Problème gestionnaire des tâches / Antivirus

Ororo Messages postés 115 Date d'inscription Statut Membre Dernière intervention -
Utilisateur anonyme - 15 juin 2009 à 14:38

Bonjour,

J'espère que vous allez bien.

Je rencontre de nombreux problèmes avec mon ordinateur depuis quelques temps.
Pour commencer, je n'ai plus accès à mon gestionnaire des taches( lorsque je fais ctrl+alt+supp il est écrit que le gestionnaire des tâches a été désactivé par votre administrateur).
Ensuite, il m'est
- impossible d'installer un nouvel antivirus (l'ancien me causait trop problème !)
- impossible de réaliser des scan en ligne sur tous les sites que j'ai essayé (pourtant, j'ai l'impression d'être OK du côté des activex, il y a peut-être quelque chose qui m'échappe)
- Impossible de lancer sypbot
- J'ai même eu droit à la page bleue apparaissant de façon ponctuelle faisant redémarrer mon ordi

J'ai essayé de lancer quelques logiciels :
- Malwarebytes (à chaque scan, j'ai l'impression que les mêmes fichiers douteux revenaient)
- Ad-aware

Voici ci-dessous un rapport hijackthis

Merci d'avance de votre aide !!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:13:06, on 24/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Apps\ActivBoard\MMKeybd.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe
C:\WINDOWS\System32\rmctrl.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\rnathchk.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\yixhdc.exe
C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\xlsvt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [ActivSurf] C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MoneyAgent] ""C:\Program Files\Microsoft Money\System\Money Express.exe""
O4 - HKCU\..\Run: [Update Service] "C:\Program Files\Fichiers communs\Teknum Systems\update.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancer l'utilitaire d'enregistrement.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {1EA1F119-9BCB-4B95-84BB-2B49D00CE9DE} (MessengerStatsClient Class) - http://messenger.zonenxt.msn-int.com/binary/MessengerStatsClient.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fr/filesharingctrl.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.gocyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {8731163E-77B9-4F91-9122-F112521C28AF} (MMSPlayerX Class) - http://mmt.bouyguestelecom.fr/mmawap/jsp/composer/player/mmsPlayer.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {BEC31341-BE4C-4358-B79B-B89A5FCF8885} (Minesweeper Flags Class) - http://messenger.zonenxt.msn-int.com/binary/MineSweeper.cab
O16 - DPF: {E3CE3CB2-A027-469F-9073-B9440036174F} (Checkers Class) - http://messenger.zonenxt.msn-int.com/binary/Checkers.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by1fd.bay1.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Norton Internet Security Proxy Service (SymProxySvc) - Unknown owner - C:\Program Files\Norton Internet Security\SymProxySvc.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

Afficher la suite

A voir également:

Problème gestionnaire des tâches / Antivirus
Gestionnaire des taches windows 11 - Guide
Windows 11 barre des taches a gauche - Guide
Gestionnaire des taches - Guide
Barre des taches - Guide
Gestionnaire de périphérique - Guide

233 réponses

Réponse 141 / 233

Ororo Messages postés 115 Date d'inscription Statut Membre Dernière intervention

Bonjour Gen,

J'espère qu'on va trouver une issue à ce problème
Je lance l'autre programme et je reviens vers toi

Voici le rapport combofix

ComboFix 09-06-04.09 - solo & kad 05/06/2009 17:52.21 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.255.101 [GMT 2:00]
Lancé depuis: c:\documents and settings\solo & kad\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\SOLO&K~1\LOCALS~1\Temp\IadHide3.dll
c:\documents and settings\solo & kad\Local Settings\temp\IadHide3.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-05-05 au 2009-06-05 ))))))))))))))))))))))))))))))))))))
.

2009-06-01 20:56 . 2009-06-01 20:57 -------- d-----w- c:\program files\CCleaner
2009-05-30 20:41 . 2009-05-30 20:42 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-26 18:33 . 2009-06-02 21:02 -------- d-----w- C:\rsit
2009-05-25 18:28 . 2009-05-25 18:28 -------- d-----w- C:\_OTMoveIt
2009-05-25 15:31 . 2009-05-25 15:41 -------- d-----w- C:\SDFix
2009-05-24 08:17 . 2005-07-26 04:39 60416 ------w- c:\windows\system32\dllcache\colbact.dll
2009-05-24 08:17 . 2009-03-06 14:46 286208 ------w- c:\windows\system32\dllcache\pdh.dll
2009-05-24 08:17 . 2009-02-09 10:20 473088 ------w- c:\windows\system32\dllcache\fastprox.dll
2009-05-24 08:17 . 2009-02-06 16:54 35328 ------w- c:\windows\system32\dllcache\sc.exe
2009-05-24 08:17 . 2009-02-06 16:39 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2009-05-24 08:17 . 2009-02-09 10:20 685056 ------w- c:\windows\system32\dllcache\advapi32.dll
2009-05-24 08:17 . 2009-02-09 10:20 399360 ------w- c:\windows\system32\dllcache\rpcss.dll
2009-05-24 08:17 . 2009-02-09 10:08 111104 ------w- c:\windows\system32\dllcache\services.exe
2009-05-24 08:17 . 2009-02-09 10:20 739840 ------w- c:\windows\system32\dllcache\ntdll.dll
2009-05-24 08:17 . 2009-02-09 10:20 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-05-24 08:16 . 2008-12-16 12:49 351232 ------w- c:\windows\system32\dllcache\winhttp.dll
2009-05-24 08:16 . 2008-04-21 21:27 219136 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-05-24 00:12 . 2009-05-24 00:12 -------- d-----w- c:\program files\Trend Micro
2009-05-23 08:15 . 2009-05-25 01:40 -------- d-----w- c:\windows\system32\fr-fr
2009-05-22 23:56 . 2009-05-22 23:56 -------- d-----w- c:\program files\ToniArts
2009-05-22 19:42 . 2009-05-22 19:42 -------- d-----w- c:\documents and settings\solo & kad\Application Data\Yahoo!
2009-05-22 19:42 . 2009-05-22 19:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-05-22 19:42 . 2009-05-22 19:42 -------- d-----w- c:\program files\Yahoo!
2009-05-16 21:07 . 2009-05-16 21:07 133 ----a-w- c:\documents and settings\solo & kad\Local Settings\Application Data\fusioncache.dat
2009-05-16 21:07 . 2009-05-16 21:07 -------- d-----w- c:\documents and settings\solo & kad\Local Settings\Application Data\ApplicationHistory
2009-05-12 22:26 . 2009-05-12 22:26 -------- d-----w- c:\program files\Vilma
2009-05-12 21:06 . 2009-05-28 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-12 18:38 . 2009-05-12 18:38 -------- d-----w- c:\documents and settings\solo & kad\Application Data\Malwarebytes
2009-05-12 18:38 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-12 18:38 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-12 18:38 . 2009-06-03 20:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-12 18:38 . 2009-05-12 18:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-11 20:33 . 2009-05-16 14:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-28 16:42 . 2002-09-10 10:36 77468 ----a-w- c:\windows\system32\perfc00C.dat
2009-05-28 16:42 . 2002-09-10 10:36 473864 ----a-w- c:\windows\system32\perfh00C.dat
2009-05-27 17:50 . 2003-03-22 09:58 57904 ----a-w- c:\documents and settings\solo & kad\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-23 00:26 . 2003-01-15 07:08 -------- d-----w- c:\program files\DesignPro 2000
2009-05-23 00:24 . 2007-04-30 22:45 -------- d-----w- c:\program files\adslTV
2009-05-23 00:24 . 2003-03-27 21:16 -------- d-----w- c:\program files\Fichiers communs\Symantec Shared
2009-05-23 00:21 . 2005-11-15 18:18 -------- d-----w- c:\program files\BitComet
2009-05-22 23:56 . 2003-01-15 06:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-22 17:43 . 2003-03-27 21:16 -------- d-----w- c:\program files\Symantec
2009-05-21 21:43 . 2004-07-21 21:06 10022 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-04-13 22:33 . 2009-04-13 22:33 -------- d-----w- c:\program files\Bonjour
2009-04-13 22:31 . 2009-04-13 22:29 -------- d-----w- c:\program files\QuickTime
2009-04-06 21:14 . 2009-03-18 22:49 -------- d-----w- c:\program files\Apple Software Update
2009-03-26 13:23 . 2009-04-13 22:23 1900544 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-03-26 13:23 . 2007-10-03 16:57 36864 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-01-14 21:37 . 2006-03-31 21:13 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2009-01-14 21:37 . 2006-03-31 21:13 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-01-14 21:37 . 2008-05-09 11:50 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2009-01-14 21:37 . 2008-05-09 11:50 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2009-01-14 21:37 . 2006-03-31 21:13 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-06-05_00.14.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-05 16:07 . 2009-06-05 16:07 16384 c:\windows\Temp\Perflib_Perfdata_6c8.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="c:\program files\Microsoft Money\System\Money Express.exe" [2001-07-25 192568]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"EM_EXEC"="c:\progra~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-01-28 35328]
"ACTIVBOARD"="c:\apps\ActivBoard\MMKeybd.exe" [2002-06-19 262144]
"ActivSurf"="c:\apps\ActivSurf\4448364\Program\backweb-4448364.exe" [2003-01-15 16384]
"RemoteControl"="c:\windows\System32\rmctrl.exe" [2000-10-16 110592]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-12-14 532480]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-12-14 290816]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2006-09-13 177880]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 206232]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-26 251200]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2003-12-13 225325]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-19 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancer l'utilitaire d'enregistrement.lnk - c:\program files\WiFiConnector\NintendoWFCReg.exe [2006-2-6 1155072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\APPS\\ActivSurf\\4448364\\Program\\backWeb-4448364.exe"= c:\\apps\\ActivSurf\\4448364\\Program\\backweb-4448364.exe
"c:\\Documents and Settings\\solo & kad\\Mes documents\\mircfr\\mircfr\\mirc.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\SPSSInc\\Statistics17\\statistics.com"=
"c:\\Program Files\\SPSSInc\\Statistics17\\statistics.exe"=
"c:\\Program Files\\SPSSInc\\Statistics17\\SPSSWinWrapIDE.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\System32\\rmctrl.exe"=
"c:\\PROGRA~1\\SYMNET~1\\SNDMon.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jusched.exe"=
"c:\\Program Files\\Logitech\\Video\\FxSvr2.exe"=
"c:\\Apps\\ActivBoard\\OSD.exe"=
"c:\\Program Files\\Logitech\\Video\\LogiTray.exe"=
"c:\\WINDOWS\\system32\\netsh.exe"=
"c:\\Apps\\ActivBoard\\MMKeybd.exe"=
"c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=
"c:\\divtools\\unzip\\unzip.exe"=
"c:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIBVE.EXE"=
"c:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe"=
"c:\\Apps\\ActivBoard\\TrayMon.exe"=
"c:\\Program Files\\Fichiers communs\\Real\\Update_OB\\rnathchk.exe"=
"c:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe"=
"c:\\Program Files\\Microsoft Money\\System\\urlmap.exe"=
"c:\\Program Files\\Virtual CD v4 SDK\\system\\vcsplay.exe"=
"c:\\Program Files\\iTunes\\iTunesHelper.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\QuickTime\\QTTask.exe"=
"c:\\WINDOWS\\system32\\LVCOMSX.EXE"= c:\\WINDOWS\\system32\\LVComsX.exe
"c:\\apps\\Adobe\\Acrobat 5.0\\Reader\\AcroRd32.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\Documents and Settings\\solo & kad\\Bureau\\OTMoveIt3.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jucheck.exe"=
"c:\\WINDOWS\\PEV.exe"=
"c:\\PROGRA~1\\MOUSEW~1\\SYSTEM\\EM_EXEC.EXE"=
"c:\\WINDOWS\\system32\\drwtsn32.exe"=
"c:\\DOCUME~1\\SOLO&K~1\\LOCALS~1\\Temp\\winqqky.exe"=
"c:\\DOCUME~1\\SOLO&K~1\\LOCALS~1\\Temp\\brusi.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7593:TCP"= 7593:TCP:BitComet 7593 TCP
"7593:UDP"= 7593:UDP:BitComet 7593 UDP
"18207:TCP"= 18207:TCP:NortonAV
"14790:TCP"= 14790:TCP:NortonAV
"17053:TCP"= 17053:TCP:NortonAV
"16428:TCP"= 16428:TCP:NortonAV
"12094:TCP"= 12094:TCP:NortonAV
"16161:TCP"= 16161:TCP:NortonAV
"15154:TCP"= 15154:TCP:NortonAV
"17769:TCP"= 17769:TCP:NortonAV
"18615:TCP"= 18615:TCP:NortonAV
"17099:TCP"= 17099:TCP:NortonAV
"16624:TCP"= 16624:TCP:NortonAV
"14042:TCP"= 14042:TCP:NortonAV
"13501:TCP"= 13501:TCP:NortonAV
"12666:TCP"= 12666:TCP:NortonAV
"16570:TCP"= 16570:TCP:NortonAV
"17502:TCP"= 17502:TCP:NortonAV
"15401:TCP"= 15401:TCP:NortonAV
"13048:TCP"= 13048:TCP:NortonAV
"14708:TCP"= 14708:TCP:NortonAV
"12292:TCP"= 12292:TCP:NortonAV
"14257:TCP"= 14257:TCP:NortonAV
"16535:TCP"= 16535:TCP:NortonAV
"18739:TCP"= 18739:TCP:NortonAV
"12163:TCP"= 12163:TCP:NortonAV
"18148:TCP"= 18148:TCP:NortonAV
"17868:TCP"= 17868:TCP:NortonAV
"12943:TCP"= 12943:TCP:NortonAV
"16101:TCP"= 16101:TCP:NortonAV
"16251:TCP"= 16251:TCP:NortonAV
"16753:TCP"= 16753:TCP:NortonAV
"15336:TCP"= 15336:TCP:NortonAV
"18647:TCP"= 18647:TCP:NortonAV
"12632:TCP"= 12632:TCP:NortonAV
"15170:TCP"= 15170:TCP:NortonAV
"17090:TCP"= 17090:TCP:NortonAV
"15836:TCP"= 15836:TCP:NortonAV
"17166:TCP"= 17166:TCP:NortonAV
"15233:TCP"= 15233:TCP:NortonAV
"16990:TCP"= 16990:TCP:NortonAV
"17075:TCP"= 17075:TCP:NortonAV
"12489:TCP"= 12489:TCP:NortonAV
"12933:TCP"= 12933:TCP:NortonAV
"14226:TCP"= 14226:TCP:NortonAV
"15048:TCP"= 15048:TCP:NortonAV
"15247:TCP"= 15247:TCP:NortonAV
"16454:TCP"= 16454:TCP:NortonAV
"14550:TCP"= 14550:TCP:NortonAV
"13250:TCP"= 13250:TCP:NortonAV
"15433:TCP"= 15433:TCP:NortonAV
"15524:TCP"= 15524:TCP:NortonAV
"17694:TCP"= 17694:TCP:NortonAV
"12374:TCP"= 12374:TCP:NortonAV
"14274:TCP"= 14274:TCP:NortonAV
"16379:TCP"= 16379:TCP:NortonAV
"16610:TCP"= 16610:TCP:NortonAV
"16062:TCP"= 16062:TCP:NortonAV
"14002:TCP"= 14002:TCP:NortonAV
"17939:TCP"= 17939:TCP:NortonAV
"16422:TCP"= 16422:TCP:NortonAV
"15837:TCP"= 15837:TCP:NortonAV
"12238:TCP"= 12238:TCP:NortonAV
"12756:TCP"= 12756:TCP:NortonAV
"14745:TCP"= 14745:TCP:NortonAV
"12059:TCP"= 12059:TCP:NortonAV
"13540:TCP"= 13540:TCP:NortonAV
"14504:TCP"= 14504:TCP:NortonAV
"16185:TCP"= 16185:TCP:NortonAV
"17627:TCP"= 17627:TCP:NortonAV
"18380:TCP"= 18380:TCP:NortonAV
"18906:TCP"= 18906:TCP:NortonAV
"13762:TCP"= 13762:TCP:NortonAV
"14045:TCP"= 14045:TCP:NortonAV
"12887:TCP"= 12887:TCP:NortonAV
"12719:TCP"= 12719:TCP:NortonAV
"17875:TCP"= 17875:TCP:NortonAV
"18757:TCP"= 18757:TCP:NortonAV
"1851:TCP"= 1851:TCP:saeztun

