\\eMule0.48a-SharkX-BIN\\emule.exe"=
    "C:\\Jeux\\KONAMI\\PES2008\\PES2008.exe"=
    "C:\\Program Files\\DAP\\DAP.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
    "C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
    "C:\\Jeux\\ut3\\Binaries\\UT3.exe"=
    "C:\\Program Files\\Mozilla Firefox2\\firefox.exe"=
    "C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP4a\\RpcSandraSrv.exe"=
    "C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP4a\\Win32\\RpcDataSrv.exe"=
    "C:\\Program Files\\FlashGet\\FlashGet.exe"=
    "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
    "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
    "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
    "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
    "C:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
    "C:\\Jeux\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
    "C:\\Program Files\\Anno 1701\\Anno1701.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Jeux\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
    "C:\\Program Files\\TrackMania Nations ESWC Special Edition\\TmNationsESWC.exe"=
    "C:\\Program Files\\DreamCatcher\\Painkiller Overdose\\Bin\\Overdose.exe"=
    "C:\\Program Files\\DreamCatcher\\Painkiller Overdose\\Bin\\OverdoseEditor.exe"=
    "C:\\Program Files\\DreamCatcher\\Painkiller Overdose\\Bin\\OverdoseServer.exe"=
    "C:\\Warhammer Online - Age of Reckoning\\warpatch.exe"=
    "C:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
    "C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
    "C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "4662:TCP"= 4662:TCP:emule4
    "4672:UDP"= 4672:UDP:emule
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    R2 SCNDRVP;SCNDRVP;C:\WINDOWS\system32\drivers\SCNDRVP.sys [1999-07-05 14:57]
    R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-10-23 00:00]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
    S3 C-Dilla;C-Dilla;C:\WINDOWS\system32\drivers\CDANT.SYS [2001-07-10 00:12]
    S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2007-08-11 22:23]
    S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-04-07 20:17]
    S3 p2pgasvc;Authentification de groupe réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-05 14:00]
    S3 p2pimsvc;Gestionnaire d'identité réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-05 14:00]
    S3 p2psvc;Réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-05 14:00]
    S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2004-05-17 14:15]
    S3 PNRPSvc;Protocole de résolution de noms d'homologues;C:\WINDOWS\system32\svchost.exe [2004-08-05 14:00]
    S3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2004-10-01 11:14]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
    \Shell\AutoRun\command - G:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e8dcc2d-dca2-11dc-a891-004f4e09fba3}]
    \Shell\AutoRun\command - G:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd016103-4761-11dc-85b2-004f4e09fba3}]
    \Shell\AutoRun\command - E:\autorun_PES2008.exe

    *Newly Created Service* - CATCHME
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-05-01 13:10:58 C:\WINDOWS\Tasks\GlaryInitialize.job"
    - C:\Program Files\Glary Utilities\initialize.exe
    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-01 18:16:53
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 844

    **************************************************************************
    .
    Temps d'accomplissement: 2008-05-01 18:20:53
    ComboFix-quarantined-files.txt 2008-05-01 16:20:29
    ComboFix2.txt 2008-04-21 19:52:14
    ComboFix3.txt 2007-11-01 13:18:30

    Pre-Run: 45,765,754,880 octets libres
    Post-Run: 45,922,099,200 octets libres

    319 --- E O F --- 2008-04-22 06:09:54
    a b 8 Sécurité
    1 Mai 2008 19:21:33

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    C:\WINDOWS\system32\oxbdvslc.ini
    C:\WINDOWS\system32\nqwnvtoe.ini
    C:\WINDOWS\system32\ulltowkr.ini
    C:\WINDOWS\system32\cvnnnfym.dll
    C:\WINDOWS\system32\clsvdbxo.dll

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3FA85C2D-FD5D-428B-96B0-6F9DF0EB6028}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B0EA280D-F29F-44F6-B39F-C83E4934A124}]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXOeffG]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
    "BMbf9979e9"=-
    "bcaa4a75"=-


    Ouvre le Bloc-notes (Démarrer>Exécuter...>notepad) puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :


    Cela va relancer ComboFix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport HijackThis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    1 Mai 2008 22:48:10

    re,

    Voici le Combofix après la manip :
    (par contre je n'ai pas eu à taper sur 1 le programme s'est exécuter après le glissage ?)


    ComboFix 08-04-20.5 - Arnaud 2008-05-01 22:35:29.6 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1508 [GMT 2:00]
    Endroit: C:\Utilitaires\Nouveau dossier\ComboFix.exe
    Command switches used :: C:\Utilitaires\Nouveau dossier\CFScript.txt.txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    C:\WINDOWS\system32\clsvdbxo.dll
    C:\WINDOWS\system32\cvnnnfym.dll
    C:\WINDOWS\system32\nqwnvtoe.ini
    C:\WINDOWS\system32\oxbdvslc.ini
    C:\WINDOWS\system32\ulltowkr.ini
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\nqwnvtoe.ini
    C:\WINDOWS\system32\oxbdvslc.ini
    C:\WINDOWS\system32\ulltowkr.ini

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-04-01 to 2008-05-01 ))))))))))))))))))))))))))))))))))))
    .

    2008-05-01 22:21 . 2008-05-01 22:21 <REP> d-------- C:\Program Files\Monte Cristo
    2008-05-01 15:23 . 2008-05-01 15:23 <REP> d-------- C:\WINDOWS\LastGood
    2008-04-30 13:00 . 2008-04-30 13:00 <REP> d-------- C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\Nokia Multimedia Player
    2008-04-29 20:36 . 2008-04-30 12:48 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Suite
    2008-04-29 20:33 . 2008-04-29 20:33 <REP> d-------- C:\Program Files\Fichiers communs\PCSuite
    2008-04-29 20:33 . 2008-04-29 20:33 <REP> d-------- C:\Program Files\Fichiers communs\Nokia
    2008-04-29 20:33 . 2008-04-29 20:33 <REP> d-------- C:\Program Files\DIFX
    2008-04-29 20:33 . 2008-04-29 20:36 <REP> d-------- C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\Nokia
    2008-04-29 20:32 . 2008-04-29 20:32 <REP> d-------- C:\Program Files\PC Connectivity Solution
    2008-04-29 20:32 . 2008-04-29 20:33 <REP> d-------- C:\Program Files\Nokia
    2008-04-29 20:32 . 2008-04-29 20:32 <REP> d-------- C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\PC Suite
    2008-04-29 20:32 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
    2008-04-29 20:32 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
    2008-04-29 20:32 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
    2008-04-29 20:32 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
    2008-04-29 20:32 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
    2008-04-29 20:31 . 2008-04-29 20:31 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Installations
    2008-04-24 14:02 . 2008-04-24 14:02 <REP> d-------- C:\Program Files\Runtime Software
    2008-04-23 17:47 . 2008-04-26 09:04 <REP> d-------- C:\Program Files\FILERECOVERY PRO DEMO
    2008-04-22 14:02 . 2008-04-22 14:02 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
    2008-04-22 13:48 . 2008-04-22 13:48 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-04-22 13:48 . 2008-04-22 13:48 <REP> d-------- C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\Malwarebytes
    2008-04-22 13:48 . 2008-04-22 13:48 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
    2008-04-21 18:27 . 2008-04-21 18:27 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\GlarySoft
    2008-04-21 18:23 . 2008-04-21 18:24 3,392 --a------ C:\WINDOWS\system32\tmp.reg
    2008-04-20 22:17 . 2008-04-20 22:23 96,645 --a------ C:\WINDOWS\system32\drivers\klin.dat
    2008-04-20 22:17 . 2008-04-20 22:23 87,941 --a------ C:\WINDOWS\system32\drivers\klick.dat
    2008-04-20 22:16 . 2008-04-20 22:16 <REP> d-------- C:\Program Files\Kaspersky Lab
    2008-04-20 22:16 . 2008-05-01 22:39 13,588,768 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
    2008-04-20 22:16 . 2008-05-01 15:09 185,780 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
    2008-04-20 22:16 . 2008-05-01 22:39 166,688 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
    2008-04-20 22:16 . 2008-05-01 15:09 18,176 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
    2008-04-20 22:15 . 2008-05-01 18:09 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
    2008-04-20 14:52 . 2008-04-20 14:52 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Maxtor
    2008-04-20 14:49 . 2008-04-20 14:49 400,864 --a------ C:\WINDOWS\system32\drivers\timntr.sys
    2008-04-20 14:49 . 2008-04-20 14:49 120,992 --a------ C:\WINDOWS\system32\drivers\snapman.sys
    2008-04-20 14:49 . 2008-04-20 14:49 32,768 --a------ C:\WINDOWS\system32\drivers\tifsfilt.sys
    2008-04-20 14:48 . 2008-04-20 14:48 <REP> d-------- C:\Program Files\Maxtor
    2008-04-20 14:48 . 2008-04-20 14:48 <REP> d-------- C:\Program Files\Fichiers communs\Maxtor
    2008-04-19 20:22 . 2008-04-21 21:17 109,781 --a------ C:\WINDOWS\BMbf9979e9.xml
    2008-04-18 11:57 . 2008-04-26 09:09 <REP> d-------- C:\Program Files\Seagate
    2008-04-18 11:51 . 2008-04-26 09:07 <REP> d-------- C:\Program Files\Ontrack
    2008-04-18 11:51 . 2008-04-20 10:45 634 --a------ C:\WINDOWS\system32\MAPISVC.INF
    2008-04-14 22:36 . 2008-04-14 22:36 <REP> d-------- C:\Program Files\MSXML 6.0
    2008-04-13 15:10 . 2008-04-13 15:10 <REP> d-------- C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\Ubisoft
    2008-04-13 15:10 . 2008-04-13 15:10 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ubisoft
    2008-04-13 14:50 . 2008-04-13 14:50 <REP> d-------- C:\Program Files\Ubisoft
    2008-04-11 22:51 . 2008-04-11 22:52 <REP> d-------- C:\Program Files\Microsoft MapPoint Europe
    2008-04-07 15:11 . 2008-04-07 15:51 <REP> d-------- C:\Program Files\ASE
    2008-04-03 13:37 . 2003-07-21 05:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
    2008-04-03 13:37 . 2005-01-04 20:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
    2008-04-03 13:26 . 2008-04-03 13:26 <REP> d-------- C:\Program Files\Acclaim

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-01 20:21 --------- d-----w C:\Program Files\Mozilla Firefox2
    2008-05-01 15:31 --------- d-----w C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\uTorrent
    2008-05-01 13:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-26 17:31 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2008-04-26 17:31 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
    2008-04-26 07:08 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-04-23 18:54 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
    2008-04-20 19:50 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files
    2008-04-20 07:35 --------- d-----w C:\Program Files\FlashGet
    2008-04-20 07:35 --------- d-----w C:\Program Files\BestGameEver
    2008-04-14 20:40 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
    2008-04-13 14:53 --------- d-----w C:\Program Files\CapCom
    2008-04-12 07:27 --------- d-----w C:\Program Files\Glary Utilities
    2008-04-11 20:54 --------- d-----w C:\Program Files\Sony
    2008-04-03 09:22 --------- d-----w C:\Program Files\Winamp
    2008-03-30 12:40 --------- d-----w C:\Program Files\Mindjet
    2008-03-30 12:40 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Mindjet
    2008-03-26 20:09 --------- d-----w C:\Program Files\SopCast
    2008-03-26 19:26 --------- d-----w C:\Program Files\Bulent's Screen Recorder 4
    2008-03-26 19:25 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Sony
    2008-03-26 19:07 --------- d-----w C:\Program Files\Vstplugins
    2008-03-26 19:05 --------- d-----w C:\Program Files\MSBuild
    2008-03-26 19:03 --------- d-----w C:\Program Files\Reference Assemblies
    2008-03-26 19:00 --------- d-----w C:\Program Files\Sony Setup
    2008-03-26 19:00 --------- d-----w C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\Sony Setup
    2008-03-25 16:15 --------- d-----w C:\Program Files\FeedReader30
    2008-03-24 21:27 --------- d-----w C:\Program Files\iTunes
    2008-03-24 21:27 --------- d-----w C:\Program Files\iPod
    2008-03-24 21:26 --------- d-----w C:\Program Files\QuickTime
    2008-03-24 21:23 --------- d-----w C:\Program Files\iArt
    2008-03-21 07:38 --------- d-----w C:\Program Files\Starcraft
    2008-03-20 12:53 --------- d-----w C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\FastStone
    2008-03-20 12:44 --------- d-----w C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\River Past G5
    2008-03-20 12:44 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\River Past G5
    2008-03-20 12:38 68,096 ----a-w C:\WINDOWS\ScUnin.exe
    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-03-11 11:26 --------- d-----w C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\Dealio
    2008-03-10 22:25 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
    2008-03-09 14:49 --------- d-----w C:\Program Files\Micro Application
    2008-03-03 21:51 --------- d-----w C:\Program Files\MSN Messenger
    2008-03-03 21:50 --------- d-----w C:\Program Files\Windows Live
    2008-03-03 21:47 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
    2008-03-02 19:21 --------- d-----w C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\iCloner
    2008-03-02 19:17 --------- d-----w C:\Program Files\WindSolutions
    2008-03-02 19:17 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\CopyTransControlCenter
    2008-03-02 14:07 --------- d-----w C:\Program Files\Xilisoft
    2008-03-02 14:01 --------- d-----w C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\CopyTransControlCenter
    2008-03-01 21:54 --------- d-----w C:\Program Files\Acoustica DJ Twist And Burn
    2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
    2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
    2008-02-16 14:59 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
    2008-02-16 11:50 691,545 ----a-w C:\WINDOWS\unins000.exe
    2008-02-16 09:02 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-02-08 16:37 219,664 ----a-w C:\WINDOWS\system32\klogon.dll
    2008-02-06 21:20 114,688 ----a-w C:\WINDOWS\system32\wmatimer.dll
    2007-11-12 19:21 22,328 ----a-w C:\Documents and Settings\Arnaud.ARNAUD-C169A0C2\Application Data\PnkBstrK.sys
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 12:29 220544]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
    "PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12 695808]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
    "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.ctmp3"= C:\WINDOWS\system32\ctmp3.acm
    "vidc.yv12"= yv12vfw.dll
    "msacm.lameacm"= LameACM.acm
    "MIDI2"= myokent.dll
    "VIDC.MJPG"= Pvmjpg30.dll
    "VIDC.PIM1"= pclepim1.dll
    "msacm.scg726"= scg726.acm
    "msacm.alf2cd"= alf2cd.acm
    "msacm.ac3acm"= AC3ACM.acm
    "vidc.dvsd"= mcdvd_32.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^Arnaud.ARNAUD-C169A0C2^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
    backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    --a------ 2007-12-05 02:41 8523776 C:\WINDOWS\system32\NvCpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    -rahs---- 2008-01-28 12:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TaskTray]
    --a------ 2001-06-29 02:00 163840 C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    "BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    "PinnacleDriverCheck"=C:\WINDOWS\system32\\PSDrvCheck.exe
    "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" -startup
    "WiPen"=C:\Program Files\WiPen\wpmanage.exe
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
    "MMReminderService"=C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe
    "Acronis Scheduler2 Service"="C:\Program Files\Fichiers communs\Maxtor\Schedule2\schedhlp.exe"
    "MaxBlastMonitor.exe"=C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
    "AcronisTimounterMonitor"=C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\Program Files\\mIRC\\mirc.exe"=
    "C:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
    "C:\\Program Files\\Valve\\Steam\\SteamApps\\coco640\\counter-strike source\\hl2.exe"=
    "C:\\Program Files\\Valve\\Steam\\SteamApps\\coco640\\team fortress 2\\hl2.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Documents and Settings\\Arnaud.ARNAUD-C169A0C2\\Bureau\\eMule0.48a-SharkX-BIN\\emule.exe"=
    "C:\\Jeux\\KONAMI\\PES2008\\PES2008.exe"=
    "C:\\Program Files\\DAP\\DAP.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
    "C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
    "C:\\Jeux\\ut3\\Binaries\\UT3.exe"=
    "C:\\Program Files\\Mozilla Firefox2\\firefox.exe"=
    "C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP4a\\RpcSandraSrv.exe"=
    "C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP4a\\Win32\\RpcDataSrv.exe"=
    "C:\\Program Files\\FlashGet\\FlashGet.exe"=
    "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
    "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
    "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
    "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
    "C:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
    "C:\\Jeux\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
    "C:\\Program Files\\Anno 1701\\Anno1701.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Jeux\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
    "C:\\Program Files\\TrackMania Nations ESWC Special Edition\\TmNationsESWC.exe"=
    "C:\\Program Files\\DreamCatcher\\Painkiller Overdose\\Bin\\Overdose.exe"=
    "C:\\Program Files\\DreamCatcher\\Painkiller Overdose\\Bin\\OverdoseEditor.exe"=
    "C:\\Program Files\\DreamCatcher\\Painkiller Overdose\\Bin\\OverdoseServer.exe"=
    "C:\\Warhammer Online - Age of Reckoning\\warpatch.exe"=
    "C:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
    "C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
    "C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "4662:TCP"= 4662:TCP:emule4
    "4672:UDP"= 4672:UDP:emule
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    R2 SCNDRVP;SCNDRVP;C:\WINDOWS\system32\drivers\SCNDRVP.sys [1999-07-05 14:57]
    R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-10-23 00:00]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
    S3 C-Dilla;C-Dilla;C:\WINDOWS\system32\drivers\CDANT.SYS [2001-07-10 00:12]
    S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2007-08-11 22:23]
    S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-04-07 20:17]
    S3 p2pgasvc;Authentification de groupe réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-05 14:00]
    S3 p2pimsvc;Gestionnaire d'identité réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-05 14:00]
    S3 p2psvc;Réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-05 14:00]
    S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2004-05-17 14:15]
    S3 PNRPSvc;Protocole de résolution de noms d'homologues;C:\WINDOWS\system32\svchost.exe [2004-08-05 14:00]
    S3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2004-10-01 11:14]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    \Shell\AutoRun\command - F:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0555f8ed-1780-11dd-8425-004f4e09fba3}]
    \Shell\AutoRun\command - F:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e8dcc2d-dca2-11dc-a891-004f4e09fba3}]
    \Shell\AutoRun\command - G:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd016103-4761-11dc-85b2-004f4e09fba3}]
    \Shell\AutoRun\command - E:\autorun_PES2008.exe

