gwen44

penses tu que c'est fini! si c'est le cas , je desinstalle tout?(combo..) dois je garder le firewall à 5euros par mois de wanadoo? Si tout est bon, je te remercie grandement de ton aide et de ton efficacité. Je serais ravi de pouvoir t'offrir une tournée soit dans le bas pouldu soit de mon coté d'origine vers guidel plage. merci encore ken@vo gwen

pear,voici le nouveau rapport: ComboFix 10-04-27.02 - gwen 03/05/2010 16:06:17.6.2 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.629 [GMT 2:00] Lancé depuis: c:\documents and settings\gwen\Mes documents\combo.exe Commutateurs utilisés :: c:\documents and settings\gwen\Bureau\CFScript.txt.txt AV: AntiVirus Firewall 8.01 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15} FW: AntiVirus Firewall 8.01 *enabled* {D4747503-0346-49EB-9262-997542F79BF4} FILE :: "c:\documents and settings\gwen\Menu Démarrer\Programmes\Démarrage\monxga32.exe" "c:\windows\system32\GameMon.des -service" . ((((((((((((((((((((((((((((( Fichiers créés du 2010-04-03 au 2010-05-03 )))))))))))))))))))))))))))))))))))) . 2010-05-02 16:40 . 2010-05-02 16:51 -------- d-----w- C:\combo8623c 2010-04-29 11:32 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 11:32 . 2010-04-29 11:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-29 11:32 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-28 17:09 . 2010-04-28 17:10 -------- d-----w- C:\combo 2010-04-27 15:07 . 2010-04-27 15:07 -------- d-----w- c:\documents and settings\gwen\Application Data\Malwarebytes 2010-04-27 15:07 . 2010-04-27 15:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-04-26 13:41 . 2010-04-26 13:41 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2010-04-23 18:06 . 2010-04-23 18:06 -------- d-----w- c:\program files\Trend Micro 2010-04-23 12:07 . 2010-04-23 12:07 -------- d-----w- c:\program files\Sophos 2010-04-22 11:10 . 2010-04-29 12:42 -------- d-----w- c:\documents and settings\All Users\Application Data\avG 2010-04-22 11:10 . 2010-04-29 12:42 -------- d-----w- c:\documents and settings\gwen\Local Settings\Application Data\avG . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-03 14:50 . 2006-10-11 14:15 -------- d-----w- c:\program files\Wanadoo 2010-05-03 13:57 . 2006-10-11 14:53 -------- d-----w- c:\program files\AntivirusFirewall 2010-05-03 13:56 . 2007-05-27 17:53 -------- d-----w- c:\documents and settings\gwen\Application Data\DNA 2010-04-27 19:58 . 2007-01-10 15:55 -------- d-----w- c:\program files\Google 2010-04-27 19:48 . 2009-06-16 15:10 -------- d-----w- c:\program files\LimeWire 2010-04-27 19:48 . 2010-03-31 11:27 -------- d-----w- c:\program files\eMule 2010-04-26 13:40 . 2010-04-21 18:18 16 ----a-w- c:\documents and settings\NetworkService\Application Data\kcmdte.dat 2010-04-25 12:48 . 2002-08-29 01:27 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys 2010-04-20 22:00 . 2009-01-24 23:00 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-04-06 11:19 . 2008-09-09 14:44 -------- d-----w- c:\documents and settings\gwen\Application Data\dvdcss 2010-04-05 15:33 . 2009-09-01 15:48 -------- d-----w- c:\documents and settings\gwen\Application Data\U3 2010-03-30 17:50 . 2006-10-29 16:20 -------- d-----w- c:\program files\Fichiers communs\Java 2010-03-30 17:50 . 2010-03-30 17:50 503808 ----a-w- c:\documents and settings\gwen\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1a46b8ee-n\msvcp71.dll 2010-03-30 17:50 . 2010-03-30 17:50 499712 ----a-w- c:\documents and settings\gwen\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1a46b8ee-n\jmc.dll 2010-03-30 17:50 . 2010-03-30 17:50 348160 ----a-w- c:\documents and settings\gwen\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1a46b8ee-n\msvcr71.dll 2010-03-30 17:50 . 2010-03-30 17:50 12800 ----a-w- c:\documents and settings\gwen\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-15e9c602-n\decora-d3d.dll 2010-03-30 17:50 . 2010-03-30 17:50 61440 ----a-w- c:\documents and settings\gwen\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-15e9c602-n\decora-sse.dll 2010-03-30 17:49 . 2006-10-29 16:20 -------- d-----w- c:\program files\Java 2010-03-30 17:48 . 2004-08-02 15:29 550568 ----a-w- c:\windows\system32\perfh00C.dat 2010-03-30 17:48 . 2004-08-02 15:29 104342 ----a-w- c:\windows\system32\perfc00C.dat 2010-03-10 06:16 . 2002-02-26 12:58 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-03-09 02:28 . 2009-02-10 12:33 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-02-25 06:17 . 2006-06-23 11:28 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-24 13:11 . 2004-08-02 15:29 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-23 11:29 . 2005-03-21 13:38 128472 ----a-w- c:\documents and settings\gwen\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-02-20 11:43 . 2005-03-28 18:08 10902 ----a-w- c:\documents and settings\gwen\Application Data\wklnhst.dat 2010-02-16 19:06 . 2002-08-29 11:42 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 19:06 . 2002-08-29 11:42 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-12 10:03 . 2010-03-03 07:02 293376 ------w- c:\windows\system32\browserchoice.exe 2010-02-12 04:34 . 2006-08-16 12:16 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:02 . 2003-06-30 14:30 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys 2006-11-14 19:13 . 2006-11-14 19:17 774144 ----a-w- c:\program files\RngInterstitial.dll 2004-07-22 08:51 . 2004-07-22 08:51 3432656 ----a-w- c:\program files\ManagedDX.CAB 2004-07-19 20:58 . 2004-07-19 20:58 1156363 ----a-w- c:\program files\BDANT.cab 2004-07-19 20:53 . 2004-07-19 20:53 976020 ----a-w- c:\program files\BDAXP.cab 2004-07-09 12:17 . 2004-07-09 12:17 13265040 ----a-w- c:\program files\dxnt.cab 2004-07-09 07:13 . 2004-07-09 07:13 703080 ----a-w- c:\program files\BDA.cab 2004-07-09 02:08 . 2004-07-09 02:08 472576 ----a-w- c:\program files\dxsetup.exe 2004-07-09 02:08 . 2004-07-09 02:08 2242560 ----a-w- c:\program files\dsetup32.dll 2004-07-09 01:03 . 2004-07-09 01:03 62976 ----a-w- c:\program files\DSETUP.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt] @="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}" [HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}] 2008-09-01 13:31 98328 ----a-w- c:\program files\Nero\Nero 9\InCD\NBHshx.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880] "DNA"="c:\program files\BitTorrent_DNA\dna.exe" [2007-05-27 216064] "msnmsgr"="c:\progra~1\WI1F86~1\MESSEN~1\msnmsgr.exe" [2009-07-26 3883856] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe" [2009-04-29 468408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-10 339968] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480] "WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768] "F-Secure Manager"="c:\program files\AntivirusFirewall\Common\FSM32.EXE" [2008-12-04 182936] "F-Secure TNB"="c:\program files\AntivirusFirewall\FSGUI\TNBUtil.exe" [2008-12-04 957024] "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088] "RestoreIT!"="c:\program files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" [2004-02-06 114688] "Cmaudio"="cmicnfg.cpl" [2004-01-07 2453504] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184] "InCD"="c:\program files\Nero\Nero 9\InCD\InCD.exe" [2008-09-01 1111064] "NBHGui"="c:\program files\Nero\Nero 9\InCD\NBHGui.exe" [2008-09-01 2079256] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 57344] "SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-02-18 248040] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272] "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ D‚marrage rapide du logiciel HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2005-06-23 19:33 57344 ----a-w- c:\program files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Disk Monitor] 2003-06-18 09:57 466944 ----a-w- c:\program files\IC\Card Reader Driver v1.9e\Disk_Monitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2007-09-26 12:42 267064 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] 2007-03-28 00:07 593920 ----a-r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wallpaper] 2006-05-22 18:17 208896 ----a-w- c:\program files\theme bureau\Wallpaper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Boonty Games"=3 (0x3) "Apple Mobile Device"=2 (0x2) "Nero BackItUp Scheduler 3"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\rtcshare.exe"= "c:\\Program Files\\Adobe\\Acrobat 5.0\\Reader\\AcroRd32.exe"= "c:\\Program Files\\Wanadoo\\WOOBrowser\\WOOBrowser.exe"= "c:\\Program Files\\BitTorrent_DNA\\dna.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Nero\\Nero 9\\Nero ShowTime\\ShowTime.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "4662:TCP"= 4662:TCP:emule "8394:TCP"= 8394:TCP:League of Legends Launcher "8394:UDP"= 8394:UDP:League of Legends Launcher R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [21/04/2009 17:26 33920] R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [11/10/2006 16:56 79872] R0 RITCPT;RITCPT;c:\windows\system32\drivers\RITCPT.SYS [02/08/2004 15:53 43512] R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\AntivirusFirewall\HIPS\drivers\fshs.sys [21/04/2009 17:25 67808] R2 FBAPI;FBAPI;c:\windows\system32\drivers\FBAPI.sys [02/08/2004 15:53 5088] R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero 9\InCD\NBHRegInCDSrv.exe [01/09/2008 15:31 108568] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\AntivirusFirewall\Anti-Virus\minifilter\fsgk.sys [11/10/2006 16:55 111296] R3 FSORSPClient;F-Secure ORSP Client;c:\program files\AntivirusFirewall\ORSP Client\fsorsp.exe [21/04/2009 17:25 55904] S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\2A8.tmp --> c:\windows\system32\2A8.tmp [?] S4 F-Secure Filter;F-Secure File System Filter;c:\program files\AntivirusFirewall\Anti-Virus\win2k\fsfilter.sys [11/10/2006 16:55 39776] S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\AntivirusFirewall\Anti-Virus\win2k\fsrec.sys [11/10/2006 16:55 25184] . Contenu du dossier 'Tâches planifiées' 2010-04-29 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:57] 2010-04-29 c:\windows\Tasks\NeroLiveEpgUpdate-SY4PUNF16_gwen.job - c:\program files\Nero\Nero 9\Nero Live\NeroLive.exe [2008-10-27 08:59] 2010-05-03 c:\windows\Tasks\Scheduled scanning task.job - c:\progra~1\ANTIVI~1\ANTI-V~1\fsav.exe [2006-10-11 13:57] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.orange.fr/ IE: &Recherche AOL Toolbar - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 LSP: c:\program files\AntivirusFirewall\FSPS\program\FSLSP.DLL DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} - hxxp://king.orange.fr/ctl/kingcomie.cab DPF: {5308E02B-4ABA-48E4-AA9E-8A7693661473} - hxxp://jeuxenligne.orange.fr/GisActiveX/Ax/GameAx.cab DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab DPF: {C9E17F58-564C-41C6-989F-AB0FE0D2C9D1} - hxxp://jeuxentelechargement.orange.fr/orange2.0/OnlineHSS/bejeweled_2/Popcap.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-03 16:47 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\2A8.tmp" . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-2865554567-2968331276-387038371-1006\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_USERS\S-1-5-21-2865554567-2968331276-387038371-1006\Software\SecuROM\License information*] "datasecu"=hex:ee,b0,3e,48,43,96,cb,16,7d,87,a8,e2,77,c5,1c,3d,fd,2a,52,dc,7e, a3,16,06,6a,8a,21,dc,d5,ba,96,8d,20,da,5f,6e,4a,57,29,8f,0d,f9,05,2c,19,88,\ "rkeysecu"=hex:0c,01,85,43,d9,94,1a,d5,71,29,87,48,26,17,d9,45 . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(680) c:\windows\system32\Ati2evxx.dll c:\program files\AntivirusFirewall\FWES\Program\fsdc32.dll - - - - - - - > 'lsass.exe'(736) c:\program files\AntivirusFirewall\FSPS\program\FSLSP.DLL c:\program files\AntivirusFirewall\FWES\Program\fsdc32.dll - - - - - - - > 'explorer.exe'(3848) c:\program files\Nero\Nero 9\InCD\NBHshx.dll c:\program files\Nero\Nero 9\InCD\NBHStr.dll c:\program files\Fichiers communs\Nero\AdvrCntr4\AdvrCntr4.dll c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll - - - - - - - > 'csrss.exe'(656) c:\program files\AntivirusFirewall\FWES\Program\fsdc32.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\System32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\AntivirusFirewall\Anti-Virus\fsgk32st.exe c:\program files\AntivirusFirewall\Anti-Virus\FSGK32.EXE c:\program files\AntivirusFirewall\Common\FSMA32.EXE c:\windows\System32\FTRTSVC.exe c:\program files\AntivirusFirewall\Common\FSMB32.EXE c:\program files\Nero\Nero 9\InCD\InCDSrv.exe c:\program files\AntivirusFirewall\Common\FCH32.EXE c:\program files\Java\jre6\bin\jqs.exe c:\program files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe c:\program files\AntivirusFirewall\Common\FAMEH32.EXE c:\program files\AntivirusFirewall\Anti-Virus\fsqh.exe c:\windows\System32\HPZipm12.exe c:\windows\system32\wscntfy.exe c:\program files\AntivirusFirewall\FSAUA\program\fsaua.exe c:\program files\AntivirusFirewall\Anti-Virus\fssm32.exe c:\program files\AntivirusFirewall\FWES\Program\fsdfwd.exe c:\windows\System32\wbem\wmiapsrv.exe c:\program files\AntivirusFirewall\FSAUA\program\fsus.exe c:\windows\AGRSMMSG.exe c:\progra~1\Wanadoo\TaskBarIcon.exe c:\program files\AntivirusFirewall\FSGUI\fsguidll.exe c:\program files\HP\Digital Imaging\bin\hpqimzone.exe c:\program files\AntivirusFirewall\Anti-Virus\fsav32.exe . ************************************************************************** . Heure de fin: 2010-05-03 16:56:26 - La machine a redémarré ComboFix-quarantined-files.txt 2010-05-03 14:56 ComboFix2.txt 2010-05-02 17:54 ComboFix3.txt 2010-05-02 16:51 ComboFix4.txt 2010-04-28 18:32 ComboFix5.txt 2010-05-03 14:04 Avant-CF: 69 512 089 600 octets libres Après-CF: 69 506 367 488 octets libres - - End Of File - - 046E9B2CCB4B6B2D264782DDE5248FDC

bonjour, tu ne me rassure pas . je me demande si je fais la bonne manip dès le départ, dois je coller tes lignes a la suite du rapport combo et le glisser ou créer un bloc note uniquement avec tes lignes: [HKLM\~\startupfolder\C:^Documents and Settings^gwen^Menu Démarrer^Programmes^Démarrage^monxga32.exe] path=c:\documents and settings\gwen\Menu Démarrer\Programmes\Démarrage\monxga32.exe backup=c:\windows\pss\monxga32.exeStartup [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" en attente de ta reponse avant de manipuler gwen

voici le rapport mbam Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Version de la base de données: 4050 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 02/05/2010 20:37:17 mbam-log-2010-05-02 (20-37-17).txt Type d'examen: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|L:\|) Elément(s) analysé(s): 203015 Temps écoulé: 38 minute(s), 30 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)

bonjour pear voici le log du combo ComboFix 10-04-27.02 - gwen 02/05/2010 19:46:33.5.2 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.598 [GMT 2:00] Lancé depuis: c:\documents and settings\gwen\Mes documents\combo.exe Commutateurs utilisés :: c:\documents and settings\gwen\Bureau\CFScript.txt.lnk AV: AntiVirus Firewall 8.01 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15} FW: AntiVirus Firewall 8.01 *enabled* {D4747503-0346-49EB-9262-997542F79BF4} . ((((((((((((((((((((((((((((( Fichiers créés du 2010-04-02 au 2010-05-02 )))))))))))))))))))))))))))))))))))) . 2010-05-02 16:40 . 2010-05-02 16:51 -------- d-----w- C:\combo8623c 2010-04-29 11:32 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 11:32 . 2010-04-29 11:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-29 11:32 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-28 17:09 . 2010-04-28 17:10 -------- d-----w- C:\combo 2010-04-27 15:07 . 2010-04-27 15:07 -------- d-----w- c:\documents and settings\gwen\Application Data\Malwarebytes 2010-04-27 15:07 . 2010-04-27 15:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-04-26 13:41 . 2010-04-26 13:41 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2010-04-23 18:06 . 2010-04-23 18:06 -------- d-----w- c:\program files\Trend Micro 2010-04-23 12:07 . 2010-04-23 12:07 -------- d-----w- c:\program files\Sophos 2010-04-22 11:10 . 2010-04-29 12:42 -------- d-----w- c:\documents and settings\All Users\Application Data\avG 2010-04-22 11:10 . 2010-04-29 12:42 -------- d-----w- c:\documents and settings\gwen\Local Settings\Application Data\avG . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-02 17:21 . 2006-10-11 14:53 -------- d-----w- c:\program files\AntivirusFirewall 2010-05-02 17:15 . 2006-10-11 14:15 -------- d-----w- c:\program files\Wanadoo 2010-05-02 16:37 . 2007-05-27 17:53 -------- d-----w- c:\documents and settings\gwen\Application Data\DNA 2010-04-27 19:58 . 2007-01-10 15:55 -------- d-----w- c:\program files\Google 2010-04-27 19:48 . 2009-06-16 15:10 -------- d-----w- c:\program files\LimeWire 2010-04-27 19:48 . 2010-03-31 11:27 -------- d-----w- c:\program files\eMule 2010-04-26 13:40 . 2010-04-21 18:18 16 ----a-w- c:\documents and settings\NetworkService\Application Data\kcmdte.dat 2010-04-25 12:48 . 2002-08-29 01:27 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys 2010-04-20 22:00 . 2009-01-24 23:00 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-04-06 11:19 . 2008-09-09 14:44 -------- d-----w- c:\documents and settings\gwen\Application Data\dvdcss 2010-04-05 15:33 . 2009-09-01 15:48 -------- d-----w- c:\documents and settings\gwen\Application Data\U3 2010-03-30 17:50 . 2006-10-29 16:20 -------- d-----w- c:\program files\Fichiers communs\Java 2010-03-30 17:50 . 2010-03-30 17:50 503808 ----a-w- c:\documents and settings\gwen\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1a46b8ee-n\msvcp71.dll 2010-03-30 17:50 . 2010-03-30 17:50 499712 ----a-w- c:\documents and settings\gwen\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1a46b8ee-n\jmc.dll 2010-03-30 17:50 . 2010-03-30 17:50 348160 ----a-w- c:\documents and settings\gwen\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1a46b8ee-n\msvcr71.dll 2010-03-30 17:50 . 2010-03-30 17:50 12800 ----a-w- c:\documents and settings\gwen\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-15e9c602-n\decora-d3d.dll 2010-03-30 17:50 . 2010-03-30 17:50 61440 ----a-w- c:\documents and settings\gwen\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-15e9c602-n\decora-sse.dll 2010-03-30 17:49 . 2006-10-29 16:20 -------- d-----w- c:\program files\Java 2010-03-30 17:48 . 2004-08-02 15:29 550568 ----a-w- c:\windows\system32\perfh00C.dat 2010-03-30 17:48 . 2004-08-02 15:29 104342 ----a-w- c:\windows\system32\perfc00C.dat 2010-03-10 06:16 . 2002-02-26 12:58 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-03-09 02:28 . 2009-02-10 12:33 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-03-04 12:20 . 2004-08-10 15:49 -------- d-----w- c:\program files\Fichiers communs\Adobe 2010-02-25 06:17 . 2006-06-23 11:28 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-24 13:11 . 2004-08-02 15:29 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-23 11:29 . 2005-03-21 13:38 128472 ----a-w- c:\documents and settings\gwen\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-02-20 11:43 . 2005-03-28 18:08 10902 ----a-w- c:\documents and settings\gwen\Application Data\wklnhst.dat 2010-02-16 19:06 . 2002-08-29 11:42 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 19:06 . 2002-08-29 11:42 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-12 10:03 . 2010-03-03 07:02 293376 ------w- c:\windows\system32\browserchoice.exe 2010-02-12 04:34 . 2006-08-16 12:16 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:02 . 2003-06-30 14:30 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys 2006-11-14 19:13 . 2006-11-14 19:17 774144 ----a-w- c:\program files\RngInterstitial.dll 2004-07-22 08:51 . 2004-07-22 08:51 3432656 ----a-w- c:\program files\ManagedDX.CAB 2004-07-19 20:58 . 2004-07-19 20:58 1156363 ----a-w- c:\program files\BDANT.cab 2004-07-19 20:53 . 2004-07-19 20:53 976020 ----a-w- c:\program files\BDAXP.cab 2004-07-09 12:17 . 2004-07-09 12:17 13265040 ----a-w- c:\program files\dxnt.cab 2004-07-09 07:13 . 2004-07-09 07:13 703080 ----a-w- c:\program files\BDA.cab 2004-07-09 02:08 . 2004-07-09 02:08 472576 ----a-w- c:\program files\dxsetup.exe 2004-07-09 02:08 . 2004-07-09 02:08 2242560 ----a-w- c:\program files\dsetup32.dll 2004-07-09 01:03 . 2004-07-09 01:03 62976 ----a-w- c:\program files\DSETUP.dll . ((((((((((((((((((((((((((((( SnapShot@2010-04-28_16.17.03 ))))))))))))))))))))))))))))))))))))))))) . + 2010-05-02 15:56 . 2010-05-02 15:56 16384 c:\windows\Temp\Perflib_Perfdata_4d0.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt] @="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}" [HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}] 2008-09-01 13:31 98328 ----a-w- c:\program files\Nero\Nero 9\InCD\NBHshx.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880] "DNA"="c:\program files\BitTorrent_DNA\dna.exe" [2007-05-27 216064] "msnmsgr"="c:\progra~1\WI1F86~1\MESSEN~1\msnmsgr.exe" [2009-07-26 3883856] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe" [2009-04-29 468408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-10 339968] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480] "WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768] "F-Secure Manager"="c:\program files\AntivirusFirewall\Common\FSM32.EXE" [2008-12-04 182936] "F-Secure TNB"="c:\program files\AntivirusFirewall\FSGUI\TNBUtil.exe" [2008-12-04 957024] "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088] "RestoreIT!"="c:\program files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" [2004-02-06 114688] "Cmaudio"="cmicnfg.cpl" [2004-01-07 2453504] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184] "InCD"="c:\program files\Nero\Nero 9\InCD\InCD.exe" [2008-09-01 1111064] "NBHGui"="c:\program files\Nero\Nero 9\InCD\NBHGui.exe" [2008-09-01 2079256] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 57344] "SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-02-18 248040] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272] "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ D‚marrage rapide du logiciel HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728] [HKLM\~\startupfolder\C:^Documents and Settings^gwen^Menu Démarrer^Programmes^Démarrage^monxga32.exe] path=c:\documents and settings\gwen\Menu Démarrer\Programmes\Démarrage\monxga32.exe backup=c:\windows\pss\monxga32.exeStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2005-06-23 19:33 57344 ----a-w- c:\program files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Disk Monitor] 2003-06-18 09:57 466944 ----a-w- c:\program files\IC\Card Reader Driver v1.9e\Disk_Monitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2007-09-26 12:42 267064 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] 2007-03-28 00:07 593920 ----a-r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wallpaper] 2006-05-22 18:17 208896 ----a-w- c:\program files\theme bureau\Wallpaper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Boonty Games"=3 (0x3) "Apple Mobile Device"=2 (0x2) "Nero BackItUp Scheduler 3"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\rtcshare.exe"= "c:\\Program Files\\Adobe\\Acrobat 5.0\\Reader\\AcroRd32.exe"= "c:\\Program Files\\Wanadoo\\WOOBrowser\\WOOBrowser.exe"= "c:\\Program Files\\BitTorrent_DNA\\dna.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Nero\\Nero 9\\Nero ShowTime\\ShowTime.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "4662:TCP"= 4662:TCP:emule "8394:TCP"= 8394:TCP:League of Legends Launcher "8394:UDP"= 8394:UDP:League of Legends Launcher R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [21/04/2009 17:26 33920] R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [11/10/2006 16:56 79872] R0 RITCPT;RITCPT;c:\windows\system32\drivers\RITCPT.SYS [02/08/2004 15:53 43512] R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\AntivirusFirewall\HIPS\drivers\fshs.sys [21/04/2009 17:25 67808] R2 FBAPI;FBAPI;c:\windows\system32\drivers\FBAPI.sys [02/08/2004 15:53 5088] R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero 9\InCD\NBHRegInCDSrv.exe [01/09/2008 15:31 108568] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\AntivirusFirewall\Anti-Virus\minifilter\fsgk.sys [11/10/2006 16:55 111296] R3 FSORSPClient;F-Secure ORSP Client;c:\program files\AntivirusFirewall\ORSP Client\fsorsp.exe [21/04/2009 17:25 55904] S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\2A8.tmp --> c:\windows\system32\2A8.tmp [?] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S4 F-Secure Filter;F-Secure File System Filter;c:\program files\AntivirusFirewall\Anti-Virus\win2k\fsfilter.sys [11/10/2006 16:55 39776] S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\AntivirusFirewall\Anti-Virus\win2k\fsrec.sys [11/10/2006 16:55 25184] . Contenu du dossier 'Tâches planifiées' 2010-04-29 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:57] 2010-04-29 c:\windows\Tasks\NeroLiveEpgUpdate-SY4PUNF16_gwen.job - c:\program files\Nero\Nero 9\Nero Live\NeroLive.exe [2008-10-27 08:59] 2010-05-02 c:\windows\Tasks\Scheduled scanning task.job - c:\progra~1\ANTIVI~1\ANTI-V~1\fsav.exe [2006-10-11 13:57] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.orange.fr/ IE: &Recherche AOL Toolbar - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 LSP: c:\program files\AntivirusFirewall\FSPS\program\FSLSP.DLL DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} - hxxp://king.orange.fr/ctl/kingcomie.cab DPF: {5308E02B-4ABA-48E4-AA9E-8A7693661473} - hxxp://jeuxenligne.orange.fr/GisActiveX/Ax/GameAx.cab DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab DPF: {C9E17F58-564C-41C6-989F-AB0FE0D2C9D1} - hxxp://jeuxentelechargement.orange.fr/orange2.0/OnlineHSS/bejeweled_2/Popcap.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-02 19:51 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\2A8.tmp" [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-2865554567-2968331276-387038371-1006\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_USERS\S-1-5-21-2865554567-2968331276-387038371-1006\Software\SecuROM\License information*] "datasecu"=hex:ee,b0,3e,48,43,96,cb,16,7d,87,a8,e2,77,c5,1c,3d,fd,2a,52,dc,7e, a3,16,06,6a,8a,21,dc,d5,ba,96,8d,20,da,5f,6e,4a,57,29,8f,0d,f9,05,2c,19,88,\ "rkeysecu"=hex:0c,01,85,43,d9,94,1a,d5,71,29,87,48,26,17,d9,45 . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(676) c:\windows\system32\Ati2evxx.dll c:\program files\AntivirusFirewall\FWES\Program\fsdc32.dll - - - - - - - > 'lsass.exe'(732) c:\program files\AntivirusFirewall\FSPS\program\FSLSP.DLL c:\program files\AntivirusFirewall\FWES\Program\fsdc32.dll - - - - - - - > 'explorer.exe'(2292) c:\program files\Nero\Nero 9\InCD\NBHshx.dll c:\program files\Nero\Nero 9\InCD\NBHStr.dll c:\program files\Fichiers communs\Nero\AdvrCntr4\AdvrCntr4.dll c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll c:\program files\Fichiers communs\Nero\SMC\NeroDigitalExt.dll - - - - - - - > 'csrss.exe'(652) c:\program files\AntivirusFirewall\FWES\Program\fsdc32.dll . Heure de fin: 2010-05-02 19:54:16 ComboFix-quarantined-files.txt 2010-05-02 17:54 ComboFix2.txt 2010-05-02 16:51 ComboFix3.txt 2010-04-28 18:32 ComboFix4.txt 2010-04-28 16:19 ComboFix5.txt 2010-05-02 17:45 Avant-CF: 69 555 449 856 octets libres Après-CF: 69 539 155 968 octets libres - - End Of File - - A879782EF44020C0C07365F35429748D je prepare le scan mbam merci

bonjour pear, je ne pensais pas que tu m'aurais répondu aussi tot,sinon je l'aurais fait dès cet après midi. je pars en week end jusqu'à dimanche. je reprendrais mes tâches informatiques dimanche bon week end ken@vo

bonjour pear,avant de partir au boulot je t'envoie le rapport de cette nuit: -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Friday, April 30, 2010 Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Thursday, April 29, 2010 18:39:11 Records in database: 4003689 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ K:\ L:\ Scan statistics: Objects scanned: 92205 Threats found: 2 Infected objects found: 2 Suspicious objects found: 0 Scan duration: 02:51:28 File name / Threat / Threats count C:\Program Files\FenAffiche\FENUNIKA.0XE Infected: Trojan.Win32.VB.fhg 1 C:\WINDOWS\pss\monxga32.exeStartup Infected: Packed.Win32.Krap.ar 1 Selected area has been scanned. bonne journee gwen

voici le rapport log apres la mise en quarantaine. gwen Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Version de la base de données: 4050 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 29/04/2010 14:42:31 mbam-log-2010-04-29 (14-42-31).txt Type d'examen: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|L:\|) Elément(s) analysé(s): 210212 Temps écoulé: 47 minute(s), 0 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 1 Fichier(s) infecté(s): 39 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): C:\Documents and Settings\All Users\Application Data\24817022 (Rogue.Multiple) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\Documents and Settings\All Users\Application Data\avG\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\avG\vma.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\av.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\vma.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. C:\Documents and Settings\gwen\Local Settings\Application Data\avG\vma.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. C:\Documents and Settings\gwen\Modèles\av.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. C:\Documents and Settings\gwen\Modèles\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. C:\Documents and Settings\gwen\Modèles\MSASCui.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. C:\Documents and Settings\gwen\Modèles\vma.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. C:\Documents and Settings\gwen\Modèles\avG\av.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. C:\Documents and Settings\gwen\Modèles\avG\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. C:\Documents and Settings\gwen\Modèles\avG\MSASCui.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. C:\Documents and Settings\gwen\Modèles\avG\vma.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\Documents and Settings\gwen\Local Settings\Application Data\avG\av.exe.vir (Rogue.MultipleAV) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\Documents and Settings\gwen\Local Settings\Application Data\avG\ave.exe.vir (Rogue.MultipleAV) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\Documents and Settings\gwen\Local Settings\Application Data\avG\MSASCui.exe.vir (Rogue.MultipleAV) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\Documents and Settings\gwen\Local Settings\Application Data\Microsoft\Windows Defender\av.exe.vir (Rogue.MultipleAV) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\Documents and Settings\gwen\Local Settings\Application Data\Microsoft\Windows Defender\ave.exe.vir (Rogue.MultipleAV) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\Documents and Settings\gwen\Local Settings\Application Data\Microsoft\Windows Defender\MSASCui.exe.vir (Rogue.MultipleAV) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\Documents and Settings\gwen\Local Settings\Application Data\Microsoft\Windows Defender\vma.exe.vir (Rogue.MultipleAV) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7D03123D-7E8A-4053-9FB0-C703F15DE4C4}\RP952\A0157058.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7D03123D-7E8A-4053-9FB0-C703F15DE4C4}\RP953\A0158078.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7D03123D-7E8A-4053-9FB0-C703F15DE4C4}\RP953\A0158080.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7D03123D-7E8A-4053-9FB0-C703F15DE4C4}\RP953\A0158081.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7D03123D-7E8A-4053-9FB0-C703F15DE4C4}\RP953\A0158082.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7D03123D-7E8A-4053-9FB0-C703F15DE4C4}\RP953\A0158181.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7D03123D-7E8A-4053-9FB0-C703F15DE4C4}\RP953\A0158184.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7D03123D-7E8A-4053-9FB0-C703F15DE4C4}\RP955\A0159319.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7D03123D-7E8A-4053-9FB0-C703F15DE4C4}\RP955\A0159320.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7D03123D-7E8A-4053-9FB0-C703F15DE4C4}\RP955\A0159321.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7D03123D-7E8A-4053-9FB0-C703F15DE4C4}\RP955\A0159322.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7D03123D-7E8A-4053-9FB0-C703F15DE4C4}\RP956\A0159683.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7D03123D-7E8A-4053-9FB0-C703F15DE4C4}\RP956\A0159684.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7D03123D-7E8A-4053-9FB0-C703F15DE4C4}\RP956\A0159685.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7D03123D-7E8A-4053-9FB0-C703F15DE4C4}\RP956\A0159686.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7D03123D-7E8A-4053-9FB0-C703F15DE4C4}\RP956\A0159687.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7D03123D-7E8A-4053-9FB0-C703F15DE4C4}\RP956\A0159688.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7D03123D-7E8A-4053-9FB0-C703F15DE4C4}\RP956\A0159689.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.

desole pear,mais je travaille de nuit jusque midi donc on sera en decalage sytematiquement je tente le rapport mbam dans le prochain post gwen

desole pear , erreur de débutant j'avais vraiment mal nommé le bloc note voici le rapport emis: ComboFix 10-04-27.02 - gwen 28/04/2010 20:24:17.3.2 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.541 [GMT 2:00] Lancé depuis: c:\documents and settings\gwen\Mes documents\combo.exe Commutateurs utilisés :: c:\documents and settings\gwen\Bureau\CFScript.txt.lnk AV: AntiVirus Firewall 8.01 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15} FW: AntiVirus Firewall 8.01 *enabled* {D4747503-0346-49EB-9262-997542F79BF4} . ((((((((((((((((((((((((((((( Fichiers créés du 2010-03-28 au 2010-04-28 )))))))))))))))))))))))))))))))))))) . 2010-04-28 17:09 . 2010-04-28 17:10 -------- d-----w- C:\combo 2010-04-27 15:07 . 2010-04-27 15:07 -------- d-----w- c:\documents and settings\gwen\Application Data\Malwarebytes 2010-04-27 15:07 . 2010-04-27 15:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-04-26 13:41 . 2010-04-26 13:41 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2010-04-26 13:41 . 2010-04-27 10:03 -------- d-----w- c:\documents and settings\All Users\Application Data\24817022 2010-04-23 18:06 . 2010-04-23 18:06 -------- d-----w- c:\program files\Trend Micro 2010-04-23 12:07 . 2010-04-23 12:07 -------- d-----w- c:\program files\Sophos 2010-04-22 11:10 . 2010-04-25 11:06 -------- d-----w- c:\documents and settings\All Users\Application Data\avG 2010-04-22 11:10 . 2010-04-22 11:10 226304 ------w- c:\documents and settings\All Users\Application Data\avG\vma.exe 2010-04-22 11:10 . 2010-04-22 11:10 226304 ------w- c:\documents and settings\All Users\Application Data\avG\ave.exe 2010-04-22 11:10 . 2010-04-22 11:10 226304 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\vma.exe 2010-04-22 11:10 . 2010-04-22 11:10 226304 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\ave.exe 2010-04-22 11:10 . 2010-04-22 11:10 226304 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\av.exe 2010-04-22 11:10 . 2010-04-28 12:35 -------- d-----w- c:\documents and settings\gwen\Local Settings\Application Data\avG 2010-03-31 11:27 . 2010-04-27 19:48 -------- d-----w- c:\program files\eMule 2010-03-30 17:50 . 2010-03-30 17:50 503808 ----a-w- c:\documents and settings\gwen\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1a46b8ee-n\msvcp71.dll 2010-03-30 17:50 . 2010-03-30 17:50 499712 ----a-w- c:\documents and settings\gwen\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1a46b8ee-n\jmc.dll 2010-03-30 17:50 . 2010-03-30 17:50 348160 ----a-w- c:\documents and settings\gwen\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1a46b8ee-n\msvcr71.dll 2010-03-30 17:50 . 2010-03-30 17:50 12800 ----a-w- c:\documents and settings\gwen\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-15e9c602-n\decora-d3d.dll 2010-03-30 17:50 . 2010-03-30 17:50 61440 ----a-w- c:\documents and settings\gwen\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-15e9c602-n\decora-sse.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-28 18:22 . 2006-10-11 14:15 -------- d-----w- c:\program files\Wanadoo 2010-04-28 16:05 . 2007-05-27 17:53 -------- d-----w- c:\documents and settings\gwen\Application Data\DNA 2010-04-28 14:44 . 2006-10-11 14:53 -------- d-----w- c:\program files\AntivirusFirewall 2010-04-27 19:58 . 2007-01-10 15:55 -------- d-----w- c:\program files\Google 2010-04-27 19:48 . 2009-06-16 15:10 -------- d-----w- c:\program files\LimeWire 2010-04-26 13:40 . 2010-04-21 18:18 16 ----a-w- c:\documents and settings\NetworkService\Application Data\kcmdte.dat 2010-04-25 12:48 . 2002-08-29 01:27 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys 2010-04-20 22:00 . 2009-01-24 23:00 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-04-06 11:19 . 2008-09-09 14:44 -------- d-----w- c:\documents and settings\gwen\Application Data\dvdcss 2010-04-05 15:33 . 2009-09-01 15:48 -------- d-----w- c:\documents and settings\gwen\Application Data\U3 2010-03-30 17:50 . 2006-10-29 16:20 -------- d-----w- c:\program files\Fichiers communs\Java 2010-03-30 17:49 . 2006-10-29 16:20 -------- d-----w- c:\program files\Java 2010-03-30 17:48 . 2004-08-02 15:29 550568 ----a-w- c:\windows\system32\perfh00C.dat 2010-03-30 17:48 . 2004-08-02 15:29 104342 ----a-w- c:\windows\system32\perfc00C.dat 2010-03-10 06:16 . 2002-02-26 12:58 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-03-09 02:28 . 2009-02-10 12:33 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-03-04 12:20 . 2004-08-10 15:49 -------- d-----w- c:\program files\Fichiers communs\Adobe 2010-02-25 06:17 . 2006-06-23 11:28 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-24 13:11 . 2004-08-02 15:29 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-23 11:29 . 2005-03-21 13:38 128472 ----a-w- c:\documents and settings\gwen\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-02-20 11:43 . 2005-03-28 18:08 10902 ----a-w- c:\documents and settings\gwen\Application Data\wklnhst.dat 2010-02-16 19:06 . 2002-08-29 11:42 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 19:06 . 2002-08-29 11:42 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-12 10:03 . 2010-03-03 07:02 293376 ------w- c:\windows\system32\browserchoice.exe 2010-02-12 04:34 . 2006-08-16 12:16 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:02 . 2003-06-30 14:30 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys 2006-11-14 19:13 . 2006-11-14 19:17 774144 ----a-w- c:\program files\RngInterstitial.dll 2004-07-22 08:51 . 2004-07-22 08:51 3432656 ----a-w- c:\program files\ManagedDX.CAB 2004-07-19 20:58 . 2004-07-19 20:58 1156363 ----a-w- c:\program files\BDANT.cab 2004-07-19 20:53 . 2004-07-19 20:53 976020 ----a-w- c:\program files\BDAXP.cab 2004-07-09 12:17 . 2004-07-09 12:17 13265040 ----a-w- c:\program files\dxnt.cab 2004-07-09 07:13 . 2004-07-09 07:13 703080 ----a-w- c:\program files\BDA.cab 2004-07-09 02:08 . 2004-07-09 02:08 472576 ----a-w- c:\program files\dxsetup.exe 2004-07-09 02:08 . 2004-07-09 02:08 2242560 ----a-w- c:\program files\dsetup32.dll 2004-07-09 01:03 . 2004-07-09 01:03 62976 ----a-w- c:\program files\DSETUP.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt] @="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}" [HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}] 2008-09-01 13:31 98328 ----a-w- c:\program files\Nero\Nero 9\InCD\NBHshx.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880] "DNA"="c:\program files\BitTorrent_DNA\dna.exe" [2007-05-27 216064] "msnmsgr"="c:\progra~1\WI1F86~1\MESSEN~1\msnmsgr.exe" [2009-07-26 3883856] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe" [2009-04-29 468408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-10 339968] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480] "WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768] "F-Secure Manager"="c:\program files\AntivirusFirewall\Common\FSM32.EXE" [2008-12-04 182936] "F-Secure TNB"="c:\program files\AntivirusFirewall\FSGUI\TNBUtil.exe" [2008-12-04 957024] "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088] "RestoreIT!"="c:\program files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" [2004-02-06 114688] "Cmaudio"="cmicnfg.cpl" [2004-01-07 2453504] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184] "InCD"="c:\program files\Nero\Nero 9\InCD\InCD.exe" [2008-09-01 1111064] "NBHGui"="c:\program files\Nero\Nero 9\InCD\NBHGui.exe" [2008-09-01 2079256] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 57344] "SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-02-18 248040] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272] "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ D‚marrage rapide du logiciel HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728] [HKLM\~\startupfolder\C:^Documents and Settings^gwen^Menu Démarrer^Programmes^Démarrage^monxga32.exe] path=c:\documents and settings\gwen\Menu Démarrer\Programmes\Démarrage\monxga32.exe backup=c:\windows\pss\monxga32.exeStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2005-06-23 19:33 57344 ----a-w- c:\program files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Disk Monitor] 2003-06-18 09:57 466944 ----a-w- c:\program files\IC\Card Reader Driver v1.9e\Disk_Monitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2007-09-26 12:42 267064 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] 2007-03-28 00:07 593920 ----a-r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wallpaper] 2006-05-22 18:17 208896 ----a-w- c:\program files\theme bureau\Wallpaper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Boonty Games"=3 (0x3) "Apple Mobile Device"=2 (0x2) "Nero BackItUp Scheduler 3"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\rtcshare.exe"= "c:\\Program Files\\Adobe\\Acrobat 5.0\\Reader\\AcroRd32.exe"= "c:\\Program Files\\Wanadoo\\WOOBrowser\\WOOBrowser.exe"= "c:\\Program Files\\BitTorrent_DNA\\dna.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Nero\\Nero 9\\Nero ShowTime\\ShowTime.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "4662:TCP"= 4662:TCP:emule "8394:TCP"= 8394:TCP:League of Legends Launcher "8394:UDP"= 8394:UDP:League of Legends Launcher R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [21/04/2009 17:26 33920] R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [11/10/2006 16:56 79872] R0 RITCPT;RITCPT;c:\windows\system32\drivers\RITCPT.SYS [02/08/2004 15:53 43512] R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\AntivirusFirewall\HIPS\drivers\fshs.sys [21/04/2009 17:25 67808] R2 FBAPI;FBAPI;c:\windows\system32\drivers\FBAPI.sys [02/08/2004 15:53 5088] R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero 9\InCD\NBHRegInCDSrv.exe [01/09/2008 15:31 108568] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\AntivirusFirewall\Anti-Virus\minifilter\fsgk.sys [11/10/2006 16:55 111296] R3 FSORSPClient;F-Secure ORSP Client;c:\program files\AntivirusFirewall\ORSP Client\fsorsp.exe [21/04/2009 17:25 55904] S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\2A8.tmp --> c:\windows\system32\2A8.tmp [?] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S4 F-Secure Filter;F-Secure File System Filter;c:\program files\AntivirusFirewall\Anti-Virus\win2k\fsfilter.sys [11/10/2006 16:55 39776] S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\AntivirusFirewall\Anti-Virus\win2k\fsrec.sys [11/10/2006 16:55 25184] . Contenu du dossier 'Tâches planifiées' 2010-04-01 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:57] 2010-04-20 c:\windows\Tasks\NeroLiveEpgUpdate-SY4PUNF16_gwen.job - c:\program files\Nero\Nero 9\Nero Live\NeroLive.exe [2008-10-27 08:59] 2010-04-28 c:\windows\Tasks\Scheduled scanning task.job - c:\progra~1\ANTIVI~1\ANTI-V~1\fsav.exe [2006-10-11 13:57] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.orange.fr/ IE: &Recherche AOL Toolbar - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 LSP: c:\program files\AntivirusFirewall\FSPS\program\FSLSP.DLL DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} - hxxp://king.orange.fr/ctl/kingcomie.cab DPF: {5308E02B-4ABA-48E4-AA9E-8A7693661473} - hxxp://jeuxenligne.orange.fr/GisActiveX/Ax/GameAx.cab DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab DPF: {C9E17F58-564C-41C6-989F-AB0FE0D2C9D1} - hxxp://jeuxentelechargement.orange.fr/orange2.0/OnlineHSS/bejeweled_2/Popcap.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-04-28 20:30 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\2A8.tmp" [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-2865554567-2968331276-387038371-1006\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_USERS\S-1-5-21-2865554567-2968331276-387038371-1006\Software\SecuROM\License information*] "datasecu"=hex:ee,b0,3e,48,43,96,cb,16,7d,87,a8,e2,77,c5,1c,3d,fd,2a,52,dc,7e, a3,16,06,6a,8a,21,dc,d5,ba,96,8d,20,da,5f,6e,4a,57,29,8f,0d,f9,05,2c,19,88,\ "rkeysecu"=hex:0c,01,85,43,d9,94,1a,d5,71,29,87,48,26,17,d9,45 . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(676) c:\windows\system32\Ati2evxx.dll c:\program files\AntivirusFirewall\FWES\Program\fsdc32.dll - - - - - - - > 'lsass.exe'(732) c:\program files\AntivirusFirewall\FSPS\program\FSLSP.DLL c:\program files\AntivirusFirewall\FWES\Program\fsdc32.dll - - - - - - - > 'explorer.exe'(1656) c:\program files\Nero\Nero 9\InCD\NBHshx.dll c:\program files\Nero\Nero 9\InCD\NBHStr.dll c:\program files\Fichiers communs\Nero\AdvrCntr4\AdvrCntr4.dll c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll - - - - - - - > 'csrss.exe'(648) c:\program files\AntivirusFirewall\FWES\Program\fsdc32.dll . Heure de fin: 2010-04-28 20:32:20 ComboFix-quarantined-files.txt 2010-04-28 18:32 ComboFix2.txt 2010-04-28 16:19 ComboFix3.txt 2010-04-28 12:54 Avant-CF: 64 626 761 728 octets libres Après-CF: 64 638 341 120 octets libres - - End Of File - - DA43E1EFCBAD16950D5A94B83E05908A dois je lancer mbam maintenant ou puis le faire demain?

pear, je bloque sur ta manip j'ai du ecrire moi meme killall,drive et file , le reste je l'ai enregistré ds un bloc note nommé CFScript.txt cependant qd je le fais glissé ds combo il me met un message comme quoi il est mal écrit et le scan s'arrete que faire? killAll:: (ecris moi meme) DRiver:: (ecris moi meme) npggsvc File:: (ecris moi meme) c:\windows\system32\GameMon.des -service c:\documents and settings\gwen\Menu Démarrer\Programmes\Démarrage\monxga32.exe c:\windows\pss\monxga32.exeStartup Registry:: [HKLM\~\startupfolder\C:^Documents and Settings^gwen^Menu Démarrer^Programmes^Démarrage^monxga32.exe] désole mais je n'ai pas de capture d'écran

bonjour pear malgré les coupures internet récurentes ,je pense avoir réussi la manip demandée voici le rapport combo: ComboFix 10-04-27.02 - gwen 28/04/2010 14:30:53.1.2 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.506 [GMT 2:00] Lancé depuis: c:\documents and settings\gwen\Mes documents\combo.exe AV: AntiVirus Firewall 8.01 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15} FW: AntiVirus Firewall 8.01 *enabled* {D4747503-0346-49EB-9262-997542F79BF4} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\gwen\Application Data\avdrn.dat c:\documents and settings\gwen\Application Data\inst.exe c:\documents and settings\gwen\Favoris\install_messenger.exe c:\documents and settings\gwen\Local Settings\Application Data\avG\av.exe c:\documents and settings\gwen\Local Settings\Application Data\avG\ave.exe c:\documents and settings\gwen\Local Settings\Application Data\avG\MSASCui.exe c:\documents and settings\gwen\Local Settings\Application Data\Microsoft\Windows Defender\av.exe c:\documents and settings\gwen\Local Settings\Application Data\Microsoft\Windows Defender\ave.exe c:\documents and settings\gwen\Local Settings\Application Data\Microsoft\Windows Defender\MSASCui.exe c:\documents and settings\gwen\Local Settings\Application Data\Microsoft\Windows Defender\vma.exe c:\documents and settings\gwen\oashdihasidhasuidhiasdhiashdiuasdhasd c:\recycler\S-1-5-21-110870006-1231692717-3435882805-1003 c:\recycler\S-1-5-21-3267489492-3226912068-3316806218-1003 c:\recycler\S-1-5-21-3859312975-370622804-4263127064-1003 c:\recycler\S-1-5-21-436374069-884357618-682003330-1003 c:\recycler\S-1-5-21-766318617-162857430-3197171974-1003 c:\windows\system32\config\systemprofile\oashdihasidhasuidhiasdhiashdiuasdhasd c:\windows\system32\drivers\npf.sys c:\windows\system32\dxsetup.exe c:\windows\system32\Packet.dll c:\windows\system32\qjdedippz.dat c:\windows\system32\qjdedippz_navps.dat c:\windows\system32\wpcap.dll . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_BOONTY_GAMES -------\Legacy_NPF -------\Service_Boonty Games -------\Service_NPF ((((((((((((((((((((((((((((( Fichiers créés du 2010-03-28 au 2010-04-28 )))))))))))))))))))))))))))))))))))) . 2010-04-27 15:07 . 2010-04-27 15:07 -------- d-----w- c:\documents and settings\gwen\Application Data\Malwarebytes 2010-04-27 15:07 . 2010-04-27 15:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-04-26 13:41 . 2010-04-26 13:41 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2010-04-26 13:41 . 2010-04-27 10:03 -------- d-----w- c:\documents and settings\All Users\Application Data\24817022 2010-04-23 18:06 . 2010-04-23 18:06 -------- d-----w- c:\program files\Trend Micro 2010-04-23 12:07 . 2010-04-23 12:07 -------- d-----w- c:\program files\Sophos 2010-04-22 11:10 . 2010-04-25 11:06 -------- d-----w- c:\documents and settings\All Users\Application Data\avG 2010-04-22 11:10 . 2010-04-22 11:10 226304 ------w- c:\documents and settings\All Users\Application Data\avG\vma.exe 2010-04-22 11:10 . 2010-04-22 11:10 226304 ------w- c:\documents and settings\All Users\Application Data\avG\ave.exe 2010-04-22 11:10 . 2010-04-22 11:10 226304 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\vma.exe 2010-04-22 11:10 . 2010-04-22 11:10 226304 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\ave.exe 2010-04-22 11:10 . 2010-04-22 11:10 226304 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\av.exe 2010-04-22 11:10 . 2010-04-28 12:35 -------- d-----w- c:\documents and settings\gwen\Local Settings\Application Data\avG 2010-03-31 11:27 . 2010-04-27 19:48 -------- d-----w- c:\program files\eMule 2010-03-30 17:50 . 2010-03-30 17:50 503808 ----a-w- c:\documents and settings\gwen\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1a46b8ee-n\msvcp71.dll 2010-03-30 17:50 . 2010-03-30 17:50 499712 ----a-w- c:\documents and settings\gwen\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1a46b8ee-n\jmc.dll 2010-03-30 17:50 . 2010-03-30 17:50 348160 ----a-w- c:\documents and settings\gwen\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1a46b8ee-n\msvcr71.dll 2010-03-30 17:50 . 2010-03-30 17:50 12800 ----a-w- c:\documents and settings\gwen\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-15e9c602-n\decora-d3d.dll 2010-03-30 17:50 . 2010-03-30 17:50 61440 ----a-w- c:\documents and settings\gwen\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-15e9c602-n\decora-sse.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-28 12:49 . 2006-10-11 14:15 -------- d-----w- c:\program files\Wanadoo 2010-04-28 12:26 . 2007-05-27 17:53 -------- d-----w- c:\documents and settings\gwen\Application Data\DNA 2010-04-28 10:53 . 2006-10-11 14:53 -------- d-----w- c:\program files\AntivirusFirewall 2010-04-27 19:58 . 2007-01-10 15:55 -------- d-----w- c:\program files\Google 2010-04-27 19:48 . 2009-06-16 15:10 -------- d-----w- c:\program files\LimeWire 2010-04-26 13:40 . 2010-04-21 18:18 16 ----a-w- c:\documents and settings\NetworkService\Application Data\kcmdte.dat 2010-04-25 12:48 . 2002-08-29 01:27 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys 2010-04-20 22:00 . 2009-01-24 23:00 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-04-06 11:19 . 2008-09-09 14:44 -------- d-----w- c:\documents and settings\gwen\Application Data\dvdcss 2010-04-05 15:33 . 2009-09-01 15:48 -------- d-----w- c:\documents and settings\gwen\Application Data\U3 2010-03-30 17:50 . 2006-10-29 16:20 -------- d-----w- c:\program files\Fichiers communs\Java 2010-03-30 17:49 . 2006-10-29 16:20 -------- d-----w- c:\program files\Java 2010-03-30 17:48 . 2004-08-02 15:29 550568 ----a-w- c:\windows\system32\perfh00C.dat 2010-03-30 17:48 . 2004-08-02 15:29 104342 ----a-w- c:\windows\system32\perfc00C.dat 2010-03-10 06:16 . 2002-02-26 12:58 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-03-09 02:28 . 2009-02-10 12:33 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-03-04 12:20 . 2004-08-10 15:49 -------- d-----w- c:\program files\Fichiers communs\Adobe 2010-02-25 06:17 . 2006-06-23 11:28 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-24 13:11 . 2004-08-02 15:29 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-23 11:29 . 2005-03-21 13:38 128472 ----a-w- c:\documents and settings\gwen\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-02-20 11:43 . 2005-03-28 18:08 10902 ----a-w- c:\documents and settings\gwen\Application Data\wklnhst.dat 2010-02-16 19:06 . 2002-08-29 11:42 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 19:06 . 2002-08-29 11:42 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-12 10:03 . 2010-03-03 07:02 293376 ------w- c:\windows\system32\browserchoice.exe 2010-02-12 04:34 . 2006-08-16 12:16 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:02 . 2003-06-30 14:30 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys 2006-11-14 19:13 . 2006-11-14 19:17 774144 ----a-w- c:\program files\RngInterstitial.dll 2004-07-22 08:51 . 2004-07-22 08:51 3432656 ----a-w- c:\program files\ManagedDX.CAB 2004-07-19 20:58 . 2004-07-19 20:58 1156363 ----a-w- c:\program files\BDANT.cab 2004-07-19 20:53 . 2004-07-19 20:53 976020 ----a-w- c:\program files\BDAXP.cab 2004-07-09 12:17 . 2004-07-09 12:17 13265040 ----a-w- c:\program files\dxnt.cab 2004-07-09 07:13 . 2004-07-09 07:13 703080 ----a-w- c:\program files\BDA.cab 2004-07-09 02:08 . 2004-07-09 02:08 472576 ----a-w- c:\program files\dxsetup.exe 2004-07-09 02:08 . 2004-07-09 02:08 2242560 ----a-w- c:\program files\dsetup32.dll 2004-07-09 01:03 . 2004-07-09 01:03 62976 ----a-w- c:\program files\DSETUP.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt] @="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}" [HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}] 2008-09-01 13:31 98328 ----a-w- c:\program files\Nero\Nero 9\InCD\NBHshx.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880] "DNA"="c:\program files\BitTorrent_DNA\dna.exe" [2007-05-27 216064] "msnmsgr"="c:\progra~1\WI1F86~1\MESSEN~1\msnmsgr.exe" [2009-07-26 3883856] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe" [2009-04-29 468408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-10 339968] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480] "WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768] "F-Secure Manager"="c:\program files\AntivirusFirewall\Common\FSM32.EXE" [2008-12-04 182936] "F-Secure TNB"="c:\program files\AntivirusFirewall\FSGUI\TNBUtil.exe" [2008-12-04 957024] "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088] "RestoreIT!"="c:\program files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" [2004-02-06 114688] "Cmaudio"="cmicnfg.cpl" [2004-01-07 2453504] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184] "InCD"="c:\program files\Nero\Nero 9\InCD\InCD.exe" [2008-09-01 1111064] "NBHGui"="c:\program files\Nero\Nero 9\InCD\NBHGui.exe" [2008-09-01 2079256] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 57344] "SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-02-18 248040] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272] "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ D‚marrage rapide du logiciel HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728] [HKLM\~\startupfolder\C:^Documents and Settings^gwen^Menu Démarrer^Programmes^Démarrage^monxga32.exe] path=c:\documents and settings\gwen\Menu Démarrer\Programmes\Démarrage\monxga32.exe backup=c:\windows\pss\monxga32.exeStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2005-06-23 19:33 57344 ----a-w- c:\program files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Disk Monitor] 2003-06-18 09:57 466944 ----a-w- c:\program files\IC\Card Reader Driver v1.9e\Disk_Monitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2007-09-26 12:42 267064 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] 2007-03-28 00:07 593920 ----a-r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wallpaper] 2006-05-22 18:17 208896 ----a-w- c:\program files\theme bureau\Wallpaper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Boonty Games"=3 (0x3) "Apple Mobile Device"=2 (0x2) "Nero BackItUp Scheduler 3"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\rtcshare.exe"= "c:\\Program Files\\Adobe\\Acrobat 5.0\\Reader\\AcroRd32.exe"= "c:\\Program Files\\Wanadoo\\WOOBrowser\\WOOBrowser.exe"= "c:\\Program Files\\BitTorrent_DNA\\dna.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Nero\\Nero 9\\Nero ShowTime\\ShowTime.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "4662:TCP"= 4662:TCP:emule "8394:TCP"= 8394:TCP:League of Legends Launcher "8394:UDP"= 8394:UDP:League of Legends Launcher R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [21/04/2009 17:26 33920] R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [11/10/2006 16:56 79872] R0 RITCPT;RITCPT;c:\windows\system32\drivers\RITCPT.SYS [02/08/2004 15:53 43512] R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\AntivirusFirewall\HIPS\drivers\fshs.sys [21/04/2009 17:25 67808] R2 FBAPI;FBAPI;c:\windows\system32\drivers\FBAPI.sys [02/08/2004 15:53 5088] R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero 9\InCD\NBHRegInCDSrv.exe [01/09/2008 15:31 108568] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\AntivirusFirewall\Anti-Virus\minifilter\fsgk.sys [11/10/2006 16:55 111296] R3 FSORSPClient;F-Secure ORSP Client;c:\program files\AntivirusFirewall\ORSP Client\fsorsp.exe [21/04/2009 17:25 55904] S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\2A8.tmp --> c:\windows\system32\2A8.tmp [?] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S4 F-Secure Filter;F-Secure File System Filter;c:\program files\AntivirusFirewall\Anti-Virus\win2k\fsfilter.sys [11/10/2006 16:55 39776] S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\AntivirusFirewall\Anti-Virus\win2k\fsrec.sys [11/10/2006 16:55 25184] . Contenu du dossier 'Tâches planifiées' 2010-04-01 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:57] 2010-04-20 c:\windows\Tasks\NeroLiveEpgUpdate-SY4PUNF16_gwen.job - c:\program files\Nero\Nero 9\Nero Live\NeroLive.exe [2008-10-27 08:59] 2010-04-28 c:\windows\Tasks\Scheduled scanning task.job - c:\progra~1\ANTIVI~1\ANTI-V~1\fsav.exe [2006-10-11 13:57] . .la suite postée la suite ------- Examen supplémentaire ------- . uStart Page = hxxp://www.orange.fr/ IE: &Recherche AOL Toolbar - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 LSP: c:\program files\AntivirusFirewall\FSPS\program\FSLSP.DLL DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} - hxxp://king.orange.fr/ctl/kingcomie.cab DPF: {5308E02B-4ABA-48E4-AA9E-8A7693661473} - hxxp://jeuxenligne.orange.fr/GisActiveX/Ax/GameAx.cab DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab DPF: {C9E17F58-564C-41C6-989F-AB0FE0D2C9D1} - hxxp://jeuxentelechargement.orange.fr/orange2.0/OnlineHSS/bejeweled_2/Popcap.cab . - - - - ORPHELINS SUPPRIMES - - - - WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file) WebBrowser-{C3CD744D-2FAE-4640-8297-16B5DA423104} - (no file) HKLM-Run-fenaffiche - c:\program files\FenAffiche\FenUnika.exe HKLM-Run-farstone - (no file) HKU-Default-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe MSConfigStartUp-a-squared Anti-Dialer - c:\program files\a-squared Anti-Dialer\a2adguard.exe MSConfigStartUp-ares - c:\program files\Ares\Ares.exe MSConfigStartUp-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe MSConfigStartUp-InstantTray - c:\program files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe MSConfigStartUp-IW_Drop_Icon - c:\program files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe MSConfigStartUp-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe MSConfigStartUp-NeroFilterCheck - c:\program files\Fichiers communs\Nero\Lib\NeroCheck.exe MSConfigStartUp-qjdedippz - c:\windows\system32\qjdedippz.exe MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe MSConfigStartUp-SpywareTerminator - c:\program files\Spyware Terminator\SpywareTerminatorShield.exe MSConfigStartUp-syncman - c:\documents and settings\gwen\wuaucldt.exe MSConfigStartUp-TrojanScanner - c:\program files\Trojan Remover\Trjscan.exe AddRemove-FranceTelecomUninstall_FTBrowser - c:\progra~1\Wanadoo\Shell.exe inst\uninst_FTBrowser.shl ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-04-28 14:47 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\2A8.tmp" [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-2865554567-2968331276-387038371-1006\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_USERS\S-1-5-21-2865554567-2968331276-387038371-1006\Software\SecuROM\License information*] "datasecu"=hex:ee,b0,3e,48,43,96,cb,16,7d,87,a8,e2,77,c5,1c,3d,fd,2a,52,dc,7e, a3,16,06,6a,8a,21,dc,d5,ba,96,8d,20,da,5f,6e,4a,57,29,8f,0d,f9,05,2c,19,88,\ "rkeysecu"=hex:0c,01,85,43,d9,94,1a,d5,71,29,87,48,26,17,d9,45 . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(676) c:\windows\system32\Ati2evxx.dll c:\program files\AntivirusFirewall\FWES\Program\fsdc32.dll - - - - - - - > 'lsass.exe'(732) c:\program files\AntivirusFirewall\FSPS\program\FSLSP.DLL c:\program files\AntivirusFirewall\FWES\Program\fsdc32.dll - - - - - - - > 'explorer.exe'(3904) c:\program files\Nero\Nero 9\InCD\NBHshx.dll c:\program files\Nero\Nero 9\InCD\NBHStr.dll c:\program files\Fichiers communs\Nero\AdvrCntr4\AdvrCntr4.dll c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll - - - - - - - > 'csrss.exe'(648) c:\program files\AntivirusFirewall\FWES\Program\fsdc32.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\System32\Ati2evxx.exe c:\program files\AntivirusFirewall\Anti-Virus\fsgk32st.exe c:\program files\AntivirusFirewall\Anti-Virus\FSGK32.EXE c:\program files\AntivirusFirewall\Common\FSMA32.EXE c:\windows\System32\FTRTSVC.exe c:\program files\AntivirusFirewall\Common\FSMB32.EXE c:\program files\Nero\Nero 9\InCD\InCDSrv.exe c:\program files\AntivirusFirewall\Common\FCH32.EXE c:\program files\AntivirusFirewall\Common\FAMEH32.EXE c:\program files\AntivirusFirewall\Anti-Virus\fsqh.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe c:\windows\System32\HPZipm12.exe c:\program files\AntivirusFirewall\FSAUA\program\fsaua.exe c:\program files\AntivirusFirewall\Anti-Virus\fssm32.exe c:\program files\AntivirusFirewall\FWES\Program\fsdfwd.exe c:\windows\System32\wbem\wmiapsrv.exe c:\program files\AntivirusFirewall\FSAUA\program\fsus.exe c:\program files\AntivirusFirewall\Anti-Virus\fsav32.exe c:\windows\system32\wscntfy.exe c:\windows\system32\Ati2evxx.exe c:\progra~1\Wanadoo\TaskBarIcon.exe c:\windows\AGRSMMSG.exe c:\program files\AntivirusFirewall\FSGUI\fsguidll.exe c:\progra~1\Wanadoo\GestionnaireInternet.exe c:\progra~1\Wanadoo\ComComp.exe c:\progra~1\Wanadoo\Toaster.exe c:\progra~1\Wanadoo\Inactivity.exe c:\progra~1\Wanadoo\PollingModule.exe c:\windows\System32\ALERTM~1\ALERTM~1.EXE c:\program files\HP\Digital Imaging\bin\hpqimzone.exe . ************************************************************************** . Heure de fin: 2010-04-28 14:54:35 - La machine a redémarré ComboFix-quarantined-files.txt 2010-04-28 12:54 Avant-CF: 64 189 636 608 octets libres Après-CF: 64 602 730 496 octets libres WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect /NoExecute=OptIn - - End Of File - - BCED05D08905ED164F38D1E6C730412E je me doute que toi tu dois comprendre qqqes choses!!!!! Dois je remettre mes pare-feu en route dès maintenant?

merci pears de t'occuper de moi voici ce que m'affiche rkil: This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Ran as gwen on 27/04/2010 at 20:04:07. Processes terminated by Rkill or while it was running: C:\Documents and Settings\gwen\Bureau\rkill.com Rkill completed on 27/04/2010 at 20:04:31. pas de rapport affiché de plus comme posté précédement ,je n'arrive ni à ouvrir ni àdesinstaller les programmes ,je voulais le faire pour mbam mais cela me renvoie sur le déroulant "ouvrir avec" et les choix proposés ne correspondent à rien que faire?

re bonjour, une petite nouveauté, je n'arrive plus à ouvrir automatiquement un programme. Par exemple: msconfig m'envoie sur le déroulant ouvrir avec et puis là je suis coinçé merci de votre aide

resolu bonjour, en premier lieu ,j'espère que je procède de la bonne façon pour créer mon sujet. Depuis , trois jours ,je suis parasiter par un logiciel" xp antimalware 2010". Malgré , celui ci , je pouvais tout de meme surfer tout en supprimant "ave.exe" ds le gestionnaire de tache. aujourd'hui , j'ai "sécurité tools" qui s'est mis en branle? ma fenetre de bureau est toute bleue, ie8 ne fonctionne plus,il me bloque tous les téléchargemnts d'antimalware. mon antivirus "securitoo" ne voit rien. Je ne suis pas un féru d'info mais je vais essayer de mettre le rapport hijackis merci de me sortir de ce bourbier gwen resolu Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:32:47, on 27/04/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe C:\Program Files\AntivirusFirewall\Common\FCH32.EXE C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe C:\Program Files\Nero\Nero 9\InCD\NBHRegInCDSrv.exe C:\WINDOWS\System32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe C:\Program Files\AntivirusFirewall\ORSP Client\fsorsp.exe C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\Program Files\AntivirusFirewall\FSAUA\program\fsaua.exe C:\Program Files\AntivirusFirewall\FSAUA\program\fsus.exe C:\Program Files\AntivirusFirewall\Common\FSM32.EXE C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Nero\Nero 9\InCD\InCD.exe C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe C:\Program Files\BitTorrent_DNA\dna.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe C:\PROGRA~1\Wanadoo\ComComp.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\PROGRA~1\Wanadoo\PollingModule.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\PROGRA~1\Wanadoo\Watch.exe C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart O4 - HKLM\..\Run: [fenaffiche] C:\Program Files\FenAffiche\FenUnika.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [inCD] C:\Program Files\Nero\Nero 9\InCD\InCD.exe O4 - HKLM\..\Run: [NBHGui] C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Windows UDP Control Center] fxsteller.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\Run: [DNA] "C:\Program Files\BitTorrent_DNA\dna.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" /background O4 - HKCU\..\RunOnce: [shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; ZangoToolbar 4.8.2; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.jeux.fr/jeu/Street-Sesh.html" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: monxga32.exe O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.unika.com O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://king.orange.fr/ctl/kingcomie.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab O16 - DPF: {5308E02B-4ABA-48E4-AA9E-8A7693661473} (GameCtl Class) - http://jeuxenligne.orange.fr/GisActiveX/Ax/GameAx.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://copainsdavant.linternaute.com/frame...geUploader5.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.zebulon.fr/scan8/oscan8.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-114da72d630128d4.spaces.live.co...ad/MsnPUpld.cab O16 - DPF: {C9E17F58-564C-41C6-989F-AB0FE0D2C9D1} (PopcapLoader Object) - http://jeuxentelechargement.orange.fr/oran...ed_2/Popcap.cab O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne-beta.jeu.orange.fr/Game...ronGameHost.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (Contrôleur de DownloadManager) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab O18 - Protocol: skyline - {3A4F9195-65A8-11D5-85C1-0001023952C1} - C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\ORSP Client\fsorsp.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDSrv) - Nero AG - C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero 9\InCD\NBHRegInCDSrv.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: PLFlash DeviceIoControl Service - Unknown owner - C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe -- End of file - 12915 bytes