Un virus qui "Clignoter" TT le Bureau

VOILA,

-------------- UsbFix V2.404 ---------------

* User : Famille - BELLA -8F8B2A6E2
* Outils mis a jours le 12/11/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 10:55:59 le 13/11/2008
* Windows Xp - Internet Explorer 8.0.6001.18241


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\Famille\LOCALS~1\Temp\1.tmp\b2e.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Documents and Settings\Famille\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\msfeedssync.exe
C:\WINDOWS\system32\dwwin.exe

--------------- [ Informations lecteurs ] ----------------

C: - Lecteur fixe

D: - Lecteur fixe

F: - Lecteur de CD-ROM

H: - Lecteur amovible


+- Contenu de l'autorun : F:\autorun.inf



--------------- [ Registre / Startup ] ----------------


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
PHIME2002ASync REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
igfxtray REG_SZ C:\WINDOWS\system32\igfxtray.exe
igfxhkcmd REG_SZ C:\WINDOWS\system32\hkcmd.exe
igfxpers REG_SZ C:\WINDOWS\system32\igfxpers.exe
SkyTel REG_SZ SkyTel.EXE
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
tsnpstd3 REG_SZ C:\WINDOWS\tsnpstd3.exe
snpstd3 REG_SZ C:\WINDOWS\vsnpstd3.exe
Name of App REG_SZ C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
HP Software Update REG_SZ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
UVS11 Preload REG_SZ C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
Flashget REG_SZ "C:\Program Files\FlashGet\FlashGet.exe" /min

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
IDMan REG_SZ C:\Program Files\Internet Download Manager\IDMan.exe /onboot
Skype REG_SZ "D:\Les dossiers\Logiciels\internet\Skype\Skype.exe" /nosplash /minimized
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
Google Update REG_SZ "C:\Documents and Settings\Famille\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
SpybotSD TeaTimer REG_SZ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

--------------- [ Registre / Mountpoint2 ] ----------------

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1674667b-3244-11dd-9578-0018f3bd02b7}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1674667b-3244-11dd-9578-0018f3bd02b7}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1674667b-3244-11dd-9578-0018f3bd02b7}\Shell\open\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{206214c7-403a-11dd-8eba-0018f3bd02b7}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{206214c7-403a-11dd-8eba-0018f3bd02b7}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{206214c7-403a-11dd-8eba-0018f3bd02b7}\Shell\open\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{306feaed-2419-11dd-beaa-0018f3bd02b7}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{306feaed-2419-11dd-beaa-0018f3bd02b7}\Shell\open\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3fba9d1b-a196-11dd-bea4-0018f3bd02b7}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3fba9d1b-a196-11dd-bea4-0018f3bd02b7}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3fba9d1b-a196-11dd-bea4-0018f3bd02b7}\Shell\open\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f05a509-aa95-11dd-b28e-0018f3bd02b7}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f05a509-aa95-11dd-b28e-0018f3bd02b7}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f05a509-aa95-11dd-b28e-0018f3bd02b7}\Shell\open\Command

--------------- [ Nettoyage des disques ] ----------------

Echec de la supression !! - [17/05/2006 12:44] F:\autorun.inf
Echec de la supression !! - [17/05/2006 12:44] F:\autorun.inf
Echec de la supression !! - [17/05/2006 12:44] F:\autorun.inf

--------------- [ Listing des fichiers présents ] ----------------

-> /!\ Le resultat doit etre interprété par un spécialiste /!\

[04/08/2004 03:38][-rahs----] C:\NTDETECT.COM
[14/05/2008 07:59][---hs----] C:\boot.ini
[14/02/2005 10:35][-r-------] F:\NCR.exe
[17/05/2006 12:44][-r-------] F:\AUTORUN.INF

--------------- [ Vaccination ] ----------------

C:\autorun.inf - Dossier autorun.inf crée par UsbFix !
D:\autorun.inf - Dossier autorun.inf crée par UsbFix !
H:\autorun.inf - Dossier autorun.inf crée par UsbFix !

--------------- ! Fin du rapport ! ----------------

Sûrement pas !

Il n'a traité qu'une infection ....


il reste le plus gros : Vundo ! ....

C:\WINDOWS\system32\ssqRKayV.dl
C:\WINDOWS\system32\rqRIyArq.dlll
--> ça c'est Vundo et il va te pourrir la vie ... -_-


fais ce que je t'ai demandé stp .... ;)

Mon PC m'affiche pas le bureau en mode Sans Échec, c'est juste un tiré en haut à gauche qui clignote pour une lente durrée !! est que je peut faire le Scan en mode Normale & est il efficace ?

Voila les Résultats:


-----------\\ ToolBar S&D 1.2.4 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 2.66GHz )
BIOS : BIOS Date: 10/19/06 17:05:36 Ver: 08.00.10
USER : Famille ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 081112-0] 4.8.1229 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:40 Go (Free:22 Go)
D:\ (Local Disk) - NTFS - Total:34 Go (Free:25 Go)
E:\ (CD or DVD)
F:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
G:\ (CD or DVD)
H:\ (USB) - FAT32 - Total:979 Mo (Free:0 Go)

"C:\ToolBar SD" ( MAJ : 27-10-2008|09:25 )
Option : [1] ( 13/11/2008|15:04 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\AskPBar
C:\Program Files\AskPBar\bar
C:\Program Files\AskTBar
C:\Program Files\AskTBar\bar
C:\Program Files\AskTBar\PopSwatr

-----------\\ Extensions

(Famille) - {097d3191-e6fa-4728-9826-b533d755359d} => aios
(Famille) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
(Famille) - {ada4b710-8346-4b82-8199-5de2b400a6ae} => reminderfox
(Famille) - {fce36c1e-58d8-498a-b2a5-66ad1cedebbb} => customizegoogle


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.yahoo.com/?p=us"
"Search Bar"="https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5"
"Start Page"="about:blank"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://fr.yahoo.com/?p=us"
"Default_Search_URL"="http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.yahoo.com/?p=us"
"Search Page"="http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.yahoo.com/?p=us"
"Start Page"="https://fr.yahoo.com/?p=us"
"Search Bar"="http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html"


--------------------\\ Recherche d'autres infections

C:\WINDOWS\system32\VyaKRqss.ini
C:\WINDOWS\system32\VyaKRqss.ini2
[b]==> VUNDO <==/b

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Famille\Favoris\Menu des marque-pages\Cours\Crack rapidshare d‚lai d'attente et de t‚l‚charger limite ¯Ma vie num‚rique.URL
C:\DOCUME~1\Famille\Mes documents\Google Crack Search.txt
C:\DOCUME~1\Famille\Mes documents\Downloads\Compressed\VideoStudio\Keygen.exe
C:\DOCUME~1\Famille\Shared\Full Speed Internet Broadband Connection Full v2.1 + crack.rar



1 - "C:\ToolBar SD\TB_1.txt" - 13/11/2008|15:05 - Option : [1]

-----------\\ Fin du rapport a 15:05:20,73

Le Rapport OTMoveIt3 est ceci:

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File/Folder C:\DOCUME~1\Famille\Favoris\Menu des marque-pages\Cours\Crack rapidshare délai d'attente et de télécharger limite ¯Ma vie numérique.URL not found.
C:\DOCUME~1\Famille\Mes documents\Google Crack Search.txt moved successfully.
C:\DOCUME~1\Famille\Mes documents\Downloads\Compressed\VideoStudio\Keygen.exe moved successfully.
C:\DOCUME~1\Famille\Shared\Full Speed Internet Broadband Connection Full v2.1 + crack.rar moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Famille\LOCALS~1\Temp\~DFC721.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_568.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7a8.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_888.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11132008_151804

Files moved on Reboot...
C:\DOCUME~1\Famille\LOCALS~1\Temp\~DFC721.tmp moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.
File C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
C:\WINDOWS\temp\Perflib_Perfdata_568.dat moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_7a8.dat moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_888.dat moved successfully.

