jude18

Oui ce que j'avais fait et après j'avais enlevé Chrome quand vous me l'avez demandé . Ayant remis chrome le pc recommençait à bugger , alors jai installé Mozilla

Oui c'était Chrome et Avira . J'ai re désinstallé Chrome mais le démarrage reste sur 10 minutes alors qu'avant de remettre il était revenu à 50 secondes environ .

Bonjour , Avant de faire tout ce que vous m'avez dit dernièrement le pc mettait 50 secondes environ avant de démarrer , j'étais super content de retrouver un démarrage normal . J'ai réinstallé Chrome et effectué les manip et il remet 10 minutes à démarrer . Là je sais plus trop quoi faire

Bonjour Voilà j'ai tout effectué : rapport ZHPFIX : http://www.cjoint.com/15ma/ECwxmvifrJf.htm et ZHPCLEANER : http://www.cjoint.com/15ma/ECwxlJR1K8D.htm

Merci Pear je ferais ça demain . Bonne journée

Merci , J'ai supprimé Chrome et me suis rendu compte que ma liste de désinstallation via Ccleaner j'ai deux programmes que je peux pas enlever : Le premier s'appelle LPT System Updater et le deuxième est Yahoo Community Smartbar , tout deux me disent que l'installer MSI est absent . Voici le rapport ZHPDiag : http://www.cjoint.com/15ma/ECvpWewfpIA.htm

J'ai rebooter mon ordinateur et après ouverture de session il s'est figé et ça fait 15 mins quil réagit pas ...

Merci Chrome a bugger 45 minutes avec écran noir Voici les rapport zhpfix : http://www.cjoint.com/15ma/ECvowQfwJCo.htm et zhpcleaner : http://www.cjoint.com/15ma/ECvoxvuvPjG.htm

Bonjour , Hier j'ai réinstallé antivir et pas de changement . Ce matin j'ai réinstallé Chrome et là dès que je tente d'ouvrir l'application l'ordinateur se fige et je peux plus rien faire . Ça ne se produit pas avec IE. J'ai fait un scan ZHPDiag et surprise je suis encore infecté ! : http://www.cjoint.com/?ECvksy0uMAl

Et comment en utilisant f9 pour réinstaller il me dit accès au disque bloqué .

Ça n'a rien changé , et je me suis dit que j'allais actualiser le pc et sauvegarder et impossible ; erreur d'écriture e/s pour la sauvegarde et disque verrouillé pour l'actualisation...

Merci de votre réponse . J'ai fait tout ça et là c'est pire . chrome se bloque et internet explorer aussi .

Bonjour , Mon pc rame depuis 1 semaine et met 10 minutes a démarrer après le logo asus et avant l'ouverture de session , il avait été infecté alors j'ai utilisé malwarebytes et zhpcleaner mais il rame toujours et se fige . Voici un rapport ZHPDiag : http://cjoint.com/?ECtmcu8Rs4Z Merci de votre aide

Bonjour Pear , merci pour votre réponse . J'ai fait le scan et voici le Log : ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=13fd6cb22855854294a6d40245ad57f6 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-07-21 05:50:05 # local_time=2011-07-21 07:50:05 (+0100, Paris, Madrid (heure d'été)) # country="France" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=1792 16777175 100 0 28644384 28644384 0 0 # compatibility_mode=8192 67108863 100 0 338 338 0 0 # scanned=175360 # found=8 # cleaned=0 # scan_time=34059 C:\Documents and Settings\Julien\Mes documents\CyberLink.PowerCinema.v6.0.2221.Multilingual.Incl.Keymaker-CORE.7z probably a variant of Win32/Agent.EYYMVHV trojan (unable to clean) 00000000000000000000000000000000 I C:\Documents and Settings\Julien\Mes documents\Vuze Downloads\Nero Ultra Edition v9.4.13.2d fr\Nero-9.4.13.2d_trial.exe Win32/Toolbar.AskSBar application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\ZHPFix\Quarantine\OpenCandy.DIR\OpenCandy_3D16ED7B533F4010BFD693C91B172732\registrybooster(.exe a variant of Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I E:\RECUP\Dossier inconnu\[006841].zip probably a variant of Win32/TrojanDownloader.Zlob.JPQNREP trojan (unable to clean) 00000000000000000000000000000000 I J:\steph\nero\Nero.7.Premium.v7.10.1.0.FR.Incl-Keygen.rar multiple threats (unable to clean) 00000000000000000000000000000000 I J:\steph\nero\Nero.7.Premium.v7.10.1.0.FR.Incl-Keygen\nero_nero_7.10.1.0_francais_10297.7z Win32/Toolbar.AskSBar application (unable to clean) 00000000000000000000000000000000 I J:\steph\nero\Nero.7.Premium.v7.10.1.0.FR.Incl-Keygen\nero_nero_7.10.1.0_francais_10297.exe Win32/Toolbar.AskSBar application (unable to clean) 00000000000000000000000000000000 I J:\steph\nero\Nero.7.Premium.v7.10.1.0.FR.Incl-Keygen\nero_nero_7.10.1.0_francais_10297\Toolbar.exe Win32/Toolbar.AskSBar application (unable to clean) 00000000000000000000000000000000 I

Bonjour et merci de prendre du temps pour moi , voici le rapport : ComboFix 11-07-20.02 - Julien 20/07/2011 11:30:04.1.2 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2046.1077 [GMT 2:00] Lancé depuis: c:\documents and settings\Julien\Bureau\ComboFix.exe AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Administrateur\Application Data\Microsoft\Internet Explorer\Desktop.htt c:\documents and settings\JUJU\Application Data\Microsoft\Internet Explorer\Desktop.htt c:\documents and settings\Julien\Application Data\Adobe\plugs c:\documents and settings\Julien\Application Data\Adobe\shed c:\documents and settings\Julien\Application Data\Microsoft\Internet Explorer\Desktop.htt c:\documents and settings\Julien\iThmbConv.exe c:\documents and settings\LogMeInRemoteUser\Application Data\Microsoft\Internet Explorer\Desktop.htt c:\windows\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Desktop.htt . . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_SSHNAS . . ((((((((((((((((((((((((((((( Fichiers créés du 2011-06-20 au 2011-07-20 )))))))))))))))))))))))))))))))))))) . . 2011-07-20 07:42 . 2011-07-20 07:42 -------- d-----w- c:\documents and settings\JUJU\Local Settings\Application Data\Mozilla 2011-07-20 07:41 . 2011-07-20 07:41 -------- d-----w- c:\documents and settings\JUJU\Local Settings\Application Data\LogMeIn 2011-07-19 19:49 . 2011-07-19 19:49 -------- d-sh--w- c:\documents and settings\NetworkService\IECompatCache 2011-07-19 19:45 . 2011-07-19 19:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp 2011-07-19 19:45 . 2011-07-19 19:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2011-07-19 13:41 . 2011-07-19 13:41 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE 2011-07-19 13:41 . 2011-07-19 13:41 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Minibar 2011-07-19 10:59 . 2011-07-19 13:40 -------- d-----r- c:\documents and settings\NetworkService\Favoris 2011-07-19 09:32 . 2011-07-19 09:32 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Powercinema 2011-07-19 09:32 . 2011-07-19 09:46 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\TVEnhance 2011-07-19 09:32 . 2011-07-19 09:32 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\PlayMovie 2011-07-19 09:31 . 2011-07-19 09:32 -------- d-----w- c:\documents and settings\Administrateur\Application Data\CyberLink 2011-07-19 09:31 . 2011-07-19 09:32 -------- d-----w- c:\documents and settings\Administrateur\Application Data\PowerCinema 2011-07-19 09:24 . 2011-07-19 09:24 -------- d-sh--w- c:\documents and settings\Administrateur\IETldCache 2011-06-29 23:47 . 2011-06-16 04:38 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll 2011-06-29 23:47 . 2011-06-16 04:38 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll 2011-06-29 23:47 . 2011-06-16 04:38 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll 2011-06-29 23:47 . 2011-06-16 04:38 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll 2011-06-29 23:47 . 2011-06-16 04:38 1850328 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll 2011-06-29 23:47 . 2011-06-16 04:38 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll 2011-06-29 23:47 . 2010-01-01 08:00 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll 2011-06-29 23:47 . 2010-01-01 08:00 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll 2011-06-29 21:59 . 2011-06-29 21:59 -------- d-----w- c:\program files\Surf Canyon 2011-06-29 21:44 . 2011-06-29 21:44 -------- d-----w- c:\documents and settings\Julien\Application Data\KC Softwares 2011-06-29 21:42 . 2011-06-29 21:42 -------- d-----w- c:\program files\KC Softwares 2011-06-29 08:44 . 2011-06-29 08:44 -------- d-----w- c:\documents and settings\Julien\Application Data\GlarySoft 2011-06-29 08:34 . 2011-06-29 08:36 -------- d-----w- c:\program files\Glary Utilities 2011-06-25 09:36 . 2011-07-20 07:05 -------- d-----w- c:\program files\ZHPDiag 2011-06-22 11:28 . 2011-06-22 11:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus! 2011-06-22 08:35 . 2011-06-22 08:35 -------- d-----w- c:\program files\CONEXANT 2011-06-21 11:48 . 2011-06-21 11:48 -------- d-----w- c:\program files\Speccy 2011-06-20 17:58 . 2011-06-20 17:58 -------- d-----w- c:\program files\iPod . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-18 18:26 . 2010-08-26 10:42 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2011-07-18 18:26 . 2010-08-26 10:42 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll 2011-07-18 18:26 . 2010-08-26 10:42 29568 ----a-w- c:\windows\system32\LMIport.dll 2011-07-18 18:26 . 2010-08-26 10:42 87424 ----a-w- c:\windows\system32\LMIinit.dll 2011-07-06 17:52 . 2010-08-23 08:36 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-06 17:52 . 2010-08-23 08:36 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-18 09:33 . 2010-08-26 10:42 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak 2011-06-18 09:33 . 2010-08-26 10:42 87424 ----a-w- c:\windows\system32\LMIinit.dll.000.bak 2011-06-06 11:35 . 2006-07-27 01:46 1859072 ----a-w- c:\windows\system32\win32k.sys 2011-05-19 13:00 . 2011-05-19 13:00 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-10 06:06 . 2010-08-22 14:22 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll 2011-05-10 06:06 . 2010-08-22 14:22 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2011-05-04 15:10 . 2011-05-04 15:10 82432 ----a-w- c:\documents and settings\Julien\Application Data\Microsoft\MSXML2\msxml4r.dll 2011-05-04 15:10 . 2011-05-04 15:10 44544 ----a-w- c:\documents and settings\Julien\Application Data\Microsoft\MSXML2\msxml4a.dll 2011-05-04 15:10 . 2011-05-04 15:10 1275392 ----a-w- c:\documents and settings\Julien\Application Data\Microsoft\MSXML2\msxml4.dll 2011-05-02 15:31 . 2006-07-27 09:02 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 17:25 . 2006-07-27 01:46 151552 ----a-w- c:\windows\system32\schannel.dll 2011-04-29 16:19 . 2006-07-27 01:46 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-26 11:07 . 2006-07-27 01:47 293888 ----a-w- c:\windows\system32\winsrv.dll 2011-04-26 11:07 . 2006-07-27 01:46 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-04-25 16:06 . 2006-07-27 01:46 916480 ----a-w- c:\windows\system32\wininet.dll 2011-04-25 16:06 . 2006-07-27 01:46 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-04-25 16:06 . 2006-07-27 01:46 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-04-25 12:01 . 2006-07-27 01:46 385024 ----a-w- c:\windows\system32\html.iec 2011-04-21 13:37 . 2006-07-27 01:46 105472 ----a-w- c:\windows\system32\drivers\mup.sys 2011-06-16 04:38 . 2011-06-29 23:47 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-12-07 3872080] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-17 118784] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 45056] "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768] "Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-01 13901824] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-10-01 86016] "SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-06-27 217088] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160] "PlusService"="c:\program files\Yuna Software\Messenger Plus!\PlusService.exe" [2011-05-26 800768] "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-01-27 63048] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2011-07-18 18:26 87424 ----a-w- c:\windows\system32\LMIinit.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2006-03-09 12:51 73728 ----a-w- c:\windows\system32\VESWinlogon.dll . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AutoStart IR.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\AutoStart IR.lnk backup=c:\windows\pss\AutoStart IR.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinTV Recording Status..lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\WinTV Recording Status..lnk backup=c:\windows\pss\WinTV Recording Status..lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^Julien^Menu Démarrer^Programmes^Démarrage^Vuze.lnk] path=c:\documents and settings\Julien\Menu Démarrer\Programmes\Démarrage\Vuze.lnk backup=c:\windows\pss\Vuze.lnkStartup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Phone Disk HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Raptr . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-06-06 10:55 937920 ----a-w- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-06-06 10:55 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2011-04-20 10:48 58656 ----a-w- c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] 2010-08-17 12:38 281768 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Badoo Desktop] 2011-06-07 16:55 1017344 ----a-w- c:\documents and settings\All Users\Application Data\Badoo\Badoo Desktop\1.5.3.949\Badoo.Desktop.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2007-06-27 17:03 152872 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer] 2008-10-21 13:02 196608 ------w- c:\program files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate] 2011-05-19 13:00 240288 ----a-w- c:\windows\system32\Macromed\Flash\FlashUtil10q_ActiveX.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2010-08-22 11:15 136176 ----atw- c:\documents and settings\Julien\Local Settings\Application Data\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-06-07 15:51 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMAgent] 2008-10-21 13:02 143360 ------w- c:\program files\CyberLink\PowerCinema\PCMAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie] 2008-09-24 09:34 172032 ------w- c:\program files\CyberLink\PlayMovie\PMVService.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-29 15:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RECOVMSG] 2005-09-15 10:49 61440 ----a-w- c:\program files\Sony\VAIO Recovery Utility\VARU.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-05-14 09:44 248552 ----a-w- c:\program files\Fichiers communs\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVEService] 2008-11-28 00:05 180224 ------w- c:\program files\CyberLink\TV Enhance\TVEService.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOCameraUtility] 2005-12-27 11:58 69632 ----a-w- c:\program files\Sony\VAIO Camera Utility\VCUServe.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\WinTV\\WinTV7\\WinTV7.exe"= "c:\\Program Files\\CyberLink\\TV Enhance\\TVEnhance.exe"= "c:\\Program Files\\CyberLink\\TV Enhance\\TVEService.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaws.exe"= "c:\\Program Files\\Java\\jre6\\launch4j-tmp\\crazyloader.exe"= "c:\\Program Files\\Vuze\\Azureus.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Gestion à distance de Windows . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [02/09/2010 11:06 691696] R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\CyberLink\PlayMovie\000.fcl [22/08/2010 16:50 61424] R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [23/08/2010 09:36 136360] R2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [05/07/2010 14:39 84608] R2 DokanMounter;DokanMounter;c:\program files\Dokan\DokanLibrary\mounter.exe [05/07/2010 14:39 22016] R2 HauppaugeTVServer;HauppaugeTVServer;c:\progra~1\WinTV\TVServer\HAUPPA~1.EXE [22/08/2010 16:27 602624] R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [15/07/2011 15:17 374152] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [27/01/2010 12:22 12856] R2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe [22/08/2010 16:51 372831] R2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe [22/08/2010 16:51 184413] R3 hcw66xxx;WinTV HVR-900H;c:\windows\system32\drivers\hcw66xxx.sys [22/08/2010 15:59 673664] R3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [18/05/2010 16:54 13408] R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [27/07/2006 03:47 30080] R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [27/07/2006 03:47 226304] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384] S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 10:58 11336] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [12/09/2010 15:30 251248] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [23/08/2010 10:36 41272] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [27/07/2006 03:46 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WINRM REG_MULTI_SZ WINRM . Contenu du dossier 'Tâches planifiées' . 2011-07-18 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50] . 2011-07-20 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2011-06-29 06:25] . 2011-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1002157844-932473975-2733897562-1006Core.job - c:\documents and settings\Julien\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-22 11:15] . 2011-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1002157844-932473975-2733897562-1006UA.job - c:\documents and settings\Julien\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-22 11:15] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.club-vaio.com/fr/ uInternet Settings,ProxyOverride = *.local IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 IE: Free YouTube to MP3 Converter - c:\documents and settings\Julien\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\documents and settings\Julien\Application Data\Mozilla\Firefox\Profiles\6j42v6nf.default\ FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p= . - - - - ORPHELINS SUPPRIMES - - - - . MSConfigStartUp-VAIO Update 2 - c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-07-20 11:49 Windows 5.1.2600 Service Pack 3 NTFS . Recherche de processus cachés ... . Recherche d'éléments en démarrage automatique cachés ... . Recherche de fichiers cachés ... . Scan terminé avec succès Fichiers cachés: 0 . ************************************************************************** . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover Windows 5.1.2600 Disk: FUJITSU_MHV2160BT rev.00000014 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e . device: opened successfully user: MBR read successfully error: Read Un périphérique attaché au système ne fonctionne pas correctement. kernel: MBR read successfully detected disk devices: detected hooks: \Driver\atapi DriverStartIo -> 0x89D4F31B user & kernel MBR OK . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}] "ImagePath"="\??\c:\program files\CyberLink\PlayMovie\000.fcl" . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,65,ad,95,00,2d,b1,f3,48,87,ea,03,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,65,ad,95,00,2d,b1,f3,48,87,ea,03,\ . [HKEY_LOCAL_MACHINE\software\Classes\.*I61*GIF*FTICO*I61*GIJFF*ICO*I6JP2*JFF*ICJPC*JP2*JFJPG*JPC*JPJPS*JPG*JPMAT*JPS*JPMIF*MAT*JPMNG*MIF*MAMTV*MNG*MIMVG*MTV*MNP7] @Class="REG_SZ" . [HKEY_LOCAL_MACHINE\software\Classes\.*P7] @Class="REG_SZ" . [HKEY_LOCAL_MACHINE\software\Classes\.*FAX*EXF*EMFPX*FAX*EXFTS*FPX*FAGIF*FTS*FPI61*GIF*FTICO*I61*GIJFF*ICO*I6JP2*JFF*ICJPC*JP2*JFJPG*JPC*JPJPS*JPG*JPMAT*JPS*JPMIF*MAT*JPMNG*MIF*MAMTV*MNG*MIMVG*MTV*MNP7] @Class="REG_SZ" . [HKEY_LOCAL_MACHINE\software\Classes\.*MAT*JPS*JPMIF*MAT*JPMNG*MIF*MAMTV*MNG*MIMVG*MTV*MNP7] @Class="REG_SZ" . [HKEY_LOCAL_MACHINE\software\Classes\.*RAD*PWP*PSRAS*RAD*PWRGB*RAS*RASCT*RGB*RASFW*SCT*RGSGI*SFW*SCSUN*SGI*SFTGA*SUN*SGTIF*TGA*SUTIM*TIF*TGVDA*TIM*TIVID*VDA*TIVIF*VID*VDWBMP] @Class="REG_SZ" . [HKEY_LOCAL_MACHINE\software\Classes\.*RAS*RAD*PWRGB*RAS*RASCT*RGB*RASFW*SCT*RGSGI*SFW*SCSUN*SGI*SFTGA*SUN*SGTIF*TGA*SUTIM*TIF*TGVDA*TIM*TIVID*VDA*TIVIF*VID*VDWBMP] @Class="REG_SZ" . [HKEY_LOCAL_MACHINE\software\Classes\.*PBM*P7] @Class="REG_SZ" . [HKEY_LOCAL_MACHINE\software\Classes\.*WBMP] @Class="REG_SZ" . [HKEY_LOCAL_MACHINE\software\Classes\.*XBM*WPG*WMXCF*XBM*WPXPM*XCF*XBXWD*XPM*XCYUV*XWD*XP] @Class="REG_SZ" . [HKEY_LOCAL_MACHINE\software\Classes\.*DCM*CUT*CUDCX*DCM*CUDIB*DCX*DCEMF*DIB*DCEXF*EMF*DIFAX*EXF*EMFPX*FAX*EXFTS*FPX*FAGIF*FTS*FPI61*GIF*FTICO*I61*GIJFF*ICO*I6JP2*JFF*ICJPC*JP2*JFJPG*JPC*JPJPS*JPG*JPMAT*JPS*JPMIF*MAT*JPMNG*MIF*MAMTV*MNG*MIMVG*MTV*MNP7] @Class="REG_SZ" . [HKEY_LOCAL_MACHINE\software\Classes\.*DCX*DCM*CUDIB*DCX*DCEMF*DIB*DCEXF*EMF*DIFAX*EXF*EMFPX*FAX*EXFTS*FPX*FAGIF*FTS*FPI61*GIF*FTICO*I61*GIJFF*ICO*I6JP2*JFF*ICJPC*JP2*JFJPG*JPC*JPJPS*JPG*JPMAT*JPS*JPMIF*MAT*JPMNG*MIF*MAMTV*MNG*MIMVG*MTV*MNP7] @Class="REG_SZ" . [HKEY_LOCAL_MACHINE\software\Classes\.*ICO*I61*GIJFF*ICO*I6JP2*JFF*ICJPC*JP2*JFJPG*JPC*JPJPS*JPG*JPMAT*JPS*JPMIF*MAT*JPMNG*MIF*MAMTV*MNG*MIMVG*MTV*MNP7] @Class="REG_SZ" . [HKEY_LOCAL_MACHINE\software\Classes\.*PCD*PBM*P7PCT*PCD*PBPCX*PCT*PCPDB*PCX*PCPDD*PDB*PCPGM*PDD*PDPIX*PGM*PDPM] @Class="REG_SZ" . [HKEY_LOCAL_MACHINE\software\Classes\.*PCT*PCD*PBPCX*PCT*PCPDB*PCX*PCPDD*PDB*PCPGM*PDD*PDPIX*PGM*PDPM] @Class="REG_SZ" . [HKEY_LOCAL_MACHINE\software\Classes\.*PCX*PCT*PCPDB*PCX*PCPDD*PDB*PCPGM*PDD*PDPIX*PGM*PDPM] @Class="REG_SZ" . [HKEY_LOCAL_MACHINE\software\Classes\.*SCT*RGB*RASFW*SCT*RGSGI*SFW*SCSUN*SGI*SFTGA*SUN*SGTIF*TGA*SUTIM*TIF*TGVDA*TIM*TIVID*VDA*TIVIF*VID*VDWBMP] @Class="REG_SZ" . [HKEY_LOCAL_MACHINE\software\Classes\.*XCF*XBM*WPXPM*XCF*XBXWD*XPM*XCYUV*XWD*XP] @Class="REG_SZ" . [HKEY_LOCAL_MACHINE\software\Classes\.*PDB*PCX*PCPDD*PDB*PCPGM*PDD*PDPIX*PGM*PDPM] @Class="REG_SZ" . [HKEY_LOCAL_MACHINE\software\Classes\.*PDD*PDB*PCPGM*PDD*PDPIX*PGM*PDPM] @Class="REG_SZ" . [HKEY_LOCAL_MACHINE\software\Classes\.*VDA*TIM*TIVID*VDA*TIVIF*VID*VDWBMP] @Class="REG_SZ" . [HKEY_LOCAL_MACHINE\software\Classes\.*JFF*ICO*I6JP2*JFF*ICJPC*JP2*JFJPG*JPC*JPJPS*JPG*JPMAT*JPS*JPMIF*MAT*JPMNG*MIF*MAMTV*MNG*MIMVG*MTV*MNP7] @Class="REG_SZ" . [HKEY_LOCAL_MACHINE\software\Classes\.*SFW*SCT*RGSGI*SFW*SCSUN*SGI*SFTGA*SUN*SGTIF*TGA*SUTIM*TIF*TGVDA*TIM*TIVID*VDA*TIVIF*VID*VDWBMP] @Class="REG_SZ" . [HKEY_LOCAL_MACHINE\software\Classes\.*PGM*PDD*PDPIX*PGM*PDPM] @Class="REG_SZ" . [HKEY_LOCAL_MACHINE\software\Classes\.*RGB*RAS*RASCT*RGB*RASFW*SCT*RGSGI*SFW*SCSUN*SGI*SFTGA*SUN*SGTIF*TGA*SUTIM*TIF*TGVDA*TIM*TIVID*VDA*TIVIF*VID*VDWBMP] @Class="REG_SZ" . [HKEY_LOCAL_MACHINE\software\Classes\.*SGI*SFW*SCSUN*SGI*SFTGA*SUN*SGTIF*TGA*SUTIM*TIF*TGVDA*TIM*TIVID*VDA*TIVIF*VID*VDWBMP] @Class="REG_SZ" . [HKEY_LOCAL_MACHINE\software\Classes\.*TGA*SUN*SGTIF*TGA*SUTIM*TIF*TGVDA*TIM*TIVID*VDA*TIVIF*VID*VDWBMP] @Class="REG_SZ" . [HKEY_LOCAL_MACHINE\software\Classes\.*DIB*DCX*DCEMF*DIB*DCEXF*EMF*DIFAX*EXF*EMFPX*FAX*EXFTS*FPX*FAGIF*FTS*FPI61*GIF*FTICO*I61*GIJFF*ICO*I6JP2*JFF*ICJPC*JP2*JFJPG*JPC*JPJPS*JPG*JPMAT*JPS*JPMIF*MAT*JPMNG*MIF*MAMTV*MNG*MIMVG*MTV*MNP7] @Class="REG_SZ" . [HKEY_LOCAL_MACHINE\software\Classes\.*GIF*FTS*FPI61*GIF*FTICO*I61*GIJFF*ICO*I6JP2*JFF*ICJPC*JP2*JFJPG*JPC*JPJPS*JPG*JPMAT*JPS*JPMIF*MAT*JPMNG*MIF*MAMTV*MNG*MIMVG*MTV*MNP7] @Class="REG_SZ" . [HKEY_LOCAL_MACHINE\software\Classes\.*MIF*MAT*JPMNG*MIF*MAMTV*MNG*MIMVG*MTV*MNP7] @Class="REG_SZ" . [HKEY_LOCAL_MACHINE\software\Classes\.*PIX*PGM*PDPM] @Class="REG_SZ" . [HKEY_LOCAL_MACHINE\software\Classes\.*TIF*TGA*SUTIM*TIF*TGVDA*TIM*TIVID*VDA*TIVIF*VID*VDWBMP] @Class="REG_SZ" . [HKEY_LOCAL_MACHINE\software\Classes\.*TIM*TIF*TGVDA*TIM*TIVID*VDA*TIVIF*VID*VDWBMP] @Class="REG_SZ" . [HKEY_LOCAL_MACHINE\software\Classes\.*VID*VDA*TIVIF*VID*VDWBMP] @Class="REG_SZ" . [HKEY_LOCAL_MACHINE\software\Classes\.*VIF*VID*VDWBMP] @Class="REG_SZ" . [HKEY_LOCAL_MACHINE\software\Classes\.*BMP*AVS*ARCUR*BMP*AVCUT*CUR*BMDCM*CUT*CUDCX*DCM*CUDIB*DCX*DCEMF*DIB*DCEXF*EMF*DIFAX*EXF*EMFPX*FAX*EXFTS*FPX*FAGIF*FTS*FPI61*GIF*FTICO*I61*GIJFF*ICO*I6JP2*JFF*ICJPC*JP2*JFJPG*JPC*JPJPS*JPG*JPMAT*JPS*JPMIF*MAT*JPMNG*MIF*MAMTV*MNG*MIMVG*MTV*MNP7] @Class="REG_SZ" . [HKEY_LOCAL_MACHINE\software\Classes\.*EMF*DIB*DCEXF*EMF*DIFAX*EXF*EMFPX*FAX*EXFTS*FPX*FAGIF*FTS*FPI61*GIF*FTICO*I61*GIJFF*ICO*I6JP2*JFF*ICJPC*JP2*JFJPG*JPC*JPJPS*JPG*JPMAT*JPS*JPMIF*MAT*JPMNG*MIF*MAMTV*MNG*MIMVG*MTV*MNP7] @Class="REG_SZ" . [HKEY_LOCAL_MACHINE\software\Classes\.*PM] @Class="REG_SZ" . [HKEY_LOCAL_MACHINE\software\Classes\.*WMF*WBMP] @Class="REG_SZ" . [HKEY_LOCAL_MACHINE\software\Classes\.*MNG*MIF*MAMTV*MNG*MIMVG*MTV*MNP7] @Class="REG_SZ" . [HKEY_LOCAL_MACHINE\software\Classes\.*PNG*PM] @Class="REG_SZ" . [HKEY_LOCAL_MACHINE\software\Classes\.*PNM*PNG*PMPPM*PNM*PNPSD*PPM*PNPWP*PSD*PPRAD*PWP*PSRAS*RAD*PWRGB*RAS*RASCT*RGB*RASFW*SCT*RGSGI*SFW*SCSUN*SGI*SFTGA*SUN*SGTIF*TGA*SUTIM*TIF*TGVDA*TIM*TIVID*VDA*TIVIF*VID*VDWBMP] @Class="REG_SZ" . [HKEY_LOCAL_MACHINE\software\Classes\.*FPX*FAX*EXFTS*FPX*FAGIF*FTS*FPI61*GIF*FTICO*I61*GIJFF*ICO*I6JP2*JFF*ICJPC*JP2*JFJPG*JPC*JPJPS*JPG*JPMAT*JPS*JPMIF*MAT*JPMNG*MIF*MAMTV*MNG*MIMVG*MTV*MNP7] @Class="REG_SZ" . [HKEY_LOCAL_MACHINE\software\Classes\.*JP2*JFF*ICJPC*JP2*JFJPG*JPC*JPJPS*JPG*JPMAT*JPS*JPMIF*MAT*JPMNG*MIF*MAMTV*MNG*MIMVG*MTV*MNP7] @Class="REG_SZ" . [HKEY_LOCAL_MACHINE\software\Classes\.*JPC*JP2*JFJPG*JPC*JPJPS*JPG*JPMAT*JPS*JPMIF*MAT*JPMNG*MIF*MAMTV*MNG*MIMVG*MTV*MNP7] @Class="REG_SZ" . [HKEY_LOCAL_MACHINE\software\Classes\.*JPG*JPC*JPJPS*JPG*JPMAT*JPS*JPMIF*MAT*JPMNG*MIF*MAMTV*MNG*MIMVG*MTV*MNP7] @Class="REG_SZ" . [HKEY_LOCAL_MACHINE\software\Classes\.*JPS*JPG*JPMAT*JPS*JPMIF*MAT*JPMNG*MIF*MAMTV*MNG*MIMVG*MTV*MNP7] @Class="REG_SZ" . [HKEY_LOCAL_MACHINE\software\Classes\.*PPM*PNM*PNPSD*PPM*PNPWP*PSD*PPRAD*PWP*PSRAS*RAD*PWRGB*RAS*RASCT*RGB*RASFW*SCT*RGSGI*SFW*SCSUN*SGI*SFTGA*SUN*SGTIF*TGA*SUTIM*TIF*TGVDA*TIM*TIVID*VDA*TIVIF*VID*VDWBMP] @Class="REG_SZ" . [HKEY_LOCAL_MACHINE\software\Classes\.*WPG*WMF*WBXBM*WPG*WMXCF*XBM*WPXPM*XCF*XBXWD*XPM*XCYUV*XWD*XP] @Class="REG_SZ" . [HKEY_LOCAL_MACHINE\software\Classes\.*XPM*XCF*XBXWD*XPM*XCYUV*XWD*XP] @Class="REG_SZ" . [HKEY_LOCAL_MACHINE\software\Classes\.*ARF*2BP*Y*ART*ARF*2BAVS*ART*ARBMP*AVS*ARCUR*BMP*AVCUT*CUR*BMDCM*CUT*CUDCX*DCM*CUDIB*DCX*DCEMF*DIB*DCEXF*EMF*DIFAX*EXF*EMFPX*FAX*EXFTS*FPX*FAGIF*FTS*FPI61*GIF*FTICO*I61*GIJFF*ICO*I6JP2*JFF*ICJPC*JP2*JFJPG*JPC*JPJPS*JPG*JPMAT*JPS*JPMIF*MAT*JPMNG*MIF*MAMTV*MNG*MIMVG*MTV*MNP7] @Class="REG_SZ" . [HKEY_LOCAL_MACHINE\software\Classes\.*ART*ARF*2BAVS*ART*ARBMP*AVS*ARCUR*BMP*AVCUT*CUR*BMDCM*CUT*CUDCX*DCM*CUDIB*DCX*DCEMF*DIB*DCEXF*EMF*DIFAX*EXF*EMFPX*FAX*EXFTS*FPX*FAGIF*FTS*FPI61*GIF*FTICO*I61*GIJFF*ICO*I6JP2*JFF*ICJPC*JP2*JFJPG*JPC*JPJPS*JPG*JPMAT*JPS*JPMIF*MAT*JPMNG*MIF*MAMTV*MNG*MIMVG*MTV*MNP7] @Class="REG_SZ" . [HKEY_LOCAL_MACHINE\software\Classes\.*PSD*PPM*PNPWP*PSD*PPRAD*PWP*PSRAS*RAD*PWRGB*RAS*RASCT*RGB*RASFW*SCT*RGSGI*SFW*SCSUN*SGI*SFTGA*SUN*SGTIF*TGA*SUTIM*TIF*TGVDA*TIM*TIVID*VDA*TIVIF*VID*VDWBMP] @Class="REG_SZ" . [HKEY_LOCAL_MACHINE\software\Classes\.*FTS*FPX*FAGIF*FTS*FPI61*GIF*FTICO*I61*GIJFF*ICO*I6JP2*JFF*ICJPC*JP2*JFJPG*JPC*JPJPS*JPG*JPMAT*JPS*JPMIF*MAT*JPMNG*MIF*MAMTV*MNG*MIMVG*MTV*MNP7] @Class="REG_SZ" . [HKEY_LOCAL_MACHINE\software\Classes\.*MTV*MNG*MIMVG*MTV*MNP7] @Class="REG_SZ" . [HKEY_LOCAL_MACHINE\software\Classes\.*CUR*BMP*AVCUT*CUR*BMDCM*CUT*CUDCX*DCM*CUDIB*DCX*DCEMF*DIB*DCEXF*EMF*DIFAX*EXF*EMFPX*FAX*EXFTS*FPX*FAGIF*FTS*FPI61*GIF*FTICO*I61*GIJFF*ICO*I6JP2*JFF*ICJPC*JP2*JFJPG*JPC*JPJPS*JPG*JPMAT*JPS*JPMIF*MAT*JPMNG*MIF*MAMTV*MNG*MIMVG*MTV*MNP7] @Class="REG_SZ" . [HKEY_LOCAL_MACHINE\software\Classes\.*CUT*CUR*BMDCM*CUT*CUDCX*DCM*CUDIB*DCX*DCEMF*DIB*DCEXF*EMF*DIFAX*EXF*EMFPX*FAX*EXFTS*FPX*FAGIF*FTS*FPI61*GIF*FTICO*I61*GIJFF*ICO*I6JP2*JFF*ICJPC*JP2*JFJPG*JPC*JPJPS*JPG*JPMAT*JPS*JPMIF*MAT*JPMNG*MIF*MAMTV*MNG*MIMVG*MTV*MNP7] @Class="REG_SZ" . [HKEY_LOCAL_MACHINE\software\Classes\.*SUN*SGI*SFTGA*SUN*SGTIF*TGA*SUTIM*TIF*TGVDA*TIM*TIVID*VDA*TIVIF*VID*VDWBMP] @Class="REG_SZ" . [HKEY_LOCAL_MACHINE\software\Classes\.*YUV*XWD*XP] @Class="REG_SZ" . [HKEY_LOCAL_MACHINE\software\Classes\.*AVS*ART*ARBMP*AVS*ARCUR*BMP*AVCUT*CUR*BMDCM*CUT*CUDCX*DCM*CUDIB*DCX*DCEMF*DIB*DCEXF*EMF*DIFAX*EXF*EMFPX*FAX*EXFTS*FPX*FAGIF*FTS*FPI61*GIF*FTICO*I61*GIJFF*ICO*I6JP2*JFF*ICJPC*JP2*JFJPG*JPC*JPJPS*JPG*JPMAT*JPS*JPMIF*MAT*JPMNG*MIF*MAMTV*MNG*MIMVG*MTV*MNP7] @Class="REG_SZ" . [HKEY_LOCAL_MACHINE\software\Classes\.*MVG*MTV*MNP7] @Class="REG_SZ" . [HKEY_LOCAL_MACHINE\software\Classes\.*PWP*PSD*PPRAD*PWP*PSRAS*RAD*PWRGB*RAS*RASCT*RGB*RASFW*SCT*RGSGI*SFW*SCSUN*SGI*SFTGA*SUN*SGTIF*TGA*SUTIM*TIF*TGVDA*TIM*TIVID*VDA*TIVIF*VID*VDWBMP] @Class="REG_SZ" . [HKEY_LOCAL_MACHINE\software\Classes\.*XWD*XPM*XCYUV*XWD*XP] @Class="REG_SZ" . [HKEY_LOCAL_MACHINE\software\Classes\.*EXF*EMF*DIFAX*EXF*EMFPX*FAX*EXFTS*FPX*FAGIF*FTS*FPI61*GIF*FTICO*I61*GIJFF*ICO*I6JP2*JFF*ICJPC*JP2*JFJPG*JPC*JPJPS*JPG*JPMAT*JPS*JPMIF*MAT*JPMNG*MIF*MAMTV*MNG*MIMVG*MTV*MNP7] @Class="REG_SZ" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*] "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs chargées dans les processus actifs --------------------- . - - - - - - - > 'winlogon.exe'(800) c:\windows\system32\LMIinit.dll c:\windows\system32\VESWinlogon.dll c:\windows\system32\LMIRfsClientNP.dll . - - - - - - - > 'explorer.exe'(3648) c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\WinSCP\DragExt.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\LMIRfsClientNP.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\nvsvc32.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\LogMeIn\x86\RaMaint.exe c:\program files\LogMeIn\x86\LogMeIn.exe c:\progra~1\WinTV\TVServer\CAPTUR~4.EXE c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\CyberLink\Shared files\RichVideo.exe c:\program files\Sony\VAIO Event Service\VESMgr.exe c:\windows\ehome\mcrdsvc.exe c:\windows\system32\dllhost.exe c:\windows\system32\wscntfy.exe c:\windows\system32\ICO.EXE c:\windows\system32\RUNDLL32.EXE c:\program files\Apoint\Apntex.exe c:\program files\iPod\bin\iPodService.exe c:\windows\eHome\ehmsas.exe . ************************************************************************** . Heure de fin: 2011-07-20 11:58:51 - La machine a redémarré ComboFix-quarantined-files.txt 2011-07-20 09:58 . Avant-CF: 15 604 977 664 octets libres Après-CF: 15 939 067 904 octets libres . WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect . - - End Of File - - 2E878E9C24B708206C1449517196CB73