Salut,

c´est une bonne maniere d´apprendre quelque chose, vu que tu n´y connais rien ;)

Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.

Télécharge maintenant Navilog1 depuis-ce lien :

http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, Fais un Clic-droit sur le raccourci Navilog1 présent sur ton bureau et choisis "Exécuter

en tant qu'administrateur".

Au menu principal, Fais le choix 1
Laisse toi guider et patiente.
Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche le blocnote va s'ouvrir.
Copie-colle l'intégralité du rapport dans une réponse.
Referme le blocnote
Le rapport fixnavi.txt est en outre sauvegardé dans %systemdrive%.

@+
Le meilleur moyen de faire tourner la tête à une femme, c'est de lui dire qu'elle a un joli profil

Ok bien joué ;)

la suite :

Veille à ce que le contrôle des comptes utilisateurs (UAC) soit désactivé.
Fais un Clic-droit sur le raccourci Navilog1 présent sur ton bureau et choisis "Exécuter en tant qu'administrateur".

Au menu principal, Fais le choix 2
Laisse toi guider et patiente.
Le fix va t'informer qu'il va alors redémarrer ton PC
Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts
Appuie sur une touche comme demandé.
(si ton Pc ne redémarre pas automatiquement, fais-le toi-même)
Au redémarrage de ton PC, choisis ta session habituelle si nécessaire.
Patiente jusqu'au message :
*** Nettoyage Termine le ..... ***
Le blocnote va s'ouvrir.
Sauvegarde le rapport de manière à le retrouver
Referme le blocnote. Ton bureau va réapparaître
Réactive le contrôle des comptes utilisateurs (UAC)

PS:Si ton bureau ne réapparaît pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "exécuter"
Tape explorer et valide. Cela te fera apparaître ton bureau

Post le rapport stp

@+
Le meilleur moyen de faire tourner la tête à une femme, c'est de lui dire qu'elle a un joli profil

Bonjour :)
Pour poursuivre mon apprentissage ;)

Merci :)

Tatrtigno,

post un nouveau rapport hijack this stp

@+
Le meilleur moyen de faire tourner la tête à une femme, c'est de lui dire qu'elle a un joli profil

Ok

on va faire autrement...

tu connais ce programme ?

c:\RecInfo

puis

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

-> Tutoriel http://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

@+

Le meilleur moyen de faire tourner la tête à une femme, c'est de lui dire qu'elle a un joli profil

ComboFix 08-06-16.2 - pc 2008-06-17 14:32:31.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1286 [GMT 2:00]
Endroit: C:\Users\pc\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DRIVER\TOUCHPAD\ALPS\_desktop.ini
C:\DRIVER\TOUCHPAD\ALPS\Eula\_desktop.ini
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware-Secure
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware-Secure\Spyware-Secure trial.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware-Secure\Website.lnk
C:\Users\pc\AppData\Local\xruofj.dat
c:\users\pc\appdata\local\xruofj.exe
C:\Users\pc\AppData\Local\xruofj_navps.dat
C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spyware-Secure

.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-17 to 2008-06-17 ))))))))))))))))))))))))))))))))))))
.

2008-06-17 13:35 . 2008-06-17 14:06 <REP> d-------- C:\Program Files\Navilog1
2008-06-17 13:09 . 2008-06-17 13:09 <REP> d-------- C:\Users\pc\AppData\Roaming\Lavasoft
2008-06-17 13:08 . 2008-06-17 13:08 <REP> d-------- C:\Users\pc\AppData\Roaming\PC Tools
2008-06-17 13:08 . 2008-06-17 14:12 <REP> d-a------ C:\Users\All Users\TEMP
2008-06-17 13:08 . 2008-06-17 14:12 <REP> d-a------ C:\ProgramData\TEMP
2008-06-17 13:08 . 2008-06-17 13:20 <REP> d-------- C:\Program Files\Spyware Doctor
2008-06-17 13:08 . 2007-12-10 13:53 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys
2008-06-17 13:08 . 2007-12-10 13:53 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys
2008-06-17 13:08 . 2008-02-01 11:55 42,376 --a------ C:\Windows\System32\drivers\ikfilesec.sys
2008-06-17 13:08 . 2007-12-10 13:53 29,576 --a------ C:\Windows\System32\drivers\kcom.sys
2008-06-17 13:07 . 2008-06-17 13:09 <REP> d-------- C:\Program Files\SpywareBlaster
2008-06-17 13:07 . 2008-06-17 13:07 <REP> d-------- C:\Program Files\Lavasoft
2008-06-17 13:07 . 2005-08-25 18:19 115,920 --a------ C:\Windows\System32\MSINET.OCX
2008-06-17 13:03 . 2008-06-17 13:03 <REP> d-------- C:\Users\All Users\Prevx
2008-06-17 13:03 . 2008-06-17 13:05 <REP> d-------- C:\Temp
2008-06-17 13:03 . 2008-06-17 13:03 <REP> d-------- C:\ProgramData\Prevx
2008-06-17 12:56 . 2008-06-17 13:30 <REP> d-------- C:\Program Files\Hitman Pro
2008-06-15 15:18 . 2008-06-15 15:18 <REP> d-------- C:\Windows\System32\Kaspersky Lab
2008-06-14 18:59 . 2008-04-23 07:11 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-06-14 18:59 . 2008-04-23 06:27 428,032 --a------ C:\Windows\System32\EncDec.dll
2008-06-14 18:59 . 2008-04-23 06:27 292,352 --a------ C:\Windows\System32\psisdecd.dll
2008-06-14 18:59 . 2008-04-23 06:26 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-14 18:59 . 2008-04-23 06:26 80,896 --a------ C:\Windows\System32\MSNP.ax
2008-06-14 18:59 . 2008-04-23 06:26 68,608 --a------ C:\Windows\System32\Mpeg2Data.ax
2008-06-14 18:59 . 2008-04-23 06:26 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-14 14:32 . 2008-06-14 14:32 786 --a------ C:\Windows\wininit.ini
2008-06-14 13:40 . 2008-06-17 13:02 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-06-14 13:40 . 2008-06-17 13:02 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-06-14 13:40 . 2008-06-14 13:40 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-12 22:14 . 2008-06-12 22:14 <REP> d-------- C:\Program Files\Apple Software Update
2008-06-12 14:17 . 2008-06-12 14:17 <REP> d-------- C:\Users\pc\AppData\Roaming\Apple Computer
2008-06-12 14:17 . 2008-06-12 14:17 <REP> d-------- C:\Program Files\iTunes
2008-06-12 14:17 . 2008-06-12 14:17 <REP> d-------- C:\Program Files\iPod
2008-06-12 14:15 . 2008-06-12 14:15 <REP> d-------- C:\Program Files\Bonjour
2008-06-12 14:14 . 2008-06-12 14:17 <REP> d-------- C:\Users\All Users\Apple Computer
2008-06-12 14:14 . 2008-06-12 14:17 <REP> d-------- C:\ProgramData\Apple Computer
2008-06-12 14:14 . 2008-06-12 14:15 <REP> d-------- C:\Program Files\QuickTime
2008-06-12 14:08 . 2008-06-12 14:08 <REP> d-------- C:\Program Files\Common Files\Apple
2008-06-05 11:32 . 2008-06-05 11:32 <REP> d-------- C:\Program Files\Alwil Software
2008-06-05 11:32 . 2008-05-16 01:18 50,768 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-06-02 13:39 . 2008-06-02 13:39 <REP> d-------- C:\Users\All Users\Symantec Temporary Files
2008-06-02 13:39 . 2008-06-02 13:39 <REP> d-------- C:\ProgramData\Symantec Temporary Files
2008-06-02 11:49 . 2008-03-08 02:37 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-06-02 11:49 . 2008-03-08 06:30 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-05-30 13:28 . 2008-05-30 13:35 <REP> d-------- C:\Users\All Users\ma-config.com
2008-05-30 13:28 . 2008-05-30 13:35 <REP> d-------- C:\ProgramData\ma-config.com
2008-05-30 13:28 . 2008-05-30 13:28 <REP> d-------- C:\Program Files\ma-config.com
2008-05-29 14:52 . 2008-05-29 14:53 <REP> d-------- C:\Users\All Users\WinZip
2008-05-29 14:52 . 2008-05-29 14:53 <REP> d-------- C:\ProgramData\WinZip
2008-05-29 14:42 . 2008-05-29 14:42 <REP> d-------- C:\Users\pc\AppData\Roaming\SystemRequirementsLab
2008-05-29 14:00 . 2008-05-29 14:00 <REP> d-------- C:\Program Files\Intel
2008-05-29 13:33 . 2008-05-29 14:50 <REP> d-------- C:\NVIDIA
2008-05-29 04:31 . 2008-05-29 04:31 <REP> d-------- C:\fsctmp
2008-05-29 04:13 . 2008-05-29 04:32 <REP> d-------- C:\$fsctmp
2008-05-27 10:50 . 2008-05-27 10:50 90,112 --a------ C:\Windows\System32\QuickTimeVR.qtx
2008-05-27 10:50 . 2008-05-27 10:50 57,344 --a------ C:\Windows\System32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-17 12:32 --------- d-----w C:\Users\pc\AppData\Roaming\DNA
2008-06-17 12:13 --------- d-----w C:\Users\pc\AppData\Roaming\OpenOffice.org2
2008-06-15 17:31 312 ----a-w C:\Users\pc\AppData\Roaming\wklnhst.dat
2008-06-11 10:11 --------- d-----w C:\Program Files\Windows Mail
2008-06-06 16:35 27,050 ----a-w C:\Users\pc\AppData\Roaming\nvModes.dat
2008-06-05 09:27 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-05 09:23 --------- d-----w C:\ProgramData\Symantec
2008-06-01 19:11 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-15 07:35 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-11 11:06 --------- d-----w C:\Users\pc\AppData\Roaming\Ahead
2008-05-10 16:12 --------- d-----w C:\Program Files\DivX
2008-05-10 16:12 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-05-10 03:30 14,848 ----a-w C:\Windows\System32\wshrm.dll
2008-05-10 01:21 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys
2008-05-04 10:14 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-01 22:20 --------- d-----w C:\Program Files\Google
2008-05-01 22:19 --------- d-----w C:\Users\pc\AppData\Roaming\BitTorrent
2008-05-01 19:22 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-05-01 19:21 --------- d-----w C:\Program Files\Java
2008-05-01 19:12 --------- d-----w C:\Program Files\Common Files\Java
2008-05-01 17:34 --------- d-----w C:\Program Files\DNA
2008-05-01 17:34 --------- d-----w C:\Program Files\BitTorrent
2008-04-29 03:50 181,760 ----a-w C:\Windows\System32\fsquirt.exe
2008-04-29 01:42 29,184 ----a-w C:\Windows\system32\drivers\BTHUSB.SYS
2008-04-29 01:42 220,160 ----a-w C:\Windows\system32\drivers\bthport.sys
2008-04-29 01:42 19,456 ----a-w C:\Windows\system32\drivers\bthenum.sys
2008-04-26 08:02 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-04-25 04:23 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-04-25 04:23 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-04-25 04:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-25 04:22 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-04-23 21:37 --------- d-----w C:\Program Files\Snood 4 Beta
2008-04-21 19:56 --------- d-----w C:\ProgramData\Apple
2008-04-21 19:23 --------- d-----w C:\Program Files\Common Files\xing shared
2008-04-21 19:22 --------- d-----w C:\Program Files\Real
2008-04-21 19:22 --------- d-----w C:\Program Files\Common Files\Real
2008-04-15 22:28 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-04-15 22:25 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-04-15 22:25 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-04-15 22:25 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-04-15 22:25 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-04-15 22:25 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-04-15 22:23 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-04-15 22:23 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-04-15 22:23 2,048 ----a-w C:\Windows\System32\asferror.dll
2008-04-15 22:23 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-04-15 22:22 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-04-15 22:21 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-04-15 22:18 83,968 ----a-w C:\Windows\System32\dnsrslvr.dll
2008-04-15 22:18 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe
2008-04-15 22:15 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-04-15 18:26 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2008-04-15 18:26 43,352 ----a-w C:\Windows\System32\wups2.dll
2008-04-15 18:26 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2008-04-15 18:26 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2008-04-15 18:24 80,896 ----a-w C:\Windows\System32\wudriver.dll
2008-04-15 18:24 549,720 ----a-w C:\Windows\System32\wuapi.dll
2008-04-15 18:24 33,624 ----a-w C:\Windows\System32\wups.dll
2008-04-15 18:22 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-04-15 18:22 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2008-03-31 21:25 831,488 ----a-w C:\Windows\System32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\Windows\System32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-03-21 20:30 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2006-07-01 20:51 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-04-16 00:21 1232896]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-06-17 13:33 289088]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-19 01:31 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-19 01:31 8466432]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-19 01:31 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 14:46 4349952 C:\Windows\RtHDVCpl.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2006-11-07 20:57 159744]
"PowerManager"="C:\Program Files\Power Manager\PM.exe" [2007-03-13 15:01 29696]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-02-26 20:46 153136]
"recinfo949"="c:\RecInfo\RecInfo.exe" [2007-10-23 14:52 2764800]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-21 21:22 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 11:13 267048]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-04-10 15:14 1107848]

C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 15:41:28 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\CYBERL~1\PowerDV\Kernel\Burner\MKDMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{71C4CC73-B84E-4716-B187-6DBEEC4A401C}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A2581A0C-10ED-4B4D-83A8-6086698F8345}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{911B8E04-8384-4841-8DC8-790AB4A0BAE5}"= C:\Program Files\CyberLink\PowerDV\PowerDV.exe:CyberLink PowerDV
"TCP Query User{DEF90AD0-6FF5-43C3-A803-62C3D34D7260}C:\\program files\\intervideo\\dvd8\\windvd.exe"= UDP:C:\program files\intervideo\dvd8\windvd.exe:WinDVD
"UDP Query User{58B01574-C99A-4753-A749-9D3A3C96537D}C:\\program files\\intervideo\\dvd8\\windvd.exe"= TCP:C:\program files\intervideo\dvd8\windvd.exe:WinDVD
"{CEB6FD2B-C374-49E8-85BD-F5D47A02AC1D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7F44FAA2-EBBC-4D69-9B0A-901BA63726DC}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{20CC182E-CF3E-45C0-B2D8-C2A22D025CFE}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{4A0A33FA-7F04-4DF9-B459-688BA2C0058C}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{532BC6B0-5389-4F7E-885A-CD2D2D776595}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{2342EBA1-86CF-40D4-AD39-37111CA42FC5}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{C8CBC93E-6C5B-4296-8DF8-3D24F67FC1B5}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{9936E522-4662-495A-BF17-6C4465927D4E}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{8B0798A3-27EB-4FA5-98FB-6645B8739345}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler;C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-12-08 10:52]
R3 smscirrx;SMSC CIR Receive;C:\Windows\system32\DRIVERS\smscirrx.sys [2007-02-02 09:51]
S4 nvrd32;NVIDIA nForce RAID Driver;C:\Windows\system32\drivers\nvrd32.sys [2007-07-02 17:37]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-06-16 16:03:22 C:\Windows\Tasks\User_Feed_Synchronization-{13358AD7-836B-4B75-97B4-D23FF30957F4}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-17 14:35:04
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-06-17 14:36:05
ComboFix-quarantined-files.txt 2008-06-17 12:35:56

Pre-Run: 62,072,303,616 octets libres
Post-Run: 63,097,663,488 octets libres

247 --- E O F --- 2008-06-15 01:56:00
ComboFix 08-06-16.2 - pc 2008-06-17 14:32:31.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1286 [GMT 2:00]
Endroit: C:\Users\pc\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DRIVER\TOUCHPAD\ALPS\_desktop.ini
C:\DRIVER\TOUCHPAD\ALPS\Eula\_desktop.ini
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware-Secure
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware-Secure\Spyware-Secure trial.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware-Secure\Website.lnk
C:\Users\pc\AppData\Local\xruofj.dat
c:\users\pc\appdata\local\xruofj.exe
C:\Users\pc\AppData\Local\xruofj_navps.dat
C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spyware-Secure

.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-17 to 2008-06-17 ))))))))))))))))))))))))))))))))))))
.