    *Newly Created Service* - CATCHME
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-05-01 13:10:58 C:\WINDOWS\Tasks\GlaryInitialize.job"
    - C:\Program Files\Glary Utilities\initialize.exe
    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-01 22:39:25
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 844

    **************************************************************************
    .
    Temps d'accomplissement: 2008-05-01 22:44:19
    ComboFix-quarantined-files.txt 2008-05-01 20:44:03
    ComboFix2.txt 2008-05-01 16:20:54
    ComboFix3.txt 2008-04-21 19:52:14
    ComboFix4.txt 2007-11-01 13:18:30

    Pre-Run: 41,623,183,360 octets libres
    Post-Run: 41,607,696,384 octets libres

    279 --- E O F --- 2008-04-22 06:09:54




















    Et le hijackthis :





    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:46, on 2008-05-01
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Maxtor\Schedule2\schedul2.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.00\SiSWLSvc.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Mozilla Firefox2\firefox.exe
    C:\WINDOWS\explorer.exe
    C:\Utilitaires\Nouveau dossier\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://jeuxvideo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
    O4 - Global Startup: AutorunsDisabled
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.15\MediaManager\grab.html
    O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Envoyer à Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin...
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Maxtor\Schedule2\schedul2.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe
    O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.00\SiSWLSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

    --
    End of file - 9896 bytes
    a b 8 Sécurité
    2 Mai 2008 16:05:43

    Encore des soucis ?
    2 Mai 2008 16:37:12

    Non plus aucun problème apparemment.
    a b 8 Sécurité
    2 Mai 2008 17:18:27

    Bon surf :) 

  • Télécharge ToolsCleaner sur ton Bureau.
  • Clique sur Recherche et laisse le scan se terminer.
  • Clique sur Suppression pour finaliser.
  • Clique sur Quitter, pour que le rapport puisse se créer.
  • Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\)

    Désactive puis réactive la restauration du système : Voir aide

    Ajoute maintenant [Résolu] au titre. Pour cela :
    * Clique, dans ton premier message, sur le bouton "Editer"
    * Rajoute la mention [Résolu] au titre
    * Clique ensuite sur "Valider votre message"

    Lis le dossier dossier sur la prévention et la protection pour ne plus avoir ce genre de problème en cliquant sur l'image ci-dessous :


    2 Mai 2008 20:02:52

    ok c'est fait. Je tiens à te remercier pour ta rapidité et la clarté de tes réponses. Merci encore et bonne continuation à toi.


    Rapport :

    -->- Recherche:

    C:\Combofix: trouvé !
    C:\Qoobox: trouvé !
    C:\Utilitaires\Nouveau dossier\fsbl.exe: trouvé !
    C:\Utilitaires\Nouveau dossier\ComboFix.exe: trouvé !
    C:\Utilitaires\Nouveau dossier\HijackThis.exe: trouvé !
    C:\Utilitaires\Nouveau dossier\SmitFraudFix.exe: trouvé !
    C:\Utilitaires\Nouveau dossier\SmitFraudfix: trouvé !
    C:\Utilitaires\Nouveau dossier\clean\tar.exe: trouvé !
    C:\Utilitaires\Nouveau dossier\clean\remove.reg: trouvé !
    C:\Utilitaires\Nouveau dossier\clean\pskill.exe: trouvé !
    C:\Utilitaires\Nouveau dossier\clean\LFiles.exe: trouvé !
    C:\Utilitaires\Nouveau dossier\clean\gzip.exe: trouvé !
    C:\Utilitaires\Nouveau dossier\clean\delsiri.cmd: trouvé !
    C:\Utilitaires\Nouveau dossier\clean\delr.cmd: trouvé !
    C:\Utilitaires\Nouveau dossier\clean\del3.cmd: trouvé !
    C:\Utilitaires\Nouveau dossier\clean\del2.cmd: trouvé !
    C:\Utilitaires\Nouveau dossier\clean\clean.cmd: trouvé !
    C:\Utilitaires\Nouveau dossier\clean\cherche.cmd: trouvé !

    ---------------------------------
    -->- Suppression:

    C:\Utilitaires\Nouveau dossier\fsbl.exe: supprimé !
    C:\Utilitaires\Nouveau dossier\ComboFix.exe: supprimé !
    C:\Utilitaires\Nouveau dossier\HijackThis.exe: supprimé !
    C:\Utilitaires\Nouveau dossier\SmitFraudFix.exe: supprimé !
    C:\Utilitaires\Nouveau dossier\clean\tar.exe: supprimé !
    C:\Utilitaires\Nouveau dossier\clean\remove.reg: supprimé !
    C:\Utilitaires\Nouveau dossier\clean\pskill.exe: supprimé !
    C:\Utilitaires\Nouveau dossier\clean\LFiles.exe: supprimé !
    C:\Utilitaires\Nouveau dossier\clean\gzip.exe: supprimé !
    C:\Utilitaires\Nouveau dossier\clean\delsiri.cmd: supprimé !
    C:\Utilitaires\Nouveau dossier\clean\delr.cmd: supprimé !
    C:\Utilitaires\Nouveau dossier\clean\del3.cmd: supprimé !
    C:\Utilitaires\Nouveau dossier\clean\del2.cmd: supprimé !
    C:\Utilitaires\Nouveau dossier\clean\clean.cmd: supprimé !
    C:\Utilitaires\Nouveau dossier\clean\cherche.cmd: supprimé !
    C:\Combofix: supprimé !
    C:\Qoobox: supprimé !
    C:\Utilitaires\Nouveau dossier\SmitFraudfix: supprimé !
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS