probleme de restauration de fichiet windows

Question

Bonjour,                                                                                                                 25-02-09
J’espère que quelqu’un pourra m’aider, j’ai  plusieurs problème après une flopée de virus win32(13),adware(10),trojan(43) et rootkid(7)
je doit dire que j'avais norton 2005 je l'ai viré et j'ai mis avast c'est lui qui ma debarasser des virus
Impossible d’installer les mises à jour de IE7 et plus de barre d’outils 
J’ai du réinstaller la version 6
Un autre problème  par exemple avec izarc quand je fais un clic droit je n’ai plus les 
Fonctions (extraire vers ou ici) et ainsi de suite, j’ai fais une restauration des fichiers Windows 
La commande (%windir%\inf) Ca n’a rien donné,
J’ai essayé de scanner le disque avec la commande sfc /scannow on me demande de mettre le cd XP pro alors que j’ai XP familiale pack 2, je mets le cd avant  de lancer la commande
Mais j’ai installé le service pack 3 est ce pour cela ?
Quand je tape la commande regsvr32 /i mshtml je reçois un message d’erreur
(dllinstall dans mshtml a échoué le code renvoyé était :0x80070005)
Pour le moment je ne vois que c’est problème la 
Je joins un rapport HijackThis si il y à quelqu’un qui peut m’aider 
Je le ou les remercies d’avance


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:31:11, on mercredi 25 février 2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\C\System32\smss.exe
C:\C\system32\winlogon.exe
C:\C\system32\services.exe
C:\C\system32\lsass.exe
C:\C\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\C\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\C\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\C\system32\spoolsv.exe
C:\C\system32\ASTSRV.EXE
C:\C\system32\cisvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\C\system32
vsvc32.exe
C:\C\System32\snmp.exe
C:\C\system32\svchost.exe
C:\C\system32\Tablet.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\C\system32\ctfmon.exe
C:\C\system32\WTablet\TabUserW.exe
C:\C\Explorer.EXE
C:\C\system32\Tablet.exe
C:\Program Files\RapidExe\RapidExe.exe
C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\C\system32\RunDLL32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\C\etMon.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\Program Files\Esterel-Tech\WonderKeys\wonderkeys.exe
C:\Program Files\Clocks-Sounds\ClockSnd.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Documents and Settings\Petit\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
G:\PhoneConnectorVMC.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\hiro's tool\MyTrashCan\MyTrashCan.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\C\system32\HPZipm12.exe
C:\C\system32\cidaemon.exe
C:\Program Files\sTabLauncher\sTabLauncher.exe
C:\C\system32\wuauclt.exe
G:\vmc.exe
C:\Documents and Settings\Petit\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Petit\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Petit\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Petit\Mes documents\1 Fichier temporaire\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60076
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/nl-be?checklang=1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\C\system32\gigagetbho_v10.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5DF311E4-E8F6-42F5-A720-59907056E8C7} - (no file)
O2 - BHO: (no name) - {6B8C5002-375B-4C82-8F6E-93DBC5C4D360} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll
O2 - BHO: (no name) - {89E40BF8-9470-4C2E-BCA8-E3F76C851504} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {96AC61F0-CD99-4CAA-8489-B6AB7E5D1E72} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {F4941CD6-E6D1-444B-88EF-CF1A7A9E5C12} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {196C3A46-4758-433D-A600-802C804AF39C} - (no file)
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [RapidExe] "C:\Program Files\RapidExe\RapidExe.exe"
O4 - HKLM\..\Run: [SideWinderTrayV4] "C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\C\system32\NeroCheck.exe"
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
O4 - HKLM\..\Run: [WMAAD] "C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\C\KHALMNPR.EXE"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [NvCplDaemon] "C:\C\system32\RUNDLL32.EXE" C:\C\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [nwiz] "C:\C\system32
wiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "C:\C\system32\RunDLL32.exe" NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] "C:\C\KHALMNPR.EXE"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [etMonitor] "C:\C\etMon.exe"
O4 - HKLM\..\Run: [H2O] "C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [JWOSetup] JWOSetup.exe -en
O4 - HKLM\..\Run: [SMKRun] C:\Program Files\JustWrite Office\ScreenMark.exe -i
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [WonderKeys] "C:\Program Files\Esterel-Tech\WonderKeys\wonderkeys.exe"
O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
O4 - HKCU\..\Run: [Clocks-Sounds] "C:\Program Files\Clocks-Sounds\ClockSnd.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [VMCL] "C:\Program Files\vodafone\vmclite\DongleEnumerator.exe"
O4 - HKCU\..\Run: [unilex06] C:\Program Files\Micro Application\La grande Encyclopédie 2006	ft.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Petit\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\C\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\C\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\C\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\C\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\C\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MyTrashCan.lnk = C:\Program Files\hiro's tool\MyTrashCan\MyTrashCan.exe
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\C\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\C\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: MesFavoris - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\MesFavoris\MesFavoris (file missing)
O9 - Extra 'Tools' menuitem: &MesFavoris - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\MesFavoris\MesFavoris (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - 
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9DDE993F-88D2-430E-BF32-7D5205FA9130}: NameServer = 212.73.32.3 212.73.32.67
O20 - Winlogon Notify: rqrqqnl - rqrqqnl.dll (file missing)
O20 - Winlogon Notify: xxyxusTM - xxyxusTM.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Nalpeiron Licensing Service (ASTSRV) - Nalpeiron Ltd. - C:\C\system32\ASTSRV.EXE
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe
O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KCHOVRI - Unknown owner - C:\DOCUME~1\Petit\LOCALS~1\Temp\KCHOVRI.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LESF - Unknown owner - C:\DOCUME~1\Petit\LOCALS~1\Temp\LESF.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\C\system32
vsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\C\system32\HPZipm12.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\C\system32\Tablet.exe
O23 - Service: UJGABHKO - Unknown owner - C:\DOCUME~1\Petit\LOCALS~1\Temp\UJGABHKO.exe (file missing)
O24 - Desktop Component 1: PC-Aquarium Deluxe - 7db39a0d-580f-4be9-9195-8bfcd226f6c2

pimprenelle27 · Answer

Infection vundo :

Telecharge malwarebytes

NB : S'il te manque COMCTL32.OCX alors télécharge le ici

Tu l´instale; le programme va se mettre automatiquement a jour.

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".

Puis click sur "rechercher".

Laisse le scanner le pc...

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.

PS : les rapport sont aussi rangé dans l onglet rapport/log


Tutoriaux

pistole · Answer

bonjour
Merci d’avoir répondu aussi vite a mon message
Et excusez-moi de ne pas avoir répondu plus tôt mais je n’ai accès à internet qu’a 17h
Et mon ordinateur c’est plante apres 2h15 de scan
J’ai cherchez le fichier COMCTL32.OCX  il se trouve bien dans system 32 (version 6.00.8106)
J’ai fait comme vous avez dit dans votre message Malwarebytes n’a rien détecte
Et voila le rapport :
Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1778
Windows 5.1.2600 Service Pack 3

jeudi 26 février 2009 23:05:50
mbam-log-2009-02-26 (23-05-50).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 373835
Temps écoulé: 3 hour(s), 37 minute(s), 53 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

pimprenelle27 · Answer

Bon tu vas me faire ceci  alors : 

Fait ceci et poste moi le rapport à la suite de la question êtes vous aider par quelqu'un. Merci.

Télécharge GenProc sur ton bureau (Attention le fichier est un fichier zip)
Dézippe le dossier, double-clique sur GenProc.bat
En final, poste le contenu du rapport qui s'affiche.
Comment utiliser GenProc

Pour ceux qui ont vista, ne pas oublier de désactiver Le contrôle des comptes utilisateurs

pistole · Answer

bonsoir
Je ne comprends pas le sens de la première phrase (êtes vous aider par quelqu'un. Merci.)
En plus j’ai téléchargé les outils indique dans le rapport de genproc mais je ne trouve pas
Le fichier RunThis.cmd il y a bien un fichier RunThis. Mais au format bat 
Mais il se fait tard la suite sera pour demain 
Un grand merci pour votre aide

pistole · Answer

Bonjour

J’ai fait comme vous avez demandez avec les outils
Toolbar-S&D
ComboFix
SDfix
Mais je me suis trompe au message
("La console de récupération a été installée avec succès", clique impérativement sur NON)
Je crois que j’ai clique sur oui
Et j’ai oublie de lancer ccleaner avant redémarre

Je ne crois que ça à marcher je n’ai toujours pas de menu contextuel avec izarc
Je l’ai désinstallé et réinstaller maintenant j’ai ce message :

(C:\Program Files\IZArc\IZArcCM.dll Unable to register the DLL/OCX: RegSvr32 failed with exit code 0x5. Click Retry to try again, Ignore to proceed anyway (not recommended), or Abort to cancel installation.)

La commande : regsvr32 /i mshtml je reçois toujour ce message
DllInstall dans mshtml a échoué le code renvoyé était :0x80070005

Je n’ai pas encore essayé de réinstallé IE7
J’attends votre avis

Voila les rapport

ComboFix 09-02-26.01 - Petit 2009-02-27 9:07:43.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1535.934 [GMT 1:00]
Lancé depuis: c:\documents and settings\Petit\Mes documents\Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090226-0] *On-access scanning disabled* (Updated)
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\c\system32\wi\

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-27 au 2009-02-27 ))))))))))))))))))))))))))))))))))))
.