R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\FWDRV.SYS [19/03/2004 17:15 147456]
R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\Msikbd2k.sys [15/01/2003 09:03 6656]
R1 vcsmpdrv;vcsmpdrv;c:\windows\system32\drivers\vcsmpdrv.sys [15/01/2003 09:09 49232]
R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\mfhnjq.sys --> c:\windows\system32\drivers\mfhnjq.sys [?]
R3 STAC97NA;SigmaTel 3D Environmental Audio;c:\windows\system32\drivers\stac97na.sys [01/01/1980 01:00 296179]
R3 STAC97NH;STAC97NH;c:\windows\system32\drivers\stac97nh.sys [01/01/1980 01:00 231983]
S3 adiusbae;USB ADSL LAN Adapter;c:\windows\system32\DRIVERS\adiusbae.sys --> c:\windows\system32\DRIVERS\adiusbae.sys [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.sys [18/06/2004 11:00 25244]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;c:\windows\system32\drivers\fbxusb32.sys [13/05/2005 19:00 21344]
S3 V90drv;v90drv;c:\windows\system32\drivers\v90drv.sys [01/01/1980 01:00 1432836]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - MDM
*Deregistered* - Netman
*Deregistered* - nhksrv
*Deregistered* - Nla
*Deregistered* - NVSvc
*Deregistered* - PolicyAgent
*Deregistered* - ProtectedStorage
*Deregistered* - RasAuto
*Deregistered* - RasMan
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - SLService
*Deregistered* - Spooler
*Deregistered* - srservice
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - SymWSC
*Deregistered* - TapiSrv
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - upnphost
*Deregistered* - VCSSecS
*Deregistered* - W32Time
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - WmiApSrv
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - c:\apps\IECustom\script.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {1EA1F119-9BCB-4B95-84BB-2B49D00CE9DE} - hxxp://messenger.zonenxt.msn-int.com/binary/MessengerStatsClient.cab
DPF: {8731163E-77B9-4F91-9122-F112521C28AF} - hxxp://mmt.bouyguestelecom.fr/mmawap/jsp/composer/player/mmsPlayer.cab
DPF: {BEC31341-BE4C-4358-B79B-B89A5FCF8885} - hxxp://messenger.zonenxt.msn-int.com/binary/MineSweeper.cab
DPF: {E3CE3CB2-A027-469F-9073-B9440036174F} - hxxp://messenger.zonenxt.msn-int.com/binary/Checkers.cab
FF - ProfilePath - c:\documents and settings\solo & kad\Application Data\Mozilla\Firefox\Profiles\36a4s2zn.default\
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-05 18:10
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1907411925-840360825-1460304000-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@SACL=
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(3404)
c:\docume~1\SOLO&K~1\LOCALS~1\Temp\IadHide3.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\apps\ActivBoard\nhksrv.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Virtual CD v4 SDK\System\vcssecs.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\apps\ActivBoard\Traymon.exe
c:\apps\ActivBoard\osd.exe
c:\program files\Fichiers communs\Real\Update_OB\rnathchk.exe
c:\windows\system32\LVCOMSX.EXE
c:\program files\Logitech\Video\FxSvr2.exe
c:\docume~1\SOLO&K~1\LOCALS~1\temp\winqqky.exe
c:\docume~1\SOLO&K~1\LOCALS~1\temp\brusi.exe
c:\docume~1\SOLO&K~1\LOCALS~1\temp\winufhan.exe
.
**************************************************************************
.
Heure de fin: 2009-06-05 18:52 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-06-05 16:52

Avant-CF: 13 907 849 216 octets libres
Après-CF: 13 794 439 168 octets libres

357 --- E O F --- 2009-05-31 18:08

Réponse 142 / 233

Ororo Messages postés 115 Date d'inscription Statut Membre Dernière intervention

Voici le lien

http://www.cijoint.fr/cjlink.php?file=cj200906/cijyfDL5Lc.txt

Réponse 143 / 233

Utilisateur anonyme

il me faut ceci aussi :

==> Télécharge OAD (de Laur3n7!)

- Enregistre le sur ton bureau

Double clique sur le OAD pour le lancer

- nom de fichier à rechercher ,tapes : IadHide3
- Type de recherche : sélectionne l'option 6 puis valide [entree]

OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ai terminé.
Le rapport de recherche s'affichera automatiquement à dès qu'il en aura terminé.

- Fais un copier / coller de ce rapport dans ton prochain post.

Note importante : Suivant la taille des disques dur cette recherche peut prendre plusieurs minutes. Sois patient

Réponse 144 / 233

Ororo Messages postés 115 Date d'inscription Statut Membre Dernière intervention

OAD ne se lance pas, comme la dernière fois.
Je vois furtivement un petit écran noir qui disparaît.

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 145 / 233

Utilisateur anonyme

Salut ,

Fais lui faire Toolcleaner et un scan en ligne (bitdefender) pour y voir + clair ..

Réponse 146 / 233

Utilisateur anonyme

ok fais ce que dit Chiquitine Ororo :

http://www.commentcamarche.net/telecharger/telechargement 34055291 toolscleaner
---> Télécharge ToolsCleaner2 sur ton Bureau.
* Double-clique sur ToolsCleaner2.exe pour le lancer.
* Clique sur Recherche et laisse le scan agir.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options Facultatives.
* Clique sur Quitter pour obtenir le rapport.
* Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
_________________________________________________

-> Scan BitDefender

Fais une analyse antivirus en ligne sur BitDefender on line avec Internet Explorer

* Clique en bas à gauche sur Scan on line.
* Accepte la licence et laisse-le installer l'Active x..
* Laisse-toi guider. Colle son rapport ici.

Aide

Réponse 147 / 233

Ororo Messages postés 115 Date d'inscription Statut Membre Dernière intervention

Rapport TCleaner

[ Rapport ToolsCleaner version 2.3.5 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\Combofix.txt: trouvé !
C:\SDFIX: trouvé !
C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\solo & kad\Bureau\SdFix.exe: trouvé !
C:\Documents and Settings\solo & kad\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\solo & kad\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\solo & kad\Bureau\HJTInstall.exe: trouvé !
C:\Documents and Settings\solo & kad\Bureau\OAD.exe: trouvé !
C:\Documents and Settings\solo & kad\Bureau\OTMoveIt3.exe: trouvé !
C:\Documents and Settings\solo & kad\Bureau\Rsit.exe: trouvé !
C:\Documents and Settings\solo & kad\Mes documents\HJTInstall.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !

---------------------------------
--> Suppression:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\solo & kad\Bureau\SdFix.exe: supprimé !
C:\Documents and Settings\solo & kad\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\solo & kad\Bureau\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Documents and Settings\solo & kad\Bureau\HJTInstall.exe: supprimé !
C:\Documents and Settings\solo & kad\Mes documents\HJTInstall.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\Documents and Settings\solo & kad\Bureau\OAD.exe: supprimé !
C:\Documents and Settings\solo & kad\Bureau\OTMoveIt3.exe: supprimé !
C:\Documents and Settings\solo & kad\Bureau\Rsit.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\SDFIX: supprimé !
C:\Qoobox: supprimé !
C:\_OtMoveIt: supprimé !
C:\Rsit: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

Concernant le scan en ligne, il m'est impossible d'accéder au site de Bitdefender
C'est égalament le cas d'autres sites en ligne. Encore la faute à cette infection !!

Réponse 148 / 233

Utilisateur anonyme

ok ,

refais ceci stp :

▶ Télécharge random's system information tool (RSIT) et sauvegarde-le sur le Bureau.

• Double-clique sur RSIT.exe afin de lancer RSIT.

• Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions).

• Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

• Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

• Poste le contenu de log.txt .

Réponse 149 / 233

Ororo Messages postés 115 Date d'inscription Statut Membre Dernière intervention

Voici le fichier log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by solo & kad at 2009-06-05 22:39:56
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 13 GB (18%) free of 74 GB
Total RAM: 255 MB (45% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-12-13 2436160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-28 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]
C:\Program Files\Microsoft Money\System\mnyviewer.dll [2001-07-25 143420]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-12-13 2436160]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"EM_EXEC"=C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE [2002-01-28 35328]
"ACTIVBOARD"=C:\Apps\ActivBoard\MMKeybd.exe [2002-06-19 262144]
"ActivSurf"=C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe [2003-01-15 16384]
"RemoteControl"=C:\WINDOWS\System32\rmctrl.exe [2000-10-16 110592]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"LogitechVideoRepair"=C:\Program Files\Logitech\Video\ISStart.exe [2004-12-14 532480]
"LogitechVideoTray"=C:\Program Files\Logitech\Video\LogiTray.exe [2004-12-14 290816]
"Symantec NetDriver Monitor"=C:\PROGRA~1\SYMNET~1\SNDMon.exe [2006-09-13 177880]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 206232]
"AppleSyncNotifier"=C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-03-26 251200]
"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2003-12-13 225325]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"=C:\Program Files\Microsoft Money\System\Money Express.exe [2001-07-25 192568]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-20 15360]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Lancer l'utilitaire d'enregistrement.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=1
"DisableRegistryTools"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoDriveAutoRun"=
"HonorAutoRunSetting"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\APPS\ActivSurf\4448364\Program\backWeb-4448364.exe"="C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe:*:Enabled:ipsec"
"C:\Documents and Settings\solo & kad\Mes documents\mircfr\mircfr\mirc.exe"="C:\Documents and Settings\solo & kad\Mes documents\mircfr\mircfr\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealOne Player"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Disabled:Skype"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\Program Files\WiFiConnector\NintendoWFCReg.exe"="C:\Program Files\WiFiConnector\NintendoWFCReg.exe:*:Enabled:ipsec"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\SPSSInc\Statistics17\statistics.com"="C:\Program Files\SPSSInc\Statistics17\statistics.com:*:Disabled:Statistics17:com"
"C:\Program Files\SPSSInc\Statistics17\statistics.exe"="C:\Program Files\SPSSInc\Statistics17\statistics.exe:*:Disabled:Statistics17:exe"
"C:\Program Files\SPSSInc\Statistics17\SPSSWinWrapIDE.exe"="C:\Program Files\SPSSInc\Statistics17\SPSSWinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\WINDOWS\System32\rmctrl.exe"="C:\WINDOWS\System32\rmctrl.exe:*:Enabled:ipsec"
"C:\PROGRA~1\SYMNET~1\SNDMon.exe"="C:\PROGRA~1\SYMNET~1\SNDMon.exe:*:Enabled:ipsec"
"C:\Program Files\Java\jre6\bin\jusched.exe"="C:\Program Files\Java\jre6\bin\jusched.exe:*:Enabled:ipsec"
"C:\Program Files\Logitech\Video\FxSvr2.exe"="C:\Program Files\Logitech\Video\FxSvr2.exe:*:Enabled:ipsec"
"C:\Apps\ActivBoard\OSD.exe"="C:\Apps\ActivBoard\OSD.exe:*:Enabled:ipsec"
"C:\Program Files\Logitech\Video\LogiTray.exe"="C:\Program Files\Logitech\Video\LogiTray.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\netsh.exe"="C:\WINDOWS\system32\netsh.exe:*:Enabled:ipsec"
"C:\Apps\ActivBoard\MMKeybd.exe"="C:\Apps\ActivBoard\MMKeybd.exe:*:Enabled:ipsec"
"C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe:*:Enabled:ipsec"
"C:\divtools\unzip\unzip.exe"="C:\divtools\unzip\unzip.exe:*:Enabled:ipsec"
"C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE:*:Enabled:ipsec"
"C:\Program Files\MessengerPlus! 3\MsgPlus.exe"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe:*:Enabled:ipsec"
"C:\Apps\ActivBoard\TrayMon.exe"="C:\Apps\ActivBoard\TrayMon.exe:*:Enabled:ipsec"
"C:\Program Files\Fichiers communs\Real\Update_OB\rnathchk.exe"="C:\Program Files\Fichiers communs\Real\Update_OB\rnathchk.exe:*:Enabled:ipsec"
"C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe:*:Enabled:ipsec"
"C:\Program Files\Microsoft Money\System\urlmap.exe"="C:\Program Files\Microsoft Money\System\urlmap.exe:*:Enabled:ipsec"
"C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"="C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe:*:Enabled:ipsec"
"C:\Program Files\iTunes\iTunesHelper.exe"="C:\Program Files\iTunes\iTunesHelper.exe:*:Enabled:ipsec"
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:ipsec"
"C:\Program Files\QuickTime\QTTask.exe"="C:\Program Files\QuickTime\QTTask.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\LVCOMSX.EXE"="C:\WINDOWS\system32\LVComsX.exe:*:Enabled:ipsec"
"C:\apps\Adobe\Acrobat 5.0\Reader\AcroRd32.exe"="C:\apps\Adobe\Acrobat 5.0\Reader\AcroRd32.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\wuauclt.exe"="C:\WINDOWS\system32\wuauclt.exe:*:Enabled:ipsec"
"C:\Documents and Settings\solo & kad\Bureau\OTMoveIt3.exe"="C:\Documents and Settings\solo & kad\Bureau\OTMoveIt3.exe:*:Enabled:ipsec"
"C:\Program Files\Java\jre6\bin\jucheck.exe"="C:\Program Files\Java\jre6\bin\jucheck.exe:*:Enabled:ipsec"
"C:\WINDOWS\PEV.exe"="C:\WINDOWS\PEV.exe:*:Enabled:ipsec"
"C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE"="C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE:*:Enabled:ipsec"
"C:\WINDOWS\system32\drwtsn32.exe"="C:\WINDOWS\system32\drwtsn32.exe:*:Enabled:ipsec"
"C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\winqqky.exe"="C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\winqqky.exe:*:Enabled:ipsec"
"C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\brusi.exe"="C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\brusi.exe:*:Enabled:ipsec"
"C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\winwxlq.exe"="C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\winwxlq.exe:*:Enabled:ipsec"
"C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\windjqpb.exe"="C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\windjqpb.exe:*:Enabled:ipsec"
"C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\cghnb.exe"="C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\cghnb.exe:*:Enabled:ipsec"
"C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\ysmmqv.exe"="C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\ysmmqv.exe:*:Enabled:ipsec"
"C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\orbiy.exe"="C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\orbiy.exe:*:Enabled:ipsec"
"C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\hnsrfi.exe"="C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\hnsrfi.exe:*:Enabled:ipsec"
"C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\winslve.exe"="C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\winslve.exe:*:Enabled:ipsec"
"C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\winkhtbhb.exe"="C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\winkhtbhb.exe:*:Enabled:ipsec"
"C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\windvbcf.exe"="C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\windvbcf.exe:*:Enabled:ipsec"
"C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\winfogqb.exe"="C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\winfogqb.exe:*:Enabled:ipsec"
"C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\gxocw.exe"="C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\gxocw.exe:*:Enabled:ipsec"
"C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\wintjth.exe"="C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\wintjth.exe:*:Enabled:ipsec"
"C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\winuylqpg.exe"="C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\winuylqpg.exe:*:Enabled:ipsec"
"C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\dwbjw.exe"="C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\dwbjw.exe:*:Enabled:ipsec"
"C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\winxcen.exe"="C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\winxcen.exe:*:Enabled:ipsec"
"C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\windwfv.exe"="C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\windwfv.exe:*:Enabled:ipsec"
"C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\winukfheg.exe"="C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\winukfheg.exe:*:Enabled:ipsec"
"C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\fpcox.exe"="C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\fpcox.exe:*:Enabled:ipsec"
"C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\winwehto.exe"="C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\winwehto.exe:*:Enabled:ipsec"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28fefb21-1640-11dd-9bdd-0020ed5dc423}]
shell\AutOplAy\command - F:\trqfq.exe
shell\AutoRun\command - F:\trqfq.exe
shell\explOre\command - F:\trqfq.exe
shell\opEn\command - F:\trqfq.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb36465c-4860-11dd-9c42-0020ed5dc423}]
shell\AUtOplAy\command - E:\whwv.pif
shell\AutoRun\command - E:\whwv.pif
shell\eXplOre\command - E:\whwv.pif
shell\opEn\command - E:\whwv.pif

======List of files/folders created in the last 2 months======

2009-06-05 22:39:56 ----D---- C:\rsit
2009-06-05 22:20:11 ----A---- C:\TCleaner.txt
2009-06-05 01:01:46 ----A---- C:\WINDOWS\PEV.exe
2009-06-03 19:17:54 ----A---- C:\del.txt
2009-06-01 22:56:58 ----D---- C:\Program Files\CCleaner
2009-05-26 00:50:36 ----RASHD---- C:\autorun.inf
2009-05-25 03:43:24 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-05-25 03:42:54 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-05-25 03:37:47 ----D---- C:\WINDOWS\ie7updates
2009-05-25 03:33:48 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-05-25 03:32:36 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-05-25 03:08:02 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-05-25 03:04:56 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-05-24 02:12:19 ----D---- C:\Program Files\Trend Micro
2009-05-23 10:15:59 ----D---- C:\WINDOWS\WBEM
2009-05-23 10:15:58 ----D---- C:\WINDOWS\system32\fr-fr
2009-05-23 10:13:03 ----HDC---- C:\WINDOWS\ie7
2009-05-23 10:12:08 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2009-05-23 10:10:22 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2009-05-23 10:08:01 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2009-05-23 10:06:07 ----N---- C:\WINDOWS\system32\xmllite.dll
2009-05-23 01:56:42 ----D---- C:\Program Files\ToniArts
2009-05-22 21:42:54 ----D---- C:\Documents and Settings\solo & kad\Application Data\Yahoo!
2009-05-22 21:42:53 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2009-05-22 21:42:44 ----D---- C:\Program Files\Yahoo!
2009-05-13 00:26:00 ----D---- C:\Program Files\Vilma
2009-05-12 23:06:56 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-12 20:38:37 ----D---- C:\Documents and Settings\solo & kad\Application Data\Malwarebytes
2009-05-12 20:38:16 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-12 20:38:16 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-05-11 22:33:34 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-05-10 20:44:08 ----A---- C:\WINDOWS\zip.exe
2009-05-10 20:44:08 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-05-10 20:44:08 ----A---- C:\WINDOWS\SWSC.exe
2009-05-10 20:44:08 ----A---- C:\WINDOWS\SWREG.exe
2009-05-10 20:44:08 ----A---- C:\WINDOWS\sed.exe
2009-05-10 20:44:08 ----A---- C:\WINDOWS\NIRCMD.exe
2009-05-10 20:44:08 ----A---- C:\WINDOWS\grep.exe
2009-05-10 20:43:56 ----D---- C:\WINDOWS\ERDNT
2009-04-18 14:03:21 ----D---- C:\WINDOWS\system32\LogFiles
2009-04-14 00:33:39 ----D---- C:\Program Files\Bonjour
2009-04-14 00:29:40 ----D---- C:\Program Files\QuickTime
2009-04-14 00:23:44 ----A---- C:\WINDOWS\system32\usbaaplrc.dll

======List of files/folders modified in the last 2 months======

2009-06-05 22:32:01 ----D---- C:\WINDOWS\Prefetch
2009-06-05 18:52:44 ----D---- C:\WINDOWS\system32\drivers
2009-06-05 18:52:44 ----AD---- C:\WINDOWS\system32
2009-06-05 18:52:39 ----D---- C:\WINDOWS\Temp
2009-06-05 18:32:57 ----D---- C:\WINDOWS\system32\CatRoot2
2009-06-05 18:11:16 ----D---- C:\WINDOWS
2009-06-05 18:11:16 ----A---- C:\WINDOWS\system.ini
2009-06-05 18:11:02 ----AD---- C:\Program Files\Fichiers communs
2009-06-05 18:11:02 ----AD---- C:\Program Files
2009-06-05 18:01:02 ----D---- C:\WINDOWS\AppPatch
2009-06-05 17:49:43 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-06-05 01:19:09 ----D---- C:\WINDOWS\system32\config
2009-06-02 20:35:40 ----D---- C:\WINDOWS\Minidump
2009-06-02 20:11:30 ----SHD---- C:\System Volume Information
2009-06-02 20:11:30 ----D---- C:\WINDOWS\system32\Restore
2009-06-02 04:09:12 ----SHD---- C:\WINDOWS\Installer
2009-06-02 04:09:09 ----D---- C:\Config.Msi
2009-05-31 23:18:14 ----D---- C:\WINDOWS\Help
2009-05-31 10:49:09 ----D---- C:\WINDOWS\Debug
2009-05-30 23:00:51 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-05-28 18:42:05 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-05-26 03:20:19 ----D---- C:\WINDOWS\system32\CatRoot
2009-05-26 03:19:53 ----HD---- C:\WINDOWS\inf
2009-05-26 01:34:53 ----D---- C:\Program Files\Mozilla Firefox
2009-05-25 08:45:25 ----D---- C:\Program Files\Internet Explorer
2009-05-25 08:45:24 ----D---- C:\WINDOWS\system32\wbem
2009-05-25 03:42:20 ----HD---- C:\WINDOWS\$hf_mig$
2009-05-25 00:22:08 ----SD---- C:\WINDOWS\Tasks
2009-05-23 10:15:45 ----D---- C:\WINDOWS\Media
2009-05-23 02:26:34 ----D---- C:\WINDOWS\system32\oobe
2009-05-23 02:26:34 ----D---- C:\Program Files\DesignPro 2000
2009-05-23 02:26:33 ----SHD---- C:\DRIVERS
2009-05-23 02:24:23 ----D---- C:\Program Files\Fichiers communs\Symantec Shared
2009-05-23 02:24:23 ----D---- C:\Program Files\adslTV
2009-05-23 02:21:49 ----D---- C:\Program Files\BitComet
2009-05-23 02:21:18 ----D---- C:\WINDOWS\repair
2009-05-23 01:56:22 ----HD---- C:\Program Files\InstallShield Installation Information
2009-05-22 19:43:59 ----D---- C:\Program Files\Symantec
2009-05-22 19:28:37 ----A---- C:\WINDOWS\msiosd.ini
2009-05-17 13:47:57 ----A---- C:\WINDOWS\ActiveSurfUI.INI
2009-05-16 23:07:25 ----SD---- C:\Documents and Settings\solo & kad\Application Data\Microsoft
2009-05-11 23:10:32 ----D---- C:\APPS
2009-05-07 00:16:30 ----A---- C:\WINDOWS\system32\MRT.exe
2009-04-14 00:24:26 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-04-14 00:24:06 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-04-06 23:14:17 ----D---- C:\Program Files\Apple Software Update

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 fwdrv;Firewall Driver; C:\WINDOWS\system32\drivers\fwdrv.sys [2004-03-19 147456]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-20 40320]
R1 msikbd2k;Multimedia Keyboard Filter Driver; C:\WINDOWS\System32\DRIVERS\msikbd2k.sys [2001-12-20 6656]
R1 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-04-08 54272]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2005-04-05 267192]
R1 vcsmpdrv;vcsmpdrv; C:\WINDOWS\System32\DRIVERS\vcsmpdrv.sys [2002-06-07 49232]
R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-28 12032]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R3 abp470n5;abp470n5; \??\C:\WINDOWS\system32\drivers\mfhnjq.sys []
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-28 9600]
R3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\LHidFlt2.sys [2002-01-28 22210]
R3 LKbdFlt2;Logitech Keyboard Class Filter Driver; C:\WINDOWS\System32\DRIVERS\LKbdFlt2.sys [2002-01-28 5842]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\System32\DRIVERS\LMouFlt2.sys [2002-01-28 67698]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2004-10-11 22016]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-28 12288]
R3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\System32\DRIVERS\Mtlmnt5.sys [2001-11-29 172708]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 PID_0928;Labtec WebCam(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS [2004-10-11 211712]
R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [2002-03-26 45568]
R3 Slntamr;SmartLink AMR_PCI Driver; C:\WINDOWS\System32\DRIVERS\slntamr.sys [2001-12-05 322948]
R3 SlWdmSup;SlWdmSup; C:\WINDOWS\System32\DRIVERS\SlWdmSup.sys [2001-11-29 33028]
R3 STAC97NA;SigmaTel 3D Environmental Audio; C:\WINDOWS\system32\drivers\stac97na.sys [2002-09-20 296179]
R3 STAC97NH;STAC97NH; C:\WINDOWS\system32\drivers\stac97nh.sys [2002-09-20 231983]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB Root Hub (usbport); C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R4 catchme;catchme; \??\C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\catchme.sys []
S1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2004-08-20 41600]
S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2004-08-20 14848]
S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys []
S3 adiusbae;USB ADSL LAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbae.sys []
S3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\System32\DRIVERS\adiusbaw.sys [2002-11-22 122505]
S3 ASPI;Advanced SCSI Programming Interface Driver; \??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys []
S3 BthEnum;Pilote de bloc de demande Bluetooth; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-04 17024]
S3 BTHMODEM;Pilote de communication série Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2004-08-04 38016]
S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-04 100992]
S3 BTHPORT;Pilote de port Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272768]
S3 BTHUSB;Pilote USB radio Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-04 18944]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\System32\drivers\CDAC15BA.SYS []
S3 fbxusb;Carte réseau virtuelle FreeBox USB; C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 21344]
S3 l8042pr2;Logitech PS/2 Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\L8042Pr2.sys [2002-01-28 50994]
S3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 Mtlstrm;Mtlstrm; C:\WINDOWS\System32\DRIVERS\Mtlstrm.sys [2001-11-29 2383460]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NAVENG;NAVENG; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20030626.018\NAVENG.Sys []
S3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20030626.018\NavEx15.Sys []
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 NtMtlFax;NtMtlFax; C:\WINDOWS\System32\DRIVERS\NtMtlFax.sys [2001-11-29 607732]
S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-04 59648]
S3 RT25USBAP;Nintendo Wi-Fi USB Connector Service; C:\WINDOWS\system32\DRIVERS\rt25usbap.sys [2005-10-25 162816]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 SlNtHal;SlNtHal; C:\WINDOWS\System32\DRIVERS\Slnthal.sys [2001-11-29 175160]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2005-04-05 11512]
S3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2005-04-05 36984]
S3 SYMIDSCO;SYMIDSCO; \??\C:\WINDOWS\System32\Drivers\SYMIDSCO.SYS []
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2005-04-05 17976]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-03-26 36864]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 V90drv;v90drv; C:\WINDOWS\System32\DRIVERS\v90drv.sys [2001-11-29 1432836]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-20 14336]
R2 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\WINDOWS\System32\drivers\CDAC11BA.EXE [2003-02-09 39936]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 nhksrv;Netropa NHK Server; C:\Apps\ActivBoard\nhksrv.exe [2001-08-06 28672]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
R2 VCSSecS;Virtual CD v4 Security service (SDK - Version); C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 139264]
S2 SLService;SmartLinkService; C:\WINDOWS\system32\slserv.exe [2001-11-29 45056]
S2 SymProxySvc;Norton Internet Security Proxy Service; C:\Program Files\Norton Internet Security\SymProxySvc.exe []
S2 SymWSC;SymWMI Service; C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe [2004-11-02 316544]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-13 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 iPod Service;Service de l'iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-07-10 532264]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

Réponse 150 / 233

Utilisateur anonyme

Rends toi sur ce site :

https://www.virustotal.com/gui/

Clique sur parcourir et cherche ce fichier : C:\WINDOWS\explorer.exe

Clique sur Send File.

Un rapport va s'élaborer ligne à ligne.

Attends la fin. Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copie le dans ta réponse.

Réponse 151 / 233

Ororo Messages postés 115 Date d'inscription Statut Membre Dernière intervention

Impossible d'accéder au site.
La page ne se charge pas complètement.

Réponse 152 / 233

Utilisateur anonyme

ok

je vais te demander 4 rapport (désolé)

Télécharger OAD (Outil d'Aide au Diagnostic) : http://sosvirus.changelog.fr/OAD.exe
→ Enregistre-le sur ton bureau
→ Double clique sur OAD.exe pour le lancer.
→ Saisir la valeur recherchée -> ' fwdrv.sys ' ( fait un copier/coller )
→ Type de recherche : sélectionner l'option 6 puis valide [entrée]
→ OAD va maintenant rechercher le fichier.
→ Laisse-le travailler jusqu'à ce qu'il en ait terminé.
→ Suivant la taille des disques durs, cette recherche peut prendre plusieurs minutes.

------------- Patienter. --------------

→ Le rapport de recherche s'affichera automatiquement dès qu'il en aura terminé.
→ Faire un copier/coller de ce rapport dans ton prochain post.

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

recommence avec :

vcsmpdrv.sys

Msikbd2k.sys

mfhnjq.sys

Réponse 153 / 233

Ororo Messages postés 115 Date d'inscription Statut Membre Dernière intervention

Avec Gen, on avait déjà tenter OAD mais le programme ne se lançait pas;
Je viens de ressayer : petite fenêtre noire qui apparaît pendant 1 seconde puis disparaît et après plus rien !

Réponse 154 / 233

Utilisateur anonyme

ok tant pis ,

● Télécharge DDS de sUBs sur le bureau:

(.scr) https://download.bleepingcomputer.com/sUBs/dds.scr
(.pif) https://forospyware.com
(.com) http://www.techsupportforum.com/sectools/sUBs/dds/

(!) L'outil ne nécessite pas d'installation.

Lances-le en cliquant sur l'icône.

Cette fenêtre DOS va apparaitre : https://i75.servimg.com/u/f75/11/05/93/83/ddsdos10.jpg

Le scan ne doit pas dépasser trois minutes.
Un premier rapport va s'ouvrir que tu enregistreras sous DDS.txt par défaut sur le bureau.
Il te sera demandé si tu veux faire le scan optionnel.
Accepte par Oui

Un nouveau rapport s'ouvre que tu enregistres sous Attach.txt sur le bureau.
Tu ne le fourniras que si nécessaire.
Poste moi le rapport DDS.txt.

Réponse 155 / 233

Ororo Messages postés 115 Date d'inscription Statut Membre Dernière intervention

Rapport DDS.txt

DDS (Ver_09-05-14.01) - NTFSx86
Run by solo & kad at 23:13:53,37 on 05/06/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.255.98 [GMT 2:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
svchost.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Apps\ActivBoard\MMKeybd.exe
C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe
C:\WINDOWS\System32\rmctrl.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\Program Files\Fichiers communs\Real\Update_OB\rnathchk.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\winqqky.exe
C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\brusi.exe
C:\WINDOWS\explorer.exe
C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\winufhan.exe
C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\rifhec.exe
C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\winpdtwj.exe
C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\winlcahjb.exe
C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\winoarfr.exe
C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\winqcfxu.exe
C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\dbirs.exe
C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\winkuhck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\solo & kad\Bureau\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: {fdd3b846-8d59-4ffb-8758-209b6ad74acc} - c:\program files\microsoft money\system\mnyviewer.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MoneyAgent] ""c:\program files\microsoft money\system\Money Express.exe""
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [EM_EXEC] c:\progra~1\mousew~1\system\EM_EXEC.EXE
mRun: [ACTIVBOARD] c:\apps\activboard\MMKeybd.exe
mRun: [ActivSurf] c:\apps\activsurf\4448364\program\backweb-4448364.exe
mRun: [RemoteControl] c:\windows\system32\rmctrl.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
mRun: [Symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe /Consumer
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AppleSyncNotifier] c:\program files\fichiers communs\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [TkBellExe] "c:\program files\fichiers communs\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menudé~1\progra~1\démarr~1\lancer~1.lnk - c:\program files\wificonnector\NintendoWFCReg.exe
uPolicies-system: DisableTaskMgr = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - c:\apps\iecustom\script.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {301DA1EE-F65C-4188-A417-9E915CC8FBFA} - c:\program files\microsoft money\system\mnyviewer.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00000161-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/msaudio.cab
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1EA1F119-9BCB-4B95-84BB-2B49D00CE9DE} - hxxp://messenger.zonenxt.msn-int.com/binary/MessengerStatsClient.cab
DPF: {27527D31-447B-11D5-A46E-0001023B4289} - hxxp://gamingzone.ubisoft.com/dev/packages/GSManager.cab
DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
DPF: {41564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} - hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fr/filesharingctrl.cab
DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} - hxxp://www.gocyberlink.com/winxp/CheckDVD.cab
DPF: {8731163E-77B9-4F91-9122-F112521C28AF} - hxxp://mmt.bouyguestelecom.fr/mmawap/jsp/composer/player/mmsPlayer.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab
DPF: {BEC31341-BE4C-4358-B79B-B89A5FCF8885} - hxxp://messenger.zonenxt.msn-int.com/binary/MineSweeper.cab
DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_01-windows-i586.cab
DPF: {CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_05-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E3CE3CB2-A027-469F-9073-B9440036174F} - hxxp://messenger.zonenxt.msn-int.com/binary/Checkers.cab
DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} - hxxp://by1fd.bay1.hotmail.msn.com/activex/HMAtchmt.ocx
DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - hxxp://fdl.msn.com/public/chat/msnchat45.cab
DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab
DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} - hxxp://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\fichiers communs\microsoft shared\web folders\PKMCDO.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\solo&k~1\applic~1\mozilla\firefox\profiles\36a4s2zn.default\

============= SERVICES / DRIVERS ===============

R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\FWDRV.SYS [2004-3-19 147456]
R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\Msikbd2k.sys [2003-1-15 6656]
R1 vcsmpdrv;vcsmpdrv;c:\windows\system32\drivers\vcsmpdrv.sys [2003-1-15 49232]
R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\mfhnjq.sys --> c:\windows\system32\drivers\mfhnjq.sys [?]
R3 STAC97NA;SigmaTel 3D Environmental Audio;c:\windows\system32\drivers\stac97na.sys [1980-1-1 296179]
R3 STAC97NH;STAC97NH;c:\windows\system32\drivers\stac97nh.sys [1980-1-1 231983]
S3 adiusbae;USB ADSL LAN Adapter;c:\windows\system32\drivers\adiusbae.sys --> c:\windows\system32\drivers\adiusbae.sys [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.sys [2004-6-18 25244]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;c:\windows\system32\drivers\fbxusb32.sys [2005-5-13 21344]
S3 NAVENG;NAVENG;\??\c:\progra~1\fichie~1\symant~1\virusd~1\20030626.018\naveng.sys --> c:\progra~1\fichie~1\symant~1\virusd~1\20030626.018\NAVENG.Sys [?]
S3 NAVEX15;NAVEX15;\??\c:\progra~1\fichie~1\symant~1\virusd~1\20030626.018\navex15.sys --> c:\progra~1\fichie~1\symant~1\virusd~1\20030626.018\NavEx15.Sys [?]
S3 V90drv;v90drv;c:\windows\system32\drivers\v90drv.sys [1980-1-1 1432836]

=============== Created Last 30 ================

2009-06-05 01:01 154,624 a------- c:\windows\PEV.exe
2009-06-01 22:56 <DIR> --d----- c:\program files\CCleaner
2009-05-26 00:50 <DIR> a-dshr-- C:\autorun.inf
2009-05-24 10:17 60,416 -------- c:\windows\system32\dllcache\colbact.dll
2009-05-24 10:17 473,088 -------- c:\windows\system32\dllcache\fastprox.dll
2009-05-24 10:17 286,208 -------- c:\windows\system32\dllcache\pdh.dll
2009-05-24 10:17 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-05-24 10:17 35,328 -------- c:\windows\system32\dllcache\sc.exe
2009-05-24 10:17 685,056 -------- c:\windows\system32\dllcache\advapi32.dll
2009-05-24 10:17 399,360 -------- c:\windows\system32\dllcache\rpcss.dll
2009-05-24 10:17 111,104 -------- c:\windows\system32\dllcache\services.exe
2009-05-24 10:17 739,840 -------- c:\windows\system32\dllcache\ntdll.dll
2009-05-24 10:17 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-05-24 10:16 351,232 -------- c:\windows\system32\dllcache\winhttp.dll
2009-05-24 10:16 1,193,414 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-05-24 10:16 219,136 -------- c:\windows\system32\dllcache\wordpad.exe
2009-05-24 02:12 <DIR> --d----- c:\program files\Trend Micro
2009-05-23 10:15 <DIR> --d----- c:\windows\system32\fr-fr
2009-05-23 01:56 <DIR> --d----- c:\program files\ToniArts
2009-05-22 21:42 <DIR> --d----- c:\program files\Yahoo!
2009-05-13 00:26 <DIR> --d----- c:\program files\Vilma
2009-05-12 23:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-05-12 20:38 <DIR> --d----- c:\docume~1\solo&k~1\applic~1\Malwarebytes
2009-05-12 20:38 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-05-12 20:38 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-12 20:38 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-12 20:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-11 23:35 68,608,000 a------- c:\windows\MEMORY.DMP
2009-05-10 20:44 161,792 a------- c:\windows\SWREG.exe
2009-05-10 20:44 98,816 a------- c:\windows\sed.exe

==================== Find3M ====================

2009-06-04 23:27 57,904 a------- c:\docume~1\solo&k~1\applic~1\GDIPFONTCACHEV1.DAT
2009-05-28 18:42 473,864 a------- c:\windows\system32\perfh00C.dat
2009-05-28 18:42 77,468 a------- c:\windows\system32\perfc00C.dat
2009-05-21 23:43 10,022 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-03-26 15:23 1,900,544 a------- c:\windows\system32\usbaaplrc.dll
2009-03-21 16:20 1,051,136 -------- c:\windows\system32\dllcache\kernel32.dll
2008-11-23 14:55 199,680 a------- c:\documents and settings\solo & kad\pp.exe

============= FINISH: 23:15:24,62 ===============

Réponse 156 / 233

Utilisateur anonyme

ok on avance ,

j ai une question : as tu acces au mode sans echec ?

Réponse 157 / 233

Ororo Messages postés 115 Date d'inscription Statut Membre Dernière intervention

Non

Réponse 158 / 233

Utilisateur anonyme

ok

on va réutiliser combofix ,

tu vas devoir faire le scan ,

Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-> Double clique sur combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

Réponse 159 / 233

Ororo Messages postés 115 Date d'inscription Statut Membre Dernière intervention

ça marche, je lance ça tout de suite !

Réponse 160 / 233

Ororo Messages postés 115 Date d'inscription Statut Membre Dernière intervention

Voici le rapport combofix

ComboFix 09-06-05.03 - solo & kad 05/06/2009 23:42.22 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.255.80 [GMT 2:00]
Lancé depuis: c:\documents and settings\solo & kad\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\SOLO&K~1\LOCALS~1\Temp\IadHide3.dll
c:\documents and settings\solo & kad\Local Settings\temp\IadHide3.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-05-05 au 2009-06-05 ))))))))))))))))))))))))))))))))))))
.

2009-06-05 20:39 . 2009-06-05 20:40 -------- d-----w- C:\rsit
2009-06-01 20:56 . 2009-06-01 20:57 -------- d-----w- c:\program files\CCleaner
2009-05-30 20:41 . 2009-05-30 20:42 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-24 08:17 . 2005-07-26 04:39 60416 ------w- c:\windows\system32\dllcache\colbact.dll
2009-05-24 08:17 . 2009-03-06 14:46 286208 ------w- c:\windows\system32\dllcache\pdh.dll
2009-05-24 08:17 . 2009-02-09 10:20 473088 ------w- c:\windows\system32\dllcache\fastprox.dll
2009-05-24 08:17 . 2009-02-06 16:54 35328 ------w- c:\windows\system32\dllcache\sc.exe
2009-05-24 08:17 . 2009-02-06 16:39 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2009-05-24 08:17 . 2009-02-09 10:20 685056 ------w- c:\windows\system32\dllcache\advapi32.dll
2009-05-24 08:17 . 2009-02-09 10:20 399360 ------w- c:\windows\system32\dllcache\rpcss.dll
2009-05-24 08:17 . 2009-02-09 10:08 111104 ------w- c:\windows\system32\dllcache\services.exe
2009-05-24 08:17 . 2009-02-09 10:20 739840 ------w- c:\windows\system32\dllcache\ntdll.dll
2009-05-24 08:17 . 2009-02-09 10:20 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-05-24 08:16 . 2008-12-16 12:49 351232 ------w- c:\windows\system32\dllcache\winhttp.dll
2009-05-24 08:16 . 2008-04-21 21:27 219136 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-05-24 00:12 . 2009-06-05 20:20 -------- d-----w- c:\program files\Trend Micro
2009-05-23 08:15 . 2009-05-25 01:40 -------- d-----w- c:\windows\system32\fr-fr
2009-05-22 23:56 . 2009-05-22 23:56 -------- d-----w- c:\program files\ToniArts
2009-05-22 19:42 . 2009-05-22 19:42 -------- d-----w- c:\documents and settings\solo & kad\Application Data\Yahoo!
2009-05-22 19:42 . 2009-05-22 19:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-05-22 19:42 . 2009-05-22 19:42 -------- d-----w- c:\program files\Yahoo!
2009-05-16 21:07 . 2009-05-16 21:07 133 ----a-w- c:\documents and settings\solo & kad\Local Settings\Application Data\fusioncache.dat
2009-05-16 21:07 . 2009-05-16 21:07 -------- d-----w- c:\documents and settings\solo & kad\Local Settings\Application Data\ApplicationHistory
2009-05-12 22:26 . 2009-05-12 22:26 -------- d-----w- c:\program files\Vilma
2009-05-12 21:06 . 2009-05-28 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-12 18:38 . 2009-05-12 18:38 -------- d-----w- c:\documents and settings\solo & kad\Application Data\Malwarebytes
2009-05-12 18:38 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-12 18:38 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-12 18:38 . 2009-06-03 20:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-12 18:38 . 2009-05-12 18:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-11 20:33 . 2009-05-16 14:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-28 16:42 . 2002-09-10 10:36 77468 ----a-w- c:\windows\system32\perfc00C.dat
2009-05-28 16:42 . 2002-09-10 10:36 473864 ----a-w- c:\windows\system32\perfh00C.dat
2009-05-27 17:50 . 2003-03-22 09:58 57904 ----a-w- c:\documents and settings\solo & kad\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-23 00:26 . 2003-01-15 07:08 -------- d-----w- c:\program files\DesignPro 2000
2009-05-23 00:24 . 2007-04-30 22:45 -------- d-----w- c:\program files\adslTV
2009-05-23 00:24 . 2003-03-27 21:16 -------- d-----w- c:\program files\Fichiers communs\Symantec Shared
2009-05-23 00:21 . 2005-11-15 18:18 -------- d-----w- c:\program files\BitComet
2009-05-22 23:56 . 2003-01-15 06:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-22 17:43 . 2003-03-27 21:16 -------- d-----w- c:\program files\Symantec
2009-05-21 21:43 . 2004-07-21 21:06 10022 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-04-13 22:33 . 2009-04-13 22:33 -------- d-----w- c:\program files\Bonjour
2009-04-13 22:31 . 2009-04-13 22:29 -------- d-----w- c:\program files\QuickTime
2009-03-26 13:23 . 2009-04-13 22:23 1900544 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-03-26 13:23 . 2007-10-03 16:57 36864 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-01-14 21:37 . 2006-03-31 21:13 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2009-01-14 21:37 . 2006-03-31 21:13 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-01-14 21:37 . 2008-05-09 11:50 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2009-01-14 21:37 . 2008-05-09 11:50 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2009-01-14 21:37 . 2006-03-31 21:13 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="c:\program files\Microsoft Money\System\Money Express.exe" [2001-07-25 192568]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"EM_EXEC"="c:\progra~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-01-28 35328]
"ACTIVBOARD"="c:\apps\ActivBoard\MMKeybd.exe" [2002-06-19 262144]
"ActivSurf"="c:\apps\ActivSurf\4448364\Program\backweb-4448364.exe" [2003-01-15 16384]
"RemoteControl"="c:\windows\System32\rmctrl.exe" [2000-10-16 110592]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-12-14 532480]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-12-14 290816]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2006-09-13 177880]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 206232]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-26 251200]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2003-12-13 225325]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-19 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancer l'utilitaire d'enregistrement.lnk - c:\program files\WiFiConnector\NintendoWFCReg.exe [2006-2-6 1155072]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\APPS\\ActivSurf\\4448364\\Program\\backWeb-4448364.exe"= c:\\apps\\ActivSurf\\4448364\\Program\\backweb-4448364.exe
"c:\\Documents and Settings\\solo & kad\\Mes documents\\mircfr\\mircfr\\mirc.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\SPSSInc\\Statistics17\\statistics.com"=
"c:\\Program Files\\SPSSInc\\Statistics17\\statistics.exe"=
"c:\\Program Files\\SPSSInc\\Statistics17\\SPSSWinWrapIDE.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\System32\\rmctrl.exe"=
"c:\\PROGRA~1\\SYMNET~1\\SNDMon.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jusched.exe"=
"c:\\Program Files\\Logitech\\Video\\FxSvr2.exe"=
"c:\\Apps\\ActivBoard\\OSD.exe"=
"c:\\Program Files\\Logitech\\Video\\LogiTray.exe"=
"c:\\WINDOWS\\system32\\netsh.exe"=
"c:\\Apps\\ActivBoard\\MMKeybd.exe"=
"c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=
"c:\\divtools\\unzip\\unzip.exe"=
"c:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIBVE.EXE"=
"c:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe"=
"c:\\Apps\\ActivBoard\\TrayMon.exe"=
"c:\\Program Files\\Fichiers communs\\Real\\Update_OB\\rnathchk.exe"=
"c:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe"=
"c:\\Program Files\\Microsoft Money\\System\\urlmap.exe"=
"c:\\Program Files\\Virtual CD v4 SDK\\system\\vcsplay.exe"=
"c:\\Program Files\\iTunes\\iTunesHelper.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\QuickTime\\QTTask.exe"=
"c:\\WINDOWS\\system32\\LVCOMSX.EXE"= c:\\WINDOWS\\system32\\LVComsX.exe
"c:\\apps\\Adobe\\Acrobat 5.0\\Reader\\AcroRd32.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jucheck.exe"=
"c:\\WINDOWS\\PEV.exe"=
"c:\\PROGRA~1\\MOUSEW~1\\SYSTEM\\EM_EXEC.EXE"=
"c:\\WINDOWS\\system32\\drwtsn32.exe"=
"c:\\ComboFix\\NirCmd.cfexe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7593:TCP"= 7593:TCP:BitComet 7593 TCP
"7593:UDP"= 7593:UDP:BitComet 7593 UDP
"18207:TCP"= 18207:TCP:NortonAV
"14790:TCP"= 14790:TCP:NortonAV
"17053:TCP"= 17053:TCP:NortonAV
"16428:TCP"= 16428:TCP:NortonAV
"12094:TCP"= 12094:TCP:NortonAV
"16161:TCP"= 16161:TCP:NortonAV
"15154:TCP"= 15154:TCP:NortonAV
"17769:TCP"= 17769:TCP:NortonAV
"18615:TCP"= 18615:TCP:NortonAV
"17099:TCP"= 17099:TCP:NortonAV
"16624:TCP"= 16624:TCP:NortonAV
"14042:TCP"= 14042:TCP:NortonAV
"13501:TCP"= 13501:TCP:NortonAV
"12666:TCP"= 12666:TCP:NortonAV
"16570:TCP"= 16570:TCP:NortonAV
"17502:TCP"= 17502:TCP:NortonAV
"15401:TCP"= 15401:TCP:NortonAV
"13048:TCP"= 13048:TCP:NortonAV
"14708:TCP"= 14708:TCP:NortonAV
"12292:TCP"= 12292:TCP:NortonAV
"14257:TCP"= 14257:TCP:NortonAV
"16535:TCP"= 16535:TCP:NortonAV
"18739:TCP"= 18739:TCP:NortonAV
"12163:TCP"= 12163:TCP:NortonAV
"18148:TCP"= 18148:TCP:NortonAV
"17868:TCP"= 17868:TCP:NortonAV
"12943:TCP"= 12943:TCP:NortonAV
"16101:TCP"= 16101:TCP:NortonAV
"16251:TCP"= 16251:TCP:NortonAV
"16753:TCP"= 16753:TCP:NortonAV
"15336:TCP"= 15336:TCP:NortonAV
"18647:TCP"= 18647:TCP:NortonAV
"12632:TCP"= 12632:TCP:NortonAV
"15170:TCP"= 15170:TCP:NortonAV
"17090:TCP"= 17090:TCP:NortonAV
"15836:TCP"= 15836:TCP:NortonAV
"17166:TCP"= 17166:TCP:NortonAV
"15233:TCP"= 15233:TCP:NortonAV
"16990:TCP"= 16990:TCP:NortonAV
"17075:TCP"= 17075:TCP:NortonAV
"12489:TCP"= 12489:TCP:NortonAV
"12933:TCP"= 12933:TCP:NortonAV
"14226:TCP"= 14226:TCP:NortonAV
"15048:TCP"= 15048:TCP:NortonAV
"15247:TCP"= 15247:TCP:NortonAV
"16454:TCP"= 16454:TCP:NortonAV
"14550:TCP"= 14550:TCP:NortonAV
"13250:TCP"= 13250:TCP:NortonAV
"15433:TCP"= 15433:TCP:NortonAV
"15524:TCP"= 15524:TCP:NortonAV
"17694:TCP"= 17694:TCP:NortonAV
"12374:TCP"= 12374:TCP:NortonAV
"14274:TCP"= 14274:TCP:NortonAV
"16379:TCP"= 16379:TCP:NortonAV
"16610:TCP"= 16610:TCP:NortonAV
"16062:TCP"= 16062:TCP:NortonAV
"14002:TCP"= 14002:TCP:NortonAV
"17939:TCP"= 17939:TCP:NortonAV
"16422:TCP"= 16422:TCP:NortonAV
"15837:TCP"= 15837:TCP:NortonAV
"12238:TCP"= 12238:TCP:NortonAV
"12756:TCP"= 12756:TCP:NortonAV
"14745:TCP"= 14745:TCP:NortonAV
"12059:TCP"= 12059:TCP:NortonAV
"13540:TCP"= 13540:TCP:NortonAV
"14504:TCP"= 14504:TCP:NortonAV
"16185:TCP"= 16185:TCP:NortonAV
"17627:TCP"= 17627:TCP:NortonAV
"18380:TCP"= 18380:TCP:NortonAV
"18906:TCP"= 18906:TCP:NortonAV
"13762:TCP"= 13762:TCP:NortonAV
"14045:TCP"= 14045:TCP:NortonAV
"12887:TCP"= 12887:TCP:NortonAV
"12719:TCP"= 12719:TCP:NortonAV
"17875:TCP"= 17875:TCP:NortonAV
"18757:TCP"= 18757:TCP:NortonAV
"1851:TCP"= 1851:TCP:saeztun

R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\FWDRV.SYS [19/03/2004 17:15 147456]
R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\Msikbd2k.sys [15/01/2003 09:03 6656]
R1 vcsmpdrv;vcsmpdrv;c:\windows\system32\drivers\vcsmpdrv.sys [15/01/2003 09:09 49232]
R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\mfhnjq.sys --> c:\windows\system32\drivers\mfhnjq.sys [?]
R3 STAC97NA;SigmaTel 3D Environmental Audio;c:\windows\system32\drivers\stac97na.sys [01/01/1980 01:00 296179]
R3 STAC97NH;STAC97NH;c:\windows\system32\drivers\stac97nh.sys [01/01/1980 01:00 231983]
S3 adiusbae;USB ADSL LAN Adapter;c:\windows\system32\DRIVERS\adiusbae.sys --> c:\windows\system32\DRIVERS\adiusbae.sys [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.sys [18/06/2004 11:00 25244]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;c:\windows\system32\drivers\fbxusb32.sys [13/05/2005 19:00 21344]
S3 V90drv;v90drv;c:\windows\system32\drivers\v90drv.sys [01/01/1980 01:00 1432836]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - Apple Mobile Device
*Deregistered* - AudioSrv
*Deregistered* - BITS
*Deregistered* - Browser
*Deregistered* - BthServ
*Deregistered* - C-DillaCdaC11BA
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - helpsvc
*Deregistered* - HidServ
*Deregistered* - HTTPFilter
*Deregistered* - JavaQuickStarterService
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - MDM
*Deregistered* - Netman
*Deregistered* - nhksrv
*Deregistered* - Nla
*Deregistered* - NVSvc
*Deregistered* - PolicyAgent
*Deregistered* - ProtectedStorage
*Deregistered* - RasAuto
*Deregistered* - RasMan
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - SLService
*Deregistered* - Spooler
*Deregistered* - srservice
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - SymWSC
*Deregistered* - TapiSrv
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - upnphost
*Deregistered* - VCSSecS
*Deregistered* - W32Time
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - WmiApSrv
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC
.
- - - - ORPHELINS SUPPRIMES - - - -

SafeBoot-procexp90.Sys

.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - c:\apps\IECustom\script.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {1EA1F119-9BCB-4B95-84BB-2B49D00CE9DE} - hxxp://messenger.zonenxt.msn-int.com/binary/MessengerStatsClient.cab
DPF: {8731163E-77B9-4F91-9122-F112521C28AF} - hxxp://mmt.bouyguestelecom.fr/mmawap/jsp/composer/player/mmsPlayer.cab
DPF: {BEC31341-BE4C-4358-B79B-B89A5FCF8885} - hxxp://messenger.zonenxt.msn-int.com/binary/MineSweeper.cab
DPF: {E3CE3CB2-A027-469F-9073-B9440036174F} - hxxp://messenger.zonenxt.msn-int.com/binary/Checkers.cab
FF - ProfilePath - c:\documents and settings\solo & kad\Application Data\Mozilla\Firefox\Profiles\36a4s2zn.default\
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-05 23:59
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1907411925-840360825-1460304000-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@SACL=
.
------------------------ Autres processus actifs ------------------------
.
c:\apps\ActivBoard\nhksrv.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Virtual CD v4 SDK\System\vcssecs.exe
c:\windows\system32\rundll32.exe
c:\apps\ActivBoard\Traymon.exe
c:\apps\ActivBoard\osd.exe
c:\program files\Fichiers communs\Real\Update_OB\rnathchk.exe
c:\windows\system32\LVCOMSX.EXE
c:\program files\Logitech\Video\FxSvr2.exe
.
**************************************************************************
.
Heure de fin: 2009-06-05 0:43 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-06-05 22:43

Avant-CF: 13 698 342 912 octets libres
Après-CF: 13 655 830 528 octets libres

361 --- E O F --- 2009-05-31 18:08

Votre réponse