******************************************************************************************

Le Rapport ToolBarSD est :


-----------\\ ToolBar S&D 1.2.4 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 2.66GHz )
BIOS : BIOS Date: 10/19/06 17:05:36 Ver: 08.00.10
USER : Famille ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 081112-0] 4.8.1229 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:40 Go (Free:22 Go)
D:\ (Local Disk) - NTFS - Total:34 Go (Free:25 Go)
E:\ (CD or DVD)
F:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
G:\ (CD or DVD)
H:\ (USB) - FAT32 - Total:979 Mo (Free:0 Go)

"C:\ToolBar SD" ( MAJ : 27-10-2008|09:25 )
Option : [2] ( 13/11/2008|15:23 )

-----------\\ SUPPRESSION

Supprime! - C:\Program Files\AskPBar\bar
Supprime! - C:\Program Files\AskTBar\bar
Supprime! - C:\Program Files\AskTBar\PopSwatr
Supprime! - C:\Program Files\AskPBar
Supprime! - C:\Program Files\AskTBar

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ Extensions

(Famille) - {097d3191-e6fa-4728-9826-b533d755359d} => aios
(Famille) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
(Famille) - {ada4b710-8346-4b82-8199-5de2b400a6ae} => reminderfox
(Famille) - {fce36c1e-58d8-498a-b2a5-66ad1cedebbb} => customizegoogle


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.yahoo.com/?p=us"
"Search Bar"="https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5"
"Start Page"="about:blank"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://fr.yahoo.com/?p=us"
"Default_Search_URL"="http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.yahoo.com/?p=us"
"Search Page"="http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.yahoo.com/?p=us"
"Start Page"="https://www.msn.com/fr-fr/"
"Search Bar"="http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html"


--------------------\\ Recherche d'autres infections

C:\WINDOWS\system32\VyaKRqss.ini
C:\WINDOWS\system32\VyaKRqss.ini2
[b]==> VUNDO <==/b

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Famille\Favoris\Menu des marque-pages\Cours\Crack rapidshare d‚lai d'attente et de t‚l‚charger limite ¯Ma vie num‚rique.URL



1 - "C:\ToolBar SD\TB_1.txt" - 13/11/2008|15:05 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 13/11/2008|15:24 - Option : [2]

-----------\\ Fin du rapport a 15:24:44,96

*******************************************************************************************

Le Rapport HijackThis est:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:25:16, on 13/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\Famille\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\InterBase Corp\InterBase\bin\ibguard.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\InterBase Corp\InterBase\bin\ibserver.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\monjack.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.yahoo.com/?p=us
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AEF51DF3-4D1F-457B-9619-3DB9D6F43353} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: (no name) - {B0B3393C-62D1-44D8-ABF5-08E0F067F29E} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O3 - Toolbar: Alexa - {3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B} - C:\WINDOWS\system32\SHDOCVW.DLL
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Famille\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "D:\Les dossiers\Logiciels\internet\Skype\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: StumbleUpon - {75C9223A-409A-4795-A3CA-08DE6B075B4B} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE357FA4-B163-4CEB-8E4A-CC139B66AE17}: NameServer = 208.67.222.222 208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O20 - Winlogon Notify: rqRIyArq - rqRIyArq.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - InterBase Software Corp. - C:\Program Files\InterBase Corp\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - InterBase Software Corp. - C:\Program Files\InterBase Corp\InterBase\bin\ibserver.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Program Files\Power Translator\LogoMedia TranslateDotNet Server.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Famille/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.jpg

Avant de te poster le rapport, Mon SpyBot a mal avec le rqRlyArq, Une Guerre entre eux, je ne sais pas pk ?

voila le Rapport:

ComboFix 08-11-12.01 - Famille 2008-11-13 15:46:14.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.187 [GMT 1:00]
Lancé depuis: c:\documents and settings\Famille\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\InfoSat.txt
C:\temp.temp
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\system32\Cfx32.lic
c:\windows\system32\cfx32.ocx
c:\windows\system32\VyaKRqss.ini
c:\windows\system32\VyaKRqss.ini2

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_JIURLPORTHIDE


((((((((((((((((((((((((((((( Fichiers créés du 2008-10-13 au 2008-11-13 ))))))))))))))))))))))))))))))))))))
.

2008-11-13 15:18 . 2008-11-13 15:18 <REP> d-------- C:\_OTMoveIt
2008-11-13 15:03 . 2008-11-13 15:24 <REP> d-------- C:\ToolBar SD
2008-11-13 14:28 . 2008-11-13 14:28 1,393 --a------ c:\windows\imsins.BAK
2008-11-13 14:17 . 2008-11-13 14:17 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-13 14:17 . 2008-11-13 14:17 <REP> d-------- c:\documents and settings\Famille\Application Data\Malwarebytes
2008-11-13 14:17 . 2008-11-13 14:17 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-13 14:17 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-13 14:17 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-13 13:43 . 2008-11-13 13:43 <REP> d-------- c:\program files\Trend Micro
2008-11-13 13:38 . 2008-11-13 14:05 <REP> d-------- c:\documents and settings\Famille\Application Data\4shared Uploader
2008-11-13 10:51 . 2008-11-13 10:57 <REP> d-------- c:\program files\UsbFix
2008-11-09 20:53 . 2008-11-13 14:31 <REP> d-------- c:\program files\ImageConverter Plus
2008-11-09 17:13 . 2008-11-13 15:25 <REP> d-------- c:\program files\FlashGet
2008-11-06 20:26 . 2008-11-06 20:26 <REP> d-------- C:\SmartSound Software
2008-11-06 20:25 . 2008-11-06 20:25 <REP> d-------- c:\program files\SmartSound Software
2008-11-06 20:25 . 2008-11-06 20:25 <REP> d-------- c:\documents and settings\All Users\Application Data\SmartSound Software Inc
2008-11-04 20:41 . 1992-10-27 07:00 151,984 --a------ c:\windows\system\BWCC.DLL
2008-11-04 20:41 . 1992-10-27 07:00 10,032 --a------ c:\windows\GROUPS.EXE
2008-11-04 20:41 . 1992-10-27 07:00 9,279 --a------ c:\windows\system\TDDEBUG.386
2008-11-04 20:41 . 2008-11-04 20:41 767 --a------ c:\windows\GROUPS.B$$
2008-11-04 20:41 . 2008-11-04 20:41 218 --a------ c:\windows\TDW.INI
2008-11-04 20:41 . 2008-11-05 19:43 202 --a------ c:\windows\BPW.INI
2008-11-04 20:31 . 2008-11-06 20:52 <REP> d-------- C:\BP
2008-11-02 19:39 . 2008-11-02 19:39 268 --ah----- C:\sqmdata16.sqm
2008-11-02 19:39 . 2008-11-02 19:39 244 --ah----- C:\sqmnoopt16.sqm
2008-11-02 13:07 . 2008-11-02 13:41 <REP> d-------- c:\documents and settings\Famille\Application Data\Daimler
2008-10-31 11:55 . 2008-11-08 17:19 156 --a------ c:\windows\Twunk001.MTX
2008-10-31 11:55 . 2008-11-08 17:19 2 --a------ c:\windows\Twain001.Mtx
2008-10-31 11:55 . 2008-10-31 11:55 0 --a------ c:\windows\Twunk002.MTX
2008-10-31 08:44 . 2008-10-31 08:44 <REP> d-------- c:\documents and settings\Famille\Application Data\InstallShield
2008-10-30 16:31 . 2008-10-30 16:31 <REP> d-------- c:\program files\Fichiers communs\eSellerate
2008-10-30 16:26 . 2008-10-31 09:00 <REP> d-------- c:\program files\NewBlue
2008-10-30 15:23 . 2008-10-30 15:23 <REP> d-------- c:\program files\Fichiers communs\InterVideo
2008-10-30 15:23 . 2008-10-30 15:23 <REP> d-------- c:\documents and settings\All Users\Application Data\InterVideo
2008-10-30 15:23 . 2007-03-06 11:58 210,456 --------- c:\windows\system32\IVIresizeW7.dll
2008-10-30 15:23 . 2007-03-06 11:58 206,360 --------- c:\windows\system32\IVIresizeA6.dll
2008-10-30 15:23 . 2007-03-06 11:58 198,168 --------- c:\windows\system32\IVIresizeP6.dll
2008-10-30 15:23 . 2007-03-06 11:58 198,168 --------- c:\windows\system32\IVIresizeM6.dll
2008-10-30 15:23 . 2007-03-06 11:58 194,072 --------- c:\windows\system32\IVIresizePX.dll
2008-10-30 15:23 . 2007-03-06 11:58 26,136 --------- c:\windows\system32\IVIresize.dll
2008-10-30 15:21 . 2008-10-30 15:21 <REP> d-------- c:\program files\Windows Media Components
2008-10-30 15:20 . 2008-10-30 15:21 <REP> d-------- c:\program files\Fichiers communs\Ulead Systems
2008-10-28 17:59 . 2008-05-23 09:34 4,096 --a------ c:\windows\d3dx.dat
2008-10-28 11:46 . 2008-09-12 11:44 206,256 --------- c:\windows\system32\idmmbc.dll
2008-10-26 15:57 . 2008-10-26 15:57 <REP> d-------- c:\program files\Fichiers communs\SureThing Shared
2008-10-26 15:53 . 2005-09-23 23:18 171,520 --------- c:\windows\system32\drivers\MarvinBus.sys
2008-10-26 15:52 . 2008-10-26 15:52 <REP> d-------- c:\documents and settings\All Users\Application Data\Pinnacle Studio Ultimate
2008-10-26 15:36 . 2008-11-10 17:45 <REP> d-------- c:\documents and settings\All Users\Application Data\Pinnacle
2008-10-22 15:39 . 2008-10-22 15:39 <REP> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
2008-10-22 09:42 . 2008-10-22 09:42 <REP> d-------- c:\program files\Apple Software Update
2008-10-17 20:40 . 2008-10-17 20:40 268 --ah----- C:\sqmdata15.sqm
2008-10-17 20:40 . 2008-10-17 20:40 244 --ah----- C:\sqmnoopt15.sqm
2008-10-17 09:35 . 2008-10-17 09:35 268 --ah----- C:\sqmdata14.sqm
2008-10-17 09:35 . 2008-10-17 09:35 244 --ah----- C:\sqmnoopt14.sqm
2008-10-16 14:41 . 2008-10-16 14:41 <REP> d--hs---- c:\documents and settings\Famille\PrivacIE
2008-10-16 14:32 . 2008-10-16 14:32 268 --ah----- C:\sqmdata13.sqm
2008-10-16 14:32 . 2008-10-16 14:32 244 --ah----- C:\sqmnoopt13.sqm
2008-10-16 14:25 . 2008-10-16 14:26 <REP> d-------- c:\windows\system32\fr-fr
2008-10-16 14:25 . 2008-10-16 14:26 <REP> d--h-c--- c:\windows\ie8
2008-10-15 20:36 . 2008-10-15 20:36 268 --ah----- C:\sqmdata12.sqm
2008-10-15 20:36 . 2008-10-15 20:36 244 --ah----- C:\sqmnoopt12.sqm

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-13 14:50 --------- d-----w c:\documents and settings\Famille\Application Data\DMCache
2008-11-13 14:25 --------- d-----w c:\program files\Mozilla Firefox 3 Beta 5
2008-11-13 13:29 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-13 08:51 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-11-10 14:43 --------- d-----w c:\program files\Circle Developement
2008-11-09 19:05 --------- d-----w c:\documents and settings\Famille\Application Data\Skype
2008-11-09 15:54 --------- d-----w c:\program files\Replay Media Catcher
2008-11-08 16:19 --------- d-----w c:\documents and settings\Famille\Application Data\Image Zone Express
2008-11-08 15:42 --------- d-----w c:\program files\Internet Download Manager
2008-11-06 19:30 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-06 17:50 --------- d-----w c:\program files\TubeMaster
2008-11-06 09:43 --------- d-----w c:\documents and settings\Famille\Application Data\LimeWire
2008-11-06 08:05 --------- d-----w c:\documents and settings\Famille\Application Data\BearShare
2008-11-05 19:12 --------- d-----w c:\program files\eMule
2008-11-02 12:07 --------- d-----w c:\documents and settings\Famille\Application Data\Thinstall
2008-10-30 16:05 --------- d-----w c:\documents and settings\Famille\Application Data\Ulead Systems
2008-10-30 14:20 --------- d-----w c:\program files\Ulead Systems
2008-10-30 14:20 --------- d-----w c:\documents and settings\All Users\Application Data\Ulead Systems
2008-10-28 17:39 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-10-24 11:10 453,632 ------w c:\windows\system32\drivers\mrxsmb.sys
2008-10-08 12:56 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-08 12:27 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-10-03 17:50 --------- d-----w c:\program files\LizardTech
2008-10-03 17:43 --------- d-----w c:\documents and settings\Famille\Application Data\StumbleUpon
2008-10-02 07:16 --------- d-----w c:\program files\PDF Blender
2008-09-28 15:20 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-09-25 12:45 --------- d-----w c:\program files\Reallusion
2008-09-25 09:06 --------- d-----w c:\program files\Xara
2008-09-25 09:05 --------- d-----w c:\program files\ElcomSoft
2008-09-23 03:35 --------- d-----w c:\program files\LimeWire
2008-09-16 15:34 --------- d-----w c:\program files\Java
2008-09-16 14:40 --------- d-----w c:\program files\TechSmith
2008-09-16 14:40 --------- d-----w c:\documents and settings\All Users\Application Data\TechSmith
2008-09-16 14:39 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
.

------- Sigcheck -------

2007-06-13 14:22 979456 80a5400514eb32d393654768c4017e46 c:\windows\explorer.exe
2007-06-13 14:10 1037312 b795475444d6d57a572c14b9e1a29839 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 05:54 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa c:\windows\$NtUninstallKB938828$\explorer.exe
2008-04-14 03:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\explorer.exe
2007-06-13 14:22 979456 80a5400514eb32d393654768c4017e46 c:\windows\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2008-11-13 2606512]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"Google Update"="c:\documents and settings\Famille\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2005-11-04 90112]
"snpstd3"="c:\windows\vsnpstd3.exe" [2005-09-05 339968]
"Name of App"="c:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe" [2008-07-07 675935]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"UVS11 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-07-23 341232]
"Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-06-29 1990704]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-05-15 185896]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Famille\Menu D‚marrer\Programmes\D‚marrage\
TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]
UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
backup=c:\windows\pss\Outil de mise à jour Google.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^SnagIt 9.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\SnagIt 9.lnk
backup=c:\windows\pss\SnagIt 9.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-08-03 12:51 202024 c:\program files\Fichiers communs\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--------- 2004-08-04 05:54 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
--a------ 2007-06-29 12:44 1990704 c:\program files\FlashGet\flashget.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-04 03:32 208952 c:\windows\ime\IMJP8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-08-08 09:25 1828136 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero PhotoShow Media Manager]
--a------ 2007-04-27 19:22 312848 c:\progra~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 c:\program files\Fichiers communs\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 14.0]
--a------ 2008-01-19 20:01 2245984 c:\program files\Norton Ghost\Agent\VProTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
--a------ 2008-04-01 02:54 507904 c:\program files\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-05-16 14:24 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-05-15 08:39 185896 c:\program files\Fichiers communs\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-04-01 19:49 36352 c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
--a------ 2008-01-10 17:41 223984 c:\program files\Yahoo!\Search Protection\SearchProtection.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 2005-05-03 11:43 69632 c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2006-08-01 12:10 16049664 c:\windows\RTHDCPL.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Fichiers communs\\Nero\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Maxthon2\\Modules\\MxDownloader\\MxDownloadServer.exe"=
"c:\\Documents and Settings\\Famille\\Application Data\\IDM\\Skype\\Skype.exe"=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"c:\\Program Files\\Java\\jre1.6.0_05\\bin\\java.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Maple 11\\jre\\bin\\maple.exe"=
"c:\\Program Files\\Maple 11\\jre\\bin\\java.exe"=
"c:\\Program Files\\Mozilla Firefox 3 Beta 5\\firefox.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"d:\\Dossiers\\Logiciels\\internet\\Skype\\Skype.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP ?????? 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP ?????? 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP ?????? 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP ?????? 37675

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2004-08-04 5120]
R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [2007-12-20 1553896]
S4 OracleCSService;OracleCSService;d:\oracle\product\10.1.0\Db_1\bin\ocssd.exe service [ ]
S4 OracleOraDb10g_home1SNMPPeerEncapsulator;OracleOraDb10g_home1SNMPPeerEncapsulator;d:\oracle\product\10.1.0\Db_1\BIN\ENCSVC.EXE [ ]
S4 OracleOraDb10g_home1SNMPPeerMasterAgent;OracleOraDb10g_home1SNMPPeerMasterAgent;d:\oracle\product\10.1.0\Db_1\BIN\AGNTSVC.EXE [ ]
.
Contenu du dossier 'Tâches planifiées'

2008-11-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-11-13 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Famille\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 11:53]

2008-11-13 c:\windows\Tasks\User_Feed_Synchronization-{64E26B5D-4FB5-4392-A6F4-B87D9BFDA85D}.job
- c:\windows\system32\msfeedssync.exe [2008-08-22 03:05]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{AEF51DF3-4D1F-457B-9619-3DB9D6F43353} - (no file)
BHO-{B0B3393C-62D1-44D8-ABF5-08E0F067F29E} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKCU-Run-kamsoft - c:\windows\system32\ckvo.exe
ShellExecuteHooks-{B0B3393C-62D1-44D8-ABF5-08E0F067F29E} - (no file)
Notify-rqRIyArq - rqRIyArq.dll
MSConfigStartUp-Amok Eggs Four Web - c:\documents and settings\All Users\Application Data\part dead amok eggs\bows rect.exe
MSConfigStartUp-Camfrog - c:\program files\Camfrog\Camfrog Video Chat\CamfrogNet.exe
MSConfigStartUp-Mix keep - c:\docume~1\Famille\APPLIC~1\HELPJU~1\CORN AIM KIND.exe
MSConfigStartUp-Skype - d:\les dossiers\Logiciels\internet\Skype\Skype.exe


.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\Famille\Application Data\Mozilla\Firefox\Profiles\b8sjkvpz.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/
FF -: plugin - c:\documents and settings\Famille\Local Settings\Application Data\Google\Update\1.2.131.25\npGoogleOneClick6.dll
FF -: plugin - c:\program files\Google\Google Updater\2.4.1399.3742\npCIDetect13.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Mozilla Firefox 3 Beta 5\plugins\npdjvu.dll
FF -: plugin - c:\program files\Mozilla Firefox 3 Beta 5\plugins\npnul32.dll
FF -: plugin - c:\program files\Mozilla Firefox 3 Beta 5\plugins\NPOFF12.DLL
FF -: plugin - c:\program files\Mozilla Firefox 3 Beta 5\plugins\npOGAPlugin.dll
FF -: plugin - c:\program files\Mozilla Firefox 3 Beta 5\plugins\nppl3260.dll
FF -: plugin - c:\program files\Mozilla Firefox 3 Beta 5\plugins\npqtplugin.dll
FF -: plugin - c:\program files\Mozilla Firefox 3 Beta 5\plugins\npqtplugin2.dll
FF -: plugin - c:\program files\Mozilla Firefox 3 Beta 5\plugins\npqtplugin3.dll
FF -: plugin - c:\program files\Mozilla Firefox 3 Beta 5\plugins\npqtplugin4.dll
FF -: plugin - c:\program files\Mozilla Firefox 3 Beta 5\plugins\npqtplugin5.dll
FF -: plugin - c:\program files\Mozilla Firefox 3 Beta 5\plugins\npqtplugin6.dll
FF -: plugin - c:\program files\Mozilla Firefox 3 Beta 5\plugins\npqtplugin7.dll
FF -: plugin - c:\program files\Mozilla Firefox 3 Beta 5\plugins\nprjplug.dll
FF -: plugin - c:\program files\Mozilla Firefox 3 Beta 5\plugins\nprpjplug.dll
FF -: plugin - c:\program files\Yahoo!\Common\npyaxmpb.dll
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-13 15:50:29
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

PROCESSUS: c:\windows\explorer.exe
-> c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\drivers\CDANTSRV.EXE
c:\program files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\InterBase Corp\InterBase\bin\ibguard.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\Norton Ghost\Agent\VProSvc.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\InterBase Corp\InterBase\bin\ibserver.exe
c:\program files\Internet Download Manager\IEMonitor.exe
c:\windows\system32\msdtc.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Heure de fin: 2008-11-13 16:02:28 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-11-13 15:02:20

Avant-CF: 24 166 649 856 octets libres
Après-CF: 24,053,653,504 octets libres

351 --- E O F --- 2008-11-13 13:29:51

J'ai ça dans mon Panneau De Configuration

http://img247.imageshack.us/img247/5828/panneaudeconfigurationcqa8.jpg

je n'ai pas le "Programmes et fonctionnalité"

ou je la trouve ?

J'ai pas ces Programmes, je téléchargera le Programme & je te répond.

le nouveau Rapport:


--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 2.66GHz )
BIOS : BIOS Date: 10/19/06 17:05:36 Ver: 08.00.10
USER : Famille ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 081113-0] 4.8.1229 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:40 Go (Free:22 Go)
D:\ (Local Disk) - NTFS - Total:34 Go (Free:25 Go)
E:\ (CD or DVD)
F:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
G:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( 13/11/2008|17:11 )

--------------------\\ Listing des dossiers dans APPLIC~1

[28/10/2008|18:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[15/05/2008|10:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[15/05/2008|10:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[22/10/2008|15:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
[13/11/2008|09:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
[09/06/2008|14:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
[30/10/2008|15:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InterVideo
[13/11/2008|14:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[29/05/2008|12:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[08/06/2008|12:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[13/11/2008|14:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[16/05/2008|12:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
[23/05/2008|17:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
[17/05/2008|07:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\OrbNetworks
[28/07/2008|11:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\part dead amok eggs
[10/11/2008|17:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle
[26/10/2008|15:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle Studio Ultimate
[14/05/2008|20:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[14/05/2008|17:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Simple Star Shared
[08/06/2008|19:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[06/11/2008|20:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SmartSound Software Inc
[08/10/2008|13:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[16/05/2008|09:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[16/09/2008|15:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TechSmith
[28/09/2008|16:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[30/10/2008|15:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
[14/05/2008|20:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[06/06/2008|12:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\yahoo!
[03/06/2008|18:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion

[24/07/2008|19:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
[14/05/2008|08:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[13/11/2008|14:05] C:\DOCUME~1\Famille\APPLIC~1\4shared Uploader
[28/10/2008|18:01] C:\DOCUME~1\Famille\APPLIC~1\Adobe
[17/05/2008|07:55] C:\DOCUME~1\Famille\APPLIC~1\Apple Computer
[06/11/2008|09:05] C:\DOCUME~1\Famille\APPLIC~1\BearShare
[10/06/2008|07:48] C:\DOCUME~1\Famille\APPLIC~1\Camfrog
[02/11/2008|13:41] C:\DOCUME~1\Famille\APPLIC~1\Daimler
[13/11/2008|15:50] C:\DOCUME~1\Famille\APPLIC~1\DMCache
[14/05/2008|20:23] C:\DOCUME~1\Famille\APPLIC~1\eu
[27/05/2008|18:49] C:\DOCUME~1\Famille\APPLIC~1\Google
[16/05/2008|14:18] C:\DOCUME~1\Famille\APPLIC~1\Help
[28/07/2008|11:23] C:\DOCUME~1\Famille\APPLIC~1\Help Junk Win
[09/06/2008|15:07] C:\DOCUME~1\Famille\APPLIC~1\HP
[14/05/2008|08:09] C:\DOCUME~1\Famille\APPLIC~1\Identities
[14/06/2008|23:31] C:\DOCUME~1\Famille\APPLIC~1\IDM
[08/11/2008|17:19] C:\DOCUME~1\Famille\APPLIC~1\Image Zone Express
[31/10/2008|08:44] C:\DOCUME~1\Famille\APPLIC~1\InstallShield
[06/11/2008|10:43] C:\DOCUME~1\Famille\APPLIC~1\LimeWire
[17/07/2008|19:49] C:\DOCUME~1\Famille\APPLIC~1\Macromedia
[13/11/2008|14:17] C:\DOCUME~1\Famille\APPLIC~1\Malwarebytes
[19/09/2008|17:51] C:\DOCUME~1\Famille\APPLIC~1\Microsoft
[14/05/2008|08:41] C:\DOCUME~1\Famille\APPLIC~1\Mozilla
[25/07/2008|10:48] C:\DOCUME~1\Famille\APPLIC~1\MxBoost
[16/05/2008|12:52] C:\DOCUME~1\Famille\APPLIC~1\Nero
[18/05/2008|17:43] C:\DOCUME~1\Famille\APPLIC~1\ooVoo Details
[15/05/2008|17:20] C:\DOCUME~1\Famille\APPLIC~1\Real
[14/05/2008|17:23] C:\DOCUME~1\Famille\APPLIC~1\Simple Star
[09/11/2008|20:05] C:\DOCUME~1\Famille\APPLIC~1\Skype
[03/10/2008|18:43] C:\DOCUME~1\Famille\APPLIC~1\StumbleUpon
[14/05/2008|20:24] C:\DOCUME~1\Famille\APPLIC~1\Sun
[16/05/2008|09:50] C:\DOCUME~1\Famille\APPLIC~1\Symantec
[28/05/2008|16:57] C:\DOCUME~1\Famille\APPLIC~1\TeraCopy
[02/11/2008|13:07] C:\DOCUME~1\Famille\APPLIC~1\Thinstall
[30/10/2008|17:05] C:\DOCUME~1\Famille\APPLIC~1\Ulead Systems
[06/06/2008|08:47] C:\DOCUME~1\Famille\APPLIC~1\vlc
[29/05/2008|11:41] C:\DOCUME~1\Famille\APPLIC~1\Winamp
[05/10/2008|17:46] C:\DOCUME~1\Famille\APPLIC~1\WinRAR
[10/06/2008|09:24] C:\DOCUME~1\Famille\APPLIC~1\Yahoo!

[14/05/2008|08:04] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[08/06/2008|12:19] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft


--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[13/11/2008 11:30][--ah-----] C:\WINDOWS\tasks\User_Feed_Synchronization-{64E26B5D-4FB5-4392-A6F4-B87D9BFDA85D}.job
[13/11/2008 12:36][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
[13/11/2008 09:39][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[13/11/2008 15:50][--ah-----] C:\WINDOWS\tasks\SA.DAT
[07/09/2002 01:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[30/05/2008|18:02] C:\Program Files\Abdio
[28/10/2008|18:37] C:\Program Files\Adobe
[14/05/2008|08:49] C:\Program Files\Alwil Software
[22/10/2008|09:42] C:\Program Files\Apple Software Update
[26/05/2008|17:15] C:\Program Files\BearShare Applications
[15/05/2008|10:12] C:\Program Files\Bonjour
[01/06/2008|18:53] C:\Program Files\Borland
[31/07/2008|18:52] C:\Program Files\Camfrog
[13/08/2008|16:27] C:\Program Files\Caricature Software Inc
[29/05/2008|19:07] C:\Program Files\CCleaner
[10/11/2008|15:43] C:\Program Files\Circle Developement
[14/05/2008|08:01] C:\Program Files\ComPlus Applications
[01/06/2008|19:28] C:\Program Files\Conduit
[31/05/2008|22:25] C:\Program Files\DDD Pool
[01/06/2008|18:50] C:\Program Files\douniamusic.com
[21/06/2008|15:02] C:\Program Files\Download Direct
[25/09/2008|10:05] C:\Program Files\ElcomSoft
[05/11/2008|20:12] C:\Program Files\eMule
[13/11/2008|15:47] C:\Program Files\Fichiers communs
[24/05/2008|19:16] C:\Program Files\Flash Memory Toolkit
[13/11/2008|16:08] C:\Program Files\FlashGet
[15/05/2008|09:59] C:\Program Files\FLV Player
[16/07/2008|09:01] C:\Program Files\Foxit Software
[10/06/2008|09:36] C:\Program Files\Full Speed
[18/06/2008|22:33] C:\Program Files\GlobFX
[24/07/2008|19:49] C:\Program Files\Google
[24/06/2008|20:28] C:\Program Files\Help Junk Win
[09/06/2008|14:31] C:\Program Files\Hewlett-Packard
[09/06/2008|14:33] C:\Program Files\HP
[13/11/2008|14:31] C:\Program Files\ImageConverter Plus
[02/06/2008|21:53] C:\Program Files\InstallShield
[06/11/2008|20:30] C:\Program Files\InstallShield Installation Information
[14/05/2008|08:15] C:\Program Files\Intel
[01/06/2008|18:55] C:\Program Files\InterBase Corp
[08/11/2008|16:42] C:\Program Files\Internet Download Manager
[16/10/2008|14:34] C:\Program Files\Internet Explorer
[15/05/2008|10:13] C:\Program Files\iPod
[15/05/2008|10:13] C:\Program Files\iTunes
[16/09/2008|16:34] C:\Program Files\Java
[23/09/2008|04:35] C:\Program Files\LimeWire
[03/10/2008|18:50] C:\Program Files\LizardTech
[13/11/2008|14:17] C:\Program Files\Malwarebytes' Anti-Malware
[13/06/2008|21:56] C:\Program Files\Maple 11
[14/05/2008|08:30] C:\Program Files\Marvell
[23/05/2008|11:46] C:\Program Files\Maxthon2
[14/08/2008|14:45] C:\Program Files\Messenger
[04/09/2008|10:42] C:\Program Files\Messenger Plus! Live
[14/05/2008|08:05] C:\Program Files\microsoft frontpage
[08/06/2008|12:06] C:\Program Files\Microsoft Office
[09/07/2008|22:33] C:\Program Files\Microsoft SQL Server
[14/05/2008|18:03] C:\Program Files\Microsoft Visual Studio
[08/06/2008|12:12] C:\Program Files\Microsoft Visual Studio 8
[14/05/2008|18:03] C:\Program Files\Microsoft Works
[08/06/2008|12:18] C:\Program Files\Microsoft.NET
[23/05/2008|12:22] C:\Program Files\Movie Maker
[13/11/2008|16:07] C:\Program Files\Mozilla Firefox 3 Beta 5
[14/05/2008|18:03] C:\Program Files\MSBuild
[31/05/2008|21:38] C:\Program Files\MSECache
[14/05/2008|08:00] C:\Program Files\MSN
[14/05/2008|08:01] C:\Program Files\MSN Gaming Zone
[15/05/2008|11:24] C:\Program Files\MSXML 4.0
[08/06/2008|12:16] C:\Program Files\MSXML 6.0
[03/06/2008|17:53] C:\Program Files\NeoTracePro
[14/05/2008|17:43] C:\Program Files\Nero
[14/05/2008|17:45] C:\Program Files\NeroInstall.bak
[14/05/2008|08:02] C:\Program Files\NetMeeting
[31/10/2008|09:00] C:\Program Files\NewBlue
[05/07/2008|14:14] C:\Program Files\Norton Ghost
[14/05/2008|08:01] C:\Program Files\Online Services
[23/05/2008|12:22] C:\Program Files\Outlook Express
[02/10/2008|08:16] C:\Program Files\PDF Blender
[12/06/2008|17:30] C:\Program Files\PDFCreator
[12/06/2008|17:28] C:\Program Files\PDFCreator Toolbar
[22/05/2008|12:22] C:\Program Files\Power Translator
[15/05/2008|10:12] C:\Program Files\QuickTime
[15/05/2008|08:39] C:\Program Files\Real
[25/09/2008|13:45] C:\Program Files\Reallusion
[14/05/2008|08:28] C:\Program Files\Realtek
[31/05/2008|20:30] C:\Program Files\ReflexiveArcade
[09/11/2008|16:54] C:\Program Files\Replay Media Catcher
[14/05/2008|16:56] C:\Program Files\SAMSUNG
[14/05/2008|08:03] C:\Program Files\Services en ligne
[29/05/2008|18:49] C:\Program Files\ShaPlus Google Translator
[06/11/2008|20:25] C:\Program Files\SmartSound Software
[08/10/2008|13:27] C:\Program Files\Spybot - Search & Destroy
[02/09/2008|19:32] C:\Program Files\StumbleUpon
[14/05/2008|20:03] C:\Program Files\Sun
[28/05/2008|21:52] C:\Program Files\Sun Microsystems
[15/05/2008|18:59] C:\Program Files\Symantec
[15/05/2008|08:47] C:\Program Files\Team Factor
[16/09/2008|15:40] C:\Program Files\TechSmith
[29/05/2008|07:36] C:\Program Files\TeraCopy
[20/05/2008|17:01] C:\Program Files\The Weather Channel FW
[13/11/2008|13:43] C:\Program Files\Trend Micro
[09/06/2008|18:30] C:\Program Files\Trillian
[06/11/2008|18:50] C:\Program Files\TubeMaster
[30/10/2008|15:20] C:\Program Files\Ulead Systems
[14/05/2008|08:09] C:\Program Files\Uninstall Information
[14/05/2008|20:05] C:\Program Files\Universalis
[13/11/2008|10:57] C:\Program Files\UsbFix
[06/06/2008|08:21] C:\Program Files\VideoLAN
[29/05/2008|11:25] C:\Program Files\Winamp
[16/05/2008|18:46] C:\Program Files\Winamp Remote
[14/05/2008|20:50] C:\Program Files\Windows Live
[30/10/2008|15:21] C:\Program Files\Windows Media Components
[14/05/2008|22:27] C:\Program Files\Windows Media Player
[14/05/2008|08:01] C:\Program Files\Windows NT
[14/05/2008|08:03] C:\Program Files\WindowsUpdate
[06/10/2008|08:36] C:\Program Files\WinRAR
[25/09/2008|10:06] C:\Program Files\Xara
[14/05/2008|08:05] C:\Program Files\xerox
[06/06/2008|12:52] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[28/10/2008|18:39] C:\Program Files\Fichiers communs\Adobe
[15/05/2008|10:11] C:\Program Files\Fichiers communs\Apple
[02/06/2008|23:39] C:\Program Files\Fichiers communs\Borland Shared
[14/05/2008|18:03] C:\Program Files\Fichiers communs\DESIGNER
[30/10/2008|16:31] C:\Program Files\Fichiers communs\eSellerate
[09/06/2008|14:29] C:\Program Files\Fichiers communs\Hewlett-Packard
[09/06/2008|14:33] C:\Program Files\Fichiers communs\HP
[28/05/2008|22:21] C:\Program Files\Fichiers communs\InstallShield
[30/10/2008|15:23] C:\Program Files\Fichiers communs\InterVideo
[14/05/2008|19:33] C:\Program Files\Fichiers communs\Java
[08/06/2008|12:07] C:\Program Files\Fichiers communs\Merge Modules
[30/10/2008|15:18] C:\Program Files\Fichiers communs\Microsoft Shared
[14/05/2008|08:02] C:\Program Files\Fichiers communs\MSSoap
[14/05/2008|17:21] C:\Program Files\Fichiers communs\Nero
[14/05/2008|08:49] C:\Program Files\Fichiers communs\ODBC
[15/05/2008|08:40] C:\Program Files\Fichiers communs\Real
[14/05/2008|08:02] C:\Program Files\Fichiers communs\Services
[14/05/2008|17:44] C:\Program Files\Fichiers communs\Simple Star Shared
[14/05/2008|08:54] C:\Program Files\Fichiers communs\snpstd3
[14/05/2008|08:48] C:\Program Files\Fichiers communs\SpeechEngines
[26/10/2008|15:57] C:\Program Files\Fichiers communs\SureThing Shared
[15/05/2008|18:59] C:\Program Files\Fichiers communs\Symantec Shared
[15/05/2008|11:25] C:\Program Files\Fichiers communs\System
[30/10/2008|15:21] C:\Program Files\Fichiers communs\Ulead Systems
[14/05/2008|18:23] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[16/09/2008|15:39] C:\Program Files\Fichiers communs\Wise Installation Wizard
[15/05/2008|08:40] C:\Program Files\Fichiers communs\xing shared

--------------------\\ Process

( 62 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\ALLUSE~1\APPLIC~1\part dead amok eggs
C:\Program Files\Circle Developement

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-13 17:13:07
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 4

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Famille\Favoris\Menu des marque-pages\Cours\Crack rapidshare délai d'attente et de télécharger limite »Ma vie numérique.URL


[F:2][D:1]-> C:\DOCUME~1\Famille\LOCALS~1\Temp
[F:9][D:0]-> C:\DOCUME~1\Famille\Cookies
[F:2][D:0]-> C:\DOCUME~1\Famille\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 13/11/2008|17:14 - Option : [1]

--------------------\\ Fin du rapport a 17:14:30

j'ai fait le rapport avant un coup de CCLEANER, le rapport est le suivant:


--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 2.66GHz )
BIOS : BIOS Date: 10/19/06 17:05:36 Ver: 08.00.10
USER : Famille ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 081113-0] 4.8.1229 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:40 Go (Free:22 Go)
D:\ (Local Disk) - NTFS - Total:34 Go (Free:25 Go)
E:\ (CD or DVD)
F:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
G:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [2] ( 13/11/2008|17:38 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\part dead amok eggs
Supprime! - C:\Program Files\Circle Developement

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans APPLIC~1

[28/10/2008|18:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[15/05/2008|10:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[15/05/2008|10:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[22/10/2008|15:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
[13/11/2008|09:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
[09/06/2008|14:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
[30/10/2008|15:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InterVideo
[13/11/2008|14:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[29/05/2008|12:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[08/06/2008|12:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[13/11/2008|14:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[16/05/2008|12:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
[23/05/2008|17:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
[17/05/2008|07:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\OrbNetworks
[10/11/2008|17:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle
[26/10/2008|15:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle Studio Ultimate
[14/05/2008|20:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[14/05/2008|17:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Simple Star Shared
[08/06/2008|19:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[06/11/2008|20:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SmartSound Software Inc
[08/10/2008|13:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[16/05/2008|09:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[16/09/2008|15:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TechSmith
[28/09/2008|16:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[30/10/2008|15:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
[14/05/2008|20:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[06/06/2008|12:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\yahoo!
[03/06/2008|18:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion

[24/07/2008|19:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
[14/05/2008|08:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[13/11/2008|14:05] C:\DOCUME~1\Famille\APPLIC~1\4shared Uploader
[28/10/2008|18:01] C:\DOCUME~1\Famille\APPLIC~1\Adobe
[17/05/2008|07:55] C:\DOCUME~1\Famille\APPLIC~1\Apple Computer
[06/11/2008|09:05] C:\DOCUME~1\Famille\APPLIC~1\BearShare
[10/06/2008|07:48] C:\DOCUME~1\Famille\APPLIC~1\Camfrog
[02/11/2008|13:41] C:\DOCUME~1\Famille\APPLIC~1\Daimler
[13/11/2008|15:50] C:\DOCUME~1\Famille\APPLIC~1\DMCache
[14/05/2008|20:23] C:\DOCUME~1\Famille\APPLIC~1\eu
[27/05/2008|18:49] C:\DOCUME~1\Famille\APPLIC~1\Google
[16/05/2008|14:18] C:\DOCUME~1\Famille\APPLIC~1\Help
[28/07/2008|11:23] C:\DOCUME~1\Famille\APPLIC~1\Help Junk Win
[09/06/2008|15:07] C:\DOCUME~1\Famille\APPLIC~1\HP
[14/05/2008|08:09] C:\DOCUME~1\Famille\APPLIC~1\Identities
[14/06/2008|23:31] C:\DOCUME~1\Famille\APPLIC~1\IDM
[08/11/2008|17:19] C:\DOCUME~1\Famille\APPLIC~1\Image Zone Express
[31/10/2008|08:44] C:\DOCUME~1\Famille\APPLIC~1\InstallShield
[06/11/2008|10:43] C:\DOCUME~1\Famille\APPLIC~1\LimeWire
[17/07/2008|19:49] C:\DOCUME~1\Famille\APPLIC~1\Macromedia
[13/11/2008|14:17] C:\DOCUME~1\Famille\APPLIC~1\Malwarebytes
[19/09/2008|17:51] C:\DOCUME~1\Famille\APPLIC~1\Microsoft
[14/05/2008|08:41] C:\DOCUME~1\Famille\APPLIC~1\Mozilla
[25/07/2008|10:48] C:\DOCUME~1\Famille\APPLIC~1\MxBoost
[16/05/2008|12:52] C:\DOCUME~1\Famille\APPLIC~1\Nero
[18/05/2008|17:43] C:\DOCUME~1\Famille\APPLIC~1\ooVoo Details
[15/05/2008|17:20] C:\DOCUME~1\Famille\APPLIC~1\Real
[14/05/2008|17:23] C:\DOCUME~1\Famille\APPLIC~1\Simple Star
[09/11/2008|20:05] C:\DOCUME~1\Famille\APPLIC~1\Skype
[03/10/2008|18:43] C:\DOCUME~1\Famille\APPLIC~1\StumbleUpon
[14/05/2008|20:24] C:\DOCUME~1\Famille\APPLIC~1\Sun
[16/05/2008|09:50] C:\DOCUME~1\Famille\APPLIC~1\Symantec
[28/05/2008|16:57] C:\DOCUME~1\Famille\APPLIC~1\TeraCopy
[02/11/2008|13:07] C:\DOCUME~1\Famille\APPLIC~1\Thinstall
[30/10/2008|17:05] C:\DOCUME~1\Famille\APPLIC~1\Ulead Systems
[06/06/2008|08:47] C:\DOCUME~1\Famille\APPLIC~1\vlc
[29/05/2008|11:41] C:\DOCUME~1\Famille\APPLIC~1\Winamp
[05/10/2008|17:46] C:\DOCUME~1\Famille\APPLIC~1\WinRAR
[10/06/2008|09:24] C:\DOCUME~1\Famille\APPLIC~1\Yahoo!

[14/05/2008|08:04] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[08/06/2008|12:19] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft


--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[13/11/2008 17:37][--ah-----] C:\WINDOWS\tasks\User_Feed_Synchronization-{64E26B5D-4FB5-4392-A6F4-B87D9BFDA85D}.job
[13/11/2008 12:36][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
[13/11/2008 09:39][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[13/11/2008 15:50][--ah-----] C:\WINDOWS\tasks\SA.DAT
[07/09/2002 01:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[30/05/2008|18:02] C:\Program Files\Abdio
[28/10/2008|18:37] C:\Program Files\Adobe
[14/05/2008|08:49] C:\Program Files\Alwil Software
[22/10/2008|09:42] C:\Program Files\Apple Software Update
[26/05/2008|17:15] C:\Program Files\BearShare Applications
[15/05/2008|10:12] C:\Program Files\Bonjour
[01/06/2008|18:53] C:\Program Files\Borland
[31/07/2008|18:52] C:\Program Files\Camfrog
[13/08/2008|16:27] C:\Program Files\Caricature Software Inc
[29/05/2008|19:07] C:\Program Files\CCleaner
[14/05/2008|08:01] C:\Program Files\ComPlus Applications
[01/06/2008|19:28] C:\Program Files\Conduit
[31/05/2008|22:25] C:\Program Files\DDD Pool
[01/06/2008|18:50] C:\Program Files\douniamusic.com
[21/06/2008|15:02] C:\Program Files\Download Direct
[25/09/2008|10:05] C:\Program Files\ElcomSoft
[05/11/2008|20:12] C:\Program Files\eMule
[13/11/2008|15:47] C:\Program Files\Fichiers communs
[24/05/2008|19:16] C:\Program Files\Flash Memory Toolkit
[13/11/2008|16:08] C:\Program Files\FlashGet
[15/05/2008|09:59] C:\Program Files\FLV Player
[16/07/2008|09:01] C:\Program Files\Foxit Software
[10/06/2008|09:36] C:\Program Files\Full Speed
[18/06/2008|22:33] C:\Program Files\GlobFX
[24/07/2008|19:49] C:\Program Files\Google
[24/06/2008|20:28] C:\Program Files\Help Junk Win
[09/06/2008|14:31] C:\Program Files\Hewlett-Packard
[09/06/2008|14:33] C:\Program Files\HP
[13/11/2008|14:31] C:\Program Files\ImageConverter Plus
[02/06/2008|21:53] C:\Program Files\InstallShield
[06/11/2008|20:30] C:\Program Files\InstallShield Installation Information
[14/05/2008|08:15] C:\Program Files\Intel
[01/06/2008|18:55] C:\Program Files\InterBase Corp
[08/11/2008|16:42] C:\Program Files\Internet Download Manager
[16/10/2008|14:34] C:\Program Files\Internet Explorer
[15/05/2008|10:13] C:\Program Files\iPod
[15/05/2008|10:13] C:\Program Files\iTunes
[16/09/2008|16:34] C:\Program Files\Java
[23/09/2008|04:35] C:\Program Files\LimeWire
[03/10/2008|18:50] C:\Program Files\LizardTech
[13/11/2008|14:17] C:\Program Files\Malwarebytes' Anti-Malware
[13/06/2008|21:56] C:\Program Files\Maple 11
[14/05/2008|08:30] C:\Program Files\Marvell
[23/05/2008|11:46] C:\Program Files\Maxthon2
[14/08/2008|14:45] C:\Program Files\Messenger
[04/09/2008|10:42] C:\Program Files\Messenger Plus! Live
[14/05/2008|08:05] C:\Program Files\microsoft frontpage
[08/06/2008|12:06] C:\Program Files\Microsoft Office
[09/07/2008|22:33] C:\Program Files\Microsoft SQL Server
[14/05/2008|18:03] C:\Program Files\Microsoft Visual Studio
[08/06/2008|12:12] C:\Program Files\Microsoft Visual Studio 8
[14/05/2008|18:03] C:\Program Files\Microsoft Works
[08/06/2008|12:18] C:\Program Files\Microsoft.NET
[23/05/2008|12:22] C:\Program Files\Movie Maker
[13/11/2008|16:07] C:\Program Files\Mozilla Firefox 3 Beta 5
[14/05/2008|18:03] C:\Program Files\MSBuild
[31/05/2008|21:38] C:\Program Files\MSECache
[14/05/2008|08:00] C:\Program Files\MSN
[14/05/2008|08:01] C:\Program Files\MSN Gaming Zone
[15/05/2008|11:24] C:\Program Files\MSXML 4.0
[08/06/2008|12:16] C:\Program Files\MSXML 6.0
[03/06/2008|17:53] C:\Program Files\NeoTracePro
[14/05/2008|17:43] C:\Program Files\Nero
[14/05/2008|17:45] C:\Program Files\NeroInstall.bak
[14/05/2008|08:02] C:\Program Files\NetMeeting
[31/10/2008|09:00] C:\Program Files\NewBlue
[05/07/2008|14:14] C:\Program Files\Norton Ghost
[14/05/2008|08:01] C:\Program Files\Online Services
[23/05/2008|12:22] C:\Program Files\Outlook Express
[02/10/2008|08:16] C:\Program Files\PDF Blender
[12/06/2008|17:30] C:\Program Files\PDFCreator
[12/06/2008|17:28] C:\Program Files\PDFCreator Toolbar
[22/05/2008|12:22] C:\Program Files\Power Translator
[15/05/2008|10:12] C:\Program Files\QuickTime
[15/05/2008|08:39] C:\Program Files\Real
[25/09/2008|13:45] C:\Program Files\Reallusion
[14/05/2008|08:28] C:\Program Files\Realtek
[31/05/2008|20:30] C:\Program Files\ReflexiveArcade
[09/11/2008|16:54] C:\Program Files\Replay Media Catcher
[14/05/2008|16:56] C:\Program Files\SAMSUNG
[14/05/2008|08:03] C:\Program Files\Services en ligne
[29/05/2008|18:49] C:\Program Files\ShaPlus Google Translator
[06/11/2008|20:25] C:\Program Files\SmartSound Software
[08/10/2008|13:27] C:\Program Files\Spybot - Search & Destroy
[02/09/2008|19:32] C:\Program Files\StumbleUpon
[14/05/2008|20:03] C:\Program Files\Sun
[28/05/2008|21:52] C:\Program Files\Sun Microsystems
[15/05/2008|18:59] C:\Program Files\Symantec
[15/05/2008|08:47] C:\Program Files\Team Factor
[16/09/2008|15:40] C:\Program Files\TechSmith
[29/05/2008|07:36] C:\Program Files\TeraCopy
[20/05/2008|17:01] C:\Program Files\The Weather Channel FW
[13/11/2008|13:43] C:\Program Files\Trend Micro
[09/06/2008|18:30] C:\Program Files\Trillian
[06/11/2008|18:50] C:\Program Files\TubeMaster
[30/10/2008|15:20] C:\Program Files\Ulead Systems
[14/05/2008|08:09] C:\Program Files\Uninstall Information
[14/05/2008|20:05] C:\Program Files\Universalis
[13/11/2008|10:57] C:\Program Files\UsbFix
[06/06/2008|08:21] C:\Program Files\VideoLAN
[29/05/2008|11:25] C:\Program Files\Winamp
[16/05/2008|18:46] C:\Program Files\Winamp Remote
[14/05/2008|20:50] C:\Program Files\Windows Live
[30/10/2008|15:21] C:\Program Files\Windows Media Components
[14/05/2008|22:27] C:\Program Files\Windows Media Player
[14/05/2008|08:01] C:\Program Files\Windows NT
[14/05/2008|08:03] C:\Program Files\WindowsUpdate
[06/10/2008|08:36] C:\Program Files\WinRAR
[25/09/2008|10:06] C:\Program Files\Xara
[14/05/2008|08:05] C:\Program Files\xerox
[06/06/2008|12:52] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[28/10/2008|18:39] C:\Program Files\Fichiers communs\Adobe
[15/05/2008|10:11] C:\Program Files\Fichiers communs\Apple
[02/06/2008|23:39] C:\Program Files\Fichiers communs\Borland Shared
[14/05/2008|18:03] C:\Program Files\Fichiers communs\DESIGNER
[30/10/2008|16:31] C:\Program Files\Fichiers communs\eSellerate
[09/06/2008|14:29] C:\Program Files\Fichiers communs\Hewlett-Packard
[09/06/2008|14:33] C:\Program Files\Fichiers communs\HP
[28/05/2008|22:21] C:\Program Files\Fichiers communs\InstallShield
[30/10/2008|15:23] C:\Program Files\Fichiers communs\InterVideo
[14/05/2008|19:33] C:\Program Files\Fichiers communs\Java
[08/06/2008|12:07] C:\Program Files\Fichiers communs\Merge Modules
[30/10/2008|15:18] C:\Program Files\Fichiers communs\Microsoft Shared
[14/05/2008|08:02] C:\Program Files\Fichiers communs\MSSoap
[14/05/2008|17:21] C:\Program Files\Fichiers communs\Nero
[14/05/2008|08:49] C:\Program Files\Fichiers communs\ODBC
[15/05/2008|08:40] C:\Program Files\Fichiers communs\Real
[14/05/2008|08:02] C:\Program Files\Fichiers communs\Services
[14/05/2008|17:44] C:\Program Files\Fichiers communs\Simple Star Shared
[14/05/2008|08:54] C:\Program Files\Fichiers communs\snpstd3
[14/05/2008|08:48] C:\Program Files\Fichiers communs\SpeechEngines
[26/10/2008|15:57] C:\Program Files\Fichiers communs\SureThing Shared
[15/05/2008|18:59] C:\Program Files\Fichiers communs\Symantec Shared
[15/05/2008|11:25] C:\Program Files\Fichiers communs\System
[30/10/2008|15:21] C:\Program Files\Fichiers communs\Ulead Systems
[14/05/2008|18:23] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[16/09/2008|15:39] C:\Program Files\Fichiers communs\Wise Installation Wizard
[15/05/2008|08:40] C:\Program Files\Fichiers communs\xing shared

--------------------\\ Process

( 60 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-13 17:39:13
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 4

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Famille\Favoris\Menu des marque-pages\Cours\Crack rapidshare délai d'attente et de télécharger limite »Ma vie numérique.URL


[F:73][D:3]-> C:\DOCUME~1\Famille\LOCALS~1\Temp
[F:9][D:0]-> C:\DOCUME~1\Famille\Cookies
[F:2][D:0]-> C:\DOCUME~1\Famille\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 13/11/2008|17:14 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 13/11/2008|17:40 - Option : [2]

--------------------\\ Fin du rapport a 17:40:29

Qui t'anonce ça ? ou tu le vois ?

SmitFraudFix v2.375

Rapport fait à 18:12:43,65, 13/11/2008
Executé à partir de C:\Documents and Settings\Famille\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\tsnpstd3.exe
C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\Famille\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\InterBase Corp\InterBase\bin\ibguard.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\InterBase Corp\InterBase\bin\ibserver.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 9\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 9\SnagPriv.exe
C:\Program Files\TechSmith\SnagIt 9\snagiteditor.exe
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
C:\Documents and Settings\Famille\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\

C:\autorun.inf PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Famille


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Famille\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Famille\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Famille\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="file:///C:/DOCUME~1/Famille/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.jpg"
"SubscribedURL"="file:///C:/DOCUME~1/Famille/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.jpg"
"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 208.67.222.222
DNS Server Search Order: 208.67.220.220

HKLM\SYSTEM\CCS\Services\Tcpip\..\{AE357FA4-B163-4CEB-8E4A-CC139B66AE17}: NameServer=208.67.222.222 208.67.220.220
HKLM\SYSTEM\CS1\Services\Tcpip\..\{AE357FA4-B163-4CEB-8E4A-CC139B66AE17}: NameServer=208.67.222.222 208.67.220.220


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin