Trojan Virtumonde impossible à supprimer! Fermé

Question

Bonjour, 
Si quelqu'un pouvait m'aider, svp...
Voici mon GROS problème : le cheval de Troie « Virtumonde » alias « Vundo » !!!
Il s'est installé sur mon ordinateur du boulot (voyez comme c'est gênant) et ne veut plus en partir ; du coup mon système ralentit d'un façon considérable, des fenêtres pub internet s'ouvrent toutes seules en plein milieu de mon travail et même que parfois il me redirige tout seul sur des sites publicitaires.... L'antivirus de l'entreprise l'a détecté mais ne peut le supprimer, c'est E-Trust, antivirus en ligne.
J'ai essayé de m'en débarrasser de toutes les manières possibles : Malwarebytes Anti-Malware, Spybot, C-Cleaner,...RIEN A FAIRE, il réapparaît la seconde d'après !
Je me suis renseigné un peu sur les forums et je sais que pour supprimer Virtumonde, c'est au cas par cas et pas à pas.... Alors si une âme bienveillante pouvait me guider, voici le rapport Hijackthis qui en ressort :
(NB1 : il se peut qu'il y ait d'autres chevaux de Troie d'ailleurs...)
(NB2 : se travaille sous Windows XP)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:40:40, on 31/05/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrustITM\InoRpc.exe
C:\Program Files\CA\eTrustITM\InoRT.exe
C:\Program Files\CA\eTrustITM\InoTask.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CA\eTrustITM\realmon.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\CATDIO\buamuuz.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\mstsc.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\CATDIO\LOCALS~1\Temp\Wwt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://localhost:5250/spin/ITMClient/ITMClient.csp?product=0&TopLevelTab=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {D37DA2A3-E457-47DA-9B00-320865657F79} - c:\windows\system32\fumtzcf.dll
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrustITM\realmon.exe" -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Iomega ImIconXP] C:\Program Files\Iomega\REV System Software\imiconxp.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [buamuuz] C:\Documents and Settings\CATDIO\buamuuz.exe
O4 - HKCU\..\Run: [M5T8QL3YW3] C:\DOCUME~1\CATDIO\LOCALS~1\Temp\Wwt.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = EEDF.ETS
O17 - HKLM\Software\..\Telephony: DomainName = EEDF.ETS
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = EEDF.ETS
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = EEDF.ETS
O20 - Winlogon Notify: njnptcwa - C:\WINDOWS\SYSTEM32\fumtzcf.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iTechnology iGateway 4.2 (iGateway) - CA, Inc. - C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
O23 - Service: Service RPC eTrust ITM (InoRPC) - CA - C:\Program Files\CA\eTrustITM\InoRpc.exe
O23 - Service: Service en temps réel eTrust ITM (InoRT) - CA - C:\Program Files\CA\eTrustITM\InoRT.exe
O23 - Service: Service des jobs eTrust ITM (InoTask) - CA - C:\Program Files\CA\eTrustITM\InoTask.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: RevUDFService - Iomega Corp - C:\Program Files\Iomega\REV System Software\RevUDF.exe

Tigzy · Answer

Salut

Envoie le rapport Malwarebytes et supprime Spybot

mymycat71 · Answer

Salut et merci de m'apporter tes lumières...
Ci-joint le rapport:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4157

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

31/05/2010 16:49:55
mbam-log-2010-05-31 (16-49-55).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 167115
Temps écoulé: 10 minute(s), 3 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d37da2a3-e457-47da-9b00-320865657f79} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
jnptcwa (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{d37da2a3-e457-47da-9b00-320865657f79} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\WINDOWS\system32\fumtzcf.dll (Trojan.Vundo.H) -> Delete on reboot.


PS: j'ai supprimé spybot

Tigzy · Answer

Au redémarrage, 

Télécharger et enregistrer  sur le bureau 
 Combofix

=Desactiver l'antivirus
=Double-clic sur  Combofix 
= Presser  1 si  demandé
= Attendre la fermeture de l'outil ( 5 -10 mn ou plus si infection importante)
=Copier/coller le rapport dans la réponse
Un rapport dans  C:\Combofix.txt à mettre dans la réponse
Réactiver l'antivirus

mymycat71 · Answer

Bonjour!
Ci-joint le rapport Combofix demandé:
(en 2 posts, parce que sinon ça charge et puis rien...)

ComboFix 10-05-31.02 - CATDIO 01/06/2010   8:12.3.2 - x86
Microsoft Windows XP Professionnel  5.1.2600.3.1252.33.1036.18.1014.620 [GMT 2:00]
Lancé depuis: c:\documents and settings\CATDIO\Bureau\ComboFix.exe
AV: eTrust ITM *On-access scanning disabled* (Updated) {33EA71EA-56CF-40B5-A06B-BD3A27397C44}
 * Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\CATDIO\3.exe
c:\documents and settings\CATDIO\5.exe
c:\documents and settings\CATDIO\Application Data\HDMIDrv.exe
c:\documents and settings\CATDIO\Application Data\Mozilla\Firefox\Profiles\7a8we5q7.default\extensions\{2ee136a5-52e4-42c7-86f9-bae9e3444893}
c:\documents and settings\CATDIO\Application Data\Mozilla\Firefox\Profiles\7a8we5q7.default\extensions\{2ee136a5-52e4-42c7-86f9-bae9e3444893}\chrome.manifest
c:\documents and settings\CATDIO\Application Data\Mozilla\Firefox\Profiles\7a8we5q7.default\extensions\{2ee136a5-52e4-42c7-86f9-bae9e3444893}\chrome\xulcache.jar
c:\documents and settings\CATDIO\Application Data\Mozilla\Firefox\Profiles\7a8we5q7.default\extensions\{2ee136a5-52e4-42c7-86f9-bae9e3444893}\defaults\preferences\xulcache.js
c:\documents and settings\CATDIO\Application Data\Mozilla\Firefox\Profiles\7a8we5q7.default\extensions\{2ee136a5-52e4-42c7-86f9-bae9e3444893}\install.rdf
c:\documents and settings\CATDIO\Application Data\Mozilla\Firefox\Profiles\7a8we5q7.default\extensions\{7a96fc30-03ef-46b3-9549-f407b921917e}
c:\documents and settings\CATDIO\Application Data\Mozilla\Firefox\Profiles\7a8we5q7.default\extensions\{7a96fc30-03ef-46b3-9549-f407b921917e}\chrome.manifest
c:\documents and settings\CATDIO\Application Data\Mozilla\Firefox\Profiles\7a8we5q7.default\extensions\{7a96fc30-03ef-46b3-9549-f407b921917e}\chrome\xulcache.jar
c:\documents and settings\CATDIO\Application Data\Mozilla\Firefox\Profiles\7a8we5q7.default\extensions\{7a96fc30-03ef-46b3-9549-f407b921917e}\defaults\preferences\xulcache.js
c:\documents and settings\CATDIO\Application Data\Mozilla\Firefox\Profiles\7a8we5q7.default\extensions\{7a96fc30-03ef-46b3-9549-f407b921917e}\install.rdf
c:\documents and settings\CATDIO\Application Data\Mozilla\Firefox\Profiles\7a8we5q7.default\extensions\{f2cc41a7-003e-4682-a5f8-05dde97125af}
c:\documents and settings\CATDIO\Application Data\Mozilla\Firefox\Profiles\7a8we5q7.default\extensions\{f2cc41a7-003e-4682-a5f8-05dde97125af}\chrome.manifest
c:\documents and settings\CATDIO\Application Data\Mozilla\Firefox\Profiles\7a8we5q7.default\extensions\{f2cc41a7-003e-4682-a5f8-05dde97125af}\chrome\xulcache.jar
c:\documents and settings\CATDIO\Application Data\Mozilla\Firefox\Profiles\7a8we5q7.default\extensions\{f2cc41a7-003e-4682-a5f8-05dde97125af}\defaults\preferences\xulcache.js
c:\documents and settings\CATDIO\Application Data\Mozilla\Firefox\Profiles\7a8we5q7.default\extensions\{f2cc41a7-003e-4682-a5f8-05dde97125af}\install.rdf
c:\documents and settings\CATDIO\buamuuz.exe
c:\windows\system32\aronpmf.dll
c:\windows\system32\drivers\iagaonef.sys
c:\windows\system32\drivers\xxelqwmg.sys
c:\windows\system32\fumtzcf.dll
c:\windows\system32\hvwxgniq.dll
c:\windows\system32\sshnas21.dll
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\Wpuxua.exe

Une copie infectée de c:\windows\system32\drivers\isapnp.sys a été trouvée et désinfectée 
Copie restaurée à partir de - Kitty had a snack :p 
.
(((((((((((((((((((((((((((((((((((((((   Pilotes/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS
-------\Legacy_XXELQWMG
-------\Service_SSHNAS
-------\Service_xxelqwmg


(((((((((((((((((((((((((((((   Fichiers créés du 2010-05-01 au 2010-06-01  ))))))))))))))))))))))))))))))))))))
.

2010-05-31 14:48 . 2010-05-31 14:48	--------	d-----w-	c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-28 07:14 . 2010-05-28 07:14	--------	d-----w-	c:\program files\Trend Micro
2010-05-26 06:20 . 2010-05-26 06:20	503808	----a-w-	c:\documents and settings\CATDIO\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-615d0c48-n\msvcp71.dll
2010-05-26 06:20 . 2010-05-26 06:20	499712	----a-w-	c:\documents and settings\CATDIO\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-615d0c48-n\jmc.dll
2010-05-26 06:20 . 2010-05-26 06:20	348160	----a-w-	c:\documents and settings\CATDIO\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-615d0c48-n\msvcr71.dll
2010-05-26 06:20 . 2010-05-26 06:20	61440	----a-w-	c:\documents and settings\CATDIO\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1a2f6809-n\decora-sse.dll
2010-05-26 06:20 . 2010-05-26 06:20	12800	----a-w-	c:\documents and settings\CATDIO\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1a2f6809-n\decora-d3d.dll
2010-05-25 08:18 . 2010-06-01 05:51	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2010-05-25 08:18 . 2010-05-31 14:48	--------	d-----w-	c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-20 15:43 . 2010-05-20 15:43	--------	d-----w-	c:\program files\CCleaner
2010-05-20 14:23 . 2008-04-14 12:00	401408	----a-w-	c:\windows\system32\CF5329.exe
2010-05-20 13:23 . 2010-05-20 13:23	--------	d-----w-	c:\documents and settings\Administrateur\Application Data\Malwarebytes
2010-05-20 07:00 . 2010-05-20 07:00	--------	d-----w-	c:\documents and settings\CATDIO\Application Data\Malwarebytes
2010-05-20 06:55 . 2010-04-29 13:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-20 06:55 . 2010-05-20 06:55	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-20 06:55 . 2010-05-20 06:55	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-05-20 06:55 . 2010-04-29 13:39	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-05-19 09:19 . 2010-05-19 09:19	20480	----a-w-	c:\documents and settings\CATDIO\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.194\itstv.exe
2010-05-18 05:59 . 2010-05-18 05:59	20480	----a-w-	c:\documents and settings\CATDIO\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.193\itstv.exe
2010-05-17 13:43 . 2010-05-17 13:43	--------	d-----w-	c:\documents and settings\CATDIO\Application Data\EleFun Games
2010-05-17 13:34 . 2010-05-17 13:34	--------	d-----w-	c:\documents and settings\CATDIO\Application Data\HdO Adventure
2010-05-17 06:29 . 2010-05-17 06:29	20480	----a-w-	c:\documents and settings\CATDIO\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.192\itstv.exe
2010-05-12 06:08 . 2010-05-12 06:08	20480	----a-w-	c:\documents and settings\CATDIO\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.187\itstv.exe
2010-05-11 06:28 . 2010-05-11 06:28	--------	d-----w-	c:\documents and settings\All Users\Application Data\Dell
2010-05-11 05:59 . 2010-05-11 05:59	20480	----a-w-	c:\documents and settings\CATDIO\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.186\itstv.exe
2010-05-10 08:15 . 2010-05-10 08:15	--------	d-----w-	c:\documents and settings\CATDIO\Application Data\Apple Computer
2010-05-07 08:24 . 2010-05-07 08:24	20480	----a-w-	c:\documents and settings\CATDIO\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.182\itstv.exe
2010-05-07 07:01 . 2010-05-07 07:01	--------	d-----w-	c:\documents and settings\CATDIO\Application Data\Flood Light Games
2010-05-07 07:01 . 2010-05-07 07:01	--------	d-----w-	c:\documents and settings\All Users\Application Data\Flood Light Games
2010-05-07 06:27 . 2010-04-12 15:29	411368	----a-w-	c:\windows\system32\deployJava1.dll
2010-05-06 14:11 . 2010-05-06 14:11	--------	d-----w-	c:\documents and settings\All Users\Application Data\Big Fish Games
2010-05-06 13:55 . 2010-05-06 13:55	20480	----a-w-	c:\documents and settings\CATDIO\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.181\itstv.exe
2010-05-06 12:23 . 2010-05-06 12:23	--------	d-----w-	c:\documents and settings\CATDIO\Application Data\Gamenauts
2010-05-05 15:01 . 2010-05-05 15:01	--------	d-----w-	c:\documents and settings\All Users\Application Data\Far Mills
2010-05-05 13:27 . 2010-05-05 13:27	--------	d-----w-	c:\documents and settings\CATDIO\Application Data\GamersDigital
2010-05-05 13:27 . 2010-05-05 13:27	--------	d-----w-	c:\documents and settings\All Users\Application Data\GamersDigital
2010-05-05 11:37 . 2010-05-05 11:37	--------	d-----w-	c:\documents and settings\CATDIO\Application Data\BloodTies
2010-05-05 06:21 . 2010-05-05 06:21	20480	----a-w-	c:\documents and settings\CATDIO\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.180\itstv.exe
2010-05-04 14:57 . 2010-05-04 14:58	--------	d-----w-	c:\program files\QuickTime
2010-05-04 14:57 . 2010-05-04 14:57	--------	d-----w-	c:\documents and settings\All Users\Application Data\Apple Computer
2010-05-04 14:57 . 2010-05-04 14:57	--------	d-----w-	c:\program files\Fichiers communs\Apple
2010-05-04 14:57 . 2010-05-04 14:57	--------	d-----w-	c:\documents and settings\CATDIO\Local Settings\Application Data\Apple
2010-05-04 14:57 . 2010-05-04 14:57	--------	d-----w-	c:\program files\Apple Software Update
2010-05-04 14:57 . 2010-05-04 14:57	--------	d-----w-	c:\documents and settings\All Users\Application Data\Apple
2010-05-04 14:57 . 2010-05-04 14:57	--------	d-----w-	c:\documents and settings\CATDIO\Local Settings\Application Data\Apple Computer
2010-05-04 11:30 . 2010-05-04 11:30	--------	d-----w-	c:\documents and settings\All Users\Application Data\AdventureChronicles1
2010-05-04 09:55 . 2010-05-04 09:55	20480	----a-w-	c:\documents and settings\CATDIO\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.179\itstv.exe
2010-05-04 08:41 . 2010-05-04 08:41	--------	d-----w-	c:\documents and settings\CATDIO\Application Data\QB9

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-27 09:40 . 2010-04-29 06:47	--------	d-----w-	c:\documents and settings\CATDIO\Application Data\vlc
2010-05-19 06:58 . 2008-10-07 14:32	--------	d-----w-	c:\program files\Iomega
2010-05-18 11:35 . 2010-03-14 17:16	--------	d-----w-	c:\program files\SpiderMessenger
2010-05-17 06:33 . 2010-04-21 13:40	--------	d-----w-	c:\documents and settings\CATDIO\Application Data\Merscom
2010-05-17 06:33 . 2010-04-21 13:40	--------	d-----w-	c:\documents and settings\All Users\Application Data\Merscom
2010-05-07 07:47 . 2009-12-30 08:58	--------	d---a-w-	c:\documents and settings\All Users\Application Data\TEMP
2010-05-07 06:27 . 2008-10-07 14:08	--------	d-----w-	c:\program files\Java
2010-05-06 14:11 . 2010-04-20 15:35	--------	d-----w-	c:\documents and settings\CATDIO\Application Data\Big Fish Games
2010-05-06 11:50 . 2010-03-12 07:15	--------	d-----w-	c:\documents and settings\CATDIO\Application Data\PlayFirst
2010-05-06 11:50 . 2010-03-12 07:15	--------	d-----w-	c:\documents and settings\All Users\Application Data\PlayFirst
2010-05-06 08:00 . 2009-12-30 08:58	--------	d-----w-	c:\documents and settings\All Users\Application Data\Alawar Stargaze
2010-04-30 06:16 . 2010-04-30 06:16	20480	----a-w-	c:\documents and settings\CATDIO\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.175\itstv.exe
2010-04-29 15:36 . 2010-04-29 15:36	--------	d-----w-	c:\documents and settings\CATDIO\Application Data\Awem
2010-04-29 09:59 . 2010-04-29 09:59	20480	----a-w-	c:\documents and settings\CATDIO\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.174\itstv.exe
2010-04-29 06:41 . 2010-04-29 06:41	--------	d-----w-	c:\program files\VideoLAN
2010-04-28 15:03 . 2010-04-28 15:03	--------	d-----w-	c:\documents and settings\CATDIO\Application Data\Bigfish 3 Days Zoo Mystery
2010-04-28 13:39 . 2010-04-23 13:53	--------	d-----w-	c:\documents and settings\CATDIO\Application Data\LegacyInteractive
2010-04-28 06:04 . 2010-04-28 06:04	20480	----a-w-	c:\documents and settings\CATDIO\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.173\itstv.exe
2010-04-27 10:02 . 2010-04-27 10:02	20480	----a-w-	c:\documents and settings\CATDIO\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.172\itstv.exe
2010-04-26 08:05 . 2010-04-26 08:05	20480	----a-w-	c:\documents and settings\CATDIO\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.171\itstv.exe
2010-04-23 11:58 . 2010-04-23 11:58	--------	d-----w-	c:\documents and settings\CATDIO\Application Data\TheFixerUpper
2010-04-23 08:05 . 2010-04-19 15:14	--------	d-----w-	c:\documents and settings\CATDIO\Application Data\ERS G-Studio
2010-04-23 06:07 . 2010-04-23 06:07	20480	----a-w-	c:\documents and settings\CATDIO\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.168\itstv.exe
2010-04-22 15:08 . 2010-04-13 08:26	--------	d-----w-	c:\documents and settings\CATDIO\Application Data\Artogon
2010-04-22 06:25 . 2010-04-22 06:25	--------	d-----w-	c:\documents and settings\CATDIO\Application Data\iMaxGen
2010-04-22 06:08 . 2010-04-22 06:08	20480	----a-w-	c:\documents and settings\CATDIO\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.167\itstv.exe
2010-04-21 11:56 . 2010-04-21 11:56	--------	d-----w-	c:\documents and settings\All Users\Application Data\Princess Isabella
2010-04-20 14:02 . 2010-04-20 14:02	--------	d-----w-	c:\documents and settings\All Users\Application Data\JollyBear
2010-04-20 12:36 . 2010-04-20 12:36	--------	d-----w-	c:\documents and settings\CATDIO\Application Data\Gestalt Games
2010-04-20 08:33 . 2010-04-20 08:33	--------	d-----w-	c:\documents and settings\CATDIO\Application Data\LaJangada
2010-04-20 06:08 . 2010-04-20 06:08	20480	----a-w-	c:\documents and settings\CATDIO\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.165\itstv.exe
2010-04-19 10:43 . 2010-04-19 10:43	20480	----a-w-	c:\documents and settings\CATDIO\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.164\itstv.exe
2010-04-16 09:46 . 2010-04-16 09:46	20480	----a-w-	c:\documents and settings\CATDIO\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.161\itstv.exe
2010-04-15 06:07 . 2010-04-15 06:07	20480	----a-w-	c:\documents and settings\CATDIO\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.160\itstv.exe
2010-04-14 08:04 . 2010-04-14 08:04	20480	----a-w-	c:\documents and settings\CATDIO\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.159\itstv.exe
2010-04-13 15:03 . 2010-04-13 15:03	--------	d-----w-	c:\documents and settings\CATDIO\Application Data\JoyBits
2010-04-13 13:31 . 2010-04-13 13:31	--------	d-----w-	c:\documents and settings\CATDIO\Application Data\Frogwares
2010-04-13 12:17 . 2010-04-13 12:17	--------	d-----w-	c:\documents and settings\CATDIO\Application Data\Green Clover Games
2010-04-13 12:17 . 2010-04-13 12:17	--------	d-----w-	c:\documents and settings\All Users\Application Data\Green Clover Games
2010-04-13 10:01 . 2010-04-13 10:01	20480	----a-w-	c:\documents and settings\CATDIO\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.158\itstv.exe
2010-04-13 06:54 . 2010-04-13 06:54	--------	d-----w-	c:\documents and settings\CATDIO\Application Data\Silverback Productions
2010-04-13 06:54 . 2010-04-13 06:54	4096	----a-w-	c:\windows\d3dx.dat
2010-04-12 08:26 . 2010-04-12 08:26	20480	----a-w-	c:\documents and settings\CATDIO\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.157\itstv.exe
2010-04-09 06:04 . 2010-04-09 06:04	20480	----a-w-	c:\documents and settings\CATDIO\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.154\itstv.exe
2010-04-08 06:01 . 2010-04-08 06:01	20480	----a-w-	c:\documents and settings\CATDIO\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.153\itstv.exe
2010-04-07 06:12 . 2010-04-07 06:12	20480	----a-w-	c:\documents and settings\CATDIO\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.152\itstv.exe

Tigzy · Answer

Jamais vu un Pc aussi pourri XD

Télécharger sur le bureau 
AD-Remover
= Double-Clic AD-R pour l'installer
= Double-Clic AD-Remover, raccourci qui vient de se créer sur le bureau
= Faire Nettoyer
= En fin de scan donner le rapport

mymycat71 · Answer

Malheureusement je ne l'ai pas choisi ce pc... :-(
Ok, je fais ce que tu me dis et je t'envoi le rapport, merci

mymycat71 · Answer

Mais avant, voici la fin de rapport ComboFix:


Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.152\itstv.exe
2010-04-06 08:03 . 2010-04-06 08:03	20480	----a-w-	c:\documents and settings\CATDIO\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.151\itstv.exe
2010-04-01 08:06 . 2010-04-01 08:06	20480	----a-w-	c:\documents and settings\CATDIO\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.146\itstv.exe
2010-04-01 06:12 . 2010-04-01 06:12	503808	----a-w-	c:\documents and settings\CATDIO\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-559edb9c-n\msvcp71.dll
2010-04-01 06:12 . 2010-04-01 06:12	499712	----a-w-	c:\documents and settings\CATDIO\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-559edb9c-n\jmc.dll
2010-04-01 06:12 . 2010-04-01 06:12	348160	----a-w-	c:\documents and settings\CATDIO\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-559edb9c-n\msvcr71.dll
2010-04-01 06:12 . 2010-04-01 06:12	61440	----a-w-	c:\documents and settings\CATDIO\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3fda6929-n\decora-sse.dll
2010-04-01 06:12 . 2010-04-01 06:12	12800	----a-w-	c:\documents and settings\CATDIO\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3fda6929-n\decora-d3d.dll
2010-03-31 06:33 . 2010-03-31 06:33	20480	----a-w-	c:\documents and settings\CATDIO\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.145\itstv.exe
2010-03-30 06:02 . 2010-03-30 06:02	20480	----a-w-	c:\documents and settings\CATDIO\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.144\itstv.exe
2010-03-29 06:32 . 2010-03-29 06:32	20480	----a-w-	c:\documents and settings\CATDIO\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.143\itstv.exe
2010-03-29 06:31 . 2008-04-14 12:00	78776	----a-w-	c:\windows\system32\perfc00C.dat
2010-03-29 06:31 . 2008-04-14 12:00	478110	----a-w-	c:\windows\system32\perfh00C.dat
2010-03-26 09:14 . 2010-03-26 09:14	20480	----a-w-	c:\documents and settings\CATDIO\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.140\itstv.exe
2010-03-25 07:06 . 2010-03-25 07:06	20480	----a-w-	c:\documents and settings\CATDIO\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.139\itstv.exe
2010-03-24 15:14 . 2010-03-24 15:14	20480	----a-w-	c:\documents and settings\CATDIO\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.138\itstv.exe
2010-03-17 11:10 . 2010-03-17 11:10	20480	----a-w-	c:\documents and settings\CATDIO\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.131\itstv.exe
2010-03-16 06:59 . 2010-03-16 06:59	20480	----a-w-	c:\documents and settings\CATDIO\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.130\itstv.exe
2010-03-15 01:16 . 2010-03-15 01:16	20480	----a-w-	c:\documents and settings\CATDIO\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.129\itstv.exe
2010-03-13 23:15 . 2010-03-13 23:15	20480	----a-w-	c:\documents and settings\CATDIO\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.128\itstv.exe
2010-03-12 23:15 . 2010-03-12 23:15	20480	----a-w-	c:\documents and settings\CATDIO\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.127\itstv.exe
2010-03-12 07:15 . 2010-03-12 07:15	20480	----a-w-	c:\documents and settings\CATDIO\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.126\itstv.exe
2010-03-11 07:06 . 2010-03-11 07:06	20480	----a-w-	c:\documents and settings\CATDIO\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.125\itstv.exe
2010-03-10 06:58 . 2010-03-10 06:58	20480	----a-w-	c:\documents and settings\CATDIO\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.124\itstv.exe
2010-03-08 07:37 . 2010-03-08 07:37	20480	----a-w-	c:\documents and settings\CATDIO\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.122\itstv.exe
2010-03-04 06:59 . 2010-03-04 06:59	20480	----a-w-	c:\documents and settings\CATDIO\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.120\itstv.exe
.

(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Realtime Monitor"="c:\program files\CA\eTrustITMealmon.exe" [2008-02-08 407368]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-11 143360]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-11 143360]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-11 172032]
"Iomega ImIconXP"="c:\program files\Iomega\REV System Software\imiconxp.exe" [2008-01-17 249856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17	952768	----a-w-	c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42	36272	----a-w-	c:\program files\Adobe\Reader 9.0\Readereader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eCopy Scan Inbox Monitor]
2008-01-29 17:01	79112	----a-w-	c:\program files\eCopy\Desktop 9.2\Bin\InboxMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDP2eD]
2008-01-29 16:28	144648	----a-w-	c:\program files\eCopy\Desktop 9.2\Bin\eDP2eD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
2008-08-15 09:13	30003200	----a-r-	c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-05-28 06:27	570664	----a-w-	c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53	421888	----a-w-	c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"%windir%\system32\sessmgr.exe"=
"c:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe"=
"c:\Program Files\CA\eTrustITM\InoRpc.exe"=
"c:\Program Files\CA\eTrustITM\Realmon.exe"=
"c:\Program Files\CA\eTrustITM\Shellscn.exe"=
"c:\Program Files\eCopy\Desktop 9.2\Bin\eCopyDesktop.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 imdrvfsf;Iomega File System Filter Driver;c:\windows\system32\drivers\imdrvfsf.sys [05/01/2007 13:39 30968]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [07/10/2008 15:18 845184]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - XXELQWMG
*Deregistered* - revfs
*Deregistered* - xxelqwmg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
prpuaarl
.
Contenu du dossier 'Tâches planifiées'

2010-05-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Connection Wizard,ShellNext = hxxp://localhost:5250/spin/ITMClient/ITMClient.csp?product=0&TopLevelTab=0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\CATDIO\Application Data\Mozilla\Firefox\Profiles\7a8we5q7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer
pzylomgamesplayer.dll
FF - plugin: c:\program files\Google\Picasa3
pPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins
pdeployJava1.dll

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHELINS SUPPRIMES - - - -

ShellIconOverlayIdentifiers-{D37DA2A3-E457-47DA-9B00-320865657F79} - (no file)
HKCU-Run-buamuuz - c:\documents and settings\CATDIO\buamuuz.exe
SafeBoot-bvupgdnd.sys
SafeBoot-slpweqzz.sys
MSConfigStartUp-buamuuz - c:\documents and settings\CATDIO\buamuuz.exe
MSConfigStartUp-M5T8QL3YW3 - c:\docume~1\CATDIO\LOCALS~1\Temp\Wwt.exe
MSConfigStartUp-Ndupubemo - c:\windows\mfetoui.dll
MSConfigStartUp-Windows HDMI Driver - c:\documents and settings\CATDIO\Application Data\HDMIDrv.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-01 08:23
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ... 

Recherche d'éléments en démarrage automatique cachés ... 

Recherche de fichiers cachés ... 

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(1220)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\eappprxy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\CA\SharedComponents\iTechnology\igateway.exe
c:\program files\CA\eTrustITM\InoRpc.exe
c:\program files\CA\eTrustITM\InoRT.exe
c:\program files\CA\eTrustITM\InoTask.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\IoctlSvc.exe
c:\program files\Iomega\REV System Software\RevUDF.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Heure de fin: 2010-06-01  08:28:36 - La machine a redémarré
ComboFix-quarantined-files.txt  2010-06-01 06:28
ComboFix2.txt  2010-01-27 09:59

Avant-CF: 147 674 255 360 octets libres
Après-CF: 147 562 221 568 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

- - End Of File - - 215F5F041A001D65DBC1D058FEA9746B

mymycat71 · Answer

Bonjour
Non je n'ai pas essayé...
Dois-je tenter un autre antivirus que celui fourni par l'entreprise???