2009-02-27 08:38 . 2009-02-27 08:38 <REP> d-------- c:\c\ERUNT
2009-02-27 08:33 . 2009-02-27 08:36 <REP> d-------- C:\ToolBar SD
2009-02-26 14:14 . 2009-02-26 14:14 <REP> d-------- c:\program files\Foxit Software
2009-02-25 17:05 . 2009-01-09 20:19 1,089,883 -----c--- c:\c\system32\dllcache\ntprint.cat
2009-02-24 18:49 . 2009-02-24 18:49 <REP> d-------- c:\c\system32\CatRoot_bak
2009-02-24 16:40 . 2007-01-08 05:04 184,320 --a------ c:\c\system32\JustWrite.dll
2009-02-24 16:40 . 2007-01-09 14:25 94,208 --a------ c:\c\JWOSetup.exe
2009-02-24 16:18 . 2009-02-24 16:47 <REP> d-------- c:\program files\JustWrite Office
2009-02-24 16:18 . 2007-01-07 21:18 170,496 --a------ c:\c\JwPackP2.ppa
2009-02-24 16:18 . 2005-12-14 11:42 117,248 --a------ c:\c\JwPackP1.ppa
2009-02-24 16:18 . 2007-01-07 21:19 43,533 --a------ c:\c\JwPackP.ppam
2009-02-23 12:29 . 2009-02-23 12:47 <REP> d-------- c:\program files\PowerStrip
2009-02-22 15:31 . 2009-02-22 15:31 224 --a------ c:\c\system32\spupdsvc.inf
2009-02-22 15:21 . 2009-02-22 15:21 329 --a------ c:\c\Fix IE Log.tBAK
2009-02-21 19:09 . 2009-02-22 18:46 <REP> d-------- c:\program files\IZArc
2009-02-20 13:03 . 2002-04-09 20:34 839,729 --------- c:\c\system32\python22.dll
2009-02-17 10:56 . 2009-02-17 10:56 <REP> d-------- c:\program files\Anti-Rootkit
2009-02-16 20:05 . 2009-02-16 20:05 8,576 --a------ c:\c\system32\drivers\gecsvbqrwiyg.sys
2009-02-16 10:46 . 2009-02-16 17:05 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-16 10:46 . 2009-02-16 10:46 <REP> d-------- c:\documents and settings\Petit\Application Data\Malwarebytes
2009-02-16 10:46 . 2009-02-16 10:46 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-16 10:46 . 2009-02-11 10:19 38,496 --a------ c:\c\system32\drivers\mbamswissarmy.sys
2009-02-16 10:46 . 2009-02-11 10:19 15,504 --a------ c:\c\system32\drivers\mbam.sys
2009-02-14 16:35 . 2009-02-14 16:35 <REP> d-------- C:\System32
2009-02-14 16:00 . 2004-10-01 08:08 18,048 -ra------ c:\c\system32\drivers\pl40rwdm.sys
2009-02-14 15:57 . 2009-02-14 15:57 <REP> d-------- c:\program files\CASIO
2009-02-13 19:05 . 2009-02-13 19:05 <REP> d-------- c:\documents and settings\Petit\Application Data\Uniblue
2009-02-11 15:01 . 2009-02-12 17:25 <REP> d-------- C:\WTablet
2009-02-11 11:13 . 2009-02-11 11:13 0 --a------ c:\c\system32\KZHF
2009-02-11 11:07 . 2009-02-11 11:07 0 --a------ c:\c\system32\WI
2009-02-10 18:53 . 2009-02-10 18:53 <REP> d-------- c:\program files\Windows Resource Kits
2009-02-10 12:11 . 2009-02-10 12:11 <REP> d-------- c:\program files\CCleaner
2009-02-09 18:57 . 2008-04-29 13:11 <REP> d-------- C:\SDFX
2009-02-09 01:02 . 2009-02-09 01:03 <REP> d-------- C:\1714118ba6b7b8e7b608a7814405c9f0
2009-02-08 22:56 . 2009-02-13 17:40 <REP> d-------- c:\program files\Spybot - Search & Destroy
2009-02-07 12:06 . 2009-02-07 12:07 <REP> d-------- c:\documents and settings\Petit\Application Data\Sibelius Software
2009-02-07 12:06 . 2009-02-07 12:06 <REP> d-------- c:\documents and settings\All Users\Application Data\Sibelius Software
2009-02-07 12:06 . 2009-02-07 12:06 604 --ah----- c:\c\T4
2009-02-07 12:06 . 2009-02-07 12:06 604 --ah----- c:\c\system32\T3
2009-02-07 12:00 . 2009-02-11 11:30 <REP> dr------- c:\program files\Sibelius Software
2009-02-07 10:54 . 2009-02-07 18:23 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-06 20:41 . 2009-02-06 20:41 <REP> d-------- c:\program files\Alwil Software
2009-02-06 20:28 . 2009-02-09 20:09 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-02-06 20:26 . 2008-09-08 23:38 88,576 --a------ c:\c\system32\AntiXPVSTFix.exe
2009-02-06 16:12 . 2009-02-06 16:57 <REP> d-------- c:\documents and settings\Petit\Application Data\AKVIS LLC
2009-02-06 15:46 . 2009-02-09 14:13 <REP> d-------- c:\program files\AKVIS
2009-02-05 21:45 . 2009-02-05 21:45 <REP> d-------- c:\documents and settings\Petit\Application Data\KORG
2009-02-05 21:44 . 2009-02-05 22:29 <REP> d-------- c:\program files\KORG Legacy
2009-02-05 21:44 . 2009-02-05 21:44 <REP> d-------- c:\program files\Fichiers communs\KORG
2009-02-05 21:44 . 2009-02-05 21:44 <REP> d-------- c:\documents and settings\All Users\Application Data\KORG
2009-02-05 20:32 . 2009-02-08 22:36 4 --a------ c:\c\system32\gaopdxcounte_
2009-02-05 20:20 . 2009-02-05 20:20 <REP> d-------- c:\documents and settings\Petit\Application Data\ACAMPREF
2009-02-05 17:46 . 2009-02-05 23:15 <REP> d-------- c:\program files\Pianoteq 2.3
2009-02-04 17:57 . 2009-02-24 17:23 <REP> d-------- c:\program files\VST
2009-02-04 15:04 . 2009-02-04 15:04 <REP> d-------- C:\Psfonts
2009-02-04 15:04 . 2009-02-04 15:04 3,090 --a------ c:\c\winiini.fin
2009-02-03 15:48 . 2009-02-03 15:48 <REP> d-------- C:\KXDATAS
2009-02-03 12:42 . 2009-02-03 12:42 <REP> d-------- c:\c\Icõnes
2009-02-02 15:23 . 2009-02-02 15:23 <REP> d-------- c:\program files\KeyToSound
2009-02-01 15:14 . 2009-02-01 15:14 <REP> d-------- c:\program files\Syncrosoft
2009-02-01 15:14 . 2005-02-01 04:34 700,416 --a------ c:\c\system32\SYNSOACC.dll
2009-02-01 15:14 . 2004-05-11 00:58 147,456 --a------ c:\c\system32\SynsoLChk.dll
2009-02-01 15:14 . 2003-08-01 05:28 147,425 --a------ c:\c\system32\SYNSOACC-Aide.chm
2009-02-01 15:14 . 2003-05-27 00:29 120,468 --a------ c:\c\system32\SYNSOACC-Hilfe.chm
2009-02-01 15:14 . 2003-05-27 00:29 114,279 --a------ c:\c\system32\SYNSOACC-Help.chm
2009-02-01 15:14 . 2002-11-25 17:36 45,056 --a------ c:\c\system32\Synsopos.exe
2009-02-01 15:14 . 2001-04-09 14:03 17,784 --a------ c:\c\system32\drivers\NSynas32.sys
2009-02-01 07:46 . 2009-02-20 15:49 16 --a------ c:\c\system32\w3data.vss
2009-02-01 07:46 . 2009-02-20 15:49 16 --a------ c:\c\msocreg32.dat
2009-02-01 07:37 . 2009-02-01 07:37 <REP> d-------- c:\program files\IK Multimedia
2009-01-31 18:42 . 2009-02-02 16:35 <REP> d-------- c:\documents and settings\Petit\Chainer
2009-01-31 18:00 . 2009-01-31 18:00 <REP> d-------- c:\documents and settings\Petit\arcdevsbs
2009-01-31 17:21 . 2009-01-31 17:21 <REP> d-------- c:\program files\Chainer
2009-01-31 17:21 . 2009-01-31 17:21 <REP> d-------- c:\documents and settings\Petit\Application Data\Xlutop
2009-01-31 13:30 . 2009-01-31 13:32 <REP> d-------- c:\documents and settings\Petit\Application Data\Pouchin TV Mod
2009-01-29 16:50 . 2009-01-29 16:50 <REP> d-------- c:\documents and settings\All Users\Application Data\Audio Damage
2009-01-28 17:22 . 2009-01-28 17:22 <REP> d-------- c:\program files\Fichiers communs\PACE Anti-Piracy
2009-01-28 17:22 . 2009-01-28 17:22 <REP> d-------- c:\documents and settings\Petit\Application Data\PACE Anti-Piracy
2009-01-28 17:22 . 2009-01-28 17:22 <REP> d-------- c:\documents and settings\All Users\Application Data\PACE Anti-Piracy
2009-01-28 17:03 . 2009-01-28 17:03 <REP> d-------- c:\program files\UVISoundBanks
2009-01-28 17:03 . 2009-01-28 17:03 <REP> d-------- c:\program files\Propellerhead
2009-01-28 17:03 . 2009-01-28 17:03 <REP> d-------- c:\program files\InterLok
2009-01-28 17:02 . 2009-01-28 17:02 <REP> d-------- c:\program files\Fichiers communs\UVI
2009-01-28 17:02 . 2008-06-01 17:55 1,719,296 --a------ c:\c\system32\libsndfile-1.dll
2009-01-27 19:34 . 2009-01-27 19:34 <REP> d-------- c:\documents and settings\Petit\Application Data\Propellerhead Software

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-27 07:50 --------- d-----w c:\documents and settings\Petit\Application Data\WTablet
2009-02-27 07:50 --------- d-----w c:\documents and settings\LocalService\Application Data\WTablet
2009-02-27 04:51 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-26 16:25 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-26 13:03 --------- d-----w c:\program files\Fichiers communs\Adobe
2009-02-24 15:57 --------- d-----w c:\documents and settings\Petit\Application Data\JustWrite Office
2009-02-24 15:18 --------- d-----w c:\documents and settings\Petit\Application Data\InstallShield Installation Information
2009-02-24 15:14 --------- d-----w c:\program files\Tablet
2009-02-20 14:22 --------- d-----r c:\program files\Instrument Virtuel
2009-02-20 12:03 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-19 14:23 --------- d-----w c:\program files\Micro Application
2009-02-18 15:12 --------- d-----w c:\documents and settings\Petit\Application Data\cerasus.media
2009-02-16 16:38 --------- d-----w c:\program files\Windows Live Safety Center
2009-02-15 19:23 --------- d-----w c:\program files\MSECache
2009-02-13 16:52 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-13 14:40 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-07 17:23 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2009-02-07 15:13 --------- d-----w c:\program files\Fichiers communs\Symantec Shared
2009-02-07 11:06 604 ---ha-w c:\program files\STLL Notifier
2009-02-05 19:20 1,409 -c--a-w c:\c\Fonts\SToccata.fot
2009-02-03 18:39 --------- d-----r c:\program files\Arturia
2009-02-03 11:53 --------- d-----r c:\program files\Steinberg
2009-02-01 14:26 --------- d-----w c:\documents and settings\Petit\Application Data\Steinberg
2009-01-30 14:16 --------- d-----w c:\program files\VirtualCloneDrive
2009-01-28 15:35 --------- d-----w c:\program files\PNotes
2009-01-20 16:12 188 ----a-w C:\Delme.bat
2009-01-20 15:42 --------- d-----w c:\program files\Compil Games
2009-01-19 15:36 --------- d-----w c:\program files\VPLauncher
2009-01-19 15:36 --------- d-----w c:\program files\Future Pinball
2009-01-19 15:13 --------- d-----w c:\program files\Visual Pinball
2009-01-18 17:08 --------- d-----w c:\documents and settings\Petit\Application Data\Teragon Audio
2009-01-16 15:21 --------- d-----w c:\program files\Power Tab Software
2009-01-16 14:50 --------- d-----w c:\documents and settings\Petit\Application Data\SynthFont
2009-01-16 11:39 --------- d-----w c:\documents and settings\Petit\Application Data\Flux
2009-01-15 17:55 --------- d-----w c:\program files\Flux
2009-01-12 20:05 --------- d-----w c:\documents and settings\Petit\Application Data\LinPlug
2009-01-11 10:39 --------- d-----w c:\program files\u-he
2009-01-10 18:36 --------- d-----w c:\documents and settings\Petit\Application Data\Audacity
2009-01-09 17:56 --------- d-----w c:\documents and settings\All Users\Application Data\DFX
2009-01-07 18:06 --------- d-----w c:\program files\Internet Digital Radio Tuner
2009-01-04 20:36 18 ----a-w c:\documents and settings\Petit\ambt.dat
2008-12-31 16:04 691,560 ----a-w c:\c\system32\OGACheckControl.dll
2008-12-31 16:04 528,744 ----a-w c:\c\system32\OGAVerify.exe
2008-12-31 16:04 502,120 ----a-w c:\c\system32\OGAAddin.dll
2008-12-22 16:19 44,544 ------w c:\c\AWuninstall.exe
2008-12-22 15:36 1,483,523 ----a-w c:\c\Snowmen.scr
2008-12-20 10:39 1,087,738 ----a-w c:\c\Getting Ready .scr
2007-07-04 13:50 66 ----a-w c:\documents and settings\Petit\Petit_notes.dat
2006-11-29 15:48 4,096 -c--a-w c:\documents and settings\Petit\log.dat
1998-08-24 11:09 10,000 -c--a-w c:\c\inf\unregpn.exe
2006-02-08 11:52 54,976 ----a-w c:\program files\internet explorer\plugins\SwDir.dll
2006-09-10 12:59 8,192 -csha-w c:\c\o2cLicStore.bin
2008-07-11 17:49 848 --sha-w c:\c\system32\KGyGaAvL.sys
2008-05-08 16:45 32,768 --sha-w c:\c\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008050820080509\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-02-27_ 6.17.36.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-07 14:27:04 163,328 ----a-w c:\c\ERUNT\SDFIX\ERDNT.EXE
+ 2009-02-27 07:38:18 27,738,112 ----a-w c:\c\ERUNT\SDFIX\Users\[u]0/u0000001\ntuser.dat
+ 2009-02-27 07:38:18 3,489,792 ----a-w c:\c\ERUNT\SDFIX\Users\[u]0/u0000002\UsrClass.dat
+ 2008-08-07 14:27:04 163,328 ----a-w c:\c\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2009-02-27 07:38:15 27,738,112 ----a-w c:\c\ERUNT\SDFIX_First_Run\Users\[u]0/u0000001\ntuser.dat
+ 2009-02-27 07:38:15 3,489,792 ----a-w c:\c\ERUNT\SDFIX_First_Run\Users\[u]0/u0000002\UsrClass.dat
+ 2009-02-27 07:50:11 16,384 ------w c:\c\temp\Perflib_Perfdata_558.dat
+ 2009-02-27 07:50:12 16,384 ------w c:\c\temp\Perflib_Perfdata_6e0.dat
+ 2009-02-27 07:50:23 16,384 ------w c:\c\temp\Perflib_Perfdata_774.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"="c:\program files\Logitech\Profiler\lwemon.exe" [2004-04-23 77824]
"WonderKeys"="c:\program files\Esterel-Tech\WonderKeys\wonderkeys.exe" [2007-12-28 2329600]
"NBJ"="c:\progra~1\Ahead\NEROBA~1\NBJ.exe" [2005-04-14 1957888]
"Clocks-Sounds"="c:\program files\Clocks-Sounds\ClockSnd.exe" [2003-10-30 225280]
"ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"VMCL"="c:\program files\vodafone\vmclite\DongleEnumerator.exe" [2007-04-16 131072]
"unilex06"="c:\program files\Micro Application\La grande Encyclopédie 2006\tft.exe" [2005-03-17 61440]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-08 39408]
"Google Update"="c:\documents and settings\Petit\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-19 133104]
"ctfmon.exe"="c:\c\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"ccleaner"="c:\program files\CCleaner\ccleaner.exe" [2009-01-20 1451248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RapidExe"="c:\program files\RapidExe\RapidExe.exe" [2004-02-27 601088]
"SideWinderTrayV4"="c:\progra~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe" [2000-06-28 24649]
"NeroFilterCheck"="c:\c\system32\NeroCheck.exe" [2001-07-09 155648]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2004-11-26 1349120]
"WMAAD"="c:\program files\Sony\WALKMAN Launcher\WMAAD.exe" [2007-02-16 110592]
"Logitech Hardware Abstraction Layer"="c:\c\KHALMNPR.EXE" [2008-02-29 76304]
"VirtualCloneDrive"="c:\program files\VirtualCloneDrive\VCDDaemon.exe" [2008-06-29 52168]
"NvCplDaemon"="c:\c\system32\NvCpl.dll" [2008-09-17 13574144]
"nwiz"="c:\c\system32\nwiz.exe" [2008-09-17 1657376]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"Kernel and Hardware Abstraction Layer"="c:\c\KHALMNPR.EXE" [2008-02-29 76304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"etMonitor"="c:\c\etMon.exe" [2005-07-26 40960]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-05-11 200069]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SMKRun"="c:\program files\JustWrite Office\ScreenMark.exe" [2007-01-08 118784]
"NvMediaCenter"="NvMCTray.dll" [2008-09-17 c:\c\system32\nvmctray.dll]
"JWOSetup"="JWOSetup.exe" [2007-01-09 c:\c\JWOSetup.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\c\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

c:\documents and settings\Petit\Menu D‚marrer\Programmes\D‚marrage\
MyTrashCan.lnk - c:\program files\hiro's tool\MyTrashCan\MyTrashCan.exe [2007-12-28 263168]
Rainlendar.lnk - c:\program files\Rainlendar\Rainlendar.exe [2005-07-22 118784]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2006-01-21 118784]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-12-01 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 02:42 72208 c:\program files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrqqnl]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyxusTM]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"VIDC.VDOM"= vdowave.drv
"midi1"= myokent.dll
"VIDC.dvsd"= c:\program files\Fichiers communs\Sony Shared\VideoLib\sonydv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Giganology\\Gigaget\\Gigaget.exe"=
"c:\\Program Files\\Xi\\NetXfer\\NetTransport.exe"=

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\c\system32\drivers\sfsync03.sys [2005-12-06 35328]
R1 aswSP;avast! Self Protection;c:\c\system32\drivers\aswSP.sys [2009-02-08 114768]
R1 LADriver;LADriver;c:\c\system32\drivers\LADriver.sys [2006-08-10 27136]
R1 LDDriver;LDDriver;c:\c\system32\drivers\LDDriver.sys [2006-08-10 24064]
R1 LHDriver;LHDriver;c:\c\system32\drivers\LHDriver.sys [2006-08-10 14336]
R1 SSHDRV85;SSHDRV85;c:\c\system32\drivers\SSHDRV85.sys [2008-03-08 78848]
R2 ASTSRV;Nalpeiron Licensing Service;c:\c\system32\ASTSRV.EXE [2008-11-05 57344]
R2 aswFsBlk;aswFsBlk;c:\c\system32\drivers\aswFsBlk.sys [2009-02-08 20560]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 CLEDX;Team H2O CLEDX service;c:\c\system32\drivers\cledx.sys [2009-01-01 33792]
R3 DCamUSBET;ET USB 2710 Camera;c:\c\system32\drivers\etDevice.sys [2006-08-04 88704]
R3 FiltUSBET;ET USB Device Lower Filter;c:\c\system32\drivers\etFilter.sys [2006-08-04 102912]
R3 ScanUSBET;ET USB Still Image Capture Device;c:\c\system32\drivers\etScan.sys [2006-08-04 5760]
S3 ICScsiSV;Image Converter SCSI Service;c:\program files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe [2007-08-22 75952]
S3 IcVzMonLauncher;IcVzMonLauncher;c:\program files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe [2007-08-22 67760]
S3 KCHOVRI;KCHOVRI;c:\docume~1\Petit\LOCALS~1\Temp\KCHOVRI.exe --> c:\docume~1\Petit\LOCALS~1\Temp\KCHOVRI.exe [?]
S3 LESF;LESF;c:\docume~1\Petit\LOCALS~1\Temp\LESF.exe --> c:\docume~1\Petit\LOCALS~1\Temp\LESF.exe [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\c\system32\22.tmp --> c:\c\system32\22.tmp [?]
S3 PL-40R;CASIO USB MIDI;c:\c\system32\drivers\pl40rwdm.sys [2009-02-14 18048]
S3 PortTalk;PortTalk;c:\c\system32\Drivers\PortTalk.sys --> c:\c\system32\Drivers\PortTalk.sys [?]
S3 SWUSBFLT;Pilote de filtre Microsoft SideWinder VIA;c:\c\system32\drivers\SWUSBFLT.SYS [2006-07-29 3968]
S3 UJGABHKO;UJGABHKO;c:\docume~1\Petit\LOCALS~1\Temp\UJGABHKO.exe --> c:\docume~1\Petit\LOCALS~1\Temp\UJGABHKO.exe [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1bbe80a6-6de0-11dc-a8b5-ee96b21a97e2}]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8cf2b966-6dc9-11dc-a8b4-d08540cc52ee}]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8cf2b967-6dc9-11dc-a8b4-d08540cc52ee}]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe
.
Contenu du dossier 'Tâches planifiées'

2009-02-27 c:\c\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-115176313-839522115-1004.job
- c:\documents and settings\Petit\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-19 19:11]

2009-02-27 c:\c\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2009-02-26 c:\c\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2009-01-26 15:31]

2009-02-27 c:\c\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{474597C5-AB09-49d6-A4D5-2E8D7341384E} - (no file)
BHO-{5DF311E4-E8F6-42F5-A720-59907056E8C7} - (no file)
BHO-{6B8C5002-375B-4C82-8F6E-93DBC5C4D360} - (no file)
BHO-{89E40BF8-9470-4C2E-BCA8-E3F76C851504} - (no file)
BHO-{96AC61F0-CD99-4CAA-8489-B6AB7E5D1E72} - (no file)
BHO-{F4941CD6-E6D1-444B-88EF-CF1A7A9E5C12} - (no file)

.
------- Examen supplémentaire -------
.
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Download All by Gigaget
IE: &Download by Gigaget
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: Download with Rapget
IE: E&xporter vers Microsoft Excel
IE: Transfert par Image Converter 3
IE: {{ECC5777A-6E88-BFCE-13CE-81F134789E7B} - c:\program files\MesFavoris\MesFavoris
DPF: Microsoft XML Parser for Java - file:///C:/C/Java/classes/xmldso.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-27 09:09:10
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet011\Services\MEMSWEEP2]
"ImagePath"="\??\c:\c\system32\22.tmp"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\*]
@DACL=(02 0000)
"QuickTip"="prop:Type;Size;Write"
"InfoTip"="prop:Type;DocAuthor;DocTitle;DocSubject;DocComments;Write;Size"
"AlwaysShowExt"=""
"TileInfo"="prop:Type;Size"

[HKEY_LOCAL_MACHINE\software\Classes\*\Shell]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\*\shellex\ContextMenuHandlers\avast]
@DACL=(02 0000)
@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_LOCAL_MACHINE\software\Classes\*\shellex\ContextMenuHandlers\ImageConverter3]
@DACL=(02 0000)
@="{C6643EC0-49AC-4c15-A455-04104DB900A9}"

[HKEY_LOCAL_MACHINE\software\Classes\*\shellex\ContextMenuHandlers\IZArcCM]
@DACL=(02 0000)
@="{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5}"

[HKEY_LOCAL_MACHINE\software\Classes\*\shellex\PropertySheetHandlers\CryptoSignMenu]
@DACL=(02 0000)
@="{7444C719-39BF-11D1-8CD9-00C04FC29D45}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ •€|ù•9~ *]
"C040111900063D11C8EF10054038389C"="C?\\C\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(628)
c:\c\system32\myokent.dll
c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll
c:\program files\fichiers communs\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'lsass.exe'(692)
c:\c\system32\myokent.dll
.
Heure de fin: 2009-02-27 9:11:43
ComboFix-quarantined-files.txt 2009-02-27 08:11:09
ComboFix2.txt 2009-02-27 05:27:50
ComboFix3.txt 2009-02-27 05:18:51

Avant-CF: 182.988.087.296 octets libres
Après-CF: 182,967,197,696 octets libres

Current=11 Default=11 Failed=10 LastKnownGood=12 Sets=1,2,3,10,11,12
352 --- E O F --- 2009-02-26 23:24:18

[b]SDFix: Version 1.240 /b
Run by Petit on ven. 27 févr. 2009 at 08:43

Microsoft Windows XP [version 5.1.2600]
Running From: C:\Documents and Settings\Petit\Mes documents\Downloads\SDFix

[b]Checking Services /b:

[b]Name /b:
ztx86

[b]Path /b:
\??\C:\C\system32\ztx86.sys

ztx86 - Deleted

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

[b]Checking Files /b:

Trojan Files Found:

C:\C\system32\ztx86.sys - Deleted

Removing Temp Files

[b]ADS Check /b:

C:\C
:AstInfo 0
Total size: 0 bytes.
C: Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.

Checking for remaining Streams

C:\C
:AstInfo 0
Total size: 0 bytes.

[b]Final Check /b:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-27 08:57:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:a9,13,a6,f9,64,7c,47,ab,fc,b6,e4,5e,66,e1,03,93,54,4a,9a,15,e8,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s0"=dword:14f06242
"s1"=dword:3c0ee5a1
"s2"=dword:465bd50f
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:a9,13,a6,f9,64,7c,47,ab,fc,b6,e4,5e,66,e1,03,93,54,4a,9a,15,e8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:a9,13,a6,f9,64,7c,47,ab,fc,b6,e4,5e,66,e1,03,93,54,4a,9a,15,e8,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\IME\China\IMEPY\TIPMIG]
"Migrated"=hex(b):c0,83,b1,4b,2e,04,c7,01
"S-1-5-18"="\0"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{27FA90AA-4079-0052-3540-FF7A67CA9F94}]
"japiajncakjmcdcjenme"=hex:6d,61,64,63,64,64,6f,6f,6e,62,61,6f,70,62,68,69,66,6f,61,62,6d,..
"iafockglehjnegjhmo"=hex:6d,61,64,63,64,64,6f,6f,6e,62,61,6f,70,62,68,69,66,6f,61,62,6d,..

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

[b]Remaining Services /b:

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Giganology\\Gigaget\\Gigaget.exe"="C:\\Program Files\\Giganology\\Gigaget\\Gigaget.exe:*:Enabled:Gigaget"
"C:\\Program Files\\Xi\\NetXfer\\NetTransport.exe"="C:\\Program Files\\Xi\\NetXfer\\NetTransport.exe:*:Enabled:NetXfer Download Manager"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[b]Remaining Files /b:

File Backups: - C:\DOCUME~1\Petit\MESDOC~1\DOWNLO~1\SDFix\backups\backups.zip

[b]Files with Hidden Attributes /b:

Thu 5 Aug 2004 32 ...H. --- "C:\C\ialig.dll"
Mon 14 Apr 2008 16 ...H. --- "C:\C\system32\a6yzr1n.dll"
Mon 14 Apr 2008 16 ...H. --- "C:\C\system32\jgpocfn.dll"
Fri 11 Jul 2008 848 A.SH. --- "C:\C\system32\KGyGaAvL.sys"
Wed 3 Nov 1999 2,045 ...H. --- "C:\C\system32\whls32a.dll"
Mon 29 Jan 2007 2 A..H. --- "C:\Documents and Settings\Petit\HYPERRUN.TMP"
Thu 5 Jun 2003 24,576 A..H. --- "C:\Program Files\RamBoost XP\StopRam.exe"
Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll"
Mon 26 Jan 2009 1,740,632 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 26 Jan 2009 5,365,592 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 26 Jan 2009 2,144,088 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Fri 17 Aug 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 7 Oct 2007 3,775 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti4A.tmp"
Thu 13 Nov 2008 280,968 ...H. --- "C:\C\SoftwareDistribution\Download\715300e976215e2808461d144700fa9e\BIT16.tmp"
Sat 17 Nov 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 9 Dec 2008 2,668 A..H. --- "C:\Program Files\Adobe\Adobe Photoshop CS2\Modules externes\Plugin\KPT6\MetaImage.dll"

[b]Finished!/b

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3200+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Petit ( Administrator )
BOOT : Fail-safe boot
Antivirus : avast! antivirus 4.8.1335 [VPS 090226-0] 4.8.1335 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:232 Go (Free:172 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
G:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
H:\ (CD or DVD)
M:\ (USB)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( ven. 27 févr. 2009| 8:34 )
C:\C\iun6002.exe

-----------\\ SUPPRESSION

Supprime! - C:\C\iun6002.exe

-----------\\ Recherche de Fichiers / Dossiers ...

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\C\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://www.msn.com/nl-be?checklang=1"
"Url"="http://www.microsoft.com/athome/community/rss.xml"
"Url"="http://rss.msn.com/en-us/?feedoutput=rss&ocid=iehrs&unsub=true"
"Url"="http://www.microsoft.com/atwork/community/rss.xml"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"
"Search Bar"="https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm"

--------------------\\ Recherche d'autres infections

--------------------\\ ROOTKIT !!

Rootkit Pandex ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Enum\Root\LEGACY_HOOKSYS]
Rootkit Pandex ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Enum\Root\LEGACY_HOOKSYS]
Rootkit Pandex ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HOOKSYS]
Rootkit Rustock ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\ztx86]
Rootkit Rustock ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\ztx86]
Rootkit Rustock ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Services\ztx86]
Rootkit Rustock ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ztx86]

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Petit\Application Data\Alien Skin\Xenofex 2\Cracks
C:\DOCUME~1\Petit\Mes documents\iZotope iDrum Content\Kits\Boom Boom Crack 104.idrum
C:\DOCUME~1\Petit\Mes documents\iZotope iDrum Content\Kits\Boom Boom Crack 104.idrum\Boom Boom Crack 104.idrumproject
C:\DOCUME~1\Petit\Mes documents\iZotope iDrum Content\Kits\Boom Boom Crack 104.idrum\Contents
C:\DOCUME~1\Petit\Mes documents\iZotope iDrum Content\Kits\Boom Boom Crack 104.idrum\Desktop.ini
C:\DOCUME~1\Petit\Mes documents\iZotope iDrum Content\Kits\Boom Boom Crack 104.idrum\Contents\Info.plist
C:\DOCUME~1\Petit\Mes documents\iZotope iDrum Content\Kits\Boom Boom Crack 104.idrum\Contents\PkgInfo
C:\DOCUME~1\Petit\Mes documents\iZotope iDrum Content\Kits\Boom Boom Crack 104.idrum\Contents\Resources
C:\DOCUME~1\Petit\Mes documents\iZotope iDrum Content\Kits\Boom Boom Crack 104.idrum\Contents\Resources\iDrum.kit
C:\DOCUME~1\Petit\Mes documents\iZotope iDrum Content\Samples\Snares\Crack! Snare.aif
C:\DOCUME~1\Petit\Mes documents\SAMPLES\BRUITS\CRACK.WAV

1 - "C:\ToolBar SD\TB_1.txt" - ven. 27 févr. 2009| 8:36 - Option : [2]

-----------\\ Fin du rapport a 8:36:02,98

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:46:45, on vendredi 27 février 2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\C\System32\smss.exe
C:\C\system32\winlogon.exe
C:\C\system32\services.exe
C:\C\system32\lsass.exe
C:\C\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\C\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\C\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\C\system32\spoolsv.exe
C:\C\system32\ASTSRV.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\C\system32\nvsvc32.exe
C:\C\system32\HPZipm12.exe
C:\C\System32\snmp.exe
C:\C\system32\svchost.exe
C:\C\system32\Tablet.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\C\system32\WTablet\TabUserW.exe
C:\C\system32\ctfmon.exe
C:\C\system32\Tablet.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\C\Explorer.EXE
C:\Program Files\RapidExe\RapidExe.exe
C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\VirtualCloneDrive\VCDDaemon.exe
C:\C\system32\RunDLL32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\C\etMon.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\Program Files\Esterel-Tech\WonderKeys\wonderkeys.exe
C:\Program Files\Clocks-Sounds\ClockSnd.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Documents and Settings\Petit\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\C\system32\wuauclt.exe
G:\PhoneConnectorVMC.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\hiro's tool\MyTrashCan\MyTrashCan.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Outils de Réparation\HijackThis 2.0.2\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/nl-be?checklang=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\C\system32\gigagetbho_v10.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5DF311E4-E8F6-42F5-A720-59907056E8C7} - (no file)
O2 - BHO: (no name) - {6B8C5002-375B-4C82-8F6E-93DBC5C4D360} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll
O2 - BHO: (no name) - {89E40BF8-9470-4C2E-BCA8-E3F76C851504} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {96AC61F0-CD99-4CAA-8489-B6AB7E5D1E72} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {F4941CD6-E6D1-444B-88EF-CF1A7A9E5C12} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
O4 - HKLM\..\Run: [RapidExe] "C:\Program Files\RapidExe\RapidExe.exe"
O4 - HKLM\..\Run: [SideWinderTrayV4] "C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\C\system32\NeroCheck.exe"
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
O4 - HKLM\..\Run: [WMAAD] "C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\C\KHALMNPR.EXE"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [NvCplDaemon] "C:\C\system32\RUNDLL32.EXE" C:\C\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "C:\C\system32\nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "C:\C\system32\RunDLL32.exe" NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] "C:\C\KHALMNPR.EXE"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [etMonitor] "C:\C\etMon.exe"
O4 - HKLM\..\Run: [H2O] "C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [JWOSetup] JWOSetup.exe -en
O4 - HKLM\..\Run: [SMKRun] C:\Program Files\JustWrite Office\ScreenMark.exe -i
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [WonderKeys] "C:\Program Files\Esterel-Tech\WonderKeys\wonderkeys.exe"
O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
O4 - HKCU\..\Run: [Clocks-Sounds] "C:\Program Files\Clocks-Sounds\ClockSnd.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [VMCL] "C:\Program Files\vodafone\vmclite\DongleEnumerator.exe"
O4 - HKCU\..\Run: [unilex06] C:\Program Files\Micro Application\La grande Encyclopédie 2006\tft.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Petit\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\C\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\C\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\C\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MyTrashCan.lnk = C:\Program Files\hiro's tool\MyTrashCan\MyTrashCan.exe
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\C\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\C\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: MesFavoris - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\MesFavoris\MesFavoris (file missing)
O9 - Extra 'Tools' menuitem: &MesFavoris - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\MesFavoris\MesFavoris (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: rqrqqnl - C:\C\
O20 - Winlogon Notify: xxyxusTM - C:\C\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Nalpeiron Licensing Service (ASTSRV) - Nalpeiron Ltd. - C:\C\system32\ASTSRV.EXE
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe
O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KCHOVRI - Unknown owner - C:\DOCUME~1\Petit\LOCALS~1\Temp\KCHOVRI.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LESF - Unknown owner - C:\DOCUME~1\Petit\LOCALS~1\Temp\LESF.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\C\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\C\system32\HPZipm12.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\C\system32\Tablet.exe
O23 - Service: UJGABHKO - Unknown owner - C:\DOCUME~1\Petit\LOCALS~1\Temp\UJGABHKO.exe (file missing)
O24 - Desktop Component 1: PC-Aquarium Deluxe - 7db39a0d-580f-4be9-9195-8bfcd226f6c2

pimprenelle27 · Answer

Je peux avoir le rapport genproc car j'ai pas demandé de faire quoi ce soit pour le moment.

pistole · Answer

Comme rapport je n’ai trouve que ça je pensais que ça venais de vous

Rapport GenProc 2.385 [1] - jeu. 26 févr. 2009 à 23:52:10,53 - Windows XP 
 
Dans CCleaner, clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, 
du dossier Temp de Windows, plus vieux que 48 heures".
Par la suite, laisse-le avec ses réglages par défaut. C'est tout. 


# Etape 1/ Télécharge :
 
- Toolbar-S&D https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2 (Team IDN) sur ton Bureau.

- ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe (sUBs) sur ton Bureau.
Désactive ton antivirus, ton pare-feu et ferme tes programmes en cours. Lance combofix.exe et accepte les termes
 en cliquant sur OUI. Patiente. Au message "ComboFix a détecté que la 'console de récupération Windows'
n'existe pas sur ce PC", clique sur oui puis sur OK, puis patiente. Valide le CLUF Microsoft. Au message 
"La console de récupération a été installée avec succès", clique impérativement sur NON pour quitter le programme 
(ferme également le rapport CF-RC.txt qui s'est ouvert)

- SDfix http://downloads.andymanchesta.com/RemovalTools/SDFix.exe (Andy Manchesta)  
et sauvegarde le sur ton Bureau.
Double clique sur SDFix.exe et choisis "Install" pour l'extraire dans  C:\.


 Redémarre en mode sans échec comme indiqué ici https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/ ; 
pour retrouver le rapport, clique sur le raccourci "GenProc" sur ton bureau. Choisis ta session courante *** Petit ***  

 
# Etape 2/ 
 
 Lance Toolbar-S&D situé sur le Bureau.
 Tape sur "2" puis valide en appuyant sur "Entrée". Ne ferme pas la fenêtre lors de la suppression.

# Etape 3/ 
  
 Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.cmd pour lancer le script.
 - Appuie sur Y pour commencer le processus de nettoyage.
 - Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer 
sur une touche 
pour redémarrer, fais-le pour redémarrer le PC.
- Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer 
des fichiers.
- Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.br />- Appuie sur une touche 
pour finir l'exécution du script et charger les icônes de ton Bureau.br />- Les icônes du Bureau affichées, 
le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.

# Etape 4/ 
 
 Double clique sur combofix.exe et suis les instructions. Attention de ne pas utiliser ta souris ni
ton clavier (ni un autre système de pointage) pendant que le programme tourne au risque de figer l'ordinateur.

# Etape 5/ 
 
 Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.
 
# Etape 6/ 
 
 Redémarre normalement et poste, dans la même réponse : 
 
- Le contenu du rapport situé dans C:\Combofix.txt; 
- Le contenu du fichier Report.txt; 
- Le contenu du rapport C:\TB.txt ; 
- Un nouveau rapport HijackThis http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/hijackthis-version-install-sujet_199100_1.htm ; 

 Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.
 
____________________________________________________________________________________________________________
 
Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com

pimprenelle27 · Answer

ba y a du bouleau, bon tu vas suivre le rapport à la lettre, et me poster les rapport quand il le faut. Merci.

pistole · Answer

Les rapports sont dans le message 5 du vendredi  27 février 2009 à 17 :07 :59
A mois que je doit refaire l'analyse avec GenProc

pimprenelle27 · Answer

ah oui excuse moi je suis un peu ailleur. je regarde ça.

pistole · Answer

erreur toute mes excuses

pimprenelle27 · Answer

peux tu me refaire malware car tu as des Rootkit 

Rootkit Pandex ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Enum\Root\LEGACY_HOOKSYS]
Rootkit Pandex ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Enum\Root\LEGACY_HOOKSYS]
Rootkit Pandex ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HOOKSYS]
Rootkit Rustock ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\ztx86]
Rootkit Rustock ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\ztx86]
Rootkit Rustock ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Services\ztx86]
Rootkit Rustock ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ztx86]

Ensuite me supprimer tout ces cracks car source de virus : 

C:\DOCUME~1\Petit\Application Data\Alien Skin\Xenofex 2\Cracks
C:\DOCUME~1\Petit\Mes documents\iZotope iDrum Content\Kits\Boom Boom Crack 104.idrum
C:\DOCUME~1\Petit\Mes documents\iZotope iDrum Content\Kits\Boom Boom Crack 104.idrum\Boom Boom Crack 104.idrumproject
C:\DOCUME~1\Petit\Mes documents\iZotope iDrum Content\Kits\Boom Boom Crack 104.idrum\Contents
C:\DOCUME~1\Petit\Mes documents\iZotope iDrum Content\Kits\Boom Boom Crack 104.idrum\Desktop.ini
C:\DOCUME~1\Petit\Mes documents\iZotope iDrum Content\Kits\Boom Boom Crack 104.idrum\Contents\Info.plist
C:\DOCUME~1\Petit\Mes documents\iZotope iDrum Content\Kits\Boom Boom Crack 104.idrum\Contents\PkgInfo
C:\DOCUME~1\Petit\Mes documents\iZotope iDrum Content\Kits\Boom Boom Crack 104.idrum\Contents\Resources
C:\DOCUME~1\Petit\Mes documents\iZotope iDrum Content\Kits\Boom Boom Crack 104.idrum\Contents\Resources\iDrum.kit
C:\DOCUME~1\Petit\Mes documents\iZotope iDrum Content\Samples\Snares\Crack! Snare.aif
C:\DOCUME~1\Petit\Mes documents\SAMPLES\BRUITS\CRACK.WAV

pistole · Answer

voila le rapport de malware comme il n'a rien trouve j'ai fait une analyse avec  McAfee rootkid detective 
le rapport est tout en bas.je n'ai rien supprimer pour le moment j'attends votre avi

Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1778
Windows 5.1.2600 Service Pack 3

samedi 28 février 2009 10:52:06
mbam-log-2009-02-28 (10-51-53).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 369877
Temps écoulé: 1 hour(s), 23 minute(s), 52 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Outils de Réparation\GenProc\GenProc\outil\curl.exe (Trojan.Agent) -> No action taken.




McAfee(R) Rootkit Detective 1.1 scan report
On 28-02-2009 at 11:23:17
OS-Version 5.1.2600
Service Pack 3.0
====================================

Object-Type: SSDT-hook
Object-Name: ZwClose
Object-Path: C:\C\system32\drivers\aswSP.sys

Object-Type: SSDT-hook
Object-Name: ZwCreateKey
Object-Path: C:\C\system32\drivers\aswSP.sys

Object-Type: SSDT-hook
Object-Name: ZwDeleteValueKey
Object-Path: C:\C\system32\drivers\aswSP.sys

Object-Type: SSDT-hook
Object-Name: ZwDuplicateObject
Object-Path: C:\C\system32\drivers\aswSP.sys

Object-Type: SSDT-hook
Object-Name: ZwEnumerateKey
Object-Path: C:\C\system32\drivers\sptd.sys

Object-Type: SSDT-hook
Object-Name: ZwEnumerateValueKey
Object-Path: C:\C\system32\drivers\sptd.sys

Object-Type: SSDT-hook
Object-Name: ZwOpenKey
Object-Path: C:\C\system32\drivers\aswSP.sys

Object-Type: SSDT-hook
Object-Name: ZwOpenProcess
Object-Path: C:\C\system32\drivers\aswSP.sys

Object-Type: SSDT-hook
Object-Name: ZwOpenThread
Object-Path: C:\C\system32\drivers\aswSP.sys

Object-Type: SSDT-hook
Object-Name: ZwQueryKey
Object-Path: C:\C\system32\drivers\sptd.sys

Object-Type: SSDT-hook
Object-Name: ZwQueryValueKey
Object-Path: C:\C\system32\drivers\aswSP.sys

Object-Type: SSDT-hook
Object-Name: ZwRestoreKey
Object-Path: C:\C\system32\drivers\aswSP.sys

Object-Type: SSDT-hook
Object-Name: ZwSetValueKey
Object-Path: C:\C\system32\drivers\aswSP.sys

Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_SYSTEM_CONTROL
Object-Path: 

Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_POWER
Object-Path: 

Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_CLEANUP
Object-Path: 

Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_SHUTDOWN
Object-Path: 

Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_INTERNAL_DEVICE_CONTROL
Object-Path: 

Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_DEVICE_CONTROL
Object-Path: 

Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_FLUSH_BUFFERS
Object-Path: 

Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_WRITE
Object-Path: 

Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_READ
Object-Path: 

Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_CREATE
Object-Path: 

Object-Type: Registry-key
Object-Name: 19659239224E364682FA4BAF72C53EA41 scan report

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Hidden

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg
Status: Unable to access registry key

Object-Type: Registry-key
Object-Name: 19659239224E364682FA4BAF72C53EA4td\Cfg
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Hidden

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Unable to access registry key

Object-Type: Registry-value
Object-Name: h0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Hidden

Object-Type: Registry-value
Object-Name: khjeh
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Hidden

Object-Type: Registry-value
Object-Name: s0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg
Status: Hidden

Object-Type: Registry-value
Object-Name: s1
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg
Status: Hidden

Object-Type: Registry-value
Object-Name: s2
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg
Status: Hidden

Object-Type: Registry-value
Object-Name: g0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg
Status: Hidden

Object-Type: Registry-value
Object-Name: h0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg
Status: Hidden

Object-Type: Registry-key
Object-Name: 19659239224E364682FA4BAF72C53EA4td\Cfg
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Hidden

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg
Status: Unable to access registry key

Object-Type: Registry-key
Object-Name: 19659239224E364682FA4BAF72C53EA4td\Cfg
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Hidden

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Unable to access registry key

Object-Type: Registry-value
Object-Name: h0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Hidden

Object-Type: Registry-value
Object-Name: khjeh
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Hidden

Object-Type: Registry-value
Object-Name: s0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg
Status: Hidden

Object-Type: Registry-value
Object-Name: s1
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg
Status: Hidden

Object-Type: Registry-value
Object-Name: s2
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg
Status: Hidden

Object-Type: Registry-value
Object-Name: g0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg
Status: Hidden

Object-Type: Registry-value
Object-Name: h0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg
Status: Hidden

Object-Type: Registry-key
Object-Name: Adobe LM Servicet011\Services\sptd\Cfg
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Adobe Systems\Licenses\Adobe LM Service
Status: Hidden

Object-Type: Registry-value
Object-Name: Common AppData
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Adobe Systems\Licenses\Adobe LM Service
Status: Hidden

Object-Type: Registry-key
Object-Name: OpenWithListbe Systems\Licenses\Adobe LM Service
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\OpenWithList
Status: Hidden

Object-Type: Registry-key
Object-Name: Excel.exeClasses\*\OpenWithList
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\OpenWithList\Excel.exe
Status: Hidden

Object-Type: Registry-key
Object-Name: IExplore.exesses\*\OpenWithList\Excel.exe
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\OpenWithList\IExplore.exe
Status: Hidden

Object-Type: Registry-key
Object-Name: MSPaint.exeasses\*\OpenWithList\IExplore.exe
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\OpenWithList\MSPaint.exe
Status: Hidden

Object-Type: Registry-key
Object-Name: Notepad.exeasses\*\OpenWithList\MSPaint.exe
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\OpenWithList\Notepad.exe
Status: Hidden

Object-Type: Registry-key
Object-Name: Winword.exeasses\*\OpenWithList\Notepad.exe
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\OpenWithList\Winword.exe
Status: Hidden

Object-Type: Registry-key
Object-Name: WordPad.exeasses\*\OpenWithList\Winword.exe
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\OpenWithList\WordPad.exe
Status: Hidden

Object-Type: Registry-key
Object-Name: ShellARE\Classes\*\OpenWithList\WordPad.exe
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\Shell
Status: Hidden

Object-Type: Registry-key
Object-Name: sdfilesE\Classes\*\Shell
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\Shell\sdfiles
Status: Hidden

Object-Type: Registry-key
Object-Name: commandE\Classes\*\Shell\sdfiles
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\Shell\sdfiles\command
Status: Hidden

Object-Type: Registry-key
Object-Name: shellexE\Classes\*\Shell\sdfiles\command
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex
Status: Hidden

Object-Type: Registry-key
Object-Name: ContextMenuHandlersshellex
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers
Status: Hidden

Object-Type: Registry-key
Object-Name: avastARE\Classes\*\shellex\ContextMenuHandlers
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\avast
Status: Hidden

Object-Type: Registry-key
Object-Name: Fichiers hors connexionlex\ContextMenuHandlers\avast
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Fichiers hors connexion
Status: Hidden

Object-Type: Registry-key
Object-Name: ImageConverter3s\*\shellex\ContextMenuHandlers\Fichiers hors connexion
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ImageConverter3
Status: Hidden

Object-Type: Registry-key
Object-Name: IZArcCME\Classes\*\shellex\ContextMenuHandlers\ImageConverter3
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\IZArcCM
Status: Hidden

Object-Type: Registry-key
Object-Name: Open WithClasses\*\shellex\ContextMenuHandlers\IZArcCM
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Open With
Status: Hidden

Object-Type: Registry-key
Object-Name: Open With EncryptionMenuex\ContextMenuHandlers\Open With
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
Status: Hidden

Object-Type: Registry-key
Object-Name: {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}Handlers\Open With EncryptionMenu
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Status: Hidden

Object-Type: Registry-key
Object-Name: PropertySheetHandlersellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\PropertySheetHandlers
Status: Hidden

Object-Type: Registry-key
Object-Name: CryptoSignMenues\*\shellex\PropertySheetHandlers
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\PropertySheetHandlers\CryptoSignMenu
Status: Hidden

Object-Type: Registry-key
Object-Name: {1F2E5C40-9550-11CE-99D2-00AA006E086C}etHandlers\CryptoSignMenu
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\PropertySheetHandlers\{1F2E5C40-9550-11CE-99D2-00AA006E086C}
Status: Hidden

Object-Type: Registry-key
Object-Name: {3EA48300-8CF6-101B-84FB-666CCB9BCD32}etHandlers\{1F2E5C40-9550-11CE-99D2-00AA006E086C}
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\PropertySheetHandlers\{3EA48300-8CF6-101B-84FB-666CCB9BCD32}
Status: Hidden

Object-Type: Registry-key
Object-Name: {883373C3-BF89-11D1-BE35-080036B11A03}etHandlers\{3EA48300-8CF6-101B-84FB-666CCB9BCD32}
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\PropertySheetHandlers\{883373C3-BF89-11D1-BE35-080036B11A03}
Status: Hidden

Object-Type: Registry-value
Object-Name: QuickTip
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*
Status: Hidden

Object-Type: Registry-value
Object-Name: InfoTip
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*
Status: Hidden

Object-Type: Registry-value
Object-Name: AlwaysShowExt
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*
Status: Hidden

Object-Type: Registry-value
Object-Name: TileInfo
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*
Status: Hidden

Object-Type: Registry-key
Object-Name: InprocServer32es\*
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{111242F8-44A8-EBAC-30DC-6FD8EF1FAEDD}\InprocServer32
Status: Hidden

Object-Type: Registry-value
Object-Name: ThreadingModel
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{111242F8-44A8-EBAC-30DC-6FD8EF1FAEDD}\InprocServer32
Status: Hidden

Object-Type: Registry-key
Object-Name: Implemented Categories\{111242F8-44A8-EBAC-30DC-6FD8EF1FAEDD}\InprocServer32
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5306EAA5-EB3F-4F9D-B340-305CD0BD9EEF}\Implemented Categories
Status: Hidden

Object-Type: Registry-key
Object-Name: {6483F31F-7533-4BB2-A2A4-F2D742C99BE4}4F9D-B340-305CD0BD9EEF}\Implemented Categories
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5306EAA5-EB3F-4F9D-B340-305CD0BD9EEF}\Implemented Categories\{6483F31F-7533-4BB2-A2A4-F2D742C99BE4}
Status: Hidden

Object-Type: Registry-value
Object-Name: Obf
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5306EAA5-EB3F-4F9D-B340-305CD0BD9EEF}\Implemented Categories\{6483F31F-7533-4BB2-A2A4-F2D742C99BE4}
Status: Hidden

Object-Type: Registry-key
Object-Name: InprocServer32es\CLSID\{5306EAA5-EB3F-4F9D-B340-305CD0BD9EEF}\Implemented Categories\{6483F31F-7533-4BB2-A2A4-F2D742C99BE4}
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5306EAA5-EB3F-4F9D-B340-305CD0BD9EEF}\InprocServer32
Status: Hidden

Object-Type: Registry-key
Object-Name: VersionE\Classes\CLSID\{5306EAA5-EB3F-4F9D-B340-305CD0BD9EEF}\InprocServer32
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F820A35-65B7-13D1-B2E4-0060975B8649}\Version
Status: Hidden

Object-Type: Registry-value
Object-Name: ampKCkAME
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F820A35-65B7-13D1-B2E4-0060975B8649}
Status: Hidden

Object-Type: Registry-value
Object-Name: 0
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F820A35-65B7-13D1-B2E4-0060975B8649}
Status: Hidden

Object-Type: Registry-key
Object-Name: ControlE\Classes\CLSID\{6F820A35-65B7-13D1-B2E4-0060975B8649}
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5BF3FB0-64D0-AEFE-E4B1-334A42066D38}\Control
Status: Hidden

Object-Type: Registry-key
Object-Name: InprocServer32es\CLSID\{B5BF3FB0-64D0-AEFE-E4B1-334A42066D38}\Control
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5BF3FB0-64D0-AEFE-E4B1-334A42066D38}\InprocServer32
Status: Hidden

Object-Type: Registry-key
Object-Name: MiscStatuslasses\CLSID\{B5BF3FB0-64D0-AEFE-E4B1-334A42066D38}\InprocServer32
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5BF3FB0-64D0-AEFE-E4B1-334A42066D38}\MiscStatus
Status: Hidden

Object-Type: Registry-key
Object-Name: ProgIDRE\Classes\CLSID\{B5BF3FB0-64D0-AEFE-E4B1-334A42066D38}\MiscStatus
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5BF3FB0-64D0-AEFE-E4B1-334A42066D38}\ProgID
Status: Hidden

Object-Type: Registry-key
Object-Name: Programmablesses\CLSID\{B5BF3FB0-64D0-AEFE-E4B1-334A42066D38}\ProgID
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5BF3FB0-64D0-AEFE-E4B1-334A42066D38}\Programmable
Status: Hidden

Object-Type: Registry-key
Object-Name: ToolboxBitmap32s\CLSID\{B5BF3FB0-64D0-AEFE-E4B1-334A42066D38}\Programmable
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5BF3FB0-64D0-AEFE-E4B1-334A42066D38}\ToolboxBitmap32
Status: Hidden

Object-Type: Registry-key
Object-Name: TypeLibE\Classes\CLSID\{B5BF3FB0-64D0-AEFE-E4B1-334A42066D38}\ToolboxBitmap32
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5BF3FB0-64D0-AEFE-E4B1-334A42066D38}\TypeLib
Status: Hidden

Object-Type: Registry-key
Object-Name: VersionE\Classes\CLSID\{B5BF3FB0-64D0-AEFE-E4B1-334A42066D38}\TypeLib
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5BF3FB0-64D0-AEFE-E4B1-334A42066D38}\Version
Status: Hidden

Object-Type: Registry-key
Object-Name: VersionIndependentProgIDB5BF3FB0-64D0-AEFE-E4B1-334A42066D38}\Version
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5BF3FB0-64D0-AEFE-E4B1-334A42066D38}\VersionIndependentProgID
Status: Hidden

Object-Type: Registry-value
Object-Name: CFilePath
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\CLSYSTEM
Status: Hidden

Object-Type: Registry-value
Object-Name: {I68411500FE661E3F}
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Licenses
Status: Hidden

Object-Type: Registry-value
Object-Name: {K7C0DB872A3F777C0}
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Licenses
Status: Hidden

Object-Type: Registry-value
Object-Name: {I030D1673B8802DA7}
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Licenses
Status: Hidden

Object-Type: Registry-value
Object-Name: {R7C0DB872A3F777C0}
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Licenses
Status: Hidden

Object-Type: Registry-value
Object-Name: {I3EDADE97A7562AFC}
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Licenses
Status: Hidden

Object-Type: Registry-value
Object-Name: {03EDADE97A7562AFC}
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Licenses
Status: Hidden

Object-Type: Registry-value
Object-Name: {I781F7A018B2EFAD7}
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Licenses
Status: Hidden

Object-Type: Registry-value
Object-Name: {0781F7A018B2EFAD7}
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Licenses
Status: Hidden

Object-Type: Registry-key
Object-Name: FLEXnet Publisher
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Macrovision\FLEXnet Publisher
Status: Hidden

Object-Type: Registry-key
Object-Name: FNPLicensingServicen\FLEXnet Publisher
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Macrovision\FLEXnet Publisher\FNPLicensingService
Status: Hidden

Object-Type: Registry-key
Object-Name: Trusted Storage Repositoryet Publisher\FNPLicensingService
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Macrovision\FLEXnet Publisher\Trusted Storage Repository
Status: Hidden

Object-Type: Registry-value
Object-Name: Location
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Macrovision\FLEXnet Publisher\Trusted Storage Repository
Status: Hidden

Object-Type: Registry-value
Object-Name: ComponentID
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1FA20647-11FB-E477-4FE5-46C6B54AE470}
Status: Hidden

Object-Type: Registry-value
Object-Name: IsInstalled
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1FA20647-11FB-E477-4FE5-46C6B54AE470}
Status: Hidden

Object-Type: Registry-value
Object-Name: Local
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1FA20647-11FB-E477-4FE5-46C6B54AE470}
Status: Hidden

Object-Type: Registry-value
Object-Name: Version
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1FA20647-11FB-E477-4FE5-46C6B54AE470}
Status: Hidden

Object-Type: Registry-value
Object-Name: S-1-5-18
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IMEJP\8.1\MigrateUser
Status: Hidden

Object-Type: Registry-value
Object-Name: S-1-5-19
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IMEJP\8.1\MigrateUser
Status: Hidden

Object-Type: Registry-value
Object-Name: S-1-5-20
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IMEJP\8.1\MigrateUser
Status: Hidden

Object-Type: Registry-value
Object-Name: S-1-5-21-1202660629-115176313-839522115-1004
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IMEJP\8.1\MigrateUser
Status: Hidden

Object-Type: Registry-key
Object-Name: DataWARE\Microsoft\IMEJP\8.1\MigrateUser
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data
Status: Hidden

Object-Type: Registry-key
Object-Name: a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771 System Provider\*Local Machine*\Data
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771
Status: Hidden

Object-Type: Registry-key
Object-Name: 00000000-0000-0000-0000-000000000000 System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000
Status: Hidden

Object-Type: Registry-key
Object-Name: {6340E680-FF06-435f-8767-B79D88AEBD4D}ystem Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000\{6340E680-FF06-435f-8767-B79D88AEBD4D}
Status: Hidden

Object-Type: Registry-value
Object-Name: Item Data
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000\{6340E680-FF06-435f-8767-B79D88AEBD4D}
Status: Hidden

Object-Type: Registry-value
Object-Name: Display String
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000
Status: Hidden

Object-Type: Registry-value
Object-Name: Display String
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771
Status: Hidden

Object-Type: Registry-key
Object-Name: Data 2RE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2
Status: Hidden

Object-Type: Registry-key
Object-Name: WindowsE\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2\Windows
Status: Hidden

Object-Type: Registry-value
Object-Name: Value
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2\Windows
Status: Hidden

Object-Type: Registry-value
Object-Name: Migrated
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\IME\China\IMEPY\TIPMIG
Status: Hidden

Object-Type: Registry-value
Object-Name: S-1-5-18
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\IME\China\IMEPY\TIPMIG
Status: Hidden

Object-Type: Registry-key
Object-Name: HELPMENU\Microsoft\Windows\CurrentVersion\IME\China\IMEPY\TIPMIG
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Ntpad\HELPMENU
Status: Hidden

Object-Type: Registry-key
Object-Name: xtrasARE\Ntpad\HELPMENU
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Ntpad\HELPMENU\xtras
Status: Hidden

Object-Type: Process
Object-Name: MsMpEng.exe
Pid: 960
Object-Path: C:\Program Files\Windows Defender\MsMpEng.exe
Status: Visible

Object-Type: Process
Object-Name: aswUpdSv.exe
Pid: 1332
Object-Path: C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
Status: Visible

Object-Type: Process
Object-Name: System Idle Process
Pid: 0
Object-Path: 
Status: Visible

Object-Type: Process
Object-Name: TabUserW.exe
Pid: 2852
Object-Path: C:\C\system32\WTablet\TabUserW.exe
Status: Visible

Object-Type: Process
Object-Name: VCDDaemon.exe
Pid: 3348
Object-Path: C:\Program Files\VirtualCloneDrive\VCDDaemon.exe
Status: Visible

Object-Type: Process
Object-Name: chrome.exe
Pid: 3224
Object-Path: C:\Documents and Settings\Petit\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
Status: Visible

Object-Type: Process
Object-Name: services.exe
Pid: 684
Object-Path: C:\C\system32\services.exe
Status: Visible

Object-Type: Process
Object-Name: rundll32.exe
Pid: 3412
Object-Path: C:\C\system32\RunDLL32.exe
Status: Visible

Object-Type: Process
Object-Name: nvsvc32.exe
Pid: 1832
Object-Path: C:\C\system32
vsvc32.exe
Status: Visible

Object-Type: Process
Object-Name: hpqtra08.exe
Pid: 2732
Object-Path: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Status: Visible

Object-Type: Process
Object-Name: KHALMNPR.exe
Pid: 3104
Object-Path: C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
Status: Visible

Object-Type: Process
Object-Name: System
Pid: 4
Object-Path: 
Status: Visible

Object-Type: Process
Object-Name: InCDsrv.exe
Pid: 1028
Object-Path: C:\Program Files\Ahead\InCD\InCDsrv.exe
Status: Visible

Object-Type: Process
Object-Name: GoogleUpdate.ex
Pid: 2300
Object-Path: C:\Documents and Settings\Petit\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Status: Visible

Object-Type: Process
Object-Name: chrome.exe
Pid: 2672
Object-Path: C:\Documents and Settings\Petit\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 844
Object-Path: C:\C\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: spoolsv.exe
Pid: 1588
Object-Path: C:\C\system32\spoolsv.exe
Status: Visible

Object-Type: Process
Object-Name: ashMaiSv.exe
Pid: 472
Object-Path: C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
Status: Visible

Object-Type: File/Folder
Object-Name: catalog.wci
Pid: n/a
Object-Path: C:\System Volume Information\catalog.wci
Status: Hidden

Object-Type: Process
Object-Name: SWTrayV4.EXE
Pid: 3232
Object-Path: C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
Status: Visible

Object-Type: Process
Object-Name: cledx.exe
Pid: 876
Object-Path: C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 1932
Object-Path: C:\C\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: Tablet.exe
Pid: 1964
Object-Path: C:\C\system32\Tablet.exe
Status: Visible

Object-Type: Process
Object-Name: winlogon.exe
Pid: 632
Object-Path: C:\C\system32\winlogon.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 1284
Object-Path: C:\C\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: snmp.exe
Pid: 1904
Object-Path: C:\C\System32\snmp.exe
Status: Visible

Object-Type: Process
Object-Name: Rootkit_Detecti
Pid: 2804
Object-Path: C:\Documents and Settings\Petit\Mes documents\Downloads\Rootkit_Detective.exe
Status: Visible

Object-Type: Process
Object-Name: lsass.exe
Pid: 696
Object-Path: C:\C\system32\lsass.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 1192
Object-Path: C:\C\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: ISUSPM.exe
Pid: 200
Object-Path: C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
Status: Visible

Object-Type: Process
Object-Name: VMC.exe
Pid: 2308
Object-Path: G:\vmc.exe
Status: Visible

Object-Type: Process
Object-Name: fsbl.exe
Pid: 2680
Object-Path: C:\Documents and Settings\Petit\Mes documents\Downloads\fsbl.exe
Status: Visible

Object-Type: Process
Object-Name: HPZipm12.exe
Pid: 1844
Object-Path: C:\C\system32\HPZipm12.exe
Status: Visible

Object-Type: Process
Object-Name: jusched.exe
Pid: 1100
Object-Path: C:\Program Files\Java\jre6\bin\jusched.exe
Status: Visible

Object-Type: Process
Object-Name: TeaTimer.exe
Pid: 2464
Object-Path: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
Status: Visible

Object-Type: Process
Object-Name: smss.exe
Pid: 512
Object-Path: C:\C\System32\smss.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 1008
Object-Path: C:\C\System32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 1256
Object-Path: C:\C\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: jqs.exe
Pid: 1752
Object-Path: C:\Program Files\Java\jre6\bin\jqs.exe
Status: Visible

Object-Type: Process
Object-Name: ctfmon.exe
Pid: 2620
Object-Path: C:\C\system32\ctfmon.exe
Status: Visible

Object-Type: Process
Object-Name: explorer.exe
Pid: 2868
Object-Path: C:\C\Explorer.EXE
Status: Visible

Object-Type: Process
Object-Name: wuauclt.exe
Pid: 2992
Object-Path: C:\C\system32\wuauclt.exe
Status: Visible

Object-Type: Process
Object-Name: ASTSRV.EXE
Pid: 1692
Object-Path: C:\C\system32\ASTSRV.EXE
Status: Visible

Object-Type: Process
Object-Name: hpqste08.exe
Pid: 3676
Object-Path: C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
Status: Visible

Object-Type: Process
Object-Name: csrss.exe
Pid: 608
Object-Path: C:\C\system32\csrss.exe
Status: Visible

Object-Type: Process
Object-Name: GoogleUpdaterSe
Pid: 1724
Object-Path: C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Status: Visible

Object-Type: Process
Object-Name: ashWebSv.exe
Pid: 484
Object-Path: C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
Status: Visible

Object-Type: Process
Object-Name: ashServ.exe
Pid: 1384
Object-Path: C:\Program Files\Alwil Software\Avast4\ashServ.exe
Status: Visible

Object-Type: Process
Object-Name: ashDisp.exe
Pid: 1632
Object-Path: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
Status: Visible

Object-Type: Process
Object-Name: chrome.exe
Pid: 2408
Object-Path: C:\Documents and Settings\Petit\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
Status: Visible

Object-Type: Process
Object-Name: PhoneConnectorV
Pid: 2720
Object-Path: G:\PhoneConnectorVMC.exe
Status: Visible

Object-Type: Process
Object-Name: Tablet.exe
Pid: 2876
Object-Path: C:\C\system32\Tablet.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 924
Object-Path: C:\C\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: InCD.exe
Pid: 3280
Object-Path: C:\Program Files\Ahead\InCD\InCD.exe
Status: Visible

Object-Type: Process
Object-Name: SetPoint.exe
Pid: 304
Object-Path: C:\Program Files\Logitech\SetPoint\SetPoint.exe
Status: Visible

Object-Type: Process
Object-Name: chrome.exe
Pid: 4024
Object-Path: C:\Documents and Settings\Petit\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
Status: Visible

Object-Type: Process
Object-Name: etMon.exe
Pid: 584
Object-Path: C:\C\etMon.exe
Status: Visible

Object-Type: Process
Object-Name: alg.exe
Pid: 864
Object-Path: C:\C\System32\alg.exe
Status: Visible

Object-Type: Process
Object-Name: MDM.EXE
Pid: 1796
Object-Path: C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
Status: Visible

Scan complete. Found hidden Processes and Files: 1   .
Total files scanned: 269572

pimprenelle27 · Answer

ok maintenant fais moi celui ci : car les malwares non pas été détecté :

Télécharges Rooter sur ton bureau
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/Rooter.exe?attachauth=ANoY7cpzQksLcJt-e1z30LGu7t4JjUhh8amzWs_oSPSJpXbXp8ythGbW2WF8ysioh5NNlarrn7zMnYCRfsT5rCwNrfw5_CZYELApylTiY_MGu0G6uKzWpLEF2YXM3tF7nKZZAWj0JSAajXlZhd8dIyI3MrZ-lAIT5ZrAdcrct9_7bshwVpaZRPizuMTv9SDvmvY31BX4Vvvh2F2Brp1cy_K0jtTTfjttEA%3D%3D&attredirects=2

* Double cliques sur rooter.exe pour le lancer
--> il va scanner ton pc

* Un rapport sera généré, postes le 



Et fait moi ceci aussi pour éliminé les rootkits :

http://www.commentcamarche.net/telecharger/telecharger 34055026 panda anti rootkit

il est en anglais désolé.

pistole · Answer

j'avais fait entre temps une analyse avec McafeeRootkitDetective avez vu le rapport dans le message 13
je n'ai rien supprimer pour le moment

panda a détecte cela :c:c.AstInfo

le rapport : rooter
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3200+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Petit ( Administrator )
BOOT : Normal boot

Antivirus : avast! antivirus 4.8.1335 [VPS 090227-0] 4.8.1335 (Activated)


A:\ (USB)
C:\ (Local Disk) - NTFS - Total:232 Go (Free:167 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (Local Disk) - NTFS - Total:232 Go (Free:184 Go)
G:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
H:\ (CD or DVD)
I:\ (USB)
M:\ (USB)

sam. 28 févr. 2009|11:42

----------------------\  Search..

----------------------\  ROOTKIT !!

Rootkit Pandex ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Enum\Root\LEGACY_HOOKSYS]
Rootkit Pandex ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Enum\Root\LEGACY_HOOKSYS]
Rootkit Pandex ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HOOKSYS]
Rootkit Rustock ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\ztx86]

----------------------\  Cracks & Keygens..

C:\DOCUME~1\Petit\Application Data\Alien Skin\Xenofex 2\Cracks   (à été désinstaller entre temp)

C:\DOCUME~1\Petit\Application Data\Alien Skin\Xenofex 2\Cracks\Last Used (à été désinstaller entre temp)


1 - "C:\Rooter$\Rooter_1.txt" - sam. 28 févr. 2009|11:42

----------------------\  Scan completed at 11:42

Probleme de restauration de fichiet windows

15 réponses

Votre réponse

Newsletters