Se connecter / S'enregistrer
Votre question

ça continue...

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
6 Avril 2008 11:20:29

bonjour,

j'ai un nouveau souci: antivir me laisse ce message C:\system volume information\...\A0017412.exe is the trojan horse TR/trash.Gen
il me semble qu'il n'est pas le seul...
Merci de votre aide.

Autres pages sur : continue

6 Avril 2008 11:26:19

Salut,

On va voir s'il n'y aurait pas Vundo.

Télécharge Hijackthis (de Trend Micro)
Poste un rapport en suivant ce Tuto.
6 Avril 2008 13:35:13

voici mon rapport hijackthis.
merci de ton aide

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:32:42, on 06/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\LVComS.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\MICROS~3\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/y...
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O20 - Winlogon Notify: ldr64 - ldr64.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 9725 bytes
Contenus similaires
6 Avril 2008 14:42:18

Re,

Désinstalle via Ajout/Suppression de Programmes:
  • SweetIm.

    Puis supprime les dossiers correspondants :
  • C:\ProgramFIles\SweetIm
  • Fais une recherche Windows pour supprimer les restes (%appdata% ..)
    6 Avril 2008 19:04:30

    je n'arrive pas àpprimer tous les fichiers, windows répond accès refusé...
    que dois-je faire pour la suite?
    6 Avril 2008 19:04:54

    le mot est supprimé... désolé
    6 Avril 2008 19:23:17

    Tu as déinstallé SweetIm ?
    Redémarré après.

    Si ça ne marche toujours pas, fais-le en mode sans échec.
    -> Redémarre en mode sans échec
    /!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
    7 Avril 2008 09:15:49

    le problème persiste... mais antivir ne le détecte pas au démarrage. Le message apparait au bout de quelques minutes... j'attends vos prochaines instructions
    7 Avril 2008 20:56:57

    oui, j'ai redémarrer en mode sans échec. J'ai fait ce que tu m'as dit de faire....
    Mais le message revient.
    what's up doc?
    7 Avril 2008 20:58:49

    Re,

    Tu as désactivé-réactivé ?

    Reposte un Hijackthis;)
    7 Avril 2008 22:31:23

    désactiver/réactiver effectueé chef!

    voici mon nouveau rapport hijackthis


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:29:51, on 07/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\WINDOWS\system32\LVComS.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\PROGRA~1\MICROS~3\wcescomm.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\MICROS~3\rapimgr.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/y...
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O20 - Winlogon Notify: ldr64 - ldr64.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    --
    End of file - 9147 bytes
    7 Avril 2008 23:07:58

    Le problème persiste ?
    Si oui, fais un screen.

    Télécharge sur ton bureau : Clean (de Malekal) >Tuto<
    Dézippe le sur ton bureau. Double-clic sur ce dossier clean.
    Double-clic sur clean.cmd. (L'extension cmd peut ne pas apparaître) Cela va ouvrir une fenêtre noire.
    Un menu va apparaître, choisis l'option 1 puis entrée. Ensuite appuies sur une touche comme il te sera demandé.
    Poste le rapport se trouve ici : C:\rapport_clean.txt

    Si tu obtiens un fichier C:\upload_moi.zip, merci de faire ceci
    8 Avril 2008 09:15:44

    apparemment, pas de soucis ce matin...
    merci de ton aide!

    équipe efficace, comme d'hab!
    8 Avril 2008 10:53:12

    Tu peux tout de même continuer ;) 
    Ce serait bien de nettoyer le Hijackthis après.
    8 Avril 2008 22:05:06

    alors là, le message est revenu avec C:\windows\system32\uouewf.exe is the trojan horse TR/Crypt.ULPM.Gen .... je ne comprends pas pourquoi ça revient !!!
    8 Avril 2008 22:30:45

    Re,

    Télécharge Combofix (de sUBs) sur ton Bureau. (Tuto)

    Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
    Double clique combofix.exe. (Clique droit->Exécuter en tant qu'administrateur si sous Vista)
    Tape sur la touche 1 (Yes) pour démarrer le scan.
    Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

    Le rapport se trouve ici : C:\Combofix.txt
    9 Avril 2008 14:26:55

    voilà le rapport!

    ComboFix 08-04-08.10 - HP_Propriétaire 2008-04-09 14:18:35.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.127 [GMT 2:00]
    Endroit: C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\HP_Propriétaire\real.txt
    C:\WINDOWS\msnimport.exe
    D:\Autorun.inf

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-03-09 to 2008-04-09 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-09 14:11 . 2008-04-09 14:11 <REP> d-------- C:\WINDOWS\LastGood
    2008-04-06 13:31 . 2008-04-06 13:31 <REP> d-------- C:\Program Files\Trend Micro
    2008-04-06 02:41 . 2008-04-06 03:04 <REP> d-------- C:\SDFix
    2008-04-04 22:19 . 2008-04-04 22:19 <REP> d-------- C:\WINDOWS\ERUNT
    2008-04-04 20:48 . 2008-04-04 20:48 9,296 --a------ C:\WINDOWS\system32\uouewf.exe
    2008-04-04 20:43 . 2008-04-04 20:45 <REP> d-------- C:\BackUpMSNCleaner
    2008-03-31 18:50 . 2008-03-31 18:50 <REP> d-------- C:\Program Files\Zylom Games
    2008-03-31 18:50 . 2008-03-31 18:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Zylom
    2008-03-22 10:04 . 2008-03-22 10:04 <REP> d-------- C:\WINDOWS\neufBOX_ADSL
    2008-03-22 10:04 . 2008-03-22 10:04 <REP> d-------- C:\Program Files\Kit ADSL
    2008-03-11 00:48 . 2008-03-11 00:48 <REP> d-------- C:\Program Files\MSECache

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-08 18:04 --------- d-----w C:\Program Files\eMule
    2008-04-08 17:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-04-06 16:49 --------- d-----w C:\Program Files\Macrogaming
    2008-04-06 12:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-06 12:28 --------- d-----w C:\Program Files\MSN Messenger
    2008-04-05 10:50 --------- d-----w C:\Program Files\Easy Internet signup
    2008-03-23 10:19 --------- d-----w C:\Program Files\Java
    2008-03-10 22:49 30,136 ----a-w C:\Documents and Settings\HP_Propriétaire\Application Data\GDIPFONTCACHEV1.DAT
    2008-02-29 19:32 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\Skype
    2008-02-12 18:03 --------- d-----w C:\Program Files\Windows Media Connect 2
    2008-02-12 18:03 --------- d-----w C:\Program Files\SLD Codec Pack
    2008-02-12 18:03 --------- d-----w C:\Program Files\Phototool
    2008-02-12 18:03 --------- d-----w C:\Program Files\PC-Doctor for Windows
    2008-02-12 18:03 --------- d-----w C:\Program Files\DivX
    2008-02-11 08:22 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2006-03-15 18:50 4,096 ----a-w C:\Documents and Settings\HP_Propriétaire\log.dat
    2006-03-15 18:50 4,096 ----a-w C:\Documents and Settings\HP_Propriétaire\log.dat
    2006-05-01 15:56 56 --sh--r C:\WINDOWS\system32\646CD25BD6.sys
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
    "H/PC Connection Agent"="C:\PROGRA~1\MICROS~3\wcescomm.exe" [2005-11-15 20:21 1204224]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-13 22:06 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 23:55 155648]
    "HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 19:53 49152]
    "HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 19:43 659456]
    "KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 20:02 61440]
    "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 14:03 221184]
    "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-06-16 14:03 81920]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 21:43 233472]
    "VTTimer"="VTTimer.exe" []
    "SiSPower"="SiSPower.dll" [2004-09-24 10:49 49152 C:\WINDOWS\system32\SiSPower.dll]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 18:06 88363 C:\WINDOWS\AGRSMMSG.exe]
    "PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 22:17 90112]
    "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 21:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
    "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 22:54 253952]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-02-12 17:57 188416]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-02-12 17:59 77824]
    "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-12 15:42 249896]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
    "EPSON Stylus DX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.exe" [2005-02-08 06:00 98304]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
    "UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-13 18:55 185632]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-29 06:31:38 241664]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]
    Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-07-13 22:06:14 124912]
    WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-11-26 19:57:26 122880]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ldr64]
    ldr64.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Shareaza\\Shareaza.exe"=
    "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    "139:TCP"= 139:TCP:LocalSubNet,172.16.255.0/255.255.255.0:Enabled:@xpsp2res.dll,-22004
    "445:TCP"= 445:TCP:LocalSubNet,172.16.255.0/255.255.255.0:Enabled:@xpsp2res.dll,-22005
    "137:UDP"= 137:UDP:LocalSubNet,172.16.255.0/255.255.255.0:Enabled:@xpsp2res.dll,-22001
    "138:UDP"= 138:UDP:LocalSubNet,172.16.255.0/255.255.255.0:Enabled:@xpsp2res.dll,-22002

    R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\drivers\avgntmgr.sys [2007-09-06 20:31]
    R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2007-09-06 20:31]
    R3 NBXG7031;NB 802.11g XG703 SP1 Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [2004-09-17 15:56]
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
    S1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys []
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d572b430-9b77-11dc-bc20-0060b3b00a94}]
    \Shell\AutoRun\command - K:\autorunner.exe "www.CCE-ADECCO.com"

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2007-12-06 07:08:11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-04-05 10:50:38 C:\WINDOWS\Tasks\Connexion facile à Internet.job"
    - C:\Program Files\Easy Internet signup\HPSdpApp.exe
    .
    **************************************************************************

    catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-09 14:21:42
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-04-09 14:23:31
    ComboFix-quarantined-files.txt 2008-04-09 12:23:13
    Pre-Run: 102,395,719,680 octets libres
    Post-Run: 102,384,328,704 octets libres
    .
    2008-03-12 22:05:30 --- E O F ---
    9 Avril 2008 17:34:18

    Copie le texte se situant dans le cadre ci-dessous :

    Driver::
    oreans32

    File::
    C:\WINDOWS\system32\uouewf.exe
    C:\WINDOWS\system32\ldr64.dll

    Folder::
    C:\Program Files\Macrogaming

    Registry::
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ldr64]


    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt.
    S'il n'y a pas de rédémarrage, poste quand même le rapport.





    9 Avril 2008 21:40:33

    Pas de redémarrage... voici quand même le rapport

    ComboFix 08-04-08.10 - HP_Propriétaire 2008-04-09 21:34:40.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.173 [GMT 2:00]
    Endroit: C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\HP_Propri‚taire\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-03-09 to 2008-04-09 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-06 13:31 . 2008-04-06 13:31 <REP> d-------- C:\Program Files\Trend Micro
    2008-04-06 02:41 . 2008-04-06 03:04 <REP> d-------- C:\SDFix
    2008-04-04 22:19 . 2008-04-04 22:19 <REP> d-------- C:\WINDOWS\ERUNT
    2008-04-04 20:48 . 2008-04-04 20:48 9,296 --a------ C:\WINDOWS\system32\uouewf.exe
    2008-04-04 20:43 . 2008-04-04 20:45 <REP> d-------- C:\BackUpMSNCleaner
    2008-03-31 18:50 . 2008-03-31 18:50 <REP> d-------- C:\Program Files\Zylom Games
    2008-03-31 18:50 . 2008-03-31 18:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Zylom
    2008-03-22 10:04 . 2008-03-22 10:04 <REP> d-------- C:\WINDOWS\neufBOX_ADSL
    2008-03-22 10:04 . 2008-03-22 10:04 <REP> d-------- C:\Program Files\Kit ADSL
    2008-03-11 00:48 . 2008-03-11 00:48 <REP> d-------- C:\Program Files\MSECache

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-09 18:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-04-08 18:04 --------- d-----w C:\Program Files\eMule
    2008-04-06 16:49 --------- d-----w C:\Program Files\Macrogaming
    2008-04-06 12:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-06 12:28 --------- d-----w C:\Program Files\MSN Messenger
    2008-04-05 10:50 --------- d-----w C:\Program Files\Easy Internet signup
    2008-03-23 10:19 --------- d-----w C:\Program Files\Java
    2008-03-10 22:49 30,136 ----a-w C:\Documents and Settings\HP_Propriétaire\Application Data\GDIPFONTCACHEV1.DAT
    2008-02-29 19:32 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\Skype
    2008-02-12 18:03 --------- d-----w C:\Program Files\Windows Media Connect 2
    2008-02-12 18:03 --------- d-----w C:\Program Files\SLD Codec Pack
    2008-02-12 18:03 --------- d-----w C:\Program Files\Phototool
    2008-02-12 18:03 --------- d-----w C:\Program Files\PC-Doctor for Windows
    2008-02-12 18:03 --------- d-----w C:\Program Files\DivX
    2008-02-11 08:22 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2006-03-15 18:50 4,096 ----a-w C:\Documents and Settings\HP_Propriétaire\log.dat
    2006-03-15 18:50 4,096 ----a-w C:\Documents and Settings\HP_Propriétaire\log.dat
    2006-05-01 15:56 56 --sh--r C:\WINDOWS\system32\646CD25BD6.sys
    .

    ((((((((((((((((((((((((((((( snapshot@2008-04-09_14.23.00.06 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-04-09 12:11:46 53,436 ----a-w C:\WINDOWS\system32\perfc009.dat
    + 2008-04-09 18:03:55 53,436 ----a-w C:\WINDOWS\system32\perfc009.dat
    - 2008-04-09 12:11:46 64,484 ----a-w C:\WINDOWS\system32\perfc00C.dat
    + 2008-04-09 18:03:55 64,484 ----a-w C:\WINDOWS\system32\perfc00C.dat
    - 2008-04-09 12:11:46 381,692 ----a-w C:\WINDOWS\system32\perfh009.dat
    + 2008-04-09 18:03:55 381,692 ----a-w C:\WINDOWS\system32\perfh009.dat
    - 2008-04-09 12:11:46 446,566 ----a-w C:\WINDOWS\system32\perfh00C.dat
    + 2008-04-09 18:03:55 446,566 ----a-w C:\WINDOWS\system32\perfh00C.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
    "H/PC Connection Agent"="C:\PROGRA~1\MICROS~3\wcescomm.exe" [2005-11-15 20:21 1204224]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-13 22:06 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 23:55 155648]
    "HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 19:53 49152]
    "HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 19:43 659456]
    "KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 20:02 61440]
    "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 14:03 221184]
    "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-06-16 14:03 81920]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 21:43 233472]
    "VTTimer"="VTTimer.exe" []
    "SiSPower"="SiSPower.dll" [2004-09-24 10:49 49152 C:\WINDOWS\system32\SiSPower.dll]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 18:06 88363 C:\WINDOWS\AGRSMMSG.exe]
    "PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 22:17 90112]
    "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 21:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
    "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 22:54 253952]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-02-12 17:57 188416]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-02-12 17:59 77824]
    "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-12 15:42 249896]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
    "EPSON Stylus DX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.exe" [2005-02-08 06:00 98304]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
    "UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-13 18:55 185632]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-29 06:31:38 241664]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]
    Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-07-13 22:06:14 124912]
    WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-11-26 19:57:26 122880]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ldr64]
    ldr64.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Shareaza\\Shareaza.exe"=
    "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    "139:TCP"= 139:TCP:LocalSubNet,172.16.255.0/255.255.255.0:Enabled:@xpsp2res.dll,-22004
    "445:TCP"= 445:TCP:LocalSubNet,172.16.255.0/255.255.255.0:Enabled:@xpsp2res.dll,-22005
    "137:UDP"= 137:UDP:LocalSubNet,172.16.255.0/255.255.255.0:Enabled:@xpsp2res.dll,-22001
    "138:UDP"= 138:UDP:LocalSubNet,172.16.255.0/255.255.255.0:Enabled:@xpsp2res.dll,-22002

    R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\drivers\avgntmgr.sys [2007-09-06 20:31]
    R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2007-09-06 20:31]
    R3 NBXG7031;NB 802.11g XG703 SP1 Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [2004-09-17 15:56]
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
    S1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys []
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d572b430-9b77-11dc-bc20-0060b3b00a94}]
    \Shell\AutoRun\command - K:\autorunner.exe "www.CCE-ADECCO.com"

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2007-12-06 07:08:11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-04-05 10:50:38 C:\WINDOWS\Tasks\Connexion facile à Internet.job"
    - C:\Program Files\Easy Internet signup\HPSdpApp.exe
    .
    **************************************************************************

    catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-09 21:37:30
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-04-09 21:39:04
    ComboFix-quarantined-files.txt 2008-04-09 19:38:38
    ComboFix2.txt 2008-04-09 12:23:32
    Pre-Run: 102,979,940,352 octets libres
    Post-Run: 102,968,045,568 octets libres
    .
    2008-03-12 22:05:30 --- E O F ---
    9 Avril 2008 22:02:07

    Re,

    Place Combofix et le cfscript dans C:\ et refais-le ;) 
    10 Avril 2008 11:05:21

    voilà monsieur!!!
    ComboFix 08-04-08.10 - HP_Propriétaire 2008-04-10 10:46:22.3 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.214 [GMT 2:00]
    Endroit: C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe
    Command switches used :: C:\CFScript.txt
    * Création d'un nouveau point de restauration

    FILE ::
    C:\WINDOWS\system32\ldr64.dll
    C:\WINDOWS\system32\uouewf.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\Macrogaming
    C:\Program Files\Macrogaming\SweetIM\conf\users\choune_87@hotmail.fr\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\choune_87@hotmail.fr\lastuse_Audibles.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\choune_87@hotmail.fr\lastuse_SoundFX.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\choune_87@hotmail.fr\lastuse_SpecialFX.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\choune_87@hotmail.fr\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\jui6jui@hotmail.com\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\jui6jui@hotmail.com\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\main_user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\mhammonn@hotmail.com\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\mhammonn@hotmail.com\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\shu_ki@hotmail.fr\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\shu_ki@hotmail.fr\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010857.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010859.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001085D.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001088F.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010896.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108AA.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020077.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020114.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020158.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020185.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030049.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0003005A.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0003005B.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0003005C.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0003005D.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0003005E.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0004001F.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0004002B.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040063.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040067.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000400A3.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00050004.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00050005.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000600D4.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000600D7.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00060134.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\01030046.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\01050001.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\01050002.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\cache_indx.dat
    C:\WINDOWS\system32\uouewf.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-03-10 to 2008-04-10 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-10 08:14 . 2008-04-10 08:14 595 --a------ C:\Raccourci vers ComboFix.lnk
    2008-04-06 13:31 . 2008-04-06 13:31 <REP> d-------- C:\Program Files\Trend Micro
    2008-04-06 02:41 . 2008-04-06 03:04 <REP> d-------- C:\SDFix
    2008-04-04 22:19 . 2008-04-04 22:19 <REP> d-------- C:\WINDOWS\ERUNT
    2008-04-04 20:43 . 2008-04-04 20:45 <REP> d-------- C:\BackUpMSNCleaner
    2008-03-31 18:50 . 2008-03-31 18:50 <REP> d-------- C:\Program Files\Zylom Games
    2008-03-31 18:50 . 2008-03-31 18:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Zylom
    2008-03-22 10:04 . 2008-03-22 10:04 <REP> d-------- C:\WINDOWS\neufBOX_ADSL
    2008-03-22 10:04 . 2008-03-22 10:04 <REP> d-------- C:\Program Files\Kit ADSL
    2008-03-11 00:48 . 2008-03-11 00:48 <REP> d-------- C:\Program Files\MSECache

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-10 08:43 --------- d-----w C:\Program Files\eMule
    2008-04-09 18:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-04-06 12:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-06 12:28 --------- d-----w C:\Program Files\MSN Messenger
    2008-04-05 10:50 --------- d-----w C:\Program Files\Easy Internet signup
    2008-03-23 10:19 --------- d-----w C:\Program Files\Java
    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-03-10 22:49 30,136 ----a-w C:\Documents and Settings\HP_Propriétaire\Application Data\GDIPFONTCACHEV1.DAT
    2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-02-29 19:32 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\Skype
    2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
    2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
    2008-02-12 18:03 --------- d-----w C:\Program Files\Windows Media Connect 2
    2008-02-12 18:03 --------- d-----w C:\Program Files\SLD Codec Pack
    2008-02-12 18:03 --------- d-----w C:\Program Files\Phototool
    2008-02-12 18:03 --------- d-----w C:\Program Files\PC-Doctor for Windows
    2008-02-12 18:03 --------- d-----w C:\Program Files\DivX
    2008-02-11 08:22 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2006-03-15 18:50 4,096 ----a-w C:\Documents and Settings\HP_Propriétaire\log.dat
    2006-03-15 18:50 4,096 ----a-w C:\Documents and Settings\HP_Propriétaire\log.dat
    2006-05-01 15:56 56 --sh--r C:\WINDOWS\system32\646CD25BD6.sys
    .

    ((((((((((((((((((((((((((((( snapshot@2008-04-09_14.23.00.06 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-12-07 02:08:32 124,928 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll
    + 2007-12-19 22:53:23 347,136 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtmsft.dll
    + 2007-12-07 02:08:32 214,528 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtrans.dll
    + 2007-12-07 02:08:32 133,120 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\extmgr.dll
    + 2007-12-07 02:08:32 63,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\icardie.dll
    + 2007-12-06 11:02:31 70,656 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ie4uinit.exe
    + 2007-12-07 02:08:32 153,088 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakeng.dll
    + 2007-12-07 02:08:32 230,400 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieaksie.dll
    + 2007-12-06 04:59:51 161,792 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakui.dll
    + 2007-12-07 02:08:32 383,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dll
    + 2007-12-07 02:08:32 384,512 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iedkcs32.dll
    + 2007-12-07 02:08:33 6,066,176 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieframe.dll
    + 2007-12-07 02:08:33 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iernonce.dll
    + 2007-12-07 02:08:33 267,776 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iertutil.dll
    + 2007-12-06 11:00:58 13,824 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieudinit.exe
    + 2007-12-06 11:03:16 625,664 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe
    + 2007-12-07 02:08:33 27,648 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\jsproxy.dll
    + 2007-12-07 02:08:33 459,264 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeeds.dll
    + 2007-12-07 02:08:33 52,224 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeedsbs.dll
    + 2007-12-08 05:08:36 3,592,192 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll
    + 2007-12-07 02:08:34 478,208 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtmled.dll
    + 2007-12-07 02:08:34 193,024 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msrating.dll
    + 2007-12-07 02:08:34 671,232 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mstime.dll
    + 2007-12-07 02:08:34 102,912 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\occache.dll
    + 2008-01-11 05:36:55 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\pngfilt.dll
    + 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe
    + 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\updspapi.dll
    + 2007-12-07 02:08:34 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll
    + 2007-12-07 02:08:34 1,159,680 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll
    + 2007-12-07 02:08:34 233,472 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll
    + 2007-12-07 02:08:34 824,832 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
    - 2007-12-07 02:08:32 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
    + 2008-03-01 12:58:06 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
    - 2007-12-07 02:08:32 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
    + 2008-03-01 12:58:06 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
    - 2006-06-26 17:41:32 148,480 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
    + 2008-02-20 05:35:05 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
    - 2004-08-05 10:00:00 45,568 -c--a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
    + 2008-02-20 05:35:05 45,568 -c--a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
    - 2007-12-19 22:53:23 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
    + 2008-03-01 12:58:06 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
    - 2007-12-07 02:08:32 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
    + 2008-03-01 12:58:06 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
    - 2007-12-07 02:08:32 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
    + 2008-03-01 12:58:06 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
    - 2007-06-19 13:32:25 282,112 -c--a-w C:\WINDOWS\system32\dllcache\gdi32.dll
    + 2008-02-20 06:51:00 282,624 -c--a-w C:\WINDOWS\system32\dllcache\gdi32.dll
    - 2007-12-07 02:08:32 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
    + 2008-03-01 12:58:06 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
    - 2007-12-06 11:02:31 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    + 2008-02-29 08:56:41 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    - 2007-12-07 02:08:32 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
    + 2008-03-01 12:58:06 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
    - 2007-12-07 02:08:32 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
    + 2008-03-01 12:58:06 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
    - 2007-12-06 04:59:51 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
    + 2008-02-15 05:44:25 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
    - 2007-12-07 02:08:32 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
    + 2008-03-01 12:58:07 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
    - 2007-12-07 02:08:32 384,512 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
    + 2008-03-01 12:58:07 384,512 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
    - 2007-12-07 02:08:33 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
    + 2008-03-01 12:58:08 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
    - 2007-12-07 02:08:33 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
    + 2008-03-01 12:58:08 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
    - 2007-12-07 02:08:33 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
    + 2008-03-01 12:58:08 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
    - 2007-12-06 11:00:58 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
    + 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
    - 2007-12-06 11:03:16 625,664 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
    + 2008-02-29 08:57:05 625,664 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
    - 2007-12-07 02:08:33 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
    + 2008-03-01 12:58:08 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
    - 2007-12-07 02:08:33 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
    + 2008-03-01 12:58:08 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
    - 2007-12-07 02:08:33 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    + 2008-03-01 12:58:08 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    - 2007-12-08 05:08:36 3,592,192 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    + 2008-03-01 16:28:10 3,591,680 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    - 2007-12-07 02:08:34 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
    + 2008-03-01 12:58:09 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
    - 2007-12-07 02:08:34 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
    + 2008-03-01 12:58:10 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
    - 2007-12-07 02:08:34 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
    + 2008-03-01 12:58:10 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
    - 2007-12-07 02:08:34 102,912 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
    + 2008-03-01 12:58:10 102,912 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
    - 2008-01-11 05:36:55 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
    + 2008-03-01 12:58:10 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
    - 2007-12-07 02:08:34 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
    + 2008-03-01 12:58:10 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
    - 2007-12-07 02:08:34 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
    + 2008-03-01 12:58:10 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
    - 2007-12-07 02:08:34 233,472 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
    + 2008-03-01 12:58:11 233,472 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
    - 2007-03-08 15:33:58 1,843,712 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys
    + 2008-03-20 08:09:22 1,845,376 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys
    - 2007-12-07 02:08:34 824,832 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
    + 2008-03-01 12:58:11 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
    - 2006-06-26 17:41:32 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll
    + 2008-02-20 05:35:05 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
    - 2007-12-19 22:53:23 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
    + 2008-03-01 12:58:06 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
    - 2007-12-07 02:08:32 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
    + 2008-03-01 12:58:06 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
    - 2007-12-07 02:08:32 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
    + 2008-03-01 12:58:06 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
    - 2008-03-11 08:03:40 157,160 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
    + 2008-04-10 05:36:52 157,160 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
    - 2007-12-07 02:08:32 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
    + 2008-03-01 12:58:06 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
    - 2007-12-06 11:02:31 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
    + 2008-02-29 08:56:41 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
    - 2007-12-07 02:08:32 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
    + 2008-03-01 12:58:06 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
    - 2007-12-07 02:08:32 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
    + 2008-03-01 12:58:06 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
    - 2007-12-06 04:59:51 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
    + 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
    - 2007-12-07 02:08:32 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
    + 2008-03-01 12:58:07 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
    - 2007-12-07 02:08:32 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
    + 2008-03-01 12:58:07 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
    - 2007-12-07 02:08:33 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
    + 2008-03-01 12:58:08 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
    - 2007-12-07 02:08:33 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
    + 2008-03-01 12:58:08 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
    - 2007-12-07 02:08:33 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
    + 2008-03-01 12:58:08 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
    - 2007-12-06 11:00:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
    + 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
    - 2007-12-07 02:08:33 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
    + 2008-03-01 12:58:08 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
    - 2008-03-05 16:30:54 19,148,408 ----a-w C:\WINDOWS\system32\MRT.exe
    + 2008-04-06 05:56:20 19,836,024 ----a-w C:\WINDOWS\system32\MRT.exe
    - 2007-12-07 02:08:33 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
    + 2008-03-01 12:58:08 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
    - 2007-12-07 02:08:33 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
    + 2008-03-01 12:58:08 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
    - 2007-12-08 05:08:36 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll
    + 2008-03-01 16:28:10 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
    - 2007-12-07 02:08:34 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
    + 2008-03-01 12:58:09 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
    - 2007-12-07 02:08:34 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
    + 2008-03-01 12:58:10 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
    - 2007-12-07 02:08:34 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
    + 2008-03-01 12:58:10 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
    - 2007-12-07 02:08:34 102,912 ----a-w C:\WINDOWS\system32\occache.dll
    + 2008-03-01 12:58:10 102,912 ----a-w C:\WINDOWS\system32\occache.dll
    - 2008-04-09 12:11:46 53,436 ----a-w C:\WINDOWS\system32\perfc009.dat
    + 2008-04-10 07:30:24 53,436 ----a-w C:\WINDOWS\system32\perfc009.dat
    - 2008-04-09 12:11:46 64,484 ----a-w C:\WINDOWS\system32\perfc00C.dat
    + 2008-04-10 07:30:24 64,484 ----a-w C:\WINDOWS\system32\perfc00C.dat
    - 2008-04-09 12:11:46 381,692 ----a-w C:\WINDOWS\system32\perfh009.dat
    + 2008-04-10 07:30:24 381,692 ----a-w C:\WINDOWS\system32\perfh009.dat
    - 2008-04-09 12:11:46 446,566 ----a-w C:\WINDOWS\system32\perfh00C.dat
    + 2008-04-10 07:30:24 446,566 ----a-w C:\WINDOWS\system32\perfh00C.dat
    - 2008-01-11 05:36:55 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
    + 2008-03-01 12:58:10 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
    - 2007-12-07 02:08:34 105,984 ----a-w C:\WINDOWS\system32\url.dll
    + 2008-03-01 12:58:10 105,984 ----a-w C:\WINDOWS\system32\url.dll
    - 2007-12-07 02:08:34 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
    + 2008-03-01 12:58:10 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
    - 2007-12-07 02:08:34 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
    + 2008-03-01 12:58:11 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
    "H/PC Connection Agent"="C:\PROGRA~1\MICROS~3\wcescomm.exe" [2005-11-15 20:21 1204224]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-13 22:06 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 23:55 155648]
    "HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 19:53 49152]
    "HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 19:43 659456]
    "KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 20:02 61440]
    "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 14:03 221184]
    "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-06-16 14:03 81920]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 21:43 233472]
    "VTTimer"="VTTimer.exe" []
    "SiSPower"="SiSPower.dll" [2004-09-24 10:49 49152 C:\WINDOWS\system32\SiSPower.dll]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 18:06 88363 C:\WINDOWS\AGRSMMSG.exe]
    "PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 22:17 90112]
    "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 21:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
    "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 22:54 253952]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-02-12 17:57 188416]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-02-12 17:59 77824]
    "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-12 15:42 249896]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
    "EPSON Stylus DX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.exe" [2005-02-08 06:00 98304]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
    "UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-13 18:55 185632]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-29 06:31:38 241664]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]
    Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-07-13 22:06:14 124912]
    WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-11-26 19:57:26 122880]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Shareaza\\Shareaza.exe"=
    "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    "139:TCP"= 139:TCP:LocalSubNet,172.16.255.0/255.255.255.0:Enabled:@xpsp2res.dll,-22004
    "445:TCP"= 445:TCP:LocalSubNet,172.16.255.0/255.255.255.0:Enabled:@xpsp2res.dll,-22005
    "137:UDP"= 137:UDP:LocalSubNet,172.16.255.0/255.255.255.0:Enabled:@xpsp2res.dll,-22001
    "138:UDP"= 138:UDP:LocalSubNet,172.16.255.0/255.255.255.0:Enabled:@xpsp2res.dll,-22002

    R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\drivers\avgntmgr.sys [2007-09-06 20:31]
    R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2007-09-06 20:31]
    R3 NBXG7031;NB 802.11g XG703 SP1 Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [2004-09-17 15:56]
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
    S1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys []
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d572b430-9b77-11dc-bc20-0060b3b00a94}]
    \Shell\AutoRun\command - K:\autorunner.exe "www.CCE-ADECCO.com"

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-04-10 06:08:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-04-05 10:50:38 C:\WINDOWS\Tasks\Connexion facile à Internet.job"
    - C:\Program Files\Easy Internet signup\HPSdpApp.exe
    .
    **************************************************************************

    catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-10 10:48:50
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    10 Avril 2008 18:09:54

    Re,

    Et maintenant ?
    Reposte un Hijackthis
    10 Avril 2008 19:25:36

    Et voici pour le monsieur!
    merci de suivre ce dossier :) 


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:23, on 2008-04-10
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\system32\LVComS.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\PROGRA~1\MICROS~3\wcescomm.exe
    C:\PROGRA~1\MICROS~3\rapimgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/y...
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    --
    End of file - 9331 bytes
    10 Avril 2008 21:37:54

    C'est mieux ?

    Télécharge sur ton bureau : Clean (de Malekal) >Tuto<
    Dézippe le sur ton bureau. Double-clic sur ce dossier clean.
    Double-clic sur clean.cmd. (L’extension cmd peut ne pas apparaître) Cela va ouvrir une fenêtre noire.
    Un menu va apparaître, choisis l'option 1 puis entrée. Ensuite appuies sur une touche comme il te sera demandé.
    Poste le rapport se trouve ici : C:\rapport_clean.txt

    Si tu obtiens un fichier C:\upload_moi.zip, merci de faire ceci.
    10 Avril 2008 22:29:01

    aucun problème jusqu'au moment où j'ai utilisé clean...
    le message est revenu!

    2008-04-10 a 22:26:02.42

    *** Recherche des fichiers dans C:

    *** Recherche des fichiers dans C:\WINDOWS\
    C:\WINDOWS\ALCXMNTR.EXE FOUND
    C:\WINDOWS\UnGins.exe FOUND

    *** Recherche des fichiers dans C:\WINDOWS\system32

    *** Recherche des fichiers dans C:\Program Files
    *** Fin du rapport !
    11 Avril 2008 07:06:36

    Re,

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées :
    Redémarre en mode sans échec
    /!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.

    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]


    AIDE : Tuto en images sur MBAM


    Toujours en mode sans échec, relance clean et fais l'option 2, poste le rapport.
    11 Avril 2008 23:30:06

    voici les rapports

    Malwarebytes' Anti-Malware 1.11
    Version de la base de données: 615

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 114316
    Temps écoulé: 1 hour(s), 11 minute(s), 19 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 18
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\Interface\{4a2c9def-83eb-4575-ad6c-2377fefc5122} (Trojan.Zlob) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{56943d7c-2283-4d73-b2b1-46173b4844b4} (Trojan.Zlob) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{71c9109d-eb8d-49b9-9211-1cbe8a25a9aa} (Trojan.Zlob) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{75f32b07-d45f-4d5b-9266-3863c65d5b29} (Trojan.Zlob) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{84037416-6a70-46e5-9216-cdcc7e2513e7} (Trojan.Zlob) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{94e14c33-2473-4185-9fa0-3d881bdb5c0b} (Trojan.Zlob) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{95d963d7-86e3-434e-bff6-fcddea5f9f24} (Trojan.Zlob) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{9dc10de5-5104-4554-aca0-d9f2d146cd4c} (Trojan.Zlob) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{a140fe51-3136-4e0d-afda-1313b30adfef} (Trojan.Zlob) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{b41df4f9-0191-46e6-8107-16634fbc7f3c} (Trojan.Zlob) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{be1c526e-cccc-449c-a9cb-691b8c5e2769} (Trojan.Zlob) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{be465556-f79d-476f-9457-74e49f8f400a} (Trojan.Zlob) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{d8dfa789-47d3-4197-b187-23ae2d7dcf6a} (Trojan.Zlob) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{e0277d0d-43c7-4eca-b8c4-545a2e71485b} (Trojan.Zlob) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{ea166dbf-eac4-4d33-b48d-a40b8c8fdec1} (Trojan.Zlob) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{f0ed2f90-de03-46ad-97c1-709e5a49422c} (Trojan.Zlob) -> No action taken.
    HKEY_CLASSES_ROOT\Typelib\{40331b9f-75e5-4e1e-b511-5aa6638b9ade} (Trojan.Zlob) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Solution (Trojan.Zlob) -> No action taken.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)


    et le suivant

    Script execute en mode sans echec
    Rapport clean par Malekal_morte - http://www.malekal.com
    Script execute en mode sans echec 2008-04-11 a 23:22:20.82

    Microsoft Windows XP [version 5.1.2600]

    *** Suppression des fichiers dans C:

    *** Suppression des fichiers dans C:\WINDOWS\
    tentative de suppression de C:\WINDOWS\ALCXMNTR.EXE
    tentative de suppression de C:\WINDOWS\UnGins.exe

    *** Suppression des fichiers dans C:\WINDOWS\system32

    *** Suppression des fichiers dans C:\Program Files

    *** Suppression des clefs du registre effectuee..
    *** Fin du rapport !
    voilà
    12 Avril 2008 09:43:32

    ben... ça s'en va et ça revient!!!

    le message est réapparu ce matin!
    12 Avril 2008 09:59:17

    Tu as supprimé la sélection avec MBAM ?

    Repasse Combofix, poste moi son rapport.
    13 Avril 2008 22:31:25

    j'ai supprimé la sélection mbam.
    voici le rapport.
    merci de ton acharnement :-)


    ComboFix 08-04-08.10 - HP_Propriétaire 2008-04-13 22:25:22.4 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.235 [GMT 2:00]
    Endroit: C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    C:\Program Files\Macrogaming
    C:\Program Files\Macrogaming\SweetIM\conf\users\choune_87@hotmail.fr\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\choune_87@hotmail.fr\lastuse_Audibles.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\choune_87@hotmail.fr\lastuse_SoundFX.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\choune_87@hotmail.fr\lastuse_SpecialFX.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\choune_87@hotmail.fr\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\jui6jui@hotmail.com\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\jui6jui@hotmail.com\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\main_user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\mhammonn@hotmail.com\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\mhammonn@hotmail.com\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\shu_ki@hotmail.fr\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\shu_ki@hotmail.fr\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010857.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010859.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001085D.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001088F.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010896.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108AA.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020077.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020114.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020158.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020185.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030049.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0003005A.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0003005B.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0003005C.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0003005D.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0003005E.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0004001F.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0004002B.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040063.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040067.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000400A3.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00050004.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00050005.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000600D4.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000600D7.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00060134.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\01030046.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\01050001.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\01050002.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\cache_indx.dat
    C:\WINDOWS\system32\uouewf.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-03-13 to 2008-04-13 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-11 22:04 . 2008-04-11 22:04 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-04-11 22:04 . 2008-04-11 22:04 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\Application Data\Malwarebytes
    2008-04-11 22:04 . 2008-04-11 22:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-04-10 22:26 . 2008-04-10 22:26 16,819,901 --a------ C:\upload_moi_NOM-B0A1C0A3909.tar.gz
    2008-04-10 08:14 . 2008-04-10 08:14 595 --a------ C:\Raccourci vers ComboFix.lnk
    2008-04-06 13:31 . 2008-04-06 13:31 <REP> d-------- C:\Program Files\Trend Micro
    2008-04-06 02:41 . 2008-04-06 03:04 <REP> d-------- C:\SDFix
    2008-04-04 22:19 . 2008-04-04 22:19 <REP> d-------- C:\WINDOWS\ERUNT
    2008-04-04 20:43 . 2008-04-04 20:45 <REP> d-------- C:\BackUpMSNCleaner
    2008-03-31 18:50 . 2008-03-31 18:50 <REP> d-------- C:\Program Files\Zylom Games
    2008-03-31 18:50 . 2008-03-31 18:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Zylom
    2008-03-22 10:04 . 2008-03-22 10:04 <REP> d-------- C:\WINDOWS\neufBOX_ADSL
    2008-03-22 10:04 . 2008-03-22 10:04 <REP> d-------- C:\Program Files\Kit ADSL

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-13 18:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-04-10 15:59 --------- d-----w C:\Program Files\eMule
    2008-04-06 12:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-06 12:28 --------- d-----w C:\Program Files\MSN Messenger
    2008-04-05 10:50 --------- d-----w C:\Program Files\Easy Internet signup
    2008-03-23 10:19 --------- d-----w C:\Program Files\Java
    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-03-10 22:49 30,136 ----a-w C:\Documents and Settings\HP_Propriétaire\Application Data\GDIPFONTCACHEV1.DAT
    2008-03-10 22:48 --------- d-----w C:\Program Files\MSECache
    2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-02-29 19:32 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\Skype
    2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
    2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
    2006-03-15 18:50 4,096 ----a-w C:\Documents and Settings\HP_Propriétaire\log.dat
    2006-03-15 18:50 4,096 ----a-w C:\Documents and Settings\HP_Propriétaire\log.dat
    2006-05-01 15:56 56 --sh--r C:\WINDOWS\system32\646CD25BD6.sys
    .

    ((((((((((((((((((((((((((((( snapshot_2008-04-10_10.49.21.32 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-04-10 07:30:24 53,436 ----a-w C:\WINDOWS\system32\perfc009.dat
    + 2008-04-13 17:56:56 53,436 ----a-w C:\WINDOWS\system32\perfc009.dat
    - 2008-04-10 07:30:24 64,484 ----a-w C:\WINDOWS\system32\perfc00C.dat
    + 2008-04-13 17:56:56 64,484 ----a-w C:\WINDOWS\system32\perfc00C.dat
    - 2008-04-10 07:30:24 381,692 ----a-w C:\WINDOWS\system32\perfh009.dat
    + 2008-04-13 17:56:56 381,692 ----a-w C:\WINDOWS\system32\perfh009.dat
    - 2008-04-10 07:30:24 446,566 ----a-w C:\WINDOWS\system32\perfh00C.dat
    + 2008-04-13 17:56:56 446,566 ----a-w C:\WINDOWS\system32\perfh00C.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
    "H/PC Connection Agent"="C:\PROGRA~1\MICROS~3\wcescomm.exe" [2005-11-15 20:21 1204224]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-13 22:06 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 23:55 155648]
    "HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 19:53 49152]
    "HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 19:43 659456]
    "KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 20:02 61440]
    "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 14:03 221184]
    "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-06-16 14:03 81920]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 21:43 233472]
    "VTTimer"="VTTimer.exe" []
    "SiSPower"="SiSPower.dll" [2004-09-24 10:49 49152 C:\WINDOWS\system32\SiSPower.dll]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 18:06 88363 C:\WINDOWS\AGRSMMSG.exe]
    "PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 22:17 90112]
    "AlcxMonitor"="ALCXMNTR.EXE" []
    "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 22:54 253952]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-02-12 17:57 188416]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-02-12 17:59 77824]
    "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-12 15:42 249896]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
    "EPSON Stylus DX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.exe" [2005-02-08 06:00 98304]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
    "UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-13 18:55 185632]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-29 06:31:38 241664]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]
    Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-07-13 22:06:14 124912]
    WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-11-26 19:57:26 122880]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Shareaza\\Shareaza.exe"=
    "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    "139:TCP"= 139:TCP:LocalSubNet,172.16.255.0/255.255.255.0:Enabled:@xpsp2res.dll,-22004
    "445:TCP"= 445:TCP:LocalSubNet,172.16.255.0/255.255.255.0:Enabled:@xpsp2res.dll,-22005
    "137:UDP"= 137:UDP:LocalSubNet,172.16.255.0/255.255.255.0:Enabled:@xpsp2res.dll,-22001
    "138:UDP"= 138:UDP:LocalSubNet,172.16.255.0/255.255.255.0:Enabled:@xpsp2res.dll,-22002

    R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\drivers\avgntmgr.sys [2007-09-06 20:31]
    R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2007-09-06 20:31]
    R3 NBXG7031;NB 802.11g XG703 SP1 Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [2004-09-17 15:56]
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
    S1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys []
    S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-04-07 20:17]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d572b430-9b77-11dc-bc20-0060b3b00a94}]
    \Shell\AutoRun\command - K:\autorunner.exe "www.CCE-ADECCO.com"

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-04-10 06:08:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-04-05 10:50:38 C:\WINDOWS\Tasks\Connexion facile à Internet.job"
    - C:\Program Files\Easy Internet signup\HPSdpApp.exe
    .
    **************************************************************************

    catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-13 22:27:35
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    **************************************************************************
    .
    Temps d'accomplissement: 2008-04-13 22:28:57
    ComboFix-quarantined-files.txt 2008-04-13 20:28:04
    ComboFix2.txt 2008-04-09 19:39:05
    ComboFix3.txt 2008-04-09 12:23:32
    Pre-Run: 106,237,857,792 octets libres
    Post-Run: 106,226,663,424 octets libres
    .
    2008-04-09 20:50:25 --- E O F ---
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS