Votre question

salut a tous petite infection en perspective, besoin d'un réel coup de

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
30 Mars 2008 15:34:56

Depuis quelques temps mon ordinateur ne fonctionne plus correctement je crois qu'il est infecté mais je n'y connais pas grand chose.. Je vous poste mon rapport hijack, merci d'avance de votre aide qui me serait vraiment précieuse!!

Autres pages sur : salut petite infection perspective besoin reel coup

30 Mars 2008 15:38:17

Voici donc mon rapport hijack (bonne lecture à tous!) et merci d'avance..


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:30:00, on 30/03/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\C&E\OSD\osd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\ProgramData\lygllklm\bazqzenq.exe
C:\ProgramData\bifiteha\zyxefovs.exe
C:\Windows\System32\p2phost.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\chrisama\AppData\Local\efotaqm.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig?hl=fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: PC-Antispyware Site Blocker Button - {10F0C2A9-8E38-43e3-204D-45524C494E20} - C:\Program Files\PC-Antispyware\IeExtension.dll (file missing)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [OSD] C:\Program Files\C&E\OSD\osd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [recinfo227] c:\RecInfo\RecInfo.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [MBPlayer] "C:\Program Files\MB application\MBPlayer.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [lygllklm] C:\ProgramData\lygllklm\bazqzenq.exe
O4 - HKCU\..\Run: [Je07uun31y] C:\ProgramData\bifiteha\zyxefovs.exe
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [uimanjpk] C:\ProgramData\uimanjpk\kruxolcp.exe
O4 - HKCU\..\Run: [efotaqm] c:\users\chrisama\appdata\local\efotaqm.exe efotaqm
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: .protected
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe

--
End of file - 10020 bytes
a b 8 Sécurité
30 Mars 2008 16:01:33

Re,

Télécharge Navilog1.exe (IL-MAFIOSO)
Enregistre-le sur ton Bureau.
Lance l'installation en double cliquant sur navilog.exe.
Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.
(Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau)

Laisse-toi guider par l'utilitaire. Choisis l'option 4 puis valide.

Il va te demander de saisir le nom de fichier. Saisie ce qui est en gras ci-dessous et rien d'autre puis valide :
efotaqm
Retape le nom de fichier quand cela te sera demandé.

L'utilitaire va t'informer qu'il va redémarrer l'ordinateur.
[#ff0000]**Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts**[/#f]
Appuie maintenant sur une touche, comme demandé.
(si ton PC ne redémarre pas automatiquement, fais-le manuellement)

Patiente jusqu'à l'apparition de ce message :
"*** Nettoyage Termine le ..... ***"

Le Bloc-notes va s'ouvrir.
Sauvegarde le rapport de manière à le retrouver.
Referme le Bloc-notes. Ton bureau va maintenant réapparaître.

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.

Poste le rapport sauvegardé auparavant (C:\cleannavi.txt)
Ainsi qu'un nouveau rapport Hijackthis.

Ferme Internet Explorer puis Démarrer/Panneau de Configuration/Options Internet.
Choisis l'onglet Contenu puis onglet Certificats.
Regarde si tu trouves les programmes suivant (en particulier dans Editeurs approuvés):

Montorgueil
VIP


Si tu les trouves, fais ceci :
* Sélectionne chacun de ces certificats et clique sur exporter. Enregistre le/les sur ton bureau.
* Supprime ensuite ceux présents dans l'onglet "certificats" des options de ton naviguateur.

Ensuite pour chacun des certificats présents sur ton bureau :
* Va sur le site Web :
http://www.bleepingcomputer.com/submit-malware.php?chan...
* Copie/colle ceci dans la case 'Link to Topic' :
le nom du certificat (Montorgueil ,......)
* Copie/colle ceci dans la case 'Browse to the File' :
Le certificat correspondant que tu avais exportés vers ton bureau

Si c'est fait, supprime enfin le certificat présent sur ton bureau.
Contenus similaires
30 Mars 2008 16:35:48

euh petit probleme
jarrive a telecharger navilog.exe mais pas a l'exécuter.. la fenetre se ferme en suivant et windows ne le reconnait pas..
30 Mars 2008 18:09:12

alors,
ca yest jarrive a lancer navilog
je choisit le langue tt tres bien..
et la:

"erreur en entrée: impossible de trouver le fichier script c:/getpaths.vbs"
Setpaths.bat n'est pas reconnu en tant que commande interne ou externe, un programme exécutable ou un fichier de comandes.
impossible de trouver C:/setpaths.bat

help!!!
je ny comprends rien!
30 Mars 2008 18:22:50

alors jy compren plus rien!
navilog a marché aprés avoir rééssayer..

voici le rapport bloc notes:



Clean Navipromo version 3.5.2 commencé le 30/03/2008 à 18:13:33,08

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "chrisama"

Mise à jour le 29.03.2008 à 22h00 par IL-MAFIOSO

Microsoft Windows Vista 6.0.6001
Internet Explorer : 7.0.6001.18000
Système de fichiers : NTFS


Mode suppression par méthode manuelle

Nom du fichier saisi : efotaqm

*** Recherche, création sauvegardes et suppression ***

* Suppression dans C:\Windows\system32 *

* Suppression dans C:\Users\chrisama\AppData\Local\Microsoft *

* Suppression dans C:\Users\chrisama\AppData\Local *

efotaqm.exe trouvé !
Copie efotaqm.exe réalisée avec succès !
efotaqm.exe supprimé !

efotaqm.dat trouvé !
Copie efotaqm.dat réalisée avec succès !
efotaqm.dat supprimé !

efotaqm_nav.dat trouvé !
Copie efotaqm_nav.dat réalisée avec succès !
efotaqm_nav.dat supprimé !

efotaqm_navps.dat trouvé !
Copie efotaqm_navps.dat réalisée avec succès !
efotaqm_navps.dat supprimé !


*** Suppression dossiers dans C:\Windows ***


*** Suppression dossiers dans C:\Program Files ***


*** Suppression dossiers dans C:\ProgramData ***


*** Suppression dossiers dans C:\ProgramData\Microsoft\Windows\Start Menu\Programs ***


*** Suppression dossiers dans c:\users\chrisama\appdata\roaming\microsoft\windows\start menu\programs ***


*** Suppression dossiers dans C:\Users\chrisama\AppData\Local\virtualstore\Program Files ***

...\InternetGameBox ...suppression...
...\InternetGameBox supprimé !


*** Suppression dossiers dans C:\Users\chrisama\AppData\Roaming ***



*** Suppression fichiers ***


*** Suppression fichiers temporaires ***

Nettoyage contenu C:\Windows\Temp effectué !
Nettoyage contenu C:\Users\chrisama\AppData\Local\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans C:\Windows\system32 *


* Dans C:\Users\chrisama\AppData\Local\Microsoft *


* Dans C:\Users\chrisama\AppData\Local *


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup supprimé !
Certificat Electronic-Group supprimé !
Certificat OOO-Favorit supprimé !
Certificat Sunny-Day-Design-Ltdt absent !

*** Nettoyage terminé le 30/03/2008 à 18:17:46,66 ***



le rapport hijack arrive..
30 Mars 2008 18:34:46

et voici le rapport hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:30:00, on 30/03/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\C&E\OSD\osd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\ProgramData\lygllklm\bazqzenq.exe
C:\ProgramData\bifiteha\zyxefovs.exe
C:\Windows\System32\p2phost.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\chrisama\AppData\Local\efotaqm.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig?hl=fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: PC-Antispyware Site Blocker Button - {10F0C2A9-8E38-43e3-204D-45524C494E20} - C:\Program Files\PC-Antispyware\IeExtension.dll (file missing)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [OSD] C:\Program Files\C&E\OSD\osd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [recinfo227] c:\RecInfo\RecInfo.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [MBPlayer] "C:\Program Files\MB application\MBPlayer.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [lygllklm] C:\ProgramData\lygllklm\bazqzenq.exe
O4 - HKCU\..\Run: [Je07uun31y] C:\ProgramData\bifiteha\zyxefovs.exe
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [uimanjpk] C:\ProgramData\uimanjpk\kruxolcp.exe
O4 - HKCU\..\Run: [efotaqm] c:\users\chrisama\appdata\local\efotaqm.exe efotaqm
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: .protected
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe

--
End of file - 10020 bytes

et pa de nouvelles de VIP ou montorgueil dans les certificats
a b 8 Sécurité
31 Mars 2008 17:53:21

Re,

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    1 Avril 2008 19:29:23

    re

    voici le rapport malwarebytes:
    besoin rapport hijack?

    Malwarebytes' Anti-Malware 1.09
    Version de la base de données: 578

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 116295
    Temps écoulé: 16 minute(s), 57 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 18
    Valeur(s) du Registre infectée(s): 1
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\CLSID\{10f0c2a9-8e38-43e3-204d-45524c494e20} (Rogue.PC-Antispyware) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10f0c2a9-8e38-43e3-204d-45524c494e20} (Rogue.PC-Antispyware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Classes\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorertoolbar (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\PC-Antispyware (Rogue.PC-Antispyware) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)
    a b 8 Sécurité
    1 Avril 2008 20:51:57

    Reposte un rapport Hijackthis.
    1 Avril 2008 22:06:55

    re..re..re..Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:30:00, on 30/03/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\Program Files\C&E\OSD\osd.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\ProgramData\lygllklm\bazqzenq.exe
    C:\ProgramData\bifiteha\zyxefovs.exe
    C:\Windows\System32\p2phost.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Users\chrisama\AppData\Local\efotaqm.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig?hl=fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: PC-Antispyware Site Blocker Button - {10F0C2A9-8E38-43e3-204D-45524C494E20} - C:\Program Files\PC-Antispyware\IeExtension.dll (file missing)
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    O4 - HKLM\..\Run: [OSD] C:\Program Files\C&E\OSD\osd.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [recinfo227] c:\RecInfo\RecInfo.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
    O4 - HKCU\..\Run: [MBPlayer] "C:\Program Files\MB application\MBPlayer.exe"
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [lygllklm] C:\ProgramData\lygllklm\bazqzenq.exe
    O4 - HKCU\..\Run: [Je07uun31y] C:\ProgramData\bifiteha\zyxefovs.exe
    O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [uimanjpk] C:\ProgramData\uimanjpk\kruxolcp.exe
    O4 - HKCU\..\Run: [efotaqm] c:\users\chrisama\appdata\local\efotaqm.exe efotaqm
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
    O4 - Global Startup: .protected
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe

    --
    End of file - 10020 bytes
    bonne lecture et re merci
    a b 8 Sécurité
    1 Avril 2008 22:21:53

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

  • Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
    1 Avril 2008 23:10:20

    je crois ke j ai n tit peu "merdé" je sais pas ce ke ça va donner ...

    en tout cas voila le rapport .... merci


    ComboFix 08-04-01.2 - chrisama 2008-04-01 22:49:47.3 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1289 [GMT 2:00]
    Endroit: C:\Users\chrisama\Desktop\ComboFix.exe
    .
    TimedOut: Windir.dat

    ((((((((((((((((((((((((((((( Fichiers créés 2008-03-01 to 2008-04-01 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-01 20:48 . 2008-04-01 22:19 <REP> d-------- C:\Users\All Users\Google Updater
    2008-04-01 20:48 . 2008-04-01 22:19 <REP> d-------- C:\ProgramData\Google Updater
    2008-04-01 20:35 . 2008-04-01 20:35 <REP> d-------- C:\Program Files\Picasa2
    2008-04-01 20:35 . 2006-10-05 04:42 2,560 --------- C:\Windows\System32\drivers\cdralw2k.sys
    2008-04-01 20:35 . 2006-10-05 04:42 2,432 --------- C:\Windows\System32\drivers\cdr4_xp.sys
    2008-04-01 18:55 . 2008-04-01 18:55 <REP> d-------- C:\Users\All Users\Malwarebytes
    2008-04-01 18:55 . 2008-04-01 18:55 <REP> d-------- C:\ProgramData\Malwarebytes
    2008-04-01 18:54 . 2008-04-01 20:07 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-04-01 01:21 . 2008-04-01 01:21 <REP> d-------- C:\Program Files\Microsoft Windows OneCare Live
    2008-04-01 00:31 . 2008-04-01 20:09 <REP> d-------- C:\Program Files\Alwil Software
    2008-04-01 00:31 . 2008-03-29 19:45 1,146,232 --a------ C:\Windows\System32\aswBoot.exe
    2008-04-01 00:31 . 2004-01-09 10:13 380,928 --a------ C:\Windows\System32\actskin4.ocx
    2008-04-01 00:31 . 2008-03-29 19:23 95,608 --a------ C:\Windows\System32\AvastSS.scr
    2008-04-01 00:31 . 2008-03-29 19:31 75,856 --a------ C:\Windows\System32\drivers\aswSP.sys
    2008-04-01 00:31 . 2008-03-29 19:32 50,768 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
    2008-04-01 00:31 . 2008-03-29 19:27 42,912 --a------ C:\Windows\System32\drivers\aswTdi.sys
    2008-04-01 00:31 . 2008-03-29 19:29 23,152 --a------ C:\Windows\System32\drivers\aswRdr.sys
    2008-04-01 00:31 . 2008-03-29 19:35 20,560 --a------ C:\Windows\System32\drivers\aswFsBlk.sys
    2008-03-30 18:02 . 2008-03-30 18:17 <REP> d-------- C:\Program Files\Navilog1
    2008-03-30 16:24 . 2008-04-01 00:28 <REP> d-------- C:\Users\All Users\Avira
    2008-03-30 16:24 . 2008-04-01 00:28 <REP> d-------- C:\ProgramData\Avira
    2008-03-30 15:29 . 2008-04-01 20:06 <REP> d-------- C:\Program Files\Trend Micro
    2008-03-29 12:54 . 2008-03-30 18:51 <REP> d-------- C:\Users\All Users\pkhbvwkb
    2008-03-29 12:54 . 2008-03-30 18:51 <REP> d-------- C:\ProgramData\pkhbvwkb
    2008-03-29 03:36 . 2008-03-29 03:36 <REP> d-------- C:\Users\All Users\Apple Computer
    2008-03-29 03:36 . 2008-03-29 03:36 <REP> d-------- C:\ProgramData\Apple Computer
    2008-03-29 03:36 . 2008-03-29 03:37 <REP> d-------- C:\Program Files\QuickTime
    2008-03-29 03:35 . 2008-03-29 03:35 <REP> d-------- C:\Users\All Users\Apple
    2008-03-29 03:35 . 2008-03-29 03:35 <REP> d-------- C:\ProgramData\Apple
    2008-03-29 03:35 . 2008-03-29 03:35 <REP> d-------- C:\Program Files\Apple Software Update
    2008-03-29 00:08 . 2008-03-29 00:08 319,456 --a------ C:\Windows\DIFxAPI.dll
    2008-03-27 02:14 . 2008-03-27 02:14 <REP> d-------- C:\Program Files\Common Files\xing shared
    2008-03-27 02:12 . 2008-03-27 02:12 3,431 --a------ C:\Windows\mozver.dat
    2008-03-26 17:02 . 2008-03-30 18:38 <REP> d-------- C:\Users\All Users\uimanjpk
    2008-03-26 17:02 . 2008-03-30 18:38 <REP> d-------- C:\ProgramData\uimanjpk
    2008-03-26 16:17 . 2008-03-26 16:17 945 --a------ C:\Windows\wininit.ini
    2008-03-26 15:48 . 2008-03-26 16:07 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
    2008-03-26 15:48 . 2008-03-26 16:07 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
    2008-03-26 15:48 . 2008-03-26 15:48 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-03-26 15:34 . 2008-03-26 16:18 131,072 --a------ C:\Windows\SPInstall.etl
    2008-03-26 14:51 . 2008-03-26 14:51 <REP> d-------- C:\Windows\WLTB Custom Button Feeds
    2008-03-25 12:25 . 2008-03-30 18:37 <REP> d-------- C:\Users\All Users\lygllklm
    2008-03-25 12:25 . 2008-03-30 16:47 <REP> d-------- C:\Users\All Users\bifiteha
    2008-03-25 12:25 . 2008-03-30 18:37 <REP> d-------- C:\ProgramData\lygllklm
    2008-03-25 12:25 . 2008-03-30 16:47 <REP> d-------- C:\ProgramData\bifiteha
    2008-03-25 01:57 . 2008-03-25 10:47 <REP> d-a------ C:\Users\All Users\TEMP
    2008-03-25 01:57 . 2008-03-25 10:47 <REP> d-a------ C:\ProgramData\TEMP
    2008-03-25 01:40 . 2008-03-25 01:40 <REP> d-------- C:\Users\All Users\Mozilla
    2008-03-20 21:03 . 2008-03-20 21:03 <REP> d-------- C:\Program Files\Windows Live Favorites
    2008-03-19 18:52 . 2008-03-29 00:25 <REP> d-------- C:\PerfLogs
    2008-03-19 18:25 . 2008-01-19 09:33 2,623,488 --a------ C:\Windows\System32\SLsvc.exe
    2008-03-19 18:25 . 2008-01-19 09:36 1,541,120 --a------ C:\Windows\System32\onex.dll
    2008-03-19 18:25 . 2008-01-19 09:44 986,680 --a------ C:\Windows\System32\winload.exe
    2008-03-19 18:23 . 2008-01-19 09:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
    2008-03-19 18:22 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
    2008-03-19 18:21 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
    2008-03-19 18:21 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll
    2008-03-19 18:21 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll
    2008-03-19 18:21 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll
    2008-03-19 18:21 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll
    2008-03-19 18:21 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
    2008-03-19 18:21 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
    2008-03-19 18:21 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
    2008-03-19 18:21 . 2006-11-02 11:39 6,656 --a------ C:\Windows\System32\kbd106.dll
    2008-03-11 21:05 . 2008-03-11 21:06 <REP> d-------- C:\Program Files\Java
    2008-03-11 21:05 . 2008-03-11 21:05 <REP> d-------- C:\Program Files\Common Files\Java
    2008-03-11 01:51 . 2008-03-06 22:32 23,904 --a------ C:\Windows\System32\drivers\COH_Mon.sys
    2008-03-11 01:51 . 2008-03-06 22:32 10,537 --a------ C:\Windows\System32\drivers\COH_Mon.cat
    2008-03-11 01:51 . 2008-03-06 22:32 706 --a------ C:\Windows\System32\drivers\COH_Mon.inf
    2008-03-08 22:35 . 2008-03-26 09:02 <REP> d-------- C:\Users\All Users\Google
    2008-03-08 22:34 . 2008-03-08 22:34 <REP> d-------- C:\Program Files\Real
    2008-03-08 22:34 . 2008-04-01 20:50 <REP> d-------- C:\Program Files\Google
    2008-03-08 22:34 . 2008-03-27 02:13 <REP> d-------- C:\Program Files\Common Files\Real
    2008-03-07 15:43 . 2008-03-07 15:43 <REP> d-------- C:\Users\All Users\Downloaded Installations
    2008-03-07 15:43 . 2008-03-07 15:43 <REP> d-------- C:\ProgramData\Downloaded Installations
    2008-03-06 22:56 . 2008-03-06 22:56 <REP> d-------- C:\Program Files\Microsoft Silverlight
    2008-03-06 10:35 . 2008-03-06 10:35 6,656 --a------ C:\Windows\System32\kbd106n.dll
    2008-03-05 18:53 . 2008-03-24 12:43 <REP> d----c--- C:\Windows\System32\DRVSTORE
    2008-03-05 18:52 . 2006-11-29 14:06 3,426,072 --a------ C:\Windows\System32\d3dx9_32.dll
    2008-03-05 18:51 . 2008-03-20 21:03 <REP> d-------- C:\Program Files\Windows Live Toolbar
    2008-03-05 18:39 . 2008-03-20 20:57 <REP> d-------- C:\Users\All Users\WLInstaller
    2008-03-05 18:39 . 2008-03-20 20:57 <REP> d-------- C:\ProgramData\WLInstaller
    2008-03-05 18:39 . 2008-03-24 12:43 <REP> d-------- C:\Program Files\Windows Live
    2008-03-05 18:39 . 2008-03-18 15:12 <REP> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
    2008-03-04 19:50 . 2008-03-04 19:50 <REP> d-------- C:\Users\All Users\fsc-reg
    2008-03-04 19:50 . 2008-03-04 19:50 <REP> d-------- C:\Users\All Users\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
    2008-03-04 19:50 . 2008-03-04 19:50 <REP> d-------- C:\ProgramData\fsc-reg
    2008-03-04 19:50 . 2008-03-04 19:50 <REP> d-------- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
    2008-03-04 19:50 . 2008-03-04 19:50 <REP> d-------- C:\Program Files\MB application
    2008-03-04 19:50 . 2008-03-04 19:50 <REP> d-------- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
    2008-03-04 19:48 . 2008-03-08 22:49 <REP> dr------- C:\Users\chrisama\Videos
    2008-03-04 19:48 . 2008-03-04 19:48 <REP> dr------- C:\Users\chrisama\Searches
    2008-03-04 19:48 . 2008-03-04 19:56 <REP> dr------- C:\Users\chrisama\Saved Games
    2008-03-04 19:48 . 2008-04-01 20:13 <REP> dr------- C:\Users\chrisama\Pictures
    2008-03-04 19:48 . 2008-03-24 23:02 <REP> dr------- C:\Users\chrisama\Music
    2008-03-04 19:48 . 2008-03-04 19:48 <REP> dr------- C:\Users\chrisama\Links
    2008-03-04 19:48 . 2008-04-01 20:15 <REP> dr------- C:\Users\chrisama\Downloads
    2008-03-04 19:48 . 2008-04-01 21:12 <REP> dr------- C:\Users\chrisama\Documents
    2008-03-04 19:48 . 2008-03-20 17:22 <REP> dr------- C:\Users\chrisama\Contacts
    2008-03-04 19:48 . 2008-03-04 19:48 <REP> d--h----- C:\Users\chrisama\AppData

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-30 15:11 --------- d-----w C:\ProgramData\Symantec
    2008-03-30 15:10 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-03-19 17:02 174 --sha-w C:\Program Files\desktop.ini
    2008-03-19 16:54 --------- d-----w C:\Program Files\Windows Sidebar
    2008-03-19 16:54 --------- d-----w C:\Program Files\Windows Mail
    2008-03-19 16:54 --------- d-----w C:\Program Files\Windows Calendar
    2008-03-19 16:53 --------- d-----w C:\Program Files\Windows Photo Gallery
    2008-03-19 16:53 --------- d-----w C:\Program Files\Windows Journal
    2008-03-19 16:53 --------- d-----w C:\Program Files\Windows Defender
    2008-03-19 16:53 --------- d-----w C:\Program Files\Windows Collaboration
    2008-03-19 16:35 82,432 ----a-w C:\Windows\System32\axaltocm.dll
    2008-03-19 16:35 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
    2008-03-12 14:51 --------- d-----w C:\ProgramData\Microsoft Help
    2008-03-04 17:44 --------- d-sh--w C:\ProgramData\Modèles
    2008-03-04 17:44 --------- d-sh--w C:\ProgramData\Menu Démarrer
    2008-03-04 17:44 --------- d-sh--w C:\ProgramData\Favoris
    2008-03-04 17:44 --------- d-sh--w C:\ProgramData\Bureau
    2008-03-04 17:44 --------- d-sh--w C:\Program Files\Fichiers communs
    2008-02-23 02:38 43,872 ------w C:\Windows\system32\drivers\pxhelp20.sys
    2008-02-01 10:17 587,264 ----a-w C:\Windows\WLXPGSS.SCR
    2008-01-19 07:44 926,776 ----a-w C:\Windows\System32\winresume.exe
    2008-01-19 07:43 614,968 ----a-w C:\Windows\System32\ci.dll
    2008-01-19 07:43 376,376 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
    2008-01-19 07:43 3,600,440 ----a-w C:\Windows\System32\ntkrnlpa.exe
    2008-01-19 07:43 3,548,728 ----a-w C:\Windows\System32\ntoskrnl.exe
    2008-01-19 07:42 94,776 ----a-w C:\Windows\System32\MigAutoPlay.exe
    2008-01-19 07:42 51,768 ----a-w C:\Windows\System32\PSHED.DLL
    2008-01-19 07:42 247,352 ----a-w C:\Windows\System32\clfs.sys
    2008-01-19 07:42 177,208 ----a-w C:\Windows\System32\halmacpi.dll
    2008-01-19 07:42 141,880 ----a-w C:\Windows\System32\halacpi.dll
    2008-01-19 07:41 24,120 ----a-w C:\Windows\System32\BOOTVID.DLL
    2008-01-19 07:41 21,560 ----a-w C:\Windows\System32\kdusb.dll
    2008-01-19 07:41 19,512 ----a-w C:\Windows\System32\kdcom.dll
    2008-01-19 07:38 46,080 ----a-w C:\Windows\System32\NAPCRYPT.DLL
    2008-01-19 07:38 4,595,712 ----a-w C:\Windows\System32\AuthFWSnapin.dll
    2008-01-19 07:38 242,744 ----a-w C:\Windows\System32\rsaenh.dll
    2008-01-19 07:38 155,704 ----a-w C:\Windows\System32\dssenh.dll
    2008-01-19 07:38 131,640 ----a-w C:\Windows\System32\basecsp.dll
    2008-01-19 07:38 103,936 ----a-w C:\Windows\System32\NAPHLPR.DLL
    2008-01-19 07:38 1,203,792 ----a-w C:\Windows\System32\ntdll.dll
    2008-01-19 07:36 996,352 ----a-w C:\Windows\System32\WMNetMgr.dll
    2008-01-19 07:35 98,304 ----a-w C:\Windows\System32\mssitlb.dll
    2008-01-19 07:34 98,816 ----a-w C:\Windows\System32\mfps.dll
    2008-01-19 07:33 98,304 ----a-w C:\Windows\System32\makecab.exe
    2008-01-19 07:32 879,616 ----a-w C:\Windows\System32\Bubbles.scr
    2008-01-19 07:32 704,512 ----a-w C:\Windows\System32\PhotoScreensaver.scr
    2008-01-19 07:32 5,714,432 ----a-w C:\Windows\System32\logon.scr
    2008-01-19 07:32 258,048 ----a-w C:\Windows\System32\winspool.drv
    2008-01-19 07:32 221,184 ----a-w C:\Windows\System32\Mystify.scr
    2008-01-19 07:32 220,672 ----a-w C:\Windows\System32\Ribbons.scr
    2008-01-19 07:32 21,504 ----a-w C:\Windows\System32\msacm32.drv
    2008-01-19 07:32 166,912 ----a-w C:\Windows\System32\wdmaud.drv
    2008-01-19 07:32 1,370,624 ----a-w C:\Windows\System32\Aurora.scr
    2008-01-19 07:31 7,680 ----a-w C:\Windows\System32\spwizres.dll
    2008-01-19 07:31 57,856 ----a-w C:\Windows\System32\nlsbres.dll
    2008-01-19 07:31 118,272 ----a-w C:\Windows\System32\RDPENCDD.dll
    2008-01-19 07:30 17,920 ----a-w C:\Windows\System32\netevent.dll
    2008-01-19 07:29 705,536 ----a-w C:\Windows\System32\imagesp1.dll
    2008-01-19 07:29 58,880 ----a-w C:\Windows\System32\msobjs.dll
    2008-01-19 07:28 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
    2008-01-19 07:26 36,864 ----a-w C:\Windows\System32\cdd.dll
    2008-01-19 06:01 14,336 ----a-w C:\Windows\System32\tsddd.dll
    2008-01-19 06:01 134,656 ----a-w C:\Windows\System32\rdpdd.dll
    2008-01-19 05:52 56,320 ----a-w C:\Windows\System32\vga256.dll
    2008-01-19 05:52 21,504 ----a-w C:\Windows\System32\vga64k.dll
    2008-01-19 05:52 11,776 ----a-w C:\Windows\System32\framebuf.dll
    2008-01-19 05:52 10,752 ----a-w C:\Windows\System32\vga.dll
    2008-01-19 05:50 14,848 ----a-w C:\Windows\System32\iscsilog.dll
    2008-01-19 05:48 20,992 ----a-w C:\Windows\System32\msdtcVSp1res.dll
    2008-01-19 05:48 1,291,264 ----a-w C:\Windows\System32\comres.dll
    2008-01-19 05:46 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-01-19 05:39 13,312 ----a-w C:\Windows\System32\WsmRes.dll
    2008-01-19 05:37 2,031,616 ----a-w C:\Windows\System32\win32k.sys
    2008-01-19 05:36 289,792 ----a-w C:\Windows\System32\atmfd.dll
    2008-01-19 05:33 56,320 ----a-w C:\Windows\System32\graftabl.com
    2008-01-19 05:31 8,322,048 ----a-w C:\Windows\System32\spwizimg.dll
    2008-01-19 05:27 8,704 ----a-w C:\Windows\System32\kd1394.dll
    2008-01-19 05:26 605,696 ----a-w C:\Windows\System32\adtschema.dll
    2008-01-19 03:17 100,043 ----a-w C:\Windows\System32\StructuredQuerySchema.bin
    2008-01-05 11:36 195,122 ----a-w C:\Windows\System32\winrm.vbs
    2008-01-05 11:35 80,047 ----a-w C:\Windows\System32\slmgr.vbs
    2008-01-05 11:34 15,181 ----a-w C:\Windows\System32\gatherWirelessInfo.vbs
    2008-01-05 11:27 96,760 ----a-w C:\Windows\System32\dfshim.dll
    2008-01-05 11:27 84,480 ----a-w C:\Windows\System32\mscories.dll
    2008-01-05 11:27 282,112 ----a-w C:\Windows\System32\mscoree.dll
    2008-01-05 11:27 158,720 ----a-w C:\Windows\System32\mscorier.dll
    2008-01-05 11:21 779,800 ----a-w C:\Windows\System32\PresentationNative_v0300.dll
    2008-01-05 11:21 579,584 ----a-w C:\Windows\System32\icardagt.exe
    2008-01-05 11:21 350,744 ----a-w C:\Windows\System32\PresentationHost.exe
    2008-01-05 11:21 33,304 ----a-w C:\Windows\System32\PresentationHostProxy.dll
    2008-01-05 11:21 28,672 ----a-w C:\Windows\System32\TsWpfWrp.exe
    2008-01-05 11:21 12,198 ----a-w C:\Windows\System32\gatherWiredInfo.vbs
    2008-01-05 11:21 11,776 ----a-w C:\Windows\System32\icardres.dll
    2008-01-05 11:21 106,520 ----a-w C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-04-01_22.39.49.84 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-04-01 19:46:35 67,584 --s-a-w C:\Windows\bootstat.dat
    + 2008-04-01 20:42:32 67,584 --s-a-w C:\Windows\bootstat.dat
    - 2008-04-01 19:54:29 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
    + 2008-04-01 20:44:04 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
    - 2008-04-01 17:40:58 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
    + 2008-04-01 20:43:32 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
    + 2008-04-01 20:43:32 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
    - 2008-04-01 20:36:24 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
    + 2008-04-01 20:49:53 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
    - 2008-04-01 17:40:53 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
    + 2008-04-01 20:43:27 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
    + 2008-04-01 20:43:27 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
    - 2008-04-01 20:19:39 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-04-01 20:45:32 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-04-01 20:19:39 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-04-01 20:45:32 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-04-01 20:19:39 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-04-01 20:45:32 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-04-01 19:49:55 101,250 ----a-w C:\Windows\System32\perfc009.dat
    + 2008-04-01 20:47:03 101,250 ----a-w C:\Windows\System32\perfc009.dat
    - 2008-04-01 19:49:55 123,556 ----a-w C:\Windows\System32\perfc00C.dat
    + 2008-04-01 20:47:03 123,556 ----a-w C:\Windows\System32\perfc00C.dat
    - 2008-04-01 19:49:55 587,178 ----a-w C:\Windows\System32\perfh009.dat
    + 2008-04-01 20:47:03 587,178 ----a-w C:\Windows\System32\perfh009.dat
    - 2008-04-01 19:49:55 669,578 ----a-w C:\Windows\System32\perfh00C.dat
    + 2008-04-01 20:47:03 669,578 ----a-w C:\Windows\System32\perfh00C.dat
    - 2008-04-01 17:41:20 9,742 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3212120266-2321494857-432322071-1000_UserData.bin
    + 2008-04-01 20:44:22 9,766 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3212120266-2321494857-432322071-1000_UserData.bin
    - 2008-04-01 17:41:20 73,274 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2008-04-01 20:44:22 73,440 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2008-04-01 17:41:18 44,116 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2008-04-01 20:44:21 44,718 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
    "MBPlayer"="C:\Program Files\MB application\MBPlayer.exe" [2006-12-19 16:32 48640]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]
    "Je07uun31y"="C:\ProgramData\bifiteha\zyxefovs.exe" [ ]
    "CollaborationHost"="C:\Windows\system32\p2phost.exe" [2008-01-19 09:33 192000]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33 202240]
    "uimanjpk"="C:\ProgramData\uimanjpk\kruxolcp.exe" [ ]
    "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 09:38 1008184]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 17:10 4468736 C:\Windows\RtHDVCpl.exe]
    "SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 18:31 630784]
    "OSD"="C:\Program Files\C&E\OSD\osd.exe" [2007-07-10 18:29 557056]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-02-26 20:46 153136]
    "recinfo227"="c:\RecInfo\RecInfo.exe" [2007-09-14 14:53 2768896]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
    "Skytel"="Skytel.exe" [2007-05-07 18:51 1826816 C:\Windows\SkyTel.exe]
    "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-19 01:31 86016]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-19 01:31 8466432]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-19 01:31 81920]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-27 02:13 185896]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 16:27 385024]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-01 20:48:29 124400]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{8EDC0976-A8DD-4A27-AB90-94576D26EAAA}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{F9C2233C-5E57-419B-8145-F15E94C0DA81}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{60289FB4-1AE7-4C8D-AA51-9C0DE1C1DFAE}"= C:\Program Files\CyberLink\PowerDV\PowerDV.exe:CyberLink PowerDV
    "{5BCEDDEC-846A-4613-B413-7CC3A67D6B79}"= Profile=Public|C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{724A0F51-6057-4659-8DDB-34538D52EF53}"= Profile=Public|C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{F08475B1-D207-4305-971A-341924B0C42F}"= Profile=Public|C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{C416B0BF-E128-4467-AD72-E2624A913971}"= Profile=Public|C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{24266AB6-E61F-495D-85BD-D1EB7666D9F2}"= Profile=Public|C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{DE8072D9-5CA3-468C-A377-A486C8993257}"= Profile=Public|C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{D07BFF1A-E31C-4DCE-9FAF-02021A353F87}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{E8F61A44-4316-4F58-8F23-8874FF472390}"= Disabled:C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{9344DBD9-264D-4DB2-9B46-B4B66A8EBE0F}"= Disabled:C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{78E394E4-ECDC-4DE0-9ED8-F9A06957A1AA}"= Disabled:C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{0C41C101-C5CB-4BFB-BDB0-701CEC9A6A63}"= Disabled:C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{DB1AFE60-C43C-4CA5-83F5-2895BA6BC4BF}"= Disabled:C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{988CA820-A521-43E1-ABB7-EBA6D1F32AED}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{BFB507FC-A936-4215-BB78-93379176CC55}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{68FB2283-B44B-41FF-A018-B56ECCEBACAF}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{2B286345-8171-49BE-831A-A20EDB41689A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{C1CDB8B1-19AE-4C48-A5B9-CCC09AD8B792}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{87435F6C-E5AF-439C-8896-F46A5954BE52}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

    R0 Si3531;SiI-3531 SATA Controller;C:\Windows\system32\DRIVERS\Si3531.sys [2007-06-01 19:29]
    R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
    R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 19:32]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 12:43]
    R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler;C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-12-08 10:52]
    R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys [2007-04-04 05:57]
    S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-03-19 18:31]
    S4 nvrd32;NVIDIA nForce RAID Driver;C:\Windows\system32\drivers\nvrd32.sys [2007-07-02 17:37]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-04-01 17:28:27 C:\Windows\Tasks\User_Feed_Synchronization-{FEBC6F36-1544-48B2-A6AD-1719527A11DC}.job"
    - C:\Windows\system32\msfeedssync.exe
    "2008-03-20 19:03:25 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-01 22:52:52
    Windows 6.0.6001 Service Pack 1 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-04-01 22:53:44
    ComboFix-quarantined-files.txt 2008-04-01 20:53:40
    ComboFix2.txt 2008-04-01 20:40:10
    Pre-Run: 115,626,831,872 octets libres
    Post-Run: 115,596,390,400 octets libres
    .
    2008-03-28 09:35:59 --- E O F ---
    2 Avril 2008 00:20:33

    oupsss... je viens de me balader un peu sur le forum et j'y ai lu qu'il faut écrire en français correct en évitant l'écriture sms ... mais j'y ai lu aussi bien d'autres choses très intéressantes ... dorénavant je ferais attention et a l'orthographe
    et à ce que je fais avec un ordinateur . bravo pour ce que vous faites (malgré que je n'y connaisse rien) à bientot ... j'espère ...
    a b 8 Sécurité
    2 Avril 2008 13:27:15

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    C:\Windows\system32\p2phost.exe

    Folder::
    C:\ProgramData\bifiteha
    C:\ProgramData\uimanjpk
    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Je07uun31y"=-
    "CollaborationHost"=-
    "SpybotSD TeaTimer"=-
    "uimanjpk"=-


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    6 Avril 2008 18:16:09

    voici le rapport Combofix

    le rapport hijack arrive


    ComboFix 08-04-04.1 - chrisama 2008-04-06 18:01:07.5 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1220 [GMT 2:00]
    Endroit: C:\Users\chrisama\Desktop\ComboFix.exe
    * Création d'un nouveau point de restauration
    .
    TimedOut: Windir.dat

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    C:\ProgramData\bifiteha
    C:\ProgramData\uimanjpk
    C:\Windows\system32\p2phost.exe . . . . Echec de suppression

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-03-06 to 2008-04-06 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-06 14:15 . 2008-04-06 14:15 <REP> d-------- C:\Program Files\MSECache
    2008-04-02 12:52 . 2008-04-02 12:52 <REP> d-------- C:\Program Files\Picasa2
    2008-04-02 12:52 . 2006-10-05 04:42 2,560 --------- C:\Windows\System32\drivers\cdralw2k.sys
    2008-04-02 12:52 . 2006-10-05 04:42 2,432 --------- C:\Windows\System32\drivers\cdr4_xp.sys
    2008-04-01 20:48 . 2008-04-06 17:57 <REP> d-------- C:\Users\All Users\Google Updater
    2008-04-01 20:48 . 2008-04-06 17:57 <REP> d-------- C:\ProgramData\Google Updater
    2008-04-01 18:55 . 2008-04-01 18:55 <REP> d-------- C:\Users\All Users\Malwarebytes
    2008-04-01 18:55 . 2008-04-01 18:55 <REP> d-------- C:\ProgramData\Malwarebytes
    2008-04-01 18:54 . 2008-04-01 20:07 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-04-01 01:21 . 2008-04-01 01:21 <REP> d-------- C:\Program Files\Microsoft Windows OneCare Live
    2008-04-01 00:31 . 2008-04-01 20:09 <REP> d-------- C:\Program Files\Alwil Software
    2008-04-01 00:31 . 2008-03-29 19:45 1,146,232 --a------ C:\Windows\System32\aswBoot.exe
    2008-04-01 00:31 . 2004-01-09 10:13 380,928 --a------ C:\Windows\System32\actskin4.ocx
    2008-04-01 00:31 . 2008-03-29 19:23 95,608 --a------ C:\Windows\System32\AvastSS.scr
    2008-04-01 00:31 . 2008-03-29 19:31 75,856 --a------ C:\Windows\System32\drivers\aswSP.sys
    2008-04-01 00:31 . 2008-03-29 19:32 50,768 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
    2008-04-01 00:31 . 2008-03-29 19:27 42,912 --a------ C:\Windows\System32\drivers\aswTdi.sys
    2008-04-01 00:31 . 2008-03-29 19:29 23,152 --a------ C:\Windows\System32\drivers\aswRdr.sys
    2008-04-01 00:31 . 2008-03-29 19:35 20,560 --a------ C:\Windows\System32\drivers\aswFsBlk.sys
    2008-03-30 18:02 . 2008-03-30 18:17 <REP> d-------- C:\Program Files\Navilog1
    2008-03-30 16:24 . 2008-04-01 00:28 <REP> d-------- C:\Users\All Users\Avira
    2008-03-30 16:24 . 2008-04-01 00:28 <REP> d-------- C:\ProgramData\Avira
    2008-03-30 15:29 . 2008-04-01 20:06 <REP> d-------- C:\Program Files\Trend Micro
    2008-03-29 12:54 . 2008-03-30 18:51 <REP> d-------- C:\Users\All Users\pkhbvwkb
    2008-03-29 12:54 . 2008-03-30 18:51 <REP> d-------- C:\ProgramData\pkhbvwkb
    2008-03-29 03:36 . 2008-03-29 03:36 <REP> d-------- C:\Users\All Users\Apple Computer
    2008-03-29 03:36 . 2008-03-29 03:36 <REP> d-------- C:\ProgramData\Apple Computer
    2008-03-29 03:36 . 2008-03-29 03:37 <REP> d-------- C:\Program Files\QuickTime
    2008-03-29 03:35 . 2008-03-29 03:35 <REP> d-------- C:\Users\All Users\Apple
    2008-03-29 03:35 . 2008-03-29 03:35 <REP> d-------- C:\ProgramData\Apple
    2008-03-29 03:35 . 2008-03-29 03:35 <REP> d-------- C:\Program Files\Apple Software Update
    2008-03-29 00:08 . 2008-03-29 00:08 319,456 --a------ C:\Windows\DIFxAPI.dll
    2008-03-27 02:14 . 2008-03-27 02:14 <REP> d-------- C:\Program Files\Common Files\xing shared
    2008-03-27 02:12 . 2008-03-27 02:12 3,431 --a------ C:\Windows\mozver.dat
    2008-03-26 16:17 . 2008-03-26 16:17 945 --a------ C:\Windows\wininit.ini
    2008-03-26 15:48 . 2008-03-26 16:07 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
    2008-03-26 15:48 . 2008-03-26 16:07 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
    2008-03-26 15:48 . 2008-03-26 15:48 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-03-26 15:34 . 2008-03-26 16:18 131,072 --a------ C:\Windows\SPInstall.etl
    2008-03-26 14:51 . 2008-03-26 14:51 <REP> d-------- C:\Windows\WLTB Custom Button Feeds
    2008-03-25 12:25 . 2008-03-30 18:37 <REP> d-------- C:\Users\All Users\lygllklm
    2008-03-25 12:25 . 2008-03-30 18:37 <REP> d-------- C:\ProgramData\lygllklm
    2008-03-25 01:57 . 2008-03-25 10:47 <REP> d-a------ C:\Users\All Users\TEMP
    2008-03-25 01:57 . 2008-03-25 10:47 <REP> d-a------ C:\ProgramData\TEMP
    2008-03-25 01:40 . 2008-03-25 01:40 <REP> d-------- C:\Users\All Users\Mozilla
    2008-03-20 21:03 . 2008-03-20 21:03 <REP> d-------- C:\Program Files\Windows Live Favorites
    2008-03-19 18:52 . 2008-03-29 00:25 <REP> d-------- C:\PerfLogs
    2008-03-19 18:25 . 2008-01-19 09:33 2,623,488 --a------ C:\Windows\System32\SLsvc.exe
    2008-03-19 18:25 . 2008-01-19 09:36 1,541,120 --a------ C:\Windows\System32\onex.dll
    2008-03-19 18:25 . 2008-01-19 09:44 986,680 --a------ C:\Windows\System32\winload.exe
    2008-03-19 18:23 . 2008-01-19 09:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
    2008-03-19 18:22 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
    2008-03-19 18:21 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
    2008-03-19 18:21 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll
    2008-03-19 18:21 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll
    2008-03-19 18:21 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll
    2008-03-19 18:21 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll
    2008-03-19 18:21 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
    2008-03-19 18:21 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
    2008-03-19 18:21 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
    2008-03-19 18:21 . 2006-11-02 11:39 6,656 --a------ C:\Windows\System32\kbd106.dll
    2008-03-11 21:05 . 2008-03-11 21:06 <REP> d-------- C:\Program Files\Java
    2008-03-11 21:05 . 2008-03-11 21:05 <REP> d-------- C:\Program Files\Common Files\Java
    2008-03-11 01:51 . 2008-03-06 22:32 23,904 --a------ C:\Windows\System32\drivers\COH_Mon.sys
    2008-03-11 01:51 . 2008-03-06 22:32 10,537 --a------ C:\Windows\System32\drivers\COH_Mon.cat
    2008-03-11 01:51 . 2008-03-06 22:32 706 --a------ C:\Windows\System32\drivers\COH_Mon.inf
    2008-03-08 22:35 . 2008-03-26 09:02 <REP> d-------- C:\Users\All Users\Google
    2008-03-08 22:34 . 2008-03-08 22:34 <REP> d-------- C:\Program Files\Real
    2008-03-08 22:34 . 2008-04-01 20:50 <REP> d-------- C:\Program Files\Google
    2008-03-08 22:34 . 2008-03-27 02:13 <REP> d-------- C:\Program Files\Common Files\Real
    2008-03-07 15:43 . 2008-03-07 15:43 <REP> d-------- C:\Users\All Users\Downloaded Installations
    2008-03-07 15:43 . 2008-03-07 15:43 <REP> d-------- C:\ProgramData\Downloaded Installations
    2008-03-06 22:56 . 2008-03-06 22:56 <REP> d-------- C:\Program Files\Microsoft Silverlight
    2008-03-06 10:35 . 2008-03-06 10:35 6,656 --a------ C:\Windows\System32\kbd106n.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-06 15:37 192,000 ----a-w C:\Windows\System32\p2phost.exe
    2008-04-06 13:19 --------- d-----w C:\ProgramData\Microsoft Help
    2008-04-04 16:49 --------- d-----w C:\ProgramData\WLInstaller
    2008-03-30 15:11 --------- d-----w C:\ProgramData\Symantec
    2008-03-30 15:10 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-03-24 10:43 --------- d-----w C:\Program Files\Windows Live
    2008-03-20 19:03 --------- d-----w C:\Program Files\Windows Live Toolbar
    2008-03-19 17:02 174 --sha-w C:\Program Files\desktop.ini
    2008-03-19 16:54 --------- d-----w C:\Program Files\Windows Sidebar
    2008-03-19 16:54 --------- d-----w C:\Program Files\Windows Mail
    2008-03-19 16:54 --------- d-----w C:\Program Files\Windows Calendar
    2008-03-19 16:53 --------- d-----w C:\Program Files\Windows Photo Gallery
    2008-03-19 16:53 --------- d-----w C:\Program Files\Windows Journal
    2008-03-19 16:53 --------- d-----w C:\Program Files\Windows Defender
    2008-03-19 16:53 --------- d-----w C:\Program Files\Windows Collaboration
    2008-03-19 16:35 82,432 ----a-w C:\Windows\System32\axaltocm.dll
    2008-03-19 16:35 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
    2008-03-18 13:12 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
    2008-03-04 17:50 --------- d-----w C:\ProgramData\fsc-reg
    2008-03-04 17:50 --------- d-----w C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
    2008-03-04 17:50 --------- d-----w C:\Program Files\MB application
    2008-03-04 17:50 --------- d-----w C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
    2008-03-04 17:44 --------- d-sh--w C:\ProgramData\Modèles
    2008-03-04 17:44 --------- d-sh--w C:\ProgramData\Menu Démarrer
    2008-03-04 17:44 --------- d-sh--w C:\ProgramData\Favoris
    2008-03-04 17:44 --------- d-sh--w C:\ProgramData\Bureau
    2008-03-04 17:44 --------- d-sh--w C:\Program Files\Fichiers communs
    2008-02-23 02:38 43,872 ------w C:\Windows\system32\drivers\pxhelp20.sys
    2008-02-01 10:17 587,264 ----a-w C:\Windows\WLXPGSS.SCR
    2008-01-19 07:44 926,776 ----a-w C:\Windows\System32\winresume.exe
    2008-01-19 07:43 614,968 ----a-w C:\Windows\System32\ci.dll
    2008-01-19 07:43 376,376 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
    2008-01-19 07:43 3,600,440 ----a-w C:\Windows\System32\ntkrnlpa.exe
    2008-01-19 07:43 3,548,728 ----a-w C:\Windows\System32\ntoskrnl.exe
    2008-01-19 07:42 94,776 ----a-w C:\Windows\System32\MigAutoPlay.exe
    2008-01-19 07:42 51,768 ----a-w C:\Windows\System32\PSHED.DLL
    2008-01-19 07:42 247,352 ----a-w C:\Windows\System32\clfs.sys
    2008-01-19 07:42 177,208 ----a-w C:\Windows\System32\halmacpi.dll
    2008-01-19 07:42 141,880 ----a-w C:\Windows\System32\halacpi.dll
    2008-01-19 07:41 24,120 ----a-w C:\Windows\System32\BOOTVID.DLL
    2008-01-19 07:41 21,560 ----a-w C:\Windows\System32\kdusb.dll
    2008-01-19 07:41 19,512 ----a-w C:\Windows\System32\kdcom.dll
    2008-01-19 07:38 46,080 ----a-w C:\Windows\System32\NAPCRYPT.DLL
    2008-01-19 07:38 4,595,712 ----a-w C:\Windows\System32\AuthFWSnapin.dll
    2008-01-19 07:38 242,744 ----a-w C:\Windows\System32\rsaenh.dll
    2008-01-19 07:38 155,704 ----a-w C:\Windows\System32\dssenh.dll
    2008-01-19 07:38 131,640 ----a-w C:\Windows\System32\basecsp.dll
    2008-01-19 07:38 103,936 ----a-w C:\Windows\System32\NAPHLPR.DLL
    2008-01-19 07:38 1,203,792 ----a-w C:\Windows\System32\ntdll.dll
    2008-01-19 07:36 996,352 ----a-w C:\Windows\System32\WMNetMgr.dll
    2008-01-19 07:35 98,304 ----a-w C:\Windows\System32\mssitlb.dll
    2008-01-19 07:34 98,816 ----a-w C:\Windows\System32\mfps.dll
    2008-01-19 07:33 98,304 ----a-w C:\Windows\System32\makecab.exe
    2008-01-19 07:32 879,616 ----a-w C:\Windows\System32\Bubbles.scr
    2008-01-19 07:32 704,512 ----a-w C:\Windows\System32\PhotoScreensaver.scr
    2008-01-19 07:32 5,714,432 ----a-w C:\Windows\System32\logon.scr
    2008-01-19 07:32 258,048 ----a-w C:\Windows\System32\winspool.drv
    2008-01-19 07:32 221,184 ----a-w C:\Windows\System32\Mystify.scr
    2008-01-19 07:32 220,672 ----a-w C:\Windows\System32\Ribbons.scr
    2008-01-19 07:32 21,504 ----a-w C:\Windows\System32\msacm32.drv
    2008-01-19 07:32 166,912 ----a-w C:\Windows\System32\wdmaud.drv
    2008-01-19 07:32 1,370,624 ----a-w C:\Windows\System32\Aurora.scr
    2008-01-19 07:31 7,680 ----a-w C:\Windows\System32\spwizres.dll
    2008-01-19 07:31 57,856 ----a-w C:\Windows\System32\nlsbres.dll
    2008-01-19 07:31 118,272 ----a-w C:\Windows\System32\RDPENCDD.dll
    2008-01-19 07:30 17,920 ----a-w C:\Windows\System32\netevent.dll
    2008-01-19 07:29 705,536 ----a-w C:\Windows\System32\imagesp1.dll
    2008-01-19 07:29 58,880 ----a-w C:\Windows\System32\msobjs.dll
    2008-01-19 07:28 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
    2008-01-19 07:26 36,864 ----a-w C:\Windows\System32\cdd.dll
    2008-01-19 06:01 14,336 ----a-w C:\Windows\System32\tsddd.dll
    2008-01-19 06:01 134,656 ----a-w C:\Windows\System32\rdpdd.dll
    2008-01-19 05:52 56,320 ----a-w C:\Windows\System32\vga256.dll
    2008-01-19 05:52 21,504 ----a-w C:\Windows\System32\vga64k.dll
    2008-01-19 05:52 11,776 ----a-w C:\Windows\System32\framebuf.dll
    2008-01-19 05:52 10,752 ----a-w C:\Windows\System32\vga.dll
    2008-01-19 05:50 14,848 ----a-w C:\Windows\System32\iscsilog.dll
    2008-01-19 05:48 20,992 ----a-w C:\Windows\System32\msdtcVSp1res.dll
    2008-01-19 05:48 1,291,264 ----a-w C:\Windows\System32\comres.dll
    2008-01-19 05:46 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-01-19 05:39 13,312 ----a-w C:\Windows\System32\WsmRes.dll
    2008-01-19 05:37 2,031,616 ----a-w C:\Windows\System32\win32k.sys
    2008-01-19 05:36 289,792 ----a-w C:\Windows\System32\atmfd.dll
    2008-01-19 05:33 56,320 ----a-w C:\Windows\System32\graftabl.com
    2008-01-19 05:31 8,322,048 ----a-w C:\Windows\System32\spwizimg.dll
    2008-01-19 05:27 8,704 ----a-w C:\Windows\System32\kd1394.dll
    2008-01-19 05:26 605,696 ----a-w C:\Windows\System32\adtschema.dll
    2008-01-19 03:17 100,043 ----a-w C:\Windows\System32\StructuredQuerySchema.bin
    .

    ((((((((((((((((((((((((((((( snapshot_2008-04-06_17.42.12.42 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-04-06 15:39:19 67,584 --s-a-w C:\Windows\bootstat.dat
    + 2008-04-06 15:45:31 67,584 --s-a-w C:\Windows\bootstat.dat
    - 2000-08-31 06:00:00 163,328 ----a-w C:\Windows\erdnt\Hiv-backup\ERDNT.EXE
    + 2005-10-20 18:02:28 163,328 ----a-w C:\Windows\erdnt\Hiv-backup\ERDNT.EXE
    + 2000-08-31 06:00:00 73,728 ----a-w C:\Windows\fdsv.exe
    + 2000-08-31 06:00:00 80,412 ----a-w C:\Windows\grep.exe
    + 2000-08-31 06:00:00 98,816 ----a-w C:\Windows\sed.exe
    - 2008-04-06 15:05:10 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
    + 2008-04-06 16:00:37 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
    - 2008-04-06 15:39:46 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
    + 2008-04-06 15:46:15 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
    + 2008-04-06 15:46:15 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
    - 2008-04-06 15:34:59 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
    + 2008-04-06 16:00:38 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
    - 2008-04-06 15:39:46 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
    + 2008-04-06 15:46:20 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
    + 2008-04-06 15:46:20 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
    + 2000-08-31 06:00:00 161,792 ----a-w C:\Windows\swreg.exe
    + 2000-08-31 06:00:00 136,704 ----a-w C:\Windows\swsc.exe
    + 2000-08-31 06:00:00 212,480 ----a-w C:\Windows\swxcacls.exe
    - 2008-04-06 12:50:57 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-04-06 15:57:45 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-04-06 12:50:57 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-04-06 15:57:45 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-04-06 12:50:57 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-04-06 15:57:45 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-04-01 20:27:33 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
    + 2008-04-06 16:01:03 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
    + 2008-04-06 16:01:03 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1
    - 2008-04-06 12:54:37 101,250 ----a-w C:\Windows\System32\perfc009.dat
    + 2008-04-06 15:50:26 101,250 ----a-w C:\Windows\System32\perfc009.dat
    - 2008-04-06 12:54:37 123,556 ----a-w C:\Windows\System32\perfc00C.dat
    + 2008-04-06 15:50:26 123,556 ----a-w C:\Windows\System32\perfc00C.dat
    - 2008-04-06 12:54:37 587,178 ----a-w C:\Windows\System32\perfh009.dat
    + 2008-04-06 15:50:26 587,178 ----a-w C:\Windows\System32\perfh009.dat
    - 2008-04-06 12:54:37 669,578 ----a-w C:\Windows\System32\perfh00C.dat
    + 2008-04-06 15:50:26 669,578 ----a-w C:\Windows\System32\perfh00C.dat
    - 2008-04-06 12:51:56 9,934 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3212120266-2321494857-432322071-1000_UserData.bin
    + 2008-04-06 15:47:19 10,220 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3212120266-2321494857-432322071-1000_UserData.bin
    - 2008-04-06 12:51:56 73,986 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2008-04-06 15:47:19 74,120 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2008-04-06 15:44:50 3,106 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
    - 2008-04-06 12:51:54 45,394 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2008-04-06 15:47:19 45,678 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2000-08-31 06:00:00 49,152 ----a-w C:\Windows\VFind.exe
    + 2000-08-31 06:00:00 68,096 ----a-w C:\Windows\zip.exe
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 09:38 1008184]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 17:10 4468736 C:\Windows\RtHDVCpl.exe]
    "SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 18:31 630784]
    "OSD"="C:\Program Files\C&E\OSD\osd.exe" [2007-07-10 18:29 557056]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-02-26 20:46 153136]
    "recinfo227"="c:\RecInfo\RecInfo.exe" [2007-09-14 14:53 2768896]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
    "Skytel"="Skytel.exe" [2007-05-07 18:51 1826816 C:\Windows\SkyTel.exe]
    "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-19 01:31 86016]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-19 01:31 8466432]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-19 01:31 81920]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-27 02:13 185896]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 16:27 385024]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-01 20:48:29 124400]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "MSVideo8"= VfWWDM32.dll
    "msacm.mkdmp3enc"= C:\PROGRA~1\CYBERL~1\PowerDV\Kernel\Burner\MKDMP3Enc.ACM

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{8EDC0976-A8DD-4A27-AB90-94576D26EAAA}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{F9C2233C-5E57-419B-8145-F15E94C0DA81}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{60289FB4-1AE7-4C8D-AA51-9C0DE1C1DFAE}"= C:\Program Files\CyberLink\PowerDV\PowerDV.exe:CyberLink PowerDV
    "{5BCEDDEC-846A-4613-B413-7CC3A67D6B79}"= Profile=Public|C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{724A0F51-6057-4659-8DDB-34538D52EF53}"= Profile=Public|C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{F08475B1-D207-4305-971A-341924B0C42F}"= Profile=Public|C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{C416B0BF-E128-4467-AD72-E2624A913971}"= Profile=Public|C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{24266AB6-E61F-495D-85BD-D1EB7666D9F2}"= Profile=Public|C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{DE8072D9-5CA3-468C-A377-A486C8993257}"= Profile=Public|C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{D07BFF1A-E31C-4DCE-9FAF-02021A353F87}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{E8F61A44-4316-4F58-8F23-8874FF472390}"= Disabled:C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{9344DBD9-264D-4DB2-9B46-B4B66A8EBE0F}"= Disabled:C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{78E394E4-ECDC-4DE0-9ED8-F9A06957A1AA}"= Disabled:C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{0C41C101-C5CB-4BFB-BDB0-701CEC9A6A63}"= Disabled:C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{DB1AFE60-C43C-4CA5-83F5-2895BA6BC4BF}"= Disabled:C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{988CA820-A521-43E1-ABB7-EBA6D1F32AED}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{BFB507FC-A936-4215-BB78-93379176CC55}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{68FB2283-B44B-41FF-A018-B56ECCEBACAF}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{2B286345-8171-49BE-831A-A20EDB41689A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{C1CDB8B1-19AE-4C48-A5B9-CCC09AD8B792}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{87435F6C-E5AF-439C-8896-F46A5954BE52}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    R0 Si3531;SiI-3531 SATA Controller;C:\Windows\system32\DRIVERS\Si3531.sys [2007-06-01 19:29]
    R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
    R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 19:32]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 12:43]
    R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler;C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-12-08 10:52]
    R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys [2007-04-04 05:57]
    S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-03-19 18:31]
    S4 nvrd32;NVIDIA nForce RAID Driver;C:\Windows\system32\drivers\nvrd32.sys [2007-07-02 17:37]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-04-05 16:21:30 C:\Windows\Tasks\User_Feed_Synchronization-{FEBC6F36-1544-48B2-A6AD-1719527A11DC}.job"
    - C:\Windows\system32\msfeedssync.exe
    "2008-03-20 19:03:25 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-06 18:03:29
    Windows 6.0.6001 Service Pack 1 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-04-06 18:04:16
    ComboFix-quarantined-files.txt 2008-04-06 16:04:11
    ComboFix2.txt 2008-04-01 20:53:45
    ComboFix3.txt 2008-04-01 20:40:10
    Pre-Run: 114,116,591,616 octets libres
    Post-Run: 114,084,831,232 octets libres
    .
    2008-04-06 11:36:37 --- E O F ---
    6 Avril 2008 18:17:34

    et voici le rapport hijack


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:30:00, on 30/03/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\Program Files\C&E\OSD\osd.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\ProgramData\lygllklm\bazqzenq.exe
    C:\ProgramData\bifiteha\zyxefovs.exe
    C:\Windows\System32\p2phost.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Users\chrisama\AppData\Local\efotaqm.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig?hl=fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: PC-Antispyware Site Blocker Button - {10F0C2A9-8E38-43e3-204D-45524C494E20} - C:\Program Files\PC-Antispyware\IeExtension.dll (file missing)
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    O4 - HKLM\..\Run: [OSD] C:\Program Files\C&E\OSD\osd.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [recinfo227] c:\RecInfo\RecInfo.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
    O4 - HKCU\..\Run: [MBPlayer] "C:\Program Files\MB application\MBPlayer.exe"
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [lygllklm] C:\ProgramData\lygllklm\bazqzenq.exe
    O4 - HKCU\..\Run: [Je07uun31y] C:\ProgramData\bifiteha\zyxefovs.exe
    O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [uimanjpk] C:\ProgramData\uimanjpk\kruxolcp.exe
    O4 - HKCU\..\Run: [efotaqm] c:\users\chrisama\appdata\local\efotaqm.exe efotaqm
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
    O4 - Global Startup: .protected
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe

    --
    End of file - 10020 bytes
    a b 8 Sécurité
    6 Avril 2008 19:44:22

    T'as pas fait ce que j'ai dit là...
    6 Avril 2008 21:19:39

    re... je croyais avoir tout bien fait ! c est quoi que j ai loupé stp

    merci
    a b 8 Sécurité
    6 Avril 2008 22:09:08

    T'as pas fait le CFScript comme indiqué.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS