Probleme de restauration de fichiet windows

pistole Messages postés 13 Date d'inscription   Statut Membre -  
pistole Messages postés 13 Date d'inscription   Statut Membre -
Bonjour, 25-02-09
J’espère que quelqu’un pourra m’aider, j’ai plusieurs problème après une flopée de virus win32(13),adware(10),trojan(43) et rootkid(7)
je doit dire que j'avais norton 2005 je l'ai viré et j'ai mis avast c'est lui qui ma debarasser des virus
Impossible d’installer les mises à jour de IE7 et plus de barre d’outils
J’ai du réinstaller la version 6
Un autre problème par exemple avec izarc quand je fais un clic droit je n’ai plus les
Fonctions (extraire vers ou ici) et ainsi de suite, j’ai fais une restauration des fichiers Windows
La commande (%windir%\inf) Ca n’a rien donné,
J’ai essayé de scanner le disque avec la commande sfc /scannow on me demande de mettre le cd XP pro alors que j’ai XP familiale pack 2, je mets le cd avant de lancer la commande
Mais j’ai installé le service pack 3 est ce pour cela ?
Quand je tape la commande regsvr32 /i mshtml je reçois un message d’erreur
(dllinstall dans mshtml a échoué le code renvoyé était :0x80070005)
Pour le moment je ne vois que c’est problème la
Je joins un rapport HijackThis si il y à quelqu’un qui peut m’aider
Je le ou les remercies d’avance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:31:11, on mercredi 25 février 2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\C\System32\smss.exe
C:\C\system32\winlogon.exe
C:\C\system32\services.exe
C:\C\system32\lsass.exe
C:\C\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\C\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\C\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\C\system32\spoolsv.exe
C:\C\system32\ASTSRV.EXE
C:\C\system32\cisvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\C\system32\nvsvc32.exe
C:\C\System32\snmp.exe
C:\C\system32\svchost.exe
C:\C\system32\Tablet.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\C\system32\ctfmon.exe
C:\C\system32\WTablet\TabUserW.exe
C:\C\Explorer.EXE
C:\C\system32\Tablet.exe
C:\Program Files\RapidExe\RapidExe.exe
C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\C\system32\RunDLL32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\C\etMon.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\Program Files\Esterel-Tech\WonderKeys\wonderkeys.exe
C:\Program Files\Clocks-Sounds\ClockSnd.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Documents and Settings\Petit\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
G:\PhoneConnectorVMC.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\hiro's tool\MyTrashCan\MyTrashCan.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\C\system32\HPZipm12.exe
C:\C\system32\cidaemon.exe
C:\Program Files\sTabLauncher\sTabLauncher.exe
C:\C\system32\wuauclt.exe
G:\vmc.exe
C:\Documents and Settings\Petit\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Petit\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Petit\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Petit\Mes documents\1 Fichier temporaire\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60076
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/nl-be?checklang=1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\C\system32\gigagetbho_v10.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5DF311E4-E8F6-42F5-A720-59907056E8C7} - (no file)
O2 - BHO: (no name) - {6B8C5002-375B-4C82-8F6E-93DBC5C4D360} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll
O2 - BHO: (no name) - {89E40BF8-9470-4C2E-BCA8-E3F76C851504} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {96AC61F0-CD99-4CAA-8489-B6AB7E5D1E72} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {F4941CD6-E6D1-444B-88EF-CF1A7A9E5C12} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {196C3A46-4758-433D-A600-802C804AF39C} - (no file)
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [RapidExe] "C:\Program Files\RapidExe\RapidExe.exe"
O4 - HKLM\..\Run: [SideWinderTrayV4] "C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\C\system32\NeroCheck.exe"
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
O4 - HKLM\..\Run: [WMAAD] "C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\C\KHALMNPR.EXE"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [NvCplDaemon] "C:\C\system32\RUNDLL32.EXE" C:\C\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [nwiz] "C:\C\system32\nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "C:\C\system32\RunDLL32.exe" NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] "C:\C\KHALMNPR.EXE"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [etMonitor] "C:\C\etMon.exe"
O4 - HKLM\..\Run: [H2O] "C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [JWOSetup] JWOSetup.exe -en
O4 - HKLM\..\Run: [SMKRun] C:\Program Files\JustWrite Office\ScreenMark.exe -i
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [WonderKeys] "C:\Program Files\Esterel-Tech\WonderKeys\wonderkeys.exe"
O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
O4 - HKCU\..\Run: [Clocks-Sounds] "C:\Program Files\Clocks-Sounds\ClockSnd.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [VMCL] "C:\Program Files\vodafone\vmclite\DongleEnumerator.exe"
O4 - HKCU\..\Run: [unilex06] C:\Program Files\Micro Application\La grande Encyclopédie 2006\tft.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Petit\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\C\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\C\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\C\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\C\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\C\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MyTrashCan.lnk = C:\Program Files\hiro's tool\MyTrashCan\MyTrashCan.exe
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\C\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\C\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: MesFavoris - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\MesFavoris\MesFavoris (file missing)
O9 - Extra 'Tools' menuitem: &MesFavoris - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\MesFavoris\MesFavoris (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9DDE993F-88D2-430E-BF32-7D5205FA9130}: NameServer = 212.73.32.3 212.73.32.67
O20 - Winlogon Notify: rqrqqnl - rqrqqnl.dll (file missing)
O20 - Winlogon Notify: xxyxusTM - xxyxusTM.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Nalpeiron Licensing Service (ASTSRV) - Nalpeiron Ltd. - C:\C\system32\ASTSRV.EXE
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe
O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KCHOVRI - Unknown owner - C:\DOCUME~1\Petit\LOCALS~1\Temp\KCHOVRI.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LESF - Unknown owner - C:\DOCUME~1\Petit\LOCALS~1\Temp\LESF.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\C\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\C\system32\HPZipm12.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\C\system32\Tablet.exe
O23 - Service: UJGABHKO - Unknown owner - C:\DOCUME~1\Petit\LOCALS~1\Temp\UJGABHKO.exe (file missing)
O24 - Desktop Component 1: PC-Aquarium Deluxe - 7db39a0d-580f-4be9-9195-8bfcd226f6c2

--
End of file - 15191 bytes
Configuration: Windows XP edition familiale 2002 pack 3
ordinateur AMD Athlon(tm)64 processor 3200+  2.21GHz
navigateur IE7 et Google chrome

15 réponses

  1. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    Infection vundo :

    Telecharge malwarebytes

    NB : S'il te manque COMCTL32.OCX alors télécharge le ici

    Tu l´instale; le programme va se mettre automatiquement a jour.

    Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

    Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".

    Puis click sur "rechercher".

    Laisse le scanner le pc...

    Si des elements on ete trouvés > click sur supprimer la selection.

    si il t´es demandé de redemarrer > click sur "yes".

    A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
    Copie et colle le rapport stp.

    PS : les rapport sont aussi rangé dans l onglet rapport/log

    Tutoriaux

    0
  2. pistole Messages postés 13 Date d'inscription   Statut Membre
     
    bonjour
    Merci d’avoir répondu aussi vite a mon message
    Et excusez-moi de ne pas avoir répondu plus tôt mais je n’ai accès à internet qu’a 17h
    Et mon ordinateur c’est plante apres 2h15 de scan
    J’ai cherchez le fichier COMCTL32.OCX il se trouve bien dans system 32 (version 6.00.8106)
    J’ai fait comme vous avez dit dans votre message Malwarebytes n’a rien détecte
    Et voila le rapport :
    Malwarebytes' Anti-Malware 1.34
    Version de la base de données: 1778
    Windows 5.1.2600 Service Pack 3

    jeudi 26 février 2009 23:05:50
    mbam-log-2009-02-26 (23-05-50).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 373835
    Temps écoulé: 3 hour(s), 37 minute(s), 53 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)
    0
  3. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    Bon tu vas me faire ceci alors :

    Fait ceci et poste moi le rapport à la suite de la question êtes vous aider par quelqu'un. Merci.

    Télécharge GenProc sur ton bureau (Attention le fichier est un fichier zip)
    Dézippe le dossier, double-clique sur GenProc.bat
    En final, poste le contenu du rapport qui s'affiche.
    Comment utiliser GenProc

    Pour ceux qui ont vista, ne pas oublier de désactiver Le contrôle des comptes utilisateurs

    0
  4. pistole Messages postés 13 Date d'inscription   Statut Membre
     
    bonsoir
    Je ne comprends pas le sens de la première phrase (êtes vous aider par quelqu'un. Merci.)
    En plus j’ai téléchargé les outils indique dans le rapport de genproc mais je ne trouve pas
    Le fichier RunThis.cmd il y a bien un fichier RunThis. Mais au format bat
    Mais il se fait tard la suite sera pour demain
    Un grand merci pour votre aide
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. pistole Messages postés 13 Date d'inscription   Statut Membre
     
    Bonjour

    J’ai fait comme vous avez demandez avec les outils
    Toolbar-S&D
    ComboFix
    SDfix
    Mais je me suis trompe au message
    ("La console de récupération a été installée avec succès", clique impérativement sur NON)
    Je crois que j’ai clique sur oui
    Et j’ai oublie de lancer ccleaner avant redémarre

    Je ne crois que ça à marcher je n’ai toujours pas de menu contextuel avec izarc
    Je l’ai désinstallé et réinstaller maintenant j’ai ce message :

    (C:\Program Files\IZArc\IZArcCM.dll Unable to register the DLL/OCX: RegSvr32 failed with exit code 0x5. Click Retry to try again, Ignore to proceed anyway (not recommended), or Abort to cancel installation.)

    La commande : regsvr32 /i mshtml je reçois toujour ce message
    DllInstall dans mshtml a échoué le code renvoyé était :0x80070005

    Je n’ai pas encore essayé de réinstallé IE7
    J’attends votre avis

    Voila les rapport

    ComboFix 09-02-26.01 - Petit 2009-02-27 9:07:43.3 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1535.934 [GMT 1:00]
    Lancé depuis: c:\documents and settings\Petit\Mes documents\Downloads\ComboFix.exe
    AV: avast! antivirus 4.8.1335 [VPS 090226-0] *On-access scanning disabled* (Updated)
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\c\system32\wi\

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-27 au 2009-02-27 ))))))))))))))))))))))))))))))))))))
    .

    2009-02-27 08:38 . 2009-02-27 08:38 <REP> d-------- c:\c\ERUNT
    2009-02-27 08:33 . 2009-02-27 08:36 <REP> d-------- C:\ToolBar SD
    2009-02-26 14:14 . 2009-02-26 14:14 <REP> d-------- c:\program files\Foxit Software
    2009-02-25 17:05 . 2009-01-09 20:19 1,089,883 -----c--- c:\c\system32\dllcache\ntprint.cat
    2009-02-24 18:49 . 2009-02-24 18:49 <REP> d-------- c:\c\system32\CatRoot_bak
    2009-02-24 16:40 . 2007-01-08 05:04 184,320 --a------ c:\c\system32\JustWrite.dll
    2009-02-24 16:40 . 2007-01-09 14:25 94,208 --a------ c:\c\JWOSetup.exe
    2009-02-24 16:18 . 2009-02-24 16:47 <REP> d-------- c:\program files\JustWrite Office
    2009-02-24 16:18 . 2007-01-07 21:18 170,496 --a------ c:\c\JwPackP2.ppa
    2009-02-24 16:18 . 2005-12-14 11:42 117,248 --a------ c:\c\JwPackP1.ppa
    2009-02-24 16:18 . 2007-01-07 21:19 43,533 --a------ c:\c\JwPackP.ppam
    2009-02-23 12:29 . 2009-02-23 12:47 <REP> d-------- c:\program files\PowerStrip
    2009-02-22 15:31 . 2009-02-22 15:31 224 --a------ c:\c\system32\spupdsvc.inf
    2009-02-22 15:21 . 2009-02-22 15:21 329 --a------ c:\c\Fix IE Log.tBAK
    2009-02-21 19:09 . 2009-02-22 18:46 <REP> d-------- c:\program files\IZArc
    2009-02-20 13:03 . 2002-04-09 20:34 839,729 --------- c:\c\system32\python22.dll
    2009-02-17 10:56 . 2009-02-17 10:56 <REP> d-------- c:\program files\Anti-Rootkit
    2009-02-16 20:05 . 2009-02-16 20:05 8,576 --a------ c:\c\system32\drivers\gecsvbqrwiyg.sys
    2009-02-16 10:46 . 2009-02-16 17:05 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2009-02-16 10:46 . 2009-02-16 10:46 <REP> d-------- c:\documents and settings\Petit\Application Data\Malwarebytes
    2009-02-16 10:46 . 2009-02-16 10:46 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-02-16 10:46 . 2009-02-11 10:19 38,496 --a------ c:\c\system32\drivers\mbamswissarmy.sys
    2009-02-16 10:46 . 2009-02-11 10:19 15,504 --a------ c:\c\system32\drivers\mbam.sys
    2009-02-14 16:35 . 2009-02-14 16:35 <REP> d-------- C:\System32
    2009-02-14 16:00 . 2004-10-01 08:08 18,048 -ra------ c:\c\system32\drivers\pl40rwdm.sys
    2009-02-14 15:57 . 2009-02-14 15:57 <REP> d-------- c:\program files\CASIO
    2009-02-13 19:05 . 2009-02-13 19:05 <REP> d-------- c:\documents and settings\Petit\Application Data\Uniblue
    2009-02-11 15:01 . 2009-02-12 17:25 <REP> d-------- C:\WTablet
    2009-02-11 11:13 . 2009-02-11 11:13 0 --a------ c:\c\system32\KZHF
    2009-02-11 11:07 . 2009-02-11 11:07 0 --a------ c:\c\system32\WI
    2009-02-10 18:53 . 2009-02-10 18:53 <REP> d-------- c:\program files\Windows Resource Kits
    2009-02-10 12:11 . 2009-02-10 12:11 <REP> d-------- c:\program files\CCleaner
    2009-02-09 18:57 . 2008-04-29 13:11 <REP> d-------- C:\SDFX
    2009-02-09 01:02 . 2009-02-09 01:03 <REP> d-------- C:\1714118ba6b7b8e7b608a7814405c9f0
    2009-02-08 22:56 . 2009-02-13 17:40 <REP> d-------- c:\program files\Spybot - Search & Destroy
    2009-02-07 12:06 . 2009-02-07 12:07 <REP> d-------- c:\documents and settings\Petit\Application Data\Sibelius Software
    2009-02-07 12:06 . 2009-02-07 12:06 <REP> d-------- c:\documents and settings\All Users\Application Data\Sibelius Software
    2009-02-07 12:06 . 2009-02-07 12:06 604 --ah----- c:\c\T4
    2009-02-07 12:06 . 2009-02-07 12:06 604 --ah----- c:\c\system32\T3
    2009-02-07 12:00 . 2009-02-11 11:30 <REP> dr------- c:\program files\Sibelius Software
    2009-02-07 10:54 . 2009-02-07 18:23 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
    2009-02-06 20:41 . 2009-02-06 20:41 <REP> d-------- c:\program files\Alwil Software
    2009-02-06 20:28 . 2009-02-09 20:09 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
    2009-02-06 20:26 . 2008-09-08 23:38 88,576 --a------ c:\c\system32\AntiXPVSTFix.exe
    2009-02-06 16:12 . 2009-02-06 16:57 <REP> d-------- c:\documents and settings\Petit\Application Data\AKVIS LLC
    2009-02-06 15:46 . 2009-02-09 14:13 <REP> d-------- c:\program files\AKVIS
    2009-02-05 21:45 . 2009-02-05 21:45 <REP> d-------- c:\documents and settings\Petit\Application Data\KORG
    2009-02-05 21:44 . 2009-02-05 22:29 <REP> d-------- c:\program files\KORG Legacy
    2009-02-05 21:44 . 2009-02-05 21:44 <REP> d-------- c:\program files\Fichiers communs\KORG
    2009-02-05 21:44 . 2009-02-05 21:44 <REP> d-------- c:\documents and settings\All Users\Application Data\KORG
    2009-02-05 20:32 . 2009-02-08 22:36 4 --a------ c:\c\system32\gaopdxcounte_
    2009-02-05 20:20 . 2009-02-05 20:20 <REP> d-------- c:\documents and settings\Petit\Application Data\ACAMPREF
    2009-02-05 17:46 . 2009-02-05 23:15 <REP> d-------- c:\program files\Pianoteq 2.3
    2009-02-04 17:57 . 2009-02-24 17:23 <REP> d-------- c:\program files\VST
    2009-02-04 15:04 . 2009-02-04 15:04 <REP> d-------- C:\Psfonts
    2009-02-04 15:04 . 2009-02-04 15:04 3,090 --a------ c:\c\winiini.fin
    2009-02-03 15:48 . 2009-02-03 15:48 <REP> d-------- C:\KXDATAS
    2009-02-03 12:42 . 2009-02-03 12:42 <REP> d-------- c:\c\Icõnes
    2009-02-02 15:23 . 2009-02-02 15:23 <REP> d-------- c:\program files\KeyToSound
    2009-02-01 15:14 . 2009-02-01 15:14 <REP> d-------- c:\program files\Syncrosoft
    2009-02-01 15:14 . 2005-02-01 04:34 700,416 --a------ c:\c\system32\SYNSOACC.dll
    2009-02-01 15:14 . 2004-05-11 00:58 147,456 --a------ c:\c\system32\SynsoLChk.dll
    2009-02-01 15:14 . 2003-08-01 05:28 147,425 --a------ c:\c\system32\SYNSOACC-Aide.chm
    2009-02-01 15:14 . 2003-05-27 00:29 120,468 --a------ c:\c\system32\SYNSOACC-Hilfe.chm
    2009-02-01 15:14 . 2003-05-27 00:29 114,279 --a------ c:\c\system32\SYNSOACC-Help.chm
    2009-02-01 15:14 . 2002-11-25 17:36 45,056 --a------ c:\c\system32\Synsopos.exe
    2009-02-01 15:14 . 2001-04-09 14:03 17,784 --a------ c:\c\system32\drivers\NSynas32.sys
    2009-02-01 07:46 . 2009-02-20 15:49 16 --a------ c:\c\system32\w3data.vss
    2009-02-01 07:46 . 2009-02-20 15:49 16 --a------ c:\c\msocreg32.dat
    2009-02-01 07:37 . 2009-02-01 07:37 <REP> d-------- c:\program files\IK Multimedia
    2009-01-31 18:42 . 2009-02-02 16:35 <REP> d-------- c:\documents and settings\Petit\Chainer
    2009-01-31 18:00 . 2009-01-31 18:00 <REP> d-------- c:\documents and settings\Petit\arcdevsbs
    2009-01-31 17:21 . 2009-01-31 17:21 <REP> d-------- c:\program files\Chainer
    2009-01-31 17:21 . 2009-01-31 17:21 <REP> d-------- c:\documents and settings\Petit\Application Data\Xlutop
    2009-01-31 13:30 . 2009-01-31 13:32 <REP> d-------- c:\documents and settings\Petit\Application Data\Pouchin TV Mod
    2009-01-29 16:50 . 2009-01-29 16:50 <REP> d-------- c:\documents and settings\All Users\Application Data\Audio Damage
    2009-01-28 17:22 . 2009-01-28 17:22 <REP> d-------- c:\program files\Fichiers communs\PACE Anti-Piracy
    2009-01-28 17:22 . 2009-01-28 17:22 <REP> d-------- c:\documents and settings\Petit\Application Data\PACE Anti-Piracy
    2009-01-28 17:22 . 2009-01-28 17:22 <REP> d-------- c:\documents and settings\All Users\Application Data\PACE Anti-Piracy
    2009-01-28 17:03 . 2009-01-28 17:03 <REP> d-------- c:\program files\UVISoundBanks
    2009-01-28 17:03 . 2009-01-28 17:03 <REP> d-------- c:\program files\Propellerhead
    2009-01-28 17:03 . 2009-01-28 17:03 <REP> d-------- c:\program files\InterLok
    2009-01-28 17:02 . 2009-01-28 17:02 <REP> d-------- c:\program files\Fichiers communs\UVI
    2009-01-28 17:02 . 2008-06-01 17:55 1,719,296 --a------ c:\c\system32\libsndfile-1.dll
    2009-01-27 19:34 . 2009-01-27 19:34 <REP> d-------- c:\documents and settings\Petit\Application Data\Propellerhead Software

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-27 07:50 --------- d-----w c:\documents and settings\Petit\Application Data\WTablet
    2009-02-27 07:50 --------- d-----w c:\documents and settings\LocalService\Application Data\WTablet
    2009-02-27 04:51 --------- d-----w c:\program files\Microsoft Silverlight
    2009-02-26 16:25 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
    2009-02-26 13:03 --------- d-----w c:\program files\Fichiers communs\Adobe
    2009-02-24 15:57 --------- d-----w c:\documents and settings\Petit\Application Data\JustWrite Office
    2009-02-24 15:18 --------- d-----w c:\documents and settings\Petit\Application Data\InstallShield Installation Information
    2009-02-24 15:14 --------- d-----w c:\program files\Tablet
    2009-02-20 14:22 --------- d-----r c:\program files\Instrument Virtuel
    2009-02-20 12:03 --------- d--h--w c:\program files\InstallShield Installation Information
    2009-02-19 14:23 --------- d-----w c:\program files\Micro Application
    2009-02-18 15:12 --------- d-----w c:\documents and settings\Petit\Application Data\cerasus.media
    2009-02-16 16:38 --------- d-----w c:\program files\Windows Live Safety Center
    2009-02-15 19:23 --------- d-----w c:\program files\MSECache
    2009-02-13 16:52 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-02-13 14:40 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
    2009-02-07 17:23 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
    2009-02-07 15:13 --------- d-----w c:\program files\Fichiers communs\Symantec Shared
    2009-02-07 11:06 604 ---ha-w c:\program files\STLL Notifier
    2009-02-05 19:20 1,409 -c--a-w c:\c\Fonts\SToccata.fot
    2009-02-03 18:39 --------- d-----r c:\program files\Arturia
    2009-02-03 11:53 --------- d-----r c:\program files\Steinberg
    2009-02-01 14:26 --------- d-----w c:\documents and settings\Petit\Application Data\Steinberg
    2009-01-30 14:16 --------- d-----w c:\program files\VirtualCloneDrive
    2009-01-28 15:35 --------- d-----w c:\program files\PNotes
    2009-01-20 16:12 188 ----a-w C:\Delme.bat
    2009-01-20 15:42 --------- d-----w c:\program files\Compil Games
    2009-01-19 15:36 --------- d-----w c:\program files\VPLauncher
    2009-01-19 15:36 --------- d-----w c:\program files\Future Pinball
    2009-01-19 15:13 --------- d-----w c:\program files\Visual Pinball
    2009-01-18 17:08 --------- d-----w c:\documents and settings\Petit\Application Data\Teragon Audio
    2009-01-16 15:21 --------- d-----w c:\program files\Power Tab Software
    2009-01-16 14:50 --------- d-----w c:\documents and settings\Petit\Application Data\SynthFont
    2009-01-16 11:39 --------- d-----w c:\documents and settings\Petit\Application Data\Flux
    2009-01-15 17:55 --------- d-----w c:\program files\Flux
    2009-01-12 20:05 --------- d-----w c:\documents and settings\Petit\Application Data\LinPlug
    2009-01-11 10:39 --------- d-----w c:\program files\u-he
    2009-01-10 18:36 --------- d-----w c:\documents and settings\Petit\Application Data\Audacity
    2009-01-09 17:56 --------- d-----w c:\documents and settings\All Users\Application Data\DFX
    2009-01-07 18:06 --------- d-----w c:\program files\Internet Digital Radio Tuner
    2009-01-04 20:36 18 ----a-w c:\documents and settings\Petit\ambt.dat
    2008-12-31 16:04 691,560 ----a-w c:\c\system32\OGACheckControl.dll
    2008-12-31 16:04 528,744 ----a-w c:\c\system32\OGAVerify.exe
    2008-12-31 16:04 502,120 ----a-w c:\c\system32\OGAAddin.dll
    2008-12-22 16:19 44,544 ------w c:\c\AWuninstall.exe
    2008-12-22 15:36 1,483,523 ----a-w c:\c\Snowmen.scr
    2008-12-20 10:39 1,087,738 ----a-w c:\c\Getting Ready .scr
    2007-07-04 13:50 66 ----a-w c:\documents and settings\Petit\Petit_notes.dat
    2006-11-29 15:48 4,096 -c--a-w c:\documents and settings\Petit\log.dat
    1998-08-24 11:09 10,000 -c--a-w c:\c\inf\unregpn.exe
    2006-02-08 11:52 54,976 ----a-w c:\program files\internet explorer\plugins\SwDir.dll
    2006-09-10 12:59 8,192 -csha-w c:\c\o2cLicStore.bin
    2008-07-11 17:49 848 --sha-w c:\c\system32\KGyGaAvL.sys
    2008-05-08 16:45 32,768 --sha-w c:\c\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008050820080509\index.dat
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-02-27_ 6.17.36.45 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-08-07 14:27:04 163,328 ----a-w c:\c\ERUNT\SDFIX\ERDNT.EXE
    + 2009-02-27 07:38:18 27,738,112 ----a-w c:\c\ERUNT\SDFIX\Users\[u]0/u0000001\ntuser.dat
    + 2009-02-27 07:38:18 3,489,792 ----a-w c:\c\ERUNT\SDFIX\Users\[u]0/u0000002\UsrClass.dat
    + 2008-08-07 14:27:04 163,328 ----a-w c:\c\ERUNT\SDFIX_First_Run\ERDNT.EXE
    + 2009-02-27 07:38:15 27,738,112 ----a-w c:\c\ERUNT\SDFIX_First_Run\Users\[u]0/u0000001\ntuser.dat
    + 2009-02-27 07:38:15 3,489,792 ----a-w c:\c\ERUNT\SDFIX_First_Run\Users\[u]0/u0000002\UsrClass.dat
    + 2009-02-27 07:50:11 16,384 ------w c:\c\temp\Perflib_Perfdata_558.dat
    + 2009-02-27 07:50:12 16,384 ------w c:\c\temp\Perflib_Perfdata_6e0.dat
    + 2009-02-27 07:50:23 16,384 ------w c:\c\temp\Perflib_Perfdata_774.dat
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Start WingMan Profiler"="c:\program files\Logitech\Profiler\lwemon.exe" [2004-04-23 77824]
    "WonderKeys"="c:\program files\Esterel-Tech\WonderKeys\wonderkeys.exe" [2007-12-28 2329600]
    "NBJ"="c:\progra~1\Ahead\NEROBA~1\NBJ.exe" [2005-04-14 1957888]
    "Clocks-Sounds"="c:\program files\Clocks-Sounds\ClockSnd.exe" [2003-10-30 225280]
    "ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
    "msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
    "VMCL"="c:\program files\vodafone\vmclite\DongleEnumerator.exe" [2007-04-16 131072]
    "unilex06"="c:\program files\Micro Application\La grande Encyclopédie 2006\tft.exe" [2005-03-17 61440]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-08 39408]
    "Google Update"="c:\documents and settings\Petit\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-19 133104]
    "ctfmon.exe"="c:\c\system32\ctfmon.exe" [2008-04-14 15360]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
    "ccleaner"="c:\program files\CCleaner\ccleaner.exe" [2009-01-20 1451248]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RapidExe"="c:\program files\RapidExe\RapidExe.exe" [2004-02-27 601088]
    "SideWinderTrayV4"="c:\progra~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe" [2000-06-28 24649]
    "NeroFilterCheck"="c:\c\system32\NeroCheck.exe" [2001-07-09 155648]
    "InCD"="c:\program files\Ahead\InCD\InCD.exe" [2004-11-26 1349120]
    "WMAAD"="c:\program files\Sony\WALKMAN Launcher\WMAAD.exe" [2007-02-16 110592]
    "Logitech Hardware Abstraction Layer"="c:\c\KHALMNPR.EXE" [2008-02-29 76304]
    "VirtualCloneDrive"="c:\program files\VirtualCloneDrive\VCDDaemon.exe" [2008-06-29 52168]
    "NvCplDaemon"="c:\c\system32\NvCpl.dll" [2008-09-17 13574144]
    "nwiz"="c:\c\system32\nwiz.exe" [2008-09-17 1657376]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
    "Kernel and Hardware Abstraction Layer"="c:\c\KHALMNPR.EXE" [2008-02-29 76304]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
    "etMonitor"="c:\c\etMon.exe" [2005-07-26 40960]
    "H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-05-11 200069]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
    "SMKRun"="c:\program files\JustWrite Office\ScreenMark.exe" [2007-01-08 118784]
    "NvMediaCenter"="NvMCTray.dll" [2008-09-17 c:\c\system32\nvmctray.dll]
    "JWOSetup"="JWOSetup.exe" [2007-01-09 c:\c\JWOSetup.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\c\system32\CTFMON.EXE" [2008-04-14 15360]
    "DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

    c:\documents and settings\Petit\Menu D‚marrer\Programmes\D‚marrage\
    MyTrashCan.lnk - c:\program files\hiro's tool\MyTrashCan\MyTrashCan.exe [2007-12-28 263168]
    Rainlendar.lnk - c:\program files\Rainlendar\Rainlendar.exe [2005-07-22 118784]
    Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2006-01-21 118784]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-12-01 805392]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2008-05-02 02:42 72208 c:\program files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrqqnl]
    [BU]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyxusTM]
    [BU]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.l3acm"= l3codecp.acm
    "VIDC.VDOM"= vdowave.drv
    "midi1"= myokent.dll
    "VIDC.dvsd"= c:\program files\Fichiers communs\Sony Shared\VideoLib\sonydv.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Giganology\\Gigaget\\Gigaget.exe"=
    "c:\\Program Files\\Xi\\NetXfer\\NetTransport.exe"=

    R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\c\system32\drivers\sfsync03.sys [2005-12-06 35328]
    R1 aswSP;avast! Self Protection;c:\c\system32\drivers\aswSP.sys [2009-02-08 114768]
    R1 LADriver;LADriver;c:\c\system32\drivers\LADriver.sys [2006-08-10 27136]
    R1 LDDriver;LDDriver;c:\c\system32\drivers\LDDriver.sys [2006-08-10 24064]
    R1 LHDriver;LHDriver;c:\c\system32\drivers\LHDriver.sys [2006-08-10 14336]
    R1 SSHDRV85;SSHDRV85;c:\c\system32\drivers\SSHDRV85.sys [2008-03-08 78848]
    R2 ASTSRV;Nalpeiron Licensing Service;c:\c\system32\ASTSRV.EXE [2008-11-05 57344]
    R2 aswFsBlk;aswFsBlk;c:\c\system32\drivers\aswFsBlk.sys [2009-02-08 20560]
    R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
    R3 CLEDX;Team H2O CLEDX service;c:\c\system32\drivers\cledx.sys [2009-01-01 33792]
    R3 DCamUSBET;ET USB 2710 Camera;c:\c\system32\drivers\etDevice.sys [2006-08-04 88704]
    R3 FiltUSBET;ET USB Device Lower Filter;c:\c\system32\drivers\etFilter.sys [2006-08-04 102912]
    R3 ScanUSBET;ET USB Still Image Capture Device;c:\c\system32\drivers\etScan.sys [2006-08-04 5760]
    S3 ICScsiSV;Image Converter SCSI Service;c:\program files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe [2007-08-22 75952]
    S3 IcVzMonLauncher;IcVzMonLauncher;c:\program files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe [2007-08-22 67760]
    S3 KCHOVRI;KCHOVRI;c:\docume~1\Petit\LOCALS~1\Temp\KCHOVRI.exe --> c:\docume~1\Petit\LOCALS~1\Temp\KCHOVRI.exe [?]
    S3 LESF;LESF;c:\docume~1\Petit\LOCALS~1\Temp\LESF.exe --> c:\docume~1\Petit\LOCALS~1\Temp\LESF.exe [?]
    S3 MEMSWEEP2;MEMSWEEP2;\??\c:\c\system32\22.tmp --> c:\c\system32\22.tmp [?]
    S3 PL-40R;CASIO USB MIDI;c:\c\system32\drivers\pl40rwdm.sys [2009-02-14 18048]
    S3 PortTalk;PortTalk;c:\c\system32\Drivers\PortTalk.sys --> c:\c\system32\Drivers\PortTalk.sys [?]
    S3 SWUSBFLT;Pilote de filtre Microsoft SideWinder VIA;c:\c\system32\drivers\SWUSBFLT.SYS [2006-07-29 3968]
    S3 UJGABHKO;UJGABHKO;c:\docume~1\Petit\LOCALS~1\Temp\UJGABHKO.exe --> c:\docume~1\Petit\LOCALS~1\Temp\UJGABHKO.exe [?]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
    \Shell\AutoRun\command - G:\VMC_PBStarter.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1bbe80a6-6de0-11dc-a8b5-ee96b21a97e2}]
    \Shell\AutoRun\command - G:\VMC_PBStarter.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8cf2b966-6dc9-11dc-a8b4-d08540cc52ee}]
    \Shell\AutoRun\command - G:\VMC_PBStarter.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8cf2b967-6dc9-11dc-a8b4-d08540cc52ee}]
    \Shell\AutoRun\command - G:\VMC_PBStarter.exe
    .
    Contenu du dossier 'Tâches planifiées'

    2009-02-27 c:\c\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-115176313-839522115-1004.job
    - c:\documents and settings\Petit\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-19 19:11]

    2009-02-27 c:\c\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

    2009-02-26 c:\c\Tasks\Spybot - Search & Destroy - Scheduled Task.job
    - c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2009-01-26 15:31]

    2009-02-27 c:\c\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
    - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{474597C5-AB09-49d6-A4D5-2E8D7341384E} - (no file)
    BHO-{5DF311E4-E8F6-42F5-A720-59907056E8C7} - (no file)
    BHO-{6B8C5002-375B-4C82-8F6E-93DBC5C4D360} - (no file)
    BHO-{89E40BF8-9470-4C2E-BCA8-E3F76C851504} - (no file)
    BHO-{96AC61F0-CD99-4CAA-8489-B6AB7E5D1E72} - (no file)
    BHO-{F4941CD6-E6D1-444B-88EF-CF1A7A9E5C12} - (no file)

    .
    ------- Examen supplémentaire -------
    .
    mWindow Title =
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    IE: &Download All by Gigaget
    IE: &Download by Gigaget
    IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
    IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    IE: Download with Rapget
    IE: E&xporter vers Microsoft Excel
    IE: Transfert par Image Converter 3
    IE: {{ECC5777A-6E88-BFCE-13CE-81F134789E7B} - c:\program files\MesFavoris\MesFavoris
    DPF: Microsoft XML Parser for Java - file:///C:/C/Java/classes/xmldso.cab
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-27 09:09:10
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet011\Services\MEMSWEEP2]
    "ImagePath"="\??\c:\c\system32\22.tmp"
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\*]
    @DACL=(02 0000)
    "QuickTip"="prop:Type;Size;Write"
    "InfoTip"="prop:Type;DocAuthor;DocTitle;DocSubject;DocComments;Write;Size"
    "AlwaysShowExt"=""
    "TileInfo"="prop:Type;Size"

    [HKEY_LOCAL_MACHINE\software\Classes\*\Shell]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\Classes\*\shellex\ContextMenuHandlers\avast]
    @DACL=(02 0000)
    @="{472083B0-C522-11CF-8763-00608CC02F24}"

    [HKEY_LOCAL_MACHINE\software\Classes\*\shellex\ContextMenuHandlers\ImageConverter3]
    @DACL=(02 0000)
    @="{C6643EC0-49AC-4c15-A455-04104DB900A9}"

    [HKEY_LOCAL_MACHINE\software\Classes\*\shellex\ContextMenuHandlers\IZArcCM]
    @DACL=(02 0000)
    @="{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5}"

    [HKEY_LOCAL_MACHINE\software\Classes\*\shellex\PropertySheetHandlers\CryptoSignMenu]
    @DACL=(02 0000)
    @="{7444C719-39BF-11D1-8CD9-00C04FC29D45}"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ •€|ù•9~ *]
    "C040111900063D11C8EF10054038389C"="C?\\C\\system32\\FM20ENU.DLL"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(628)
    c:\c\system32\myokent.dll
    c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll
    c:\program files\fichiers communs\logitech\bluetooth\LBTServ.dll

    - - - - - - - > 'lsass.exe'(692)
    c:\c\system32\myokent.dll
    .
    Heure de fin: 2009-02-27 9:11:43
    ComboFix-quarantined-files.txt 2009-02-27 08:11:09
    ComboFix2.txt 2009-02-27 05:27:50
    ComboFix3.txt 2009-02-27 05:18:51

    Avant-CF: 182.988.087.296 octets libres
    Après-CF: 182,967,197,696 octets libres

    Current=11 Default=11 Failed=10 LastKnownGood=12 Sets=1,2,3,10,11,12
    352 --- E O F --- 2009-02-26 23:24:18

    [b]SDFix: Version 1.240 /b
    Run by Petit on ven. 27 févr. 2009 at 08:43

    Microsoft Windows XP [version 5.1.2600]
    Running From: C:\Documents and Settings\Petit\Mes documents\Downloads\SDFix

    [b]Checking Services /b:

    [b]Name /b:
    ztx86

    [b]Path /b:
    \??\C:\C\system32\ztx86.sys

    ztx86 - Deleted

    Restoring Default Security Values
    Restoring Default Hosts File

    Rebooting

    [b]Checking Files /b:

    Trojan Files Found:

    C:\C\system32\ztx86.sys - Deleted

    Removing Temp Files

    [b]ADS Check /b:

    C:\C
    :AstInfo 0
    Total size: 0 bytes.
    C: Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.

    Checking for remaining Streams

    C:\C
    :AstInfo 0
    Total size: 0 bytes.

    [b]Final Check /b:

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-27 08:57:08
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000000
    "khjeh"=hex:a9,13,a6,f9,64,7c,47,ab,fc,b6,e4,5e,66,e1,03,93,54,4a,9a,15,e8,..
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
    "s0"=dword:14f06242
    "s1"=dword:3c0ee5a1
    "s2"=dword:465bd50f
    "h0"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000000
    "khjeh"=hex:a9,13,a6,f9,64,7c,47,ab,fc,b6,e4,5e,66,e1,03,93,54,4a,9a,15,e8,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000000
    "khjeh"=hex:a9,13,a6,f9,64,7c,47,ab,fc,b6,e4,5e,66,e1,03,93,54,4a,9a,15,e8,..

    scanning hidden registry entries ...

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\IME\China\IMEPY\TIPMIG]
    "Migrated"=hex(b):c0,83,b1,4b,2e,04,c7,01
    "S-1-5-18"="\0"
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{27FA90AA-4079-0052-3540-FF7A67CA9F94}]
    "japiajncakjmcdcjenme"=hex:6d,61,64,63,64,64,6f,6f,6e,62,61,6f,70,62,68,69,66,6f,61,62,6d,..
    "iafockglehjnegjhmo"=hex:6d,61,64,63,64,64,6f,6f,6e,62,61,6f,70,62,68,69,66,6f,61,62,6d,..

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    [b]Remaining Services /b:

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Giganology\\Gigaget\\Gigaget.exe"="C:\\Program Files\\Giganology\\Gigaget\\Gigaget.exe:*:Enabled:Gigaget"
    "C:\\Program Files\\Xi\\NetXfer\\NetTransport.exe"="C:\\Program Files\\Xi\\NetXfer\\NetTransport.exe:*:Enabled:NetXfer Download Manager"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

    [b]Remaining Files /b:

    File Backups: - C:\DOCUME~1\Petit\MESDOC~1\DOWNLO~1\SDFix\backups\backups.zip

    [b]Files with Hidden Attributes /b:

    Thu 5 Aug 2004 32 ...H. --- "C:\C\ialig.dll"
    Mon 14 Apr 2008 16 ...H. --- "C:\C\system32\a6yzr1n.dll"
    Mon 14 Apr 2008 16 ...H. --- "C:\C\system32\jgpocfn.dll"
    Fri 11 Jul 2008 848 A.SH. --- "C:\C\system32\KGyGaAvL.sys"
    Wed 3 Nov 1999 2,045 ...H. --- "C:\C\system32\whls32a.dll"
    Mon 29 Jan 2007 2 A..H. --- "C:\Documents and Settings\Petit\HYPERRUN.TMP"
    Thu 5 Jun 2003 24,576 A..H. --- "C:\Program Files\RamBoost XP\StopRam.exe"
    Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll"
    Mon 26 Jan 2009 1,740,632 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
    Mon 26 Jan 2009 5,365,592 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
    Mon 26 Jan 2009 2,144,088 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
    Fri 17 Aug 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Sun 7 Oct 2007 3,775 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti4A.tmp"
    Thu 13 Nov 2008 280,968 ...H. --- "C:\C\SoftwareDistribution\Download\715300e976215e2808461d144700fa9e\BIT16.tmp"
    Sat 17 Nov 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
    Tue 9 Dec 2008 2,668 A..H. --- "C:\Program Files\Adobe\Adobe Photoshop CS2\Modules externes\Plugin\KPT6\MetaImage.dll"

    [b]Finished!/b

    -----------\\ ToolBar S&D 1.2.8 XP/Vista

    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3200+ )
    BIOS : Phoenix - AwardBIOS v6.00PG
    USER : Petit ( Administrator )
    BOOT : Fail-safe boot
    Antivirus : avast! antivirus 4.8.1335 [VPS 090226-0] 4.8.1335 (Activated)
    A:\ (USB)
    C:\ (Local Disk) - NTFS - Total:232 Go (Free:172 Go)
    D:\ (CD or DVD)
    E:\ (CD or DVD)
    G:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
    H:\ (CD or DVD)
    M:\ (USB)

    "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
    Option : [2] ( ven. 27 févr. 2009| 8:34 )
    C:\C\iun6002.exe

    -----------\\ SUPPRESSION

    Supprime! - C:\C\iun6002.exe

    -----------\\ Recherche de Fichiers / Dossiers ...

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\\C\\system32\\blank.htm"
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Start Page"="https://www.msn.com/nl-be?checklang=1"
    "Url"="http://www.microsoft.com/athome/community/rss.xml"
    "Url"="http://rss.msn.com/en-us/?feedoutput=rss&ocid=iehrs&unsub=true"
    "Url"="http://www.microsoft.com/atwork/community/rss.xml"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
    "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Start Page"="https://www.msn.com/fr-fr/"
    "Search Bar"="https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm"

    --------------------\\ Recherche d'autres infections

    --------------------\\ ROOTKIT !!

    Rootkit Pandex ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Enum\Root\LEGACY_HOOKSYS]
    Rootkit Pandex ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Enum\Root\LEGACY_HOOKSYS]
    Rootkit Pandex ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HOOKSYS]
    Rootkit Rustock ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\ztx86]
    Rootkit Rustock ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\ztx86]
    Rootkit Rustock ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Services\ztx86]
    Rootkit Rustock ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ztx86]

    --------------------\\ Cracks & Keygens ..

    C:\DOCUME~1\Petit\Application Data\Alien Skin\Xenofex 2\Cracks
    C:\DOCUME~1\Petit\Mes documents\iZotope iDrum Content\Kits\Boom Boom Crack 104.idrum
    C:\DOCUME~1\Petit\Mes documents\iZotope iDrum Content\Kits\Boom Boom Crack 104.idrum\Boom Boom Crack 104.idrumproject
    C:\DOCUME~1\Petit\Mes documents\iZotope iDrum Content\Kits\Boom Boom Crack 104.idrum\Contents
    C:\DOCUME~1\Petit\Mes documents\iZotope iDrum Content\Kits\Boom Boom Crack 104.idrum\Desktop.ini
    C:\DOCUME~1\Petit\Mes documents\iZotope iDrum Content\Kits\Boom Boom Crack 104.idrum\Contents\Info.plist
    C:\DOCUME~1\Petit\Mes documents\iZotope iDrum Content\Kits\Boom Boom Crack 104.idrum\Contents\PkgInfo
    C:\DOCUME~1\Petit\Mes documents\iZotope iDrum Content\Kits\Boom Boom Crack 104.idrum\Contents\Resources
    C:\DOCUME~1\Petit\Mes documents\iZotope iDrum Content\Kits\Boom Boom Crack 104.idrum\Contents\Resources\iDrum.kit
    C:\DOCUME~1\Petit\Mes documents\iZotope iDrum Content\Samples\Snares\Crack! Snare.aif
    C:\DOCUME~1\Petit\Mes documents\SAMPLES\BRUITS\CRACK.WAV

    1 - "C:\ToolBar SD\TB_1.txt" - ven. 27 févr. 2009| 8:36 - Option : [2]

    -----------\\ Fin du rapport a 8:36:02,98

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:46:45, on vendredi 27 février 2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\C\System32\smss.exe
    C:\C\system32\winlogon.exe
    C:\C\system32\services.exe
    C:\C\system32\lsass.exe
    C:\C\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\C\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\C\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\C\system32\spoolsv.exe
    C:\C\system32\ASTSRV.EXE
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\C\system32\nvsvc32.exe
    C:\C\system32\HPZipm12.exe
    C:\C\System32\snmp.exe
    C:\C\system32\svchost.exe
    C:\C\system32\Tablet.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\C\system32\WTablet\TabUserW.exe
    C:\C\system32\ctfmon.exe
    C:\C\system32\Tablet.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\C\Explorer.EXE
    C:\Program Files\RapidExe\RapidExe.exe
    C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\VirtualCloneDrive\VCDDaemon.exe
    C:\C\system32\RunDLL32.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\C\etMon.exe
    C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Logitech\Profiler\lwemon.exe
    C:\Program Files\Esterel-Tech\WonderKeys\wonderkeys.exe
    C:\Program Files\Clocks-Sounds\ClockSnd.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Documents and Settings\Petit\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\C\system32\wuauclt.exe
    G:\PhoneConnectorVMC.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\hiro's tool\MyTrashCan\MyTrashCan.exe
    C:\Program Files\Rainlendar\Rainlendar.exe
    C:\Program Files\Rainmeter\Rainmeter.exe
    C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Outils de Réparation\HijackThis 2.0.2\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/nl-be?checklang=1
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
    O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\C\system32\gigagetbho_v10.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: (no name) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5DF311E4-E8F6-42F5-A720-59907056E8C7} - (no file)
    O2 - BHO: (no name) - {6B8C5002-375B-4C82-8F6E-93DBC5C4D360} - (no file)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll
    O2 - BHO: (no name) - {89E40BF8-9470-4C2E-BCA8-E3F76C851504} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {96AC61F0-CD99-4CAA-8489-B6AB7E5D1E72} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: (no name) - {F4941CD6-E6D1-444B-88EF-CF1A7A9E5C12} - (no file)
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
    O4 - HKLM\..\Run: [RapidExe] "C:\Program Files\RapidExe\RapidExe.exe"
    O4 - HKLM\..\Run: [SideWinderTrayV4] "C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] "C:\C\system32\NeroCheck.exe"
    O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
    O4 - HKLM\..\Run: [WMAAD] "C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe"
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\C\KHALMNPR.EXE"
    O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\VirtualCloneDrive\VCDDaemon.exe" /s
    O4 - HKLM\..\Run: [NvCplDaemon] "C:\C\system32\RUNDLL32.EXE" C:\C\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] "C:\C\system32\nwiz.exe" /install
    O4 - HKLM\..\Run: [NvMediaCenter] "C:\C\system32\RunDLL32.exe" NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] "C:\C\KHALMNPR.EXE"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [etMonitor] "C:\C\etMon.exe"
    O4 - HKLM\..\Run: [H2O] "C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [JWOSetup] JWOSetup.exe -en
    O4 - HKLM\..\Run: [SMKRun] C:\Program Files\JustWrite Office\ScreenMark.exe -i
    O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
    O4 - HKCU\..\Run: [WonderKeys] "C:\Program Files\Esterel-Tech\WonderKeys\wonderkeys.exe"
    O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
    O4 - HKCU\..\Run: [Clocks-Sounds] "C:\Program Files\Clocks-Sounds\ClockSnd.exe"
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [VMCL] "C:\Program Files\vodafone\vmclite\DongleEnumerator.exe"
    O4 - HKCU\..\Run: [unilex06] C:\Program Files\Micro Application\La grande Encyclopédie 2006\tft.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Petit\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [ctfmon.exe] C:\C\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\C\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\C\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: MyTrashCan.lnk = C:\Program Files\hiro's tool\MyTrashCan\MyTrashCan.exe
    O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
    O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\C\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\C\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: MesFavoris - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\MesFavoris\MesFavoris (file missing)
    O9 - Extra 'Tools' menuitem: &MesFavoris - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\MesFavoris\MesFavoris (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O20 - Winlogon Notify: rqrqqnl - C:\C\
    O20 - Winlogon Notify: xxyxusTM - C:\C\
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Nalpeiron Licensing Service (ASTSRV) - Nalpeiron Ltd. - C:\C\system32\ASTSRV.EXE
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe
    O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: KCHOVRI - Unknown owner - C:\DOCUME~1\Petit\LOCALS~1\Temp\KCHOVRI.exe (file missing)
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
    O23 - Service: LESF - Unknown owner - C:\DOCUME~1\Petit\LOCALS~1\Temp\LESF.exe (file missing)
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\C\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: Pml Driver HPZ12 - HP - C:\C\system32\HPZipm12.exe
    O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\C\system32\Tablet.exe
    O23 - Service: UJGABHKO - Unknown owner - C:\DOCUME~1\Petit\LOCALS~1\Temp\UJGABHKO.exe (file missing)
    O24 - Desktop Component 1: PC-Aquarium Deluxe - 7db39a0d-580f-4be9-9195-8bfcd226f6c2
    0
  7. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    Je peux avoir le rapport genproc car j'ai pas demandé de faire quoi ce soit pour le moment.
    0
  8. pistole Messages postés 13 Date d'inscription   Statut Membre
     
    Comme rapport je n’ai trouve que ça je pensais que ça venais de vous

    Rapport GenProc 2.385 [1] - jeu. 26 févr. 2009 à 23:52:10,53 - Windows XP

    Dans CCleaner, clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers,
    du dossier Temp de Windows, plus vieux que 48 heures".
    Par la suite, laisse-le avec ses réglages par défaut. C'est tout.

    # Etape 1/ Télécharge :

    - Toolbar-S&D https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2 (Team IDN) sur ton Bureau.

    - ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe (sUBs) sur ton Bureau.
    Désactive ton antivirus, ton pare-feu et ferme tes programmes en cours. Lance combofix.exe et accepte les termes
    en cliquant sur OUI. Patiente. Au message "ComboFix a détecté que la 'console de récupération Windows'
    n'existe pas sur ce PC", clique sur oui puis sur OK, puis patiente. Valide le CLUF Microsoft. Au message
    "La console de récupération a été installée avec succès", clique impérativement sur NON pour quitter le programme
    (ferme également le rapport CF-RC.txt qui s'est ouvert)

    - SDfix http://downloads.andymanchesta.com/RemovalTools/SDFix.exe (Andy Manchesta)
    et sauvegarde le sur ton Bureau.
    Double clique sur SDFix.exe et choisis "Install" pour l'extraire dans C:\.

    Redémarre en mode sans échec comme indiqué ici https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/ ;
    pour retrouver le rapport, clique sur le raccourci "GenProc" sur ton bureau. Choisis ta session courante *** Petit ***

    # Etape 2/

    Lance Toolbar-S&D situé sur le Bureau.
    Tape sur "2" puis valide en appuyant sur "Entrée". Ne ferme pas la fenêtre lors de la suppression.

    # Etape 3/

    Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.cmd pour lancer le script.
    - Appuie sur Y pour commencer le processus de nettoyage.
    - Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer
    sur une touche
    pour redémarrer, fais-le pour redémarrer le PC.
    - Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer
    des fichiers.
    - Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.br />- Appuie sur une touche
    pour finir l'exécution du script et charger les icônes de ton Bureau.br />- Les icônes du Bureau affichées,
    le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.

    # Etape 4/

    Double clique sur combofix.exe et suis les instructions. Attention de ne pas utiliser ta souris ni
    ton clavier (ni un autre système de pointage) pendant que le programme tourne au risque de figer l'ordinateur.

    # Etape 5/

    Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.

    # Etape 6/

    Redémarre normalement et poste, dans la même réponse :

    - Le contenu du rapport situé dans C:\Combofix.txt;
    - Le contenu du fichier Report.txt;
    - Le contenu du rapport C:\TB.txt ;
    - Un nouveau rapport HijackThis http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/hijackthis-version-install-sujet_199100_1.htm ;

    Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.

    ____________________________________________________________________________________________________________

    Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com
    0
  9. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    ba y a du bouleau, bon tu vas suivre le rapport à la lettre, et me poster les rapport quand il le faut. Merci.
    0
  10. pistole Messages postés 13 Date d'inscription   Statut Membre
     
    Les rapports sont dans le message 5 du vendredi 27 février 2009 à 17 :07 :59
    A mois que je doit refaire l'analyse avec GenProc
    0
  11. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    ah oui excuse moi je suis un peu ailleur. je regarde ça.
    0
  12. pistole Messages postés 13 Date d'inscription   Statut Membre
     
    erreur toute mes excuses
    0
  13. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    peux tu me refaire malware car tu as des Rootkit

    Rootkit Pandex ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Enum\Root\LEGACY_HOOKSYS]
    Rootkit Pandex ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Enum\Root\LEGACY_HOOKSYS]
    Rootkit Pandex ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HOOKSYS]
    Rootkit Rustock ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\ztx86]
    Rootkit Rustock ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\ztx86]
    Rootkit Rustock ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Services\ztx86]
    Rootkit Rustock ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ztx86]

    Ensuite me supprimer tout ces cracks car source de virus :

    C:\DOCUME~1\Petit\Application Data\Alien Skin\Xenofex 2\Cracks
    C:\DOCUME~1\Petit\Mes documents\iZotope iDrum Content\Kits\Boom Boom Crack 104.idrum
    C:\DOCUME~1\Petit\Mes documents\iZotope iDrum Content\Kits\Boom Boom Crack 104.idrum\Boom Boom Crack 104.idrumproject
    C:\DOCUME~1\Petit\Mes documents\iZotope iDrum Content\Kits\Boom Boom Crack 104.idrum\Contents
    C:\DOCUME~1\Petit\Mes documents\iZotope iDrum Content\Kits\Boom Boom Crack 104.idrum\Desktop.ini
    C:\DOCUME~1\Petit\Mes documents\iZotope iDrum Content\Kits\Boom Boom Crack 104.idrum\Contents\Info.plist
    C:\DOCUME~1\Petit\Mes documents\iZotope iDrum Content\Kits\Boom Boom Crack 104.idrum\Contents\PkgInfo
    C:\DOCUME~1\Petit\Mes documents\iZotope iDrum Content\Kits\Boom Boom Crack 104.idrum\Contents\Resources
    C:\DOCUME~1\Petit\Mes documents\iZotope iDrum Content\Kits\Boom Boom Crack 104.idrum\Contents\Resources\iDrum.kit
    C:\DOCUME~1\Petit\Mes documents\iZotope iDrum Content\Samples\Snares\Crack! Snare.aif
    C:\DOCUME~1\Petit\Mes documents\SAMPLES\BRUITS\CRACK.WAV
    0
  14. pistole Messages postés 13 Date d'inscription   Statut Membre
     
    voila le rapport de malware comme il n'a rien trouve j'ai fait une analyse avec McAfee rootkid detective
    le rapport est tout en bas.je n'ai rien supprimer pour le moment j'attends votre avi

    Malwarebytes' Anti-Malware 1.34
    Version de la base de données: 1778
    Windows 5.1.2600 Service Pack 3

    samedi 28 février 2009 10:52:06
    mbam-log-2009-02-28 (10-51-53).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 369877
    Temps écoulé: 1 hour(s), 23 minute(s), 52 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 1

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\Outils de Réparation\GenProc\GenProc\outil\curl.exe (Trojan.Agent) -> No action taken.

    McAfee(R) Rootkit Detective 1.1 scan report
    On 28-02-2009 at 11:23:17
    OS-Version 5.1.2600
    Service Pack 3.0
    ====================================

    Object-Type: SSDT-hook
    Object-Name: ZwClose
    Object-Path: C:\C\system32\drivers\aswSP.sys

    Object-Type: SSDT-hook
    Object-Name: ZwCreateKey
    Object-Path: C:\C\system32\drivers\aswSP.sys

    Object-Type: SSDT-hook
    Object-Name: ZwDeleteValueKey
    Object-Path: C:\C\system32\drivers\aswSP.sys

    Object-Type: SSDT-hook
    Object-Name: ZwDuplicateObject
    Object-Path: C:\C\system32\drivers\aswSP.sys

    Object-Type: SSDT-hook
    Object-Name: ZwEnumerateKey
    Object-Path: C:\C\system32\drivers\sptd.sys

    Object-Type: SSDT-hook
    Object-Name: ZwEnumerateValueKey
    Object-Path: C:\C\system32\drivers\sptd.sys

    Object-Type: SSDT-hook
    Object-Name: ZwOpenKey
    Object-Path: C:\C\system32\drivers\aswSP.sys

    Object-Type: SSDT-hook
    Object-Name: ZwOpenProcess
    Object-Path: C:\C\system32\drivers\aswSP.sys

    Object-Type: SSDT-hook
    Object-Name: ZwOpenThread
    Object-Path: C:\C\system32\drivers\aswSP.sys

    Object-Type: SSDT-hook
    Object-Name: ZwQueryKey
    Object-Path: C:\C\system32\drivers\sptd.sys

    Object-Type: SSDT-hook
    Object-Name: ZwQueryValueKey
    Object-Path: C:\C\system32\drivers\aswSP.sys

    Object-Type: SSDT-hook
    Object-Name: ZwRestoreKey
    Object-Path: C:\C\system32\drivers\aswSP.sys

    Object-Type: SSDT-hook
    Object-Name: ZwSetValueKey
    Object-Path: C:\C\system32\drivers\aswSP.sys

    Object-Type: IRP-hook
    Object-Name: \Driver\Ftdisk->IRP_MJ_SYSTEM_CONTROL
    Object-Path:

    Object-Type: IRP-hook
    Object-Name: \Driver\Ftdisk->IRP_MJ_POWER
    Object-Path:

    Object-Type: IRP-hook
    Object-Name: \Driver\Ftdisk->IRP_MJ_CLEANUP
    Object-Path:

    Object-Type: IRP-hook
    Object-Name: \Driver\Ftdisk->IRP_MJ_SHUTDOWN
    Object-Path:

    Object-Type: IRP-hook
    Object-Name: \Driver\Ftdisk->IRP_MJ_INTERNAL_DEVICE_CONTROL
    Object-Path:

    Object-Type: IRP-hook
    Object-Name: \Driver\Ftdisk->IRP_MJ_DEVICE_CONTROL
    Object-Path:

    Object-Type: IRP-hook
    Object-Name: \Driver\Ftdisk->IRP_MJ_FLUSH_BUFFERS
    Object-Path:

    Object-Type: IRP-hook
    Object-Name: \Driver\Ftdisk->IRP_MJ_WRITE
    Object-Path:

    Object-Type: IRP-hook
    Object-Name: \Driver\Ftdisk->IRP_MJ_READ
    Object-Path:

    Object-Type: IRP-hook
    Object-Name: \Driver\Ftdisk->IRP_MJ_CREATE
    Object-Path:

    Object-Type: Registry-key
    Object-Name: 19659239224E364682FA4BAF72C53EA41 scan report

    Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Status: Hidden

    Object-Type: Registry-value
    Object-Name: (Default)
    Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg
    Status: Unable to access registry key

    Object-Type: Registry-key
    Object-Name: 19659239224E364682FA4BAF72C53EA4td\Cfg
    Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Status: Hidden

    Object-Type: Registry-value
    Object-Name: (Default)
    Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Status: Unable to access registry key

    Object-Type: Registry-value
    Object-Name: h0
    Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Status: Hidden

    Object-Type: Registry-value
    Object-Name: khjeh
    Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Status: Hidden

    Object-Type: Registry-value
    Object-Name: s0
    Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg
    Status: Hidden

    Object-Type: Registry-value
    Object-Name: s1
    Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg
    Status: Hidden

    Object-Type: Registry-value
    Object-Name: s2
    Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg
    Status: Hidden

    Object-Type: Registry-value
    Object-Name: g0
    Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg
    Status: Hidden

    Object-Type: Registry-value
    Object-Name: h0
    Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg
    Status: Hidden

    Object-Type: Registry-key
    Object-Name: 19659239224E364682FA4BAF72C53EA4td\Cfg
    Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Status: Hidden

    Object-Type: Registry-value
    Object-Name: (Default)
    Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg
    Status: Unable to access registry key

    Object-Type: Registry-key
    Object-Name: 19659239224E364682FA4BAF72C53EA4td\Cfg
    Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Status: Hidden

    Object-Type: Registry-value
    Object-Name: (Default)
    Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Status: Unable to access registry key

    Object-Type: Registry-value
    Object-Name: h0
    Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Status: Hidden

    Object-Type: Registry-value
    Object-Name: khjeh
    Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Status: Hidden

    Object-Type: Registry-value
    Object-Name: s0
    Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg
    Status: Hidden

    Object-Type: Registry-value
    Object-Name: s1
    Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg
    Status: Hidden

    Object-Type: Registry-value
    Object-Name: s2
    Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg
    Status: Hidden

    Object-Type: Registry-value
    Object-Name: g0
    Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg
    Status: Hidden

    Object-Type: Registry-value
    Object-Name: h0
    Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg
    Status: Hidden

    Object-Type: Registry-key
    Object-Name: Adobe LM Servicet011\Services\sptd\Cfg
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Adobe Systems\Licenses\Adobe LM Service
    Status: Hidden

    Object-Type: Registry-value
    Object-Name: Common AppData
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Adobe Systems\Licenses\Adobe LM Service
    Status: Hidden

    Object-Type: Registry-key
    Object-Name: OpenWithListbe Systems\Licenses\Adobe LM Service
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\OpenWithList
    Status: Hidden

    Object-Type: Registry-key
    Object-Name: Excel.exeClasses\*\OpenWithList
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\OpenWithList\Excel.exe
    Status: Hidden

    Object-Type: Registry-key
    Object-Name: IExplore.exesses\*\OpenWithList\Excel.exe
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\OpenWithList\IExplore.exe
    Status: Hidden

    Object-Type: Registry-key
    Object-Name: MSPaint.exeasses\*\OpenWithList\IExplore.exe
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\OpenWithList\MSPaint.exe
    Status: Hidden

    Object-Type: Registry-key
    Object-Name: Notepad.exeasses\*\OpenWithList\MSPaint.exe
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\OpenWithList\Notepad.exe
    Status: Hidden

    Object-Type: Registry-key
    Object-Name: Winword.exeasses\*\OpenWithList\Notepad.exe
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\OpenWithList\Winword.exe
    Status: Hidden

    Object-Type: Registry-key
    Object-Name: WordPad.exeasses\*\OpenWithList\Winword.exe
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\OpenWithList\WordPad.exe
    Status: Hidden

    Object-Type: Registry-key
    Object-Name: ShellARE\Classes\*\OpenWithList\WordPad.exe
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\Shell
    Status: Hidden

    Object-Type: Registry-key
    Object-Name: sdfilesE\Classes\*\Shell
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\Shell\sdfiles
    Status: Hidden

    Object-Type: Registry-key
    Object-Name: commandE\Classes\*\Shell\sdfiles
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\Shell\sdfiles\command
    Status: Hidden

    Object-Type: Registry-key
    Object-Name: shellexE\Classes\*\Shell\sdfiles\command
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex
    Status: Hidden

    Object-Type: Registry-key
    Object-Name: ContextMenuHandlersshellex
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers
    Status: Hidden

    Object-Type: Registry-key
    Object-Name: avastARE\Classes\*\shellex\ContextMenuHandlers
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\avast
    Status: Hidden

    Object-Type: Registry-key
    Object-Name: Fichiers hors connexionlex\ContextMenuHandlers\avast
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Fichiers hors connexion
    Status: Hidden

    Object-Type: Registry-key
    Object-Name: ImageConverter3s\*\shellex\ContextMenuHandlers\Fichiers hors connexion
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ImageConverter3
    Status: Hidden

    Object-Type: Registry-key
    Object-Name: IZArcCME\Classes\*\shellex\ContextMenuHandlers\ImageConverter3
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\IZArcCM
    Status: Hidden

    Object-Type: Registry-key
    Object-Name: Open WithClasses\*\shellex\ContextMenuHandlers\IZArcCM
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Open With
    Status: Hidden

    Object-Type: Registry-key
    Object-Name: Open With EncryptionMenuex\ContextMenuHandlers\Open With
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
    Status: Hidden

    Object-Type: Registry-key
    Object-Name: {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}Handlers\Open With EncryptionMenu
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
    Status: Hidden

    Object-Type: Registry-key
    Object-Name: PropertySheetHandlersellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\PropertySheetHandlers
    Status: Hidden

    Object-Type: Registry-key
    Object-Name: CryptoSignMenues\*\shellex\PropertySheetHandlers
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\PropertySheetHandlers\CryptoSignMenu
    Status: Hidden

    Object-Type: Registry-key
    Object-Name: {1F2E5C40-9550-11CE-99D2-00AA006E086C}etHandlers\CryptoSignMenu
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\PropertySheetHandlers\{1F2E5C40-9550-11CE-99D2-00AA006E086C}
    Status: Hidden

    Object-Type: Registry-key
    Object-Name: {3EA48300-8CF6-101B-84FB-666CCB9BCD32}etHandlers\{1F2E5C40-9550-11CE-99D2-00AA006E086C}
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\PropertySheetHandlers\{3EA48300-8CF6-101B-84FB-666CCB9BCD32}
    Status: Hidden

    Object-Type: Registry-key
    Object-Name: {883373C3-BF89-11D1-BE35-080036B11A03}etHandlers\{3EA48300-8CF6-101B-84FB-666CCB9BCD32}
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\PropertySheetHandlers\{883373C3-BF89-11D1-BE35-080036B11A03}
    Status: Hidden

    Object-Type: Registry-value
    Object-Name: QuickTip
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*
    Status: Hidden

    Object-Type: Registry-value
    Object-Name: InfoTip
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*
    Status: Hidden

    Object-Type: Registry-value
    Object-Name: AlwaysShowExt
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*
    Status: Hidden

    Object-Type: Registry-value
    Object-Name: TileInfo
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*
    Status: Hidden

    Object-Type: Registry-key
    Object-Name: InprocServer32es\*
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{111242F8-44A8-EBAC-30DC-6FD8EF1FAEDD}\InprocServer32
    Status: Hidden

    Object-Type: Registry-value
    Object-Name: ThreadingModel
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{111242F8-44A8-EBAC-30DC-6FD8EF1FAEDD}\InprocServer32
    Status: Hidden

    Object-Type: Registry-key
    Object-Name: Implemented Categories\{111242F8-44A8-EBAC-30DC-6FD8EF1FAEDD}\InprocServer32
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5306EAA5-EB3F-4F9D-B340-305CD0BD9EEF}\Implemented Categories
    Status: Hidden

    Object-Type: Registry-key
    Object-Name: {6483F31F-7533-4BB2-A2A4-F2D742C99BE4}4F9D-B340-305CD0BD9EEF}\Implemented Categories
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5306EAA5-EB3F-4F9D-B340-305CD0BD9EEF}\Implemented Categories\{6483F31F-7533-4BB2-A2A4-F2D742C99BE4}
    Status: Hidden

    Object-Type: Registry-value
    Object-Name: Obf
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5306EAA5-EB3F-4F9D-B340-305CD0BD9EEF}\Implemented Categories\{6483F31F-7533-4BB2-A2A4-F2D742C99BE4}
    Status: Hidden

    Object-Type: Registry-key
    Object-Name: InprocServer32es\CLSID\{5306EAA5-EB3F-4F9D-B340-305CD0BD9EEF}\Implemented Categories\{6483F31F-7533-4BB2-A2A4-F2D742C99BE4}
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5306EAA5-EB3F-4F9D-B340-305CD0BD9EEF}\InprocServer32
    Status: Hidden

    Object-Type: Registry-key
    Object-Name: VersionE\Classes\CLSID\{5306EAA5-EB3F-4F9D-B340-305CD0BD9EEF}\InprocServer32
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F820A35-65B7-13D1-B2E4-0060975B8649}\Version
    Status: Hidden

    Object-Type: Registry-value
    Object-Name: ampKCkAME
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F820A35-65B7-13D1-B2E4-0060975B8649}
    Status: Hidden

    Object-Type: Registry-value
    Object-Name: 0
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F820A35-65B7-13D1-B2E4-0060975B8649}
    Status: Hidden

    Object-Type: Registry-key
    Object-Name: ControlE\Classes\CLSID\{6F820A35-65B7-13D1-B2E4-0060975B8649}
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5BF3FB0-64D0-AEFE-E4B1-334A42066D38}\Control
    Status: Hidden

    Object-Type: Registry-key
    Object-Name: InprocServer32es\CLSID\{B5BF3FB0-64D0-AEFE-E4B1-334A42066D38}\Control
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5BF3FB0-64D0-AEFE-E4B1-334A42066D38}\InprocServer32
    Status: Hidden

    Object-Type: Registry-key
    Object-Name: MiscStatuslasses\CLSID\{B5BF3FB0-64D0-AEFE-E4B1-334A42066D38}\InprocServer32
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5BF3FB0-64D0-AEFE-E4B1-334A42066D38}\MiscStatus
    Status: Hidden

    Object-Type: Registry-key
    Object-Name: ProgIDRE\Classes\CLSID\{B5BF3FB0-64D0-AEFE-E4B1-334A42066D38}\MiscStatus
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5BF3FB0-64D0-AEFE-E4B1-334A42066D38}\ProgID
    Status: Hidden

    Object-Type: Registry-key
    Object-Name: Programmablesses\CLSID\{B5BF3FB0-64D0-AEFE-E4B1-334A42066D38}\ProgID
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5BF3FB0-64D0-AEFE-E4B1-334A42066D38}\Programmable
    Status: Hidden

    Object-Type: Registry-key
    Object-Name: ToolboxBitmap32s\CLSID\{B5BF3FB0-64D0-AEFE-E4B1-334A42066D38}\Programmable
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5BF3FB0-64D0-AEFE-E4B1-334A42066D38}\ToolboxBitmap32
    Status: Hidden

    Object-Type: Registry-key
    Object-Name: TypeLibE\Classes\CLSID\{B5BF3FB0-64D0-AEFE-E4B1-334A42066D38}\ToolboxBitmap32
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5BF3FB0-64D0-AEFE-E4B1-334A42066D38}\TypeLib
    Status: Hidden

    Object-Type: Registry-key
    Object-Name: VersionE\Classes\CLSID\{B5BF3FB0-64D0-AEFE-E4B1-334A42066D38}\TypeLib
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5BF3FB0-64D0-AEFE-E4B1-334A42066D38}\Version
    Status: Hidden

    Object-Type: Registry-key
    Object-Name: VersionIndependentProgIDB5BF3FB0-64D0-AEFE-E4B1-334A42066D38}\Version
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5BF3FB0-64D0-AEFE-E4B1-334A42066D38}\VersionIndependentProgID
    Status: Hidden

    Object-Type: Registry-value
    Object-Name: CFilePath
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\CLSYSTEM
    Status: Hidden

    Object-Type: Registry-value
    Object-Name: {I68411500FE661E3F}
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Licenses
    Status: Hidden

    Object-Type: Registry-value
    Object-Name: {K7C0DB872A3F777C0}
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Licenses
    Status: Hidden

    Object-Type: Registry-value
    Object-Name: {I030D1673B8802DA7}
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Licenses
    Status: Hidden

    Object-Type: Registry-value
    Object-Name: {R7C0DB872A3F777C0}
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Licenses
    Status: Hidden

    Object-Type: Registry-value
    Object-Name: {I3EDADE97A7562AFC}
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Licenses
    Status: Hidden

    Object-Type: Registry-value
    Object-Name: {03EDADE97A7562AFC}
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Licenses
    Status: Hidden

    Object-Type: Registry-value
    Object-Name: {I781F7A018B2EFAD7}
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Licenses
    Status: Hidden

    Object-Type: Registry-value
    Object-Name: {0781F7A018B2EFAD7}
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Licenses
    Status: Hidden

    Object-Type: Registry-key
    Object-Name: FLEXnet Publisher
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Macrovision\FLEXnet Publisher
    Status: Hidden

    Object-Type: Registry-key
    Object-Name: FNPLicensingServicen\FLEXnet Publisher
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Macrovision\FLEXnet Publisher\FNPLicensingService
    Status: Hidden

    Object-Type: Registry-key
    Object-Name: Trusted Storage Repositoryet Publisher\FNPLicensingService
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Macrovision\FLEXnet Publisher\Trusted Storage Repository
    Status: Hidden

    Object-Type: Registry-value
    Object-Name: Location
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Macrovision\FLEXnet Publisher\Trusted Storage Repository
    Status: Hidden

    Object-Type: Registry-value
    Object-Name: ComponentID
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1FA20647-11FB-E477-4FE5-46C6B54AE470}
    Status: Hidden

    Object-Type: Registry-value
    Object-Name: IsInstalled
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1FA20647-11FB-E477-4FE5-46C6B54AE470}
    Status: Hidden

    Object-Type: Registry-value
    Object-Name: Local
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1FA20647-11FB-E477-4FE5-46C6B54AE470}
    Status: Hidden

    Object-Type: Registry-value
    Object-Name: Version
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1FA20647-11FB-E477-4FE5-46C6B54AE470}
    Status: Hidden

    Object-Type: Registry-value
    Object-Name: S-1-5-18
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IMEJP\8.1\MigrateUser
    Status: Hidden

    Object-Type: Registry-value
    Object-Name: S-1-5-19
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IMEJP\8.1\MigrateUser
    Status: Hidden

    Object-Type: Registry-value
    Object-Name: S-1-5-20
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IMEJP\8.1\MigrateUser
    Status: Hidden

    Object-Type: Registry-value
    Object-Name: S-1-5-21-1202660629-115176313-839522115-1004
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IMEJP\8.1\MigrateUser
    Status: Hidden

    Object-Type: Registry-key
    Object-Name: DataWARE\Microsoft\IMEJP\8.1\MigrateUser
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data
    Status: Hidden

    Object-Type: Registry-key
    Object-Name: a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771 System Provider\*Local Machine*\Data
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771
    Status: Hidden

    Object-Type: Registry-key
    Object-Name: 00000000-0000-0000-0000-000000000000 System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000
    Status: Hidden

    Object-Type: Registry-key
    Object-Name: {6340E680-FF06-435f-8767-B79D88AEBD4D}ystem Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000\{6340E680-FF06-435f-8767-B79D88AEBD4D}
    Status: Hidden

    Object-Type: Registry-value
    Object-Name: Item Data
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000\{6340E680-FF06-435f-8767-B79D88AEBD4D}
    Status: Hidden

    Object-Type: Registry-value
    Object-Name: Display String
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000
    Status: Hidden

    Object-Type: Registry-value
    Object-Name: Display String
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771
    Status: Hidden

    Object-Type: Registry-key
    Object-Name: Data 2RE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2
    Status: Hidden

    Object-Type: Registry-key
    Object-Name: WindowsE\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2\Windows
    Status: Hidden

    Object-Type: Registry-value
    Object-Name: Value
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2\Windows
    Status: Hidden

    Object-Type: Registry-value
    Object-Name: Migrated
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\IME\China\IMEPY\TIPMIG
    Status: Hidden

    Object-Type: Registry-value
    Object-Name: S-1-5-18
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\IME\China\IMEPY\TIPMIG
    Status: Hidden

    Object-Type: Registry-key
    Object-Name: HELPMENU\Microsoft\Windows\CurrentVersion\IME\China\IMEPY\TIPMIG
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Ntpad\HELPMENU
    Status: Hidden

    Object-Type: Registry-key
    Object-Name: xtrasARE\Ntpad\HELPMENU
    Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Ntpad\HELPMENU\xtras
    Status: Hidden

    Object-Type: Process
    Object-Name: MsMpEng.exe
    Pid: 960
    Object-Path: C:\Program Files\Windows Defender\MsMpEng.exe
    Status: Visible

    Object-Type: Process
    Object-Name: aswUpdSv.exe
    Pid: 1332
    Object-Path: C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    Status: Visible

    Object-Type: Process
    Object-Name: System Idle Process
    Pid: 0
    Object-Path:
    Status: Visible

    Object-Type: Process
    Object-Name: TabUserW.exe
    Pid: 2852
    Object-Path: C:\C\system32\WTablet\TabUserW.exe
    Status: Visible

    Object-Type: Process
    Object-Name: VCDDaemon.exe
    Pid: 3348
    Object-Path: C:\Program Files\VirtualCloneDrive\VCDDaemon.exe
    Status: Visible

    Object-Type: Process
    Object-Name: chrome.exe
    Pid: 3224
    Object-Path: C:\Documents and Settings\Petit\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    Status: Visible

    Object-Type: Process
    Object-Name: services.exe
    Pid: 684
    Object-Path: C:\C\system32\services.exe
    Status: Visible

    Object-Type: Process
    Object-Name: rundll32.exe
    Pid: 3412
    Object-Path: C:\C\system32\RunDLL32.exe
    Status: Visible

    Object-Type: Process
    Object-Name: nvsvc32.exe
    Pid: 1832
    Object-Path: C:\C\system32\nvsvc32.exe
    Status: Visible

    Object-Type: Process
    Object-Name: hpqtra08.exe
    Pid: 2732
    Object-Path: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    Status: Visible

    Object-Type: Process
    Object-Name: KHALMNPR.exe
    Pid: 3104
    Object-Path: C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
    Status: Visible

    Object-Type: Process
    Object-Name: System
    Pid: 4
    Object-Path:
    Status: Visible

    Object-Type: Process
    Object-Name: InCDsrv.exe
    Pid: 1028
    Object-Path: C:\Program Files\Ahead\InCD\InCDsrv.exe
    Status: Visible

    Object-Type: Process
    Object-Name: GoogleUpdate.ex
    Pid: 2300
    Object-Path: C:\Documents and Settings\Petit\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    Status: Visible

    Object-Type: Process
    Object-Name: chrome.exe
    Pid: 2672
    Object-Path: C:\Documents and Settings\Petit\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    Status: Visible

    Object-Type: Process
    Object-Name: svchost.exe
    Pid: 844
    Object-Path: C:\C\system32\svchost.exe
    Status: Visible

    Object-Type: Process
    Object-Name: spoolsv.exe
    Pid: 1588
    Object-Path: C:\C\system32\spoolsv.exe
    Status: Visible

    Object-Type: Process
    Object-Name: ashMaiSv.exe
    Pid: 472
    Object-Path: C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    Status: Visible

    Object-Type: File/Folder
    Object-Name: catalog.wci
    Pid: n/a
    Object-Path: C:\System Volume Information\catalog.wci
    Status: Hidden

    Object-Type: Process
    Object-Name: SWTrayV4.EXE
    Pid: 3232
    Object-Path: C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
    Status: Visible

    Object-Type: Process
    Object-Name: cledx.exe
    Pid: 876
    Object-Path: C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    Status: Visible

    Object-Type: Process
    Object-Name: svchost.exe
    Pid: 1932
    Object-Path: C:\C\system32\svchost.exe
    Status: Visible

    Object-Type: Process
    Object-Name: Tablet.exe
    Pid: 1964
    Object-Path: C:\C\system32\Tablet.exe
    Status: Visible

    Object-Type: Process
    Object-Name: winlogon.exe
    Pid: 632
    Object-Path: C:\C\system32\winlogon.exe
    Status: Visible

    Object-Type: Process
    Object-Name: svchost.exe
    Pid: 1284
    Object-Path: C:\C\system32\svchost.exe
    Status: Visible

    Object-Type: Process
    Object-Name: snmp.exe
    Pid: 1904
    Object-Path: C:\C\System32\snmp.exe
    Status: Visible

    Object-Type: Process
    Object-Name: Rootkit_Detecti
    Pid: 2804
    Object-Path: C:\Documents and Settings\Petit\Mes documents\Downloads\Rootkit_Detective.exe
    Status: Visible

    Object-Type: Process
    Object-Name: lsass.exe
    Pid: 696
    Object-Path: C:\C\system32\lsass.exe
    Status: Visible

    Object-Type: Process
    Object-Name: svchost.exe
    Pid: 1192
    Object-Path: C:\C\system32\svchost.exe
    Status: Visible

    Object-Type: Process
    Object-Name: ISUSPM.exe
    Pid: 200
    Object-Path: C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
    Status: Visible

    Object-Type: Process
    Object-Name: VMC.exe
    Pid: 2308
    Object-Path: G:\vmc.exe
    Status: Visible

    Object-Type: Process
    Object-Name: fsbl.exe
    Pid: 2680
    Object-Path: C:\Documents and Settings\Petit\Mes documents\Downloads\fsbl.exe
    Status: Visible

    Object-Type: Process
    Object-Name: HPZipm12.exe
    Pid: 1844
    Object-Path: C:\C\system32\HPZipm12.exe
    Status: Visible

    Object-Type: Process
    Object-Name: jusched.exe
    Pid: 1100
    Object-Path: C:\Program Files\Java\jre6\bin\jusched.exe
    Status: Visible

    Object-Type: Process
    Object-Name: TeaTimer.exe
    Pid: 2464
    Object-Path: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    Status: Visible

    Object-Type: Process
    Object-Name: smss.exe
    Pid: 512
    Object-Path: C:\C\System32\smss.exe
    Status: Visible

    Object-Type: Process
    Object-Name: svchost.exe
    Pid: 1008
    Object-Path: C:\C\System32\svchost.exe
    Status: Visible

    Object-Type: Process
    Object-Name: svchost.exe
    Pid: 1256
    Object-Path: C:\C\system32\svchost.exe
    Status: Visible

    Object-Type: Process
    Object-Name: jqs.exe
    Pid: 1752
    Object-Path: C:\Program Files\Java\jre6\bin\jqs.exe
    Status: Visible

    Object-Type: Process
    Object-Name: ctfmon.exe
    Pid: 2620
    Object-Path: C:\C\system32\ctfmon.exe
    Status: Visible

    Object-Type: Process
    Object-Name: explorer.exe
    Pid: 2868
    Object-Path: C:\C\Explorer.EXE
    Status: Visible

    Object-Type: Process
    Object-Name: wuauclt.exe
    Pid: 2992
    Object-Path: C:\C\system32\wuauclt.exe
    Status: Visible

    Object-Type: Process
    Object-Name: ASTSRV.EXE
    Pid: 1692
    Object-Path: C:\C\system32\ASTSRV.EXE
    Status: Visible

    Object-Type: Process
    Object-Name: hpqste08.exe
    Pid: 3676
    Object-Path: C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    Status: Visible

    Object-Type: Process
    Object-Name: csrss.exe
    Pid: 608
    Object-Path: C:\C\system32\csrss.exe
    Status: Visible

    Object-Type: Process
    Object-Name: GoogleUpdaterSe
    Pid: 1724
    Object-Path: C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    Status: Visible

    Object-Type: Process
    Object-Name: ashWebSv.exe
    Pid: 484
    Object-Path: C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    Status: Visible

    Object-Type: Process
    Object-Name: ashServ.exe
    Pid: 1384
    Object-Path: C:\Program Files\Alwil Software\Avast4\ashServ.exe
    Status: Visible

    Object-Type: Process
    Object-Name: ashDisp.exe
    Pid: 1632
    Object-Path: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    Status: Visible

    Object-Type: Process
    Object-Name: chrome.exe
    Pid: 2408
    Object-Path: C:\Documents and Settings\Petit\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    Status: Visible

    Object-Type: Process
    Object-Name: PhoneConnectorV
    Pid: 2720
    Object-Path: G:\PhoneConnectorVMC.exe
    Status: Visible

    Object-Type: Process
    Object-Name: Tablet.exe
    Pid: 2876
    Object-Path: C:\C\system32\Tablet.exe
    Status: Visible

    Object-Type: Process
    Object-Name: svchost.exe
    Pid: 924
    Object-Path: C:\C\system32\svchost.exe
    Status: Visible

    Object-Type: Process
    Object-Name: InCD.exe
    Pid: 3280
    Object-Path: C:\Program Files\Ahead\InCD\InCD.exe
    Status: Visible

    Object-Type: Process
    Object-Name: SetPoint.exe
    Pid: 304
    Object-Path: C:\Program Files\Logitech\SetPoint\SetPoint.exe
    Status: Visible

    Object-Type: Process
    Object-Name: chrome.exe
    Pid: 4024
    Object-Path: C:\Documents and Settings\Petit\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    Status: Visible

    Object-Type: Process
    Object-Name: etMon.exe
    Pid: 584
    Object-Path: C:\C\etMon.exe
    Status: Visible

    Object-Type: Process
    Object-Name: alg.exe
    Pid: 864
    Object-Path: C:\C\System32\alg.exe
    Status: Visible

    Object-Type: Process
    Object-Name: MDM.EXE
    Pid: 1796
    Object-Path: C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    Status: Visible

    Scan complete. Found hidden Processes and Files: 1 .
    Total files scanned: 269572
    0
  15. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    ok maintenant fais moi celui ci : car les malwares non pas été détecté :

    Télécharges Rooter sur ton bureau
    https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/Rooter.exe?attachauth=ANoY7cpzQksLcJt-e1z30LGu7t4JjUhh8amzWs_oSPSJpXbXp8ythGbW2WF8ysioh5NNlarrn7zMnYCRfsT5rCwNrfw5_CZYELApylTiY_MGu0G6uKzWpLEF2YXM3tF7nKZZAWj0JSAajXlZhd8dIyI3MrZ-lAIT5ZrAdcrct9_7bshwVpaZRPizuMTv9SDvmvY31BX4Vvvh2F2Brp1cy_K0jtTTfjttEA%3D%3D&attredirects=2

    * Double cliques sur rooter.exe pour le lancer
    --> il va scanner ton pc

    * Un rapport sera généré, postes le

    Et fait moi ceci aussi pour éliminé les rootkits :

    http://www.commentcamarche.net/telecharger/telecharger 34055026 panda anti rootkit

    il est en anglais désolé.
    0
  16. pistole Messages postés 13 Date d'inscription   Statut Membre
     
    j'avais fait entre temps une analyse avec McafeeRootkitDetective avez vu le rapport dans le message 13
    je n'ai rien supprimer pour le moment

    panda a détecte cela :c:c.AstInfo

    le rapport : rooter
    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3200+ )
    BIOS : Phoenix - AwardBIOS v6.00PG
    USER : Petit ( Administrator )
    BOOT : Normal boot

    Antivirus : avast! antivirus 4.8.1335 [VPS 090227-0] 4.8.1335 (Activated)

    A:\ (USB)
    C:\ (Local Disk) - NTFS - Total:232 Go (Free:167 Go)
    D:\ (CD or DVD)
    E:\ (CD or DVD)
    F:\ (Local Disk) - NTFS - Total:232 Go (Free:184 Go)
    G:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
    H:\ (CD or DVD)
    I:\ (USB)
    M:\ (USB)

    sam. 28 févr. 2009|11:42

    ----------------------\\ Search..

    ----------------------\\ ROOTKIT !!

    Rootkit Pandex ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Enum\Root\LEGACY_HOOKSYS]
    Rootkit Pandex ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Enum\Root\LEGACY_HOOKSYS]
    Rootkit Pandex ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HOOKSYS]
    Rootkit Rustock ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\ztx86]

    ----------------------\\ Cracks & Keygens..

    C:\DOCUME~1\Petit\Application Data\Alien Skin\Xenofex 2\Cracks (à été désinstaller entre temp)

    C:\DOCUME~1\Petit\Application Data\Alien Skin\Xenofex 2\Cracks\Last Used (à été désinstaller entre temp)

    1 - "C:\Rooter$\Rooter_1.txt" - sam. 28 févr. 2009|11:42

    ----------------------\\ Scan completed at 11:42
    0