2008-06-17 13:35 . 2008-06-17 14:06 <REP> d-------- C:\Program Files\Navilog1
2008-06-17 13:09 . 2008-06-17 13:09 <REP> d-------- C:\Users\pc\AppData\Roaming\Lavasoft
2008-06-17 13:08 . 2008-06-17 13:08 <REP> d-------- C:\Users\pc\AppData\Roaming\PC Tools
2008-06-17 13:08 . 2008-06-17 14:12 <REP> d-a------ C:\Users\All Users\TEMP
2008-06-17 13:08 . 2008-06-17 14:12 <REP> d-a------ C:\ProgramData\TEMP
2008-06-17 13:08 . 2008-06-17 13:20 <REP> d-------- C:\Program Files\Spyware Doctor
2008-06-17 13:08 . 2007-12-10 13:53 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys
2008-06-17 13:08 . 2007-12-10 13:53 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys
2008-06-17 13:08 . 2008-02-01 11:55 42,376 --a------ C:\Windows\System32\drivers\ikfilesec.sys
2008-06-17 13:08 . 2007-12-10 13:53 29,576 --a------ C:\Windows\System32\drivers\kcom.sys
2008-06-17 13:07 . 2008-06-17 13:09 <REP> d-------- C:\Program Files\SpywareBlaster
2008-06-17 13:07 . 2008-06-17 13:07 <REP> d-------- C:\Program Files\Lavasoft
2008-06-17 13:07 . 2005-08-25 18:19 115,920 --a------ C:\Windows\System32\MSINET.OCX
2008-06-17 13:03 . 2008-06-17 13:03 <REP> d-------- C:\Users\All Users\Prevx
2008-06-17 13:03 . 2008-06-17 13:05 <REP> d-------- C:\Temp
2008-06-17 13:03 . 2008-06-17 13:03 <REP> d-------- C:\ProgramData\Prevx
2008-06-17 12:56 . 2008-06-17 13:30 <REP> d-------- C:\Program Files\Hitman Pro
2008-06-15 15:18 . 2008-06-15 15:18 <REP> d-------- C:\Windows\System32\Kaspersky Lab
2008-06-14 18:59 . 2008-04-23 07:11 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-06-14 18:59 . 2008-04-23 06:27 428,032 --a------ C:\Windows\System32\EncDec.dll
2008-06-14 18:59 . 2008-04-23 06:27 292,352 --a------ C:\Windows\System32\psisdecd.dll
2008-06-14 18:59 . 2008-04-23 06:26 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-14 18:59 . 2008-04-23 06:26 80,896 --a------ C:\Windows\System32\MSNP.ax
2008-06-14 18:59 . 2008-04-23 06:26 68,608 --a------ C:\Windows\System32\Mpeg2Data.ax
2008-06-14 18:59 . 2008-04-23 06:26 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-14 14:32 . 2008-06-14 14:32 786 --a------ C:\Windows\wininit.ini
2008-06-14 13:40 . 2008-06-17 13:02 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-06-14 13:40 . 2008-06-17 13:02 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-06-14 13:40 . 2008-06-14 13:40 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-12 22:14 . 2008-06-12 22:14 <REP> d-------- C:\Program Files\Apple Software Update
2008-06-12 14:17 . 2008-06-12 14:17 <REP> d-------- C:\Users\pc\AppData\Roaming\Apple Computer
2008-06-12 14:17 . 2008-06-12 14:17 <REP> d-------- C:\Program Files\iTunes
2008-06-12 14:17 . 2008-06-12 14:17 <REP> d-------- C:\Program Files\iPod
2008-06-12 14:15 . 2008-06-12 14:15 <REP> d-------- C:\Program Files\Bonjour
2008-06-12 14:14 . 2008-06-12 14:17 <REP> d-------- C:\Users\All Users\Apple Computer
2008-06-12 14:14 . 2008-06-12 14:17 <REP> d-------- C:\ProgramData\Apple Computer
2008-06-12 14:14 . 2008-06-12 14:15 <REP> d-------- C:\Program Files\QuickTime
2008-06-12 14:08 . 2008-06-12 14:08 <REP> d-------- C:\Program Files\Common Files\Apple
2008-06-05 11:32 . 2008-06-05 11:32 <REP> d-------- C:\Program Files\Alwil Software
2008-06-05 11:32 . 2008-05-16 01:18 50,768 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-06-02 13:39 . 2008-06-02 13:39 <REP> d-------- C:\Users\All Users\Symantec Temporary Files
2008-06-02 13:39 . 2008-06-02 13:39 <REP> d-------- C:\ProgramData\Symantec Temporary Files
2008-06-02 11:49 . 2008-03-08 02:37 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-06-02 11:49 . 2008-03-08 06:30 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-05-30 13:28 . 2008-05-30 13:35 <REP> d-------- C:\Users\All Users\ma-config.com
2008-05-30 13:28 . 2008-05-30 13:35 <REP> d-------- C:\ProgramData\ma-config.com
2008-05-30 13:28 . 2008-05-30 13:28 <REP> d-------- C:\Program Files\ma-config.com
2008-05-29 14:52 . 2008-05-29 14:53 <REP> d-------- C:\Users\All Users\WinZip
2008-05-29 14:52 . 2008-05-29 14:53 <REP> d-------- C:\ProgramData\WinZip
2008-05-29 14:42 . 2008-05-29 14:42 <REP> d-------- C:\Users\pc\AppData\Roaming\SystemRequirementsLab
2008-05-29 14:00 . 2008-05-29 14:00 <REP> d-------- C:\Program Files\Intel
2008-05-29 13:33 . 2008-05-29 14:50 <REP> d-------- C:\NVIDIA
2008-05-29 04:31 . 2008-05-29 04:31 <REP> d-------- C:\fsctmp
2008-05-29 04:13 . 2008-05-29 04:32 <REP> d-------- C:\$fsctmp
2008-05-27 10:50 . 2008-05-27 10:50 90,112 --a------ C:\Windows\System32\QuickTimeVR.qtx
2008-05-27 10:50 . 2008-05-27 10:50 57,344 --a------ C:\Windows\System32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-17 12:32 --------- d-----w C:\Users\pc\AppData\Roaming\DNA
2008-06-17 12:13 --------- d-----w C:\Users\pc\AppData\Roaming\OpenOffice.org2
2008-06-15 17:31 312 ----a-w C:\Users\pc\AppData\Roaming\wklnhst.dat
2008-06-11 10:11 --------- d-----w C:\Program Files\Windows Mail
2008-06-06 16:35 27,050 ----a-w C:\Users\pc\AppData\Roaming\nvModes.dat
2008-06-05 09:27 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-05 09:23 --------- d-----w C:\ProgramData\Symantec
2008-06-01 19:11 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-15 07:35 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-11 11:06 --------- d-----w C:\Users\pc\AppData\Roaming\Ahead
2008-05-10 16:12 --------- d-----w C:\Program Files\DivX
2008-05-10 16:12 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-05-10 03:30 14,848 ----a-w C:\Windows\System32\wshrm.dll
2008-05-10 01:21 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys
2008-05-04 10:14 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-01 22:20 --------- d-----w C:\Program Files\Google
2008-05-01 22:19 --------- d-----w C:\Users\pc\AppData\Roaming\BitTorrent
2008-05-01 19:22 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-05-01 19:21 --------- d-----w C:\Program Files\Java
2008-05-01 19:12 --------- d-----w C:\Program Files\Common Files\Java
2008-05-01 17:34 --------- d-----w C:\Program Files\DNA
2008-05-01 17:34 --------- d-----w C:\Program Files\BitTorrent
2008-04-29 03:50 181,760 ----a-w C:\Windows\System32\fsquirt.exe
2008-04-29 01:42 29,184 ----a-w C:\Windows\system32\drivers\BTHUSB.SYS
2008-04-29 01:42 220,160 ----a-w C:\Windows\system32\drivers\bthport.sys
2008-04-29 01:42 19,456 ----a-w C:\Windows\system32\drivers\bthenum.sys
2008-04-26 08:02 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-04-25 04:23 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-04-25 04:23 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-04-25 04:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-25 04:22 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-04-23 21:37 --------- d-----w C:\Program Files\Snood 4 Beta
2008-04-21 19:56 --------- d-----w C:\ProgramData\Apple
2008-04-21 19:23 --------- d-----w C:\Program Files\Common Files\xing shared
2008-04-21 19:22 --------- d-----w C:\Program Files\Real
2008-04-21 19:22 --------- d-----w C:\Program Files\Common Files\Real
2008-04-15 22:28 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-04-15 22:25 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-04-15 22:25 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-04-15 22:25 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-04-15 22:25 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-04-15 22:25 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-04-15 22:23 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-04-15 22:23 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-04-15 22:23 2,048 ----a-w C:\Windows\System32\asferror.dll
2008-04-15 22:23 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-04-15 22:22 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-04-15 22:21 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-04-15 22:18 83,968 ----a-w C:\Windows\System32\dnsrslvr.dll
2008-04-15 22:18 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe
2008-04-15 22:15 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-04-15 18:26 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2008-04-15 18:26 43,352 ----a-w C:\Windows\System32\wups2.dll
2008-04-15 18:26 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2008-04-15 18:26 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2008-04-15 18:24 80,896 ----a-w C:\Windows\System32\wudriver.dll
2008-04-15 18:24 549,720 ----a-w C:\Windows\System32\wuapi.dll
2008-04-15 18:24 33,624 ----a-w C:\Windows\System32\wups.dll
2008-04-15 18:22 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-04-15 18:22 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2008-03-31 21:25 831,488 ----a-w C:\Windows\System32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\Windows\System32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-03-21 20:30 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2006-07-01 20:51 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-04-16 00:21 1232896]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-06-17 13:33 289088]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-19 01:31 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-19 01:31 8466432]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-19 01:31 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 14:46 4349952 C:\Windows\RtHDVCpl.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2006-11-07 20:57 159744]
"PowerManager"="C:\Program Files\Power Manager\PM.exe" [2007-03-13 15:01 29696]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-02-26 20:46 153136]
"recinfo949"="c:\RecInfo\RecInfo.exe" [2007-10-23 14:52 2764800]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-21 21:22 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 11:13 267048]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-04-10 15:14 1107848]

C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 15:41:28 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\CYBERL~1\PowerDV\Kernel\Burner\MKDMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{71C4CC73-B84E-4716-B187-6DBEEC4A401C}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A2581A0C-10ED-4B4D-83A8-6086698F8345}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{911B8E04-8384-4841-8DC8-790AB4A0BAE5}"= C:\Program Files\CyberLink\PowerDV\PowerDV.exe:CyberLink PowerDV
"TCP Query User{DEF90AD0-6FF5-43C3-A803-62C3D34D7260}C:\\program files\\intervideo\\dvd8\\windvd.exe"= UDP:C:\program files\intervideo\dvd8\windvd.exe:WinDVD
"UDP Query User{58B01574-C99A-4753-A749-9D3A3C96537D}C:\\program files\\intervideo\\dvd8\\windvd.exe"= TCP:C:\program files\intervideo\dvd8\windvd.exe:WinDVD
"{CEB6FD2B-C374-49E8-85BD-F5D47A02AC1D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7F44FAA2-EBBC-4D69-9B0A-901BA63726DC}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{20CC182E-CF3E-45C0-B2D8-C2A22D025CFE}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{4A0A33FA-7F04-4DF9-B459-688BA2C0058C}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{532BC6B0-5389-4F7E-885A-CD2D2D776595}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{2342EBA1-86CF-40D4-AD39-37111CA42FC5}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{C8CBC93E-6C5B-4296-8DF8-3D24F67FC1B5}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{9936E522-4662-495A-BF17-6C4465927D4E}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{8B0798A3-27EB-4FA5-98FB-6645B8739345}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler;C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-12-08 10:52]
R3 smscirrx;SMSC CIR Receive;C:\Windows\system32\DRIVERS\smscirrx.sys [2007-02-02 09:51]
S4 nvrd32;NVIDIA nForce RAID Driver;C:\Windows\system32\drivers\nvrd32.sys [2007-07-02 17:37]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-06-16 16:03:22 C:\Windows\Tasks\User_Feed_Synchronization-{13358AD7-836B-4B75-97B4-D23FF30957F4}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-17 14:35:04
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-06-17 14:36:05
ComboFix-quarantined-files.txt 2008-06-17 12:35:56

Pre-Run: 62,072,303,616 octets libres
Post-Run: 63,097,663,488 octets libres

247 --- E O F --- 2008-06-15 01:56:00

Ok

post un nouveau rapport hijack this stp

tu m´a pas dit ce que tu penssais de ceci :

c:\RecInfo

@+
Le meilleur moyen de faire tourner la tête à une femme, c'est de lui dire qu'elle a un joli profil

Back!
Bon RecInfo, je ne parviens pas à le lancer (pas formaté comme il faut). Le nouveau rapport hijack :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:03:47, on 17/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Power Manager\PM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Users\pc\Program Files\DNA\btdna.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
C:\Users\pc\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [recinfo949] c:\RecInfo\RecInfo.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Spyware-Secure] C:\Program Files\Spyware-Secure\Spyware-Secure_trial.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [xruofj] c:\users\pc\appdata\local\xruofj.exe xruofj
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
End of file - 8554 bytes


Courage...

Re,

il te sert a quoi rec info ?

puis fais ceci :

Copie le texte ci-dessous :

File::
c:\users\pc\appdata\local\xruofj.exe
c:\users\pc\appdata\local\xruofj.dat
c:\users\pc\appdata\local\xruofj_navps.dat

Folder::
C:\Program Files\Spyware-Secure

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio­n\Run]
"Spyware-Secure"=-

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

@+
Le meilleur moyen de faire tourner la tête à une femme, c'est de lui dire qu'elle a un joli profil

Je passe a table, fais combofix avec le script comme je te l´ai expliqué au post 14

@+
Le meilleur moyen de faire tourner la tête à une femme, c'est de lui dire qu'elle a un joli profil

Rapport combofix :
ComboFix 08-06-16.2 - pc 2008-06-17 19:02:34.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1313 [GMT 2:00]
Endroit: C:\Users\pc\Desktop\ComboFix.exe
Command switches used :: C:\Users\pc\Desktop\CFScript.txt
* Création d'un nouveau point de restauration

FILE ::
c:\users\pc\appdata\local\xruofj.dat
c:\users\pc\appdata\local\xruofj.exe
c:\users\pc\appdata\local\xruofj_navps.dat
.

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-17 to 2008-06-17 ))))))))))))))))))))))))))))))))))))
.

2008-06-17 13:35 . 2008-06-17 14:06 <REP> d-------- C:\Program Files\Navilog1
2008-06-17 13:09 . 2008-06-17 13:09 <REP> d-------- C:\Users\pc\AppData\Roaming\Lavasoft
2008-06-17 13:08 . 2008-06-17 13:08 <REP> d-------- C:\Users\pc\AppData\Roaming\PC Tools
2008-06-17 13:08 . 2008-06-17 19:12 <REP> d-a------ C:\Users\All Users\TEMP
2008-06-17 13:08 . 2008-06-17 19:12 <REP> d-a------ C:\ProgramData\TEMP
2008-06-17 13:08 . 2008-06-17 13:20 <REP> d-------- C:\Program Files\Spyware Doctor
2008-06-17 13:08 . 2007-12-10 13:53 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys
2008-06-17 13:08 . 2007-12-10 13:53 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys
2008-06-17 13:08 . 2008-02-01 11:55 42,376 --a------ C:\Windows\System32\drivers\ikfilesec.sys
2008-06-17 13:08 . 2007-12-10 13:53 29,576 --a------ C:\Windows\System32\drivers\kcom.sys
2008-06-17 13:07 . 2008-06-17 13:09 <REP> d-------- C:\Program Files\SpywareBlaster
2008-06-17 13:07 . 2008-06-17 13:07 <REP> d-------- C:\Program Files\Lavasoft
2008-06-17 13:07 . 2005-08-25 18:19 115,920 --a------ C:\Windows\System32\MSINET.OCX
2008-06-17 13:03 . 2008-06-17 13:03 <REP> d-------- C:\Users\All Users\Prevx
2008-06-17 13:03 . 2008-06-17 13:05 <REP> d-------- C:\Temp
2008-06-17 13:03 . 2008-06-17 13:03 <REP> d-------- C:\ProgramData\Prevx
2008-06-17 12:56 . 2008-06-17 13:30 <REP> d-------- C:\Program Files\Hitman Pro
2008-06-15 15:18 . 2008-06-15 15:18 <REP> d-------- C:\Windows\System32\Kaspersky Lab
2008-06-14 18:59 . 2008-04-23 07:11 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-06-14 18:59 . 2008-04-23 06:27 428,032 --a------ C:\Windows\System32\EncDec.dll
2008-06-14 18:59 . 2008-04-23 06:27 292,352 --a------ C:\Windows\System32\psisdecd.dll
2008-06-14 18:59 . 2008-04-23 06:26 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-14 18:59 . 2008-04-23 06:26 80,896 --a------ C:\Windows\System32\MSNP.ax
2008-06-14 18:59 . 2008-04-23 06:26 68,608 --a------ C:\Windows\System32\Mpeg2Data.ax
2008-06-14 18:59 . 2008-04-23 06:26 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-14 14:32 . 2008-06-14 14:32 786 --a------ C:\Windows\wininit.ini
2008-06-14 13:40 . 2008-06-17 14:40 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-06-14 13:40 . 2008-06-17 14:40 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-06-14 13:40 . 2008-06-17 14:39 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-12 22:14 . 2008-06-12 22:14 <REP> d-------- C:\Program Files\Apple Software Update
2008-06-12 14:17 . 2008-06-12 14:17 <REP> d-------- C:\Users\pc\AppData\Roaming\Apple Computer
2008-06-12 14:17 . 2008-06-12 14:17 <REP> d-------- C:\Program Files\iTunes
2008-06-12 14:17 . 2008-06-12 14:17 <REP> d-------- C:\Program Files\iPod
2008-06-12 14:15 . 2008-06-12 14:15 <REP> d-------- C:\Program Files\Bonjour
2008-06-12 14:14 . 2008-06-12 14:17 <REP> d-------- C:\Users\All Users\Apple Computer
2008-06-12 14:14 . 2008-06-12 14:17 <REP> d-------- C:\ProgramData\Apple Computer
2008-06-12 14:14 . 2008-06-12 14:15 <REP> d-------- C:\Program Files\QuickTime
2008-06-12 14:08 . 2008-06-12 14:08 <REP> d-------- C:\Program Files\Common Files\Apple
2008-06-05 11:32 . 2008-06-05 11:32 <REP> d-------- C:\Program Files\Alwil Software
2008-06-05 11:32 . 2008-05-16 01:18 50,768 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-06-02 13:39 . 2008-06-02 13:39 <REP> d-------- C:\Users\All Users\Symantec Temporary Files
2008-06-02 13:39 . 2008-06-02 13:39 <REP> d-------- C:\ProgramData\Symantec Temporary Files
2008-06-02 11:49 . 2008-03-08 02:37 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-06-02 11:49 . 2008-03-08 06:30 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-05-30 13:28 . 2008-05-30 13:35 <REP> d-------- C:\Users\All Users\ma-config.com
2008-05-30 13:28 . 2008-05-30 13:35 <REP> d-------- C:\ProgramData\ma-config.com
2008-05-30 13:28 . 2008-05-30 13:28 <REP> d-------- C:\Program Files\ma-config.com
2008-05-29 14:52 . 2008-05-29 14:53 <REP> d-------- C:\Users\All Users\WinZip
2008-05-29 14:52 . 2008-05-29 14:53 <REP> d-------- C:\ProgramData\WinZip
2008-05-29 14:42 . 2008-05-29 14:42 <REP> d-------- C:\Users\pc\AppData\Roaming\SystemRequirementsLab
2008-05-29 14:00 . 2008-05-29 14:00 <REP> d-------- C:\Program Files\Intel
2008-05-29 13:33 . 2008-05-29 14:50 <REP> d-------- C:\NVIDIA
2008-05-29 04:31 . 2008-05-29 04:31 <REP> d-------- C:\fsctmp
2008-05-29 04:13 . 2008-05-29 04:32 <REP> d-------- C:\$fsctmp
2008-05-27 10:50 . 2008-05-27 10:50 90,112 --a------ C:\Windows\System32\QuickTimeVR.qtx
2008-05-27 10:50 . 2008-05-27 10:50 57,344 --a------ C:\Windows\System32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-17 17:13 --------- d-----w C:\Users\pc\AppData\Roaming\OpenOffice.org2
2008-06-17 17:05 --------- d-----w C:\Users\pc\AppData\Roaming\DNA
2008-06-15 17:31 312 ----a-w C:\Users\pc\AppData\Roaming\wklnhst.dat
2008-06-11 10:11 --------- d-----w C:\Program Files\Windows Mail
2008-06-06 16:35 27,050 ----a-w C:\Users\pc\AppData\Roaming\nvModes.dat
2008-06-05 09:27 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-05 09:23 --------- d-----w C:\ProgramData\Symantec
2008-06-01 19:11 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-15 07:35 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-11 11:06 --------- d-----w C:\Users\pc\AppData\Roaming\Ahead
2008-05-10 16:12 --------- d-----w C:\Program Files\DivX
2008-05-10 16:12 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-05-10 03:30 14,848 ----a-w C:\Windows\System32\wshrm.dll
2008-05-10 01:21 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys
2008-05-04 10:14 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-01 22:20 --------- d-----w C:\Program Files\Google
2008-05-01 22:19 --------- d-----w C:\Users\pc\AppData\Roaming\BitTorrent
2008-05-01 19:22 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-05-01 19:21 --------- d-----w C:\Program Files\Java
2008-05-01 19:12 --------- d-----w C:\Program Files\Common Files\Java
2008-05-01 17:34 --------- d-----w C:\Program Files\DNA
2008-05-01 17:34 --------- d-----w C:\Program Files\BitTorrent
2008-04-29 03:50 181,760 ----a-w C:\Windows\System32\fsquirt.exe
2008-04-29 01:42 29,184 ----a-w C:\Windows\system32\drivers\BTHUSB.SYS
2008-04-29 01:42 220,160 ----a-w C:\Windows\system32\drivers\bthport.sys
2008-04-29 01:42 19,456 ----a-w C:\Windows\system32\drivers\bthenum.sys
2008-04-26 08:02 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-04-25 04:23 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-04-25 04:23 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-04-25 04:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-25 04:22 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-04-23 21:37 --------- d-----w C:\Program Files\Snood 4 Beta
2008-04-21 19:56 --------- d-----w C:\ProgramData\Apple
2008-04-21 19:23 --------- d-----w C:\Program Files\Common Files\xing shared
2008-04-21 19:22 --------- d-----w C:\Program Files\Real
2008-04-21 19:22 --------- d-----w C:\Program Files\Common Files\Real
2008-04-15 22:28 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-04-15 22:25 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-04-15 22:25 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-04-15 22:25 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-04-15 22:25 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-04-15 22:25 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-04-15 22:23 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-04-15 22:23 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-04-15 22:23 2,048 ----a-w C:\Windows\System32\asferror.dll
2008-04-15 22:23 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-04-15 22:22 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-04-15 22:21 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-04-15 22:18 83,968 ----a-w C:\Windows\System32\dnsrslvr.dll
2008-04-15 22:18 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe
2008-04-15 22:15 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-04-15 18:26 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2008-04-15 18:26 43,352 ----a-w C:\Windows\System32\wups2.dll
2008-04-15 18:26 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2008-04-15 18:26 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2008-04-15 18:24 80,896 ----a-w C:\Windows\System32\wudriver.dll
2008-04-15 18:24 549,720 ----a-w C:\Windows\System32\wuapi.dll
2008-04-15 18:24 33,624 ----a-w C:\Windows\System32\wups.dll
2008-04-15 18:22 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-04-15 18:22 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2008-03-31 21:25 831,488 ----a-w C:\Windows\System32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\Windows\System32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-03-21 20:30 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2006-07-01 20:51 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot@2008-06-17_14.35.46,87 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-17 12:12:17 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-06-17 17:12:07 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-06-17 12:12:19 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-06-17 17:12:08 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-06-17 12:12:19 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-06-17 17:12:08 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-06-17 12:14:06 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-06-17 17:12:41 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-06-17 17:12:41 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-06-17 12:14:00 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-06-17 17:12:41 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-06-17 17:12:41 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-06-17 12:12:19 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-06-17 16:59:17 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-17 12:12:19 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-17 16:59:17 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-17 12:12:19 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-17 16:59:17 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-06-17 12:14:21 9,470 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1791708984-2715959864-1749688812-1001_UserData.bin
+ 2008-06-17 17:14:08 9,900 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1791708984-2715959864-1749688812-1001_UserData.bin
- 2008-06-17 12:14:21 66,568 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-06-17 17:14:08 66,830 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-06-17 12:14:19 39,582 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-06-17 17:14:01 39,964 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-04-16 00:21 1232896]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-06-17 13:33 289088]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-19 01:31 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-19 01:31 8466432]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-19 01:31 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 14:46 4349952 C:\Windows\RtHDVCpl.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2006-11-07 20:57 159744]
"PowerManager"="C:\Program Files\Power Manager\PM.exe" [2007-03-13 15:01 29696]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-02-26 20:46 153136]
"recinfo949"="c:\RecInfo\RecInfo.exe" [2007-10-23 14:52 2764800]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-21 21:22 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 11:13 267048]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-04-10 15:14 1107848]

C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 15:41:28 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\CYBERL~1\PowerDV\Kernel\Burner\MKDMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{71C4CC73-B84E-4716-B187-6DBEEC4A401C}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A2581A0C-10ED-4B4D-83A8-6086698F8345}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{911B8E04-8384-4841-8DC8-790AB4A0BAE5}"= C:\Program Files\CyberLink\PowerDV\PowerDV.exe:CyberLink PowerDV
"TCP Query User{DEF90AD0-6FF5-43C3-A803-62C3D34D7260}C:\\program files\\intervideo\\dvd8\\windvd.exe"= UDP:C:\program files\intervideo\dvd8\windvd.exe:WinDVD
"UDP Query User{58B01574-C99A-4753-A749-9D3A3C96537D}C:\\program files\\intervideo\\dvd8\\windvd.exe"= TCP:C:\program files\intervideo\dvd8\windvd.exe:WinDVD
"{CEB6FD2B-C374-49E8-85BD-F5D47A02AC1D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7F44FAA2-EBBC-4D69-9B0A-901BA63726DC}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{20CC182E-CF3E-45C0-B2D8-C2A22D025CFE}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{4A0A33FA-7F04-4DF9-B459-688BA2C0058C}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{532BC6B0-5389-4F7E-885A-CD2D2D776595}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{2342EBA1-86CF-40D4-AD39-37111CA42FC5}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{C8CBC93E-6C5B-4296-8DF8-3D24F67FC1B5}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{9936E522-4662-495A-BF17-6C4465927D4E}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{8B0798A3-27EB-4FA5-98FB-6645B8739345}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{B67C6076-8C76-4101-8E93-E532D55B109B}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{4ADF84FC-E2B5-46F3-9788-5B18A3463E7E}"= TCP:C:\Program Files\DNA\btdna.exe:DNA

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
S4 nvrd32;NVIDIA nForce RAID Driver;C:\Windows\system32\drivers\nvrd32.sys [2007-07-02 17:37]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-06-16 16:03:22 C:\Windows\Tasks\User_Feed_Synchronization-{13358AD7-836B-4B75-97B4-D23FF30957F4}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-17 19:12:54
Windows 6.0.6000 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.bin
C:\Program Files\Apoint2K\ApntEx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-17 19:17:59 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-17 17:17:50
ComboFix2.txt 2008-06-17 12:36:06

Pre-Run: 62,105,583,616 octets libres
Post-Run: 61,134,049,280 octets libres

295 --- E O F --- 2008-06-15 01:56:00

______________________________________________________________________________________________


Rapport hijakthis :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:22:09, on 17/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Power Manager\PM.exe
C:\Windows\System32\rundll32.exe
C:\RecInfo\RecInfo.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\DNA\btdna.exe
C:\Windows\Explorer.exe
C:\Users\pc\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [recinfo949] c:\RecInfo\RecInfo.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
End of file - 8261 bytes




voilà tout...

Ok

il reste le mistere de rec info

fais le analyser sur ce site

http://www.virustotal.com/fr/

le fichier :

c:\RecInfo\RecInfo.exe

post le rapport stp

@+
Le meilleur moyen de faire tourner la tête à une femme, c'est de lui dire qu'elle a un joli profil

Un rapport de plus :


Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.13.1 2008.06.16 -
AntiVir 7.8.0.55 2008.06.16 -
Authentium 5.1.0.4 2008.06.16 -
Avast 4.8.1195.0 2008.06.15 -
AVG 7.5.0.516 2008.06.16 -
BitDefender 7.2 2008.06.16 -
CAT-QuickHeal 9.50 2008.06.16 -
ClamAV 0.93.1 2008.06.16 -
DrWeb 4.44.0.09170 2008.06.16 -
eSafe 7.0.15.0 2008.06.15 -
eTrust-Vet 31.6.5878 2008.06.16 -
Ewido 4.0 2008.06.16 -
F-Prot 4.4.4.56 2008.06.12 -
F-Secure 6.70.13260.0 2008.06.16 -
Fortinet 3.14.0.0 2008.06.16 -
GData 2.0.7306.1023 2008.06.16 -
Ikarus T3.1.1.26.0 2008.06.16 -
Kaspersky 7.0.0.125 2008.06.16 -
McAfee 5317 2008.06.13 -
Microsoft 1.3604 2008.06.16 -
NOD32v2 3191 2008.06.16 -
Norman 5.80.02 2008.06.16 -
Panda 9.0.0.4 2008.06.15 -
Prevx1 V2 2008.06.16 -
Rising 20.49.02.00 2008.06.16 -
Sophos 4.30.0 2008.06.16 -
Sunbelt 3.0.1153.1 2008.06.15 -
Symantec 10 2008.06.16 -
TheHacker 6.2.92.351 2008.06.16 -
TrendMicro 8.700.0.1004 2008.06.16 -
VBA32 3.12.6.7 2008.06.16 -
VirusBuster 4.3.26:9 2008.06.12 -
Webwasher-Gateway 6.6.2 2008.06.16 -
Information additionnelle
File size: 2764800 bytes
MD5...: 8e382b0c5f16daf17b3c1cf5205846d1
SHA1..: 9bbcfe2ca30ec4683d3cbb389fb7ffb6d77eede5
SHA256: 916ef2f99050841fb5aa2662ae0451255eba0429122e4984cbe9d53b15f9­e725
SHA512: 8a3e0441ecb9096921fea7b1f85035119fbc8c38b330fea861f976fab4e7­319c
e892a4c6f6d48c7f551d07768e734f5c986692999454cf27a06eae8a3f13­b060
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x6a0eee
timedatestamp.....: 0x471dee89 (Tue Oct 23 12:52:25 2007)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x2000 0x29eef4 0x29f000 0.87 8e0bce18abf50795e29b50a822ab8b1a
.sdata 0x2a2000 0xa6 0x1000 0.41 69bb16bae47cfa7016e13383b6a52f2a
.rsrc 0x2a4000 0x7f0 0x1000 1.62 4d6c785c8b5c126ed200222995afcc2d
.reloc 0x2a6000 0xc 0x1000 0.01 5549acc2afdb623692fcff1aa701b9eb

( 1 imports )
> mscoree.dll: _CorExeMain

( 0 exports )

Bon

fais le analyser encore ici :

http://virusscan.jotti.org/de/
Le meilleur moyen de faire tourner la tête à une femme, c'est de lui dire qu'elle a un joli profil

Arête les site hem hem et tout va se régler!!!!!!!!!!!!!!!!!!!

Super idm, t´as pas autre chose a dire ?
Le meilleur moyen de faire tourner la tête à une femme, c'est de lui dire qu'elle a un joli profil

La suite...


Datei: RecInfo.exe
Auslastung: 0% 100%

Status: OK (Anmerkung: diese Datei wurde bereits vorher gescannt. Die Scanergebnisse werden daher nicht in der Datenbank gespeichert.)
Entdeckte Packprogramme: -
Bit9 rapportiert: {BIT9_THREAT}

A-Squared Keine Viren gefunden
AntiVir Keine Viren gefunden
ArcaVir Keine Viren gefunden
Avast Keine Viren gefunden
AVG Antivirus Keine Viren gefunden
BitDefender Keine Viren gefunden
ClamAV Keine Viren gefunden
CPsecure Keine Viren gefunden
Dr.Web Keine Viren gefunden
F-Prot Antivirus Keine Viren gefunden
F-Secure Anti-Virus Keine Viren gefunden
Fortinet Keine Viren gefunden
Ikarus Keine Viren gefunden
Kaspersky Anti-Virus Keine Viren gefunden
NOD32 Keine Viren gefunden
Norman Virus Control Keine Viren gefunden
Panda Antivirus Keine Viren gefunden
Sophos Antivirus Keine Viren gefunden
VirusBuster Keine Viren gefunden
VBA32 Keine Viren gefunden

Ok c´est cool ;-)

post un dernier rapport hijack this stp

@+
Le meilleur moyen de faire tourner la tête à une femme, c'est de lui dire qu'elle a un joli profil

Il semble que cela fonctionne correctement : un très grand merci à toi. Le dernier hijackthis :



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:11:04, on 18/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Power Manager\PM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\pc\Program Files\DNA\btdna.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\pc\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [recinfo949] c:\RecInfo\RecInfo.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Spyware-Secure] C:\Program Files\Spyware-Secure\Spyware-Secure_trial.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\pc\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [xruofj] c:\users\pc\appdata\local\xruofj.exe xruofj
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
End of file - 8769 bytes