kickoff

Bonjour a tous, voila mon probléme, sur mon deuxieme ordinateur je n'ai pas de connexion internet, en fait je n'arrive pas à connecter le wifi j'ai l'impression que je n'ai pas tous les pilotes d'installés?? je précise que la marque c'est doll, et que j'ai un autre ordi à coté pour faire les manips merci de votre aide

Bonjour, je précise que mon ordi fonctionne beaucoup mieux et je vous remercie. il y a juste un rootkit en quarantaine dans avira, faut il que je le supprime? merci julien

voila ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2010/06/01 22:36 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: ACPI.sys Image Path: ACPI.sys Address: 0xF75A7000 Size: 188672 File Visible: - Signed: - Status: - Name: ACPI_HAL Image Path: \Driver\ACPI_HAL Address: 0x804D7000 Size: 2260992 File Visible: - Signed: - Status: - Name: ACPIEC.sys Image Path: ACPIEC.sys Address: 0xF78A3000 Size: 12032 File Visible: - Signed: - Status: - Name: afd.sys Image Path: C:\WINDOWS\System32\drivers\afd.sys Address: 0xBA1F5000 Size: 138496 File Visible: - Signed: - Status: - Name: atapi.sys Image Path: atapi.sys Address: 0xF7499000 Size: 96512 File Visible: - Signed: - Status: - Name: atiide.sys Image Path: atiide.sys Address: 0xF7A51000 Size: 3456 File Visible: - Signed: - Status: - Name: ATMFD.DLL Image Path: C:\WINDOWS\System32\ATMFD.DLL Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: - Status: - Name: BATTC.SYS Image Path: C:\WINDOWS\system32\DRIVERS\BATTC.SYS Address: 0xF789F000 Size: 16384 File Visible: - Signed: - Status: - Name: bcm4sbxp.sys Image Path: C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys Address: 0xF7697000 Size: 65536 File Visible: - Signed: - Status: - Name: bcmwl5.sys Image Path: C:\WINDOWS\system32\DRIVERS\bcmwl5.sys Address: 0xBA649000 Size: 1123328 File Visible: - Signed: - Status: - Name: Beep.SYS Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS Address: 0xF79A7000 Size: 4224 File Visible: - Signed: - Status: - Name: BOOTVID.dll Image Path: C:\WINDOWS\system32\BOOTVID.dll Address: 0xF7897000 Size: 12288 File Visible: - Signed: - Status: - Name: Cdfs.SYS Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS Address: 0xF7536000 Size: 63744 File Visible: - Signed: - Status: - Name: cdrom.sys Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys Address: 0xF7667000 Size: 62976 File Visible: - Signed: - Status: - Name: CLASSPNP.SYS Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS Address: 0xF7637000 Size: 53248 File Visible: - Signed: - Status: - Name: compbatt.sys Image Path: compbatt.sys Address: 0xF789B000 Size: 10240 File Visible: - Signed: - Status: - Name: disk.sys Image Path: disk.sys Address: 0xF7627000 Size: 36352 File Visible: - Signed: - Status: - Name: DLACDBHM.SYS Image Path: DLACDBHM.SYS Address: 0xF798B000 Size: 7936 File Visible: - Signed: - Status: - Name: DLARTL_M.SYS Image Path: C:\WINDOWS\System32\Drivers\DLARTL_M.SYS Address: 0xF780F000 Size: 23424 File Visible: - Signed: - Status: - Name: dmio.sys Image Path: dmio.sys Address: 0xF74B1000 Size: 154496 File Visible: - Signed: - Status: - Name: DRVMCDB.SYS Image Path: DRVMCDB.SYS Address: 0xF7450000 Size: 90976 File Visible: - Signed: - Status: - Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xBA11A000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF79B1000 Size: 8192 File Visible: No Signed: - Status: - Name: Dxapi.sys Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys Address: 0xBA319000 Size: 12288 File Visible: - Signed: - Status: - Name: dxg.sys Image Path: C:\WINDOWS\System32\drivers\dxg.sys Address: 0xBF000000 Size: 73728 File Visible: - Signed: - Status: - Name: dxgthk.sys Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys Address: 0xF7A8B000 Size: 4096 File Visible: - Signed: - Status: - Name: fltmgr.sys Image Path: fltmgr.sys Address: 0xF7479000 Size: 129792 File Visible: - Signed: - Status: - Name: framebuf.dll Image Path: C:\WINDOWS\System32\framebuf.dll Address: 0xBFF70000 Size: 12288 File Visible: - Signed: - Status: - Name: Fs_Rec.SYS Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS Address: 0xF79A3000 Size: 7936 File Visible: - Signed: - Status: - Name: ftdisk.sys Image Path: ftdisk.sys Address: 0xF74D7000 Size: 126080 File Visible: - Signed: - Status: - Name: hal.dll Image Path: C:\WINDOWS\system32\hal.dll Address: 0x806FF000 Size: 134400 File Visible: - Signed: - Status: - Name: HDAudBus.sys Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys Address: 0xBA53A000 Size: 163840 File Visible: - Signed: - Status: - Name: HIDCLASS.SYS Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS Address: 0xF7546000 Size: 36864 File Visible: - Signed: - Status: - Name: HIDPARSE.SYS Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS Address: 0xF779F000 Size: 28672 File Visible: - Signed: - Status: - Name: hidusb.sys Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys Address: 0xBA34F000 Size: 10368 File Visible: - Signed: - Status: - Name: i2omgmt.SYS Image Path: C:\WINDOWS\System32\Drivers\i2omgmt.SYS Address: 0xBA7A8000 Size: 8576 File Visible: - Signed: - Status: - Name: i8042prt.sys Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys Address: 0xF7687000 Size: 54144 File Visible: - Signed: - Status: - Name: imapi.sys Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys Address: 0xF7657000 Size: 42112 File Visible: - Signed: - Status: - Name: ipnat.sys Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys Address: 0xBA23F000 Size: 152832 File Visible: - Signed: - Status: - Name: ipsec.sys Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys Address: 0xBA2BE000 Size: 75264 File Visible: - Signed: - Status: - Name: isapnp.sys Image Path: isapnp.sys Address: 0xF75F7000 Size: 37632 File Visible: - Signed: - Status: - Name: kbdclass.sys Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys Address: 0xF777F000 Size: 25216 File Visible: - Signed: - Status: - Name: KDCOM.DLL Image Path: C:\WINDOWS\system32\KDCOM.DLL Address: 0xF7987000 Size: 8192 File Visible: - Signed: - Status: - Name: ks.sys Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys Address: 0xBA562000 Size: 143360 File Visible: - Signed: - Status: - Name: KSecDD.sys Image Path: KSecDD.sys Address: 0xF7439000 Size: 92928 File Visible: - Signed: - Status: - Name: mouclass.sys Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys Address: 0xF7797000 Size: 23680 File Visible: - Signed: - Status: - Name: mouhid.sys Image Path: C:\WINDOWS\system32\DRIVERS\mouhid.sys Address: 0xBA347000 Size: 12288 File Visible: - Signed: - Status: - Name: MountMgr.sys Image Path: MountMgr.sys Address: 0xF7607000 Size: 42368 File Visible: - Signed: - Status: - Name: mrxsmb.sys Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys Address: 0xBA15A000 Size: 455680 File Visible: - Signed: - Status: - Name: Msfs.SYS Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS Address: 0xF774F000 Size: 19072 File Visible: - Signed: - Status: - Name: msgpc.sys Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys Address: 0xF76E7000 Size: 35072 File Visible: - Signed: - Status: - Name: mssmbios.sys Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys Address: 0xBA7F0000 Size: 15488 File Visible: - Signed: - Status: - Name: Mup.sys Image Path: Mup.sys Address: 0xF787D000 Size: 105344 File Visible: - Signed: - Status: - Name: NDIS.sys Image Path: NDIS.sys Address: 0xF740C000 Size: 182656 File Visible: - Signed: - Status: - Name: ndistapi.sys Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys Address: 0xF7937000 Size: 10112 File Visible: - Signed: - Status: - Name: ndisuio.sys Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys Address: 0xB9E06000 Size: 14592 File Visible: - Signed: - Status: - Name: ndiswan.sys Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys Address: 0xBA4EE000 Size: 91520 File Visible: - Signed: - Status: - Name: NDProxy.SYS Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS Address: 0xF7586000 Size: 40576 File Visible: - Signed: - Status: - Name: netbios.sys Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys Address: 0xF7566000 Size: 34688 File Visible: - Signed: - Status: - Name: netbt.sys Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys Address: 0xBA217000 Size: 162816 File Visible: - Signed: - Status: - Name: Npfs.SYS Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS Address: 0xF776F000 Size: 30848 File Visible: - Signed: - Status: - Name: Ntfs.sys Image Path: Ntfs.sys Address: 0xF7B52000 Size: 574976 File Visible: - Signed: - Status: - Name: ntoskrnl.exe Image Path: C:\WINDOWS\system32\ntoskrnl.exe Address: 0x804D7000 Size: 2260992 File Visible: - Signed: - Status: - Name: Null.SYS Image Path: C:\WINDOWS\System32\Drivers\Null.SYS Address: 0xF7A71000 Size: 2944 File Visible: - Signed: - Status: - Name: OPRGHDLR.SYS Image Path: C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS Address: 0xF7A50000 Size: 4096 File Visible: - Signed: - Status: - Name: PartMgr.sys Image Path: PartMgr.sys Address: 0xF770F000 Size: 19712 File Visible: - Signed: - Status: - Name: pci.sys Image Path: pci.sys Address: 0xF7596000 Size: 68608 File Visible: - Signed: - Status: - Name: pciide.sys Image Path: pciide.sys Address: 0xF7A4F000 Size: 3328 File Visible: - Signed: - Status: - Name: PCIIDEX.SYS Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS Address: 0xF7707000 Size: 28672 File Visible: - Signed: - Status: - Name: PnpManager Image Path: \Driver\PnpManager Address: 0x804D7000 Size: 2260992 File Visible: - Signed: - Status: - Name: psched.sys Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys Address: 0xBA4DD000 Size: 69120 File Visible: - Signed: - Status: - Name: ptilink.sys Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys Address: 0xF77C7000 Size: 17792 File Visible: - Signed: - Status: - Name: PxHelp20.sys Image Path: PxHelp20.sys Address: 0xF7647000 Size: 36320 File Visible: - Signed: - Status: - Name: rasacd.sys Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys Address: 0xBA798000 Size: 8832 File Visible: - Signed: - Status: - Name: rasl2tp.sys Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys Address: 0xF76B7000 Size: 51328 File Visible: - Signed: - Status: - Name: raspppoe.sys Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys Address: 0xF76C7000 Size: 41472 File Visible: - Signed: - Status: - Name: raspptp.sys Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys Address: 0xF76D7000 Size: 48384 File Visible: - Signed: - Status: - Name: raspti.sys Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys Address: 0xF77D7000 Size: 16512 File Visible: - Signed: - Status: - Name: RAW Image Path: \FileSystem\RAW Address: 0x804D7000 Size: 2260992 File Visible: - Signed: - Status: - Name: rdbss.sys Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys Address: 0xBA1CA000 Size: 175744 File Visible: - Signed: - Status: - Name: RDPCDD.sys Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys Address: 0xF79AB000 Size: 4224 File Visible: - Signed: - Status: - Name: rdpdr.sys Image Path: C:\WINDOWS\system32\DRIVERS\rdpdr.sys Address: 0xBA45D000 Size: 196224 File Visible: - Signed: - Status: - Name: RDPWD.SYS Image Path: C:\WINDOWS\System32\Drivers\RDPWD.SYS Address: 0xB9A5E000 Size: 139520 File Visible: - Signed: - Status: - Name: redbook.sys Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys Address: 0xF7677000 Size: 58752 File Visible: - Signed: - Status: - Name: rimmptsk.sys Image Path: C:\WINDOWS\system32\DRIVERS\rimmptsk.sys Address: 0xF76A7000 Size: 57344 File Visible: - Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xB9E7A000 Size: 49152 File Visible: No Signed: - Status: - Name: sr.sys Image Path: sr.sys Address: 0xF7467000 Size: 73600 File Visible: - Signed: - Status: - Name: srv.sys Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys Address: 0xB9AA9000 Size: 353792 File Visible: - Signed: - Status: - Name: swenum.sys Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys Address: 0xF7995000 Size: 4352 File Visible: - Signed: - Status: - Name: SynTP.sys Image Path: C:\WINDOWS\system32\DRIVERS\SynTP.sys Address: 0xBA505000 Size: 216800 File Visible: - Signed: - Status: - Name: tcpip.sys Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys Address: 0xBA265000 Size: 361600 File Visible: - Signed: - Status: - Name: TDI.SYS Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS Address: 0xF77B7000 Size: 20480 File Visible: - Signed: - Status: - Name: TDTCP.SYS Image Path: C:\WINDOWS\System32\Drivers\TDTCP.SYS Address: 0xF77BF000 Size: 21760 File Visible: - Signed: - Status: - Name: termdd.sys Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys Address: 0xF76F7000 Size: 40704 File Visible: - Signed: - Status: - Name: update.sys Image Path: C:\WINDOWS\system32\DRIVERS\update.sys Address: 0xBA3FF000 Size: 384768 File Visible: - Signed: - Status: - Name: USBD.SYS Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS Address: 0xF798F000 Size: 8192 File Visible: - Signed: - Status: - Name: usbehci.sys Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys Address: 0xF775F000 Size: 30208 File Visible: - Signed: - Status: - Name: usbhub.sys Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys Address: 0xF7576000 Size: 59520 File Visible: - Signed: - Status: - Name: usbohci.sys Image Path: C:\WINDOWS\system32\DRIVERS\usbohci.sys Address: 0xF7757000 Size: 17152 File Visible: - Signed: - Status: - Name: USBPORT.SYS Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS Address: 0xBA625000 Size: 147456 File Visible: - Signed: - Status: - Name: vga.sys Image Path: C:\WINDOWS\System32\drivers\vga.sys Address: 0xF7817000 Size: 20992 File Visible: - Signed: - Status: - Name: VIDEOPRT.SYS Image Path: C:\WINDOWS\System32\drivers\VIDEOPRT.SYS Address: 0xBA2F1000 Size: 81920 File Visible: - Signed: - Status: - Name: VolSnap.sys Image Path: VolSnap.sys Address: 0xF7617000 Size: 53376 File Visible: - Signed: - Status: - Name: watchdog.sys Image Path: C:\WINDOWS\System32\watchdog.sys Address: 0xF77CF000 Size: 20480 File Visible: - Signed: - Status: - Name: Win32k Image Path: \Driver\Win32k Address: 0xBF800000 Size: 1851392 File Visible: - Signed: - Status: - Name: win32k.sys Image Path: C:\WINDOWS\System32\win32k.sys Address: 0xBF800000 Size: 1851392 File Visible: - Signed: - Status: - Name: wmiacpi.sys Image Path: C:\WINDOWS\system32\DRIVERS\wmiacpi.sys Address: 0xF791F000 Size: 8832 File Visible: - Signed: - Status: - Name: WMILIB.SYS Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS Address: 0xF7989000 Size: 8192 File Visible: - Signed: - Status: - Name: WMIxWDM Image Path: \Driver\WMIxWDM Address: 0x804D7000 Size: 2260992 File Visible: - Signed: - Status: -

Bonsoir voila le rapport GMER 1.0.15.15281 - http://www.gmer.net Rootkit quick scan 2010-06-01 20:16:22 Windows 5.1.2600 Service Pack 3 Running: upl1b8jx.exe; Driver: C:\DOCUME~1\Julien\LOCALS~1\Temp\uxldypog.sys ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) ---- EOF - GMER 1.0.15 ----

mon ordinateur plante lamentablement depuis que j'ai fait le scan avec gmer ?? je n'arrive pas a récuperer le rapport

le probleme c'est qu il n'y a pas de rappport, apres le scan l'ordi a redemarré tout seul, et quand je retourne sur le logiciel pour faire copy, il veut pas . bon la l'ordi est planté je ressaye tout a l'heure et vous tiens au courant

c'est fait y a t il un rapport a poster?

Bonjour, ce matin j'ai eu un message d'alerte par avira AVIRA- nom de fichier C:/WINDOWS/TEMP/21.TMP MESSAGE contient le chevel de troie TR/ROOTKIT.GEN il est en quarantaine est ce normal?? je pense que non...

oui ça va beaucoup mieux, et je vous remercie du temps que vous avez passez pour me dépanner il y a juste une chose, je n'arrive pas à trouver comment désinstaller combofix, j'ai un fichier avec pleins de chiffres , je ne sais pas ce que c'est il y a uninstall a l'intérieur, c'est peut être ça??

bonjour, voila le rapport cordialement ComboFix 10-05-28.06 - Julien 30/05/2010 13:07:48.2.2 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1918.1446 [GMT 2:00] Lancé depuis: c:\documents and settings\Julien\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\Julien\Bureau\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FILE :: "c:\windows\system32\drivers\roxcymoc.sys" "c:\windows\system32\fylzrgmg.exe" "c:\windows\system32\gkvkrcedpddqlwx.exe" "c:\windows\system32\pjiurrst.dll" . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll c:\program files\pdfforge Toolbar\SSFF\components\SearchSettingsFF.dll c:\windows\system32\driVERs\roxcymoc.sys c:\windows\system32\fylzrgmg.exe c:\windows\system32\gkvkrcedpddqlwx.exe c:\windows\system32\pjiurrst.dll . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ROXCYMOC -------\Service_roxcymoc ((((((((((((((((((((((((((((( Fichiers créés du 2010-04-28 au 2010-05-30 )))))))))))))))))))))))))))))))))))) . 2010-05-28 19:27 . 2010-05-28 19:27 -------- d-----w- c:\documents and settings\HelpAssistant\UserData 2010-05-28 19:27 . 2010-05-28 19:27 -------- d-----w- c:\documents and settings\HelpAssistant\Tracing 2010-05-28 19:27 . 2010-05-28 19:27 -------- d-----w- c:\documents and settings\HelpAssistant\PrivacIE 2010-05-28 19:26 . 2010-05-28 19:26 -------- d-----w- c:\documents and settings\HelpAssistant\IETldCache 2010-05-28 19:26 . 2010-05-28 19:26 -------- d-----w- c:\documents and settings\HelpAssistant\IECompatCache 2010-05-28 09:57 . 2010-05-28 09:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-28 08:57 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-28 08:57 . 2010-05-28 08:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-05-28 08:57 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-28 08:17 . 2010-05-28 08:31 52048 ----a-w- c:\windows\system32\drivers\klmd.sys 2010-05-28 08:17 . 2010-05-28 08:31 -------- d-----w- C:\tdsskiller 2010-05-27 21:03 . 2010-05-27 21:03 -------- d-----w- c:\program files\$NtUninstallWTF1012$ 2010-05-27 21:02 . 2010-05-28 10:38 -------- d-----w- c:\documents and settings\Julien\Local Settings\Application Data\okjhdpafe 2010-05-20 07:33 . 2002-08-19 00:43 794624 ----a-w- c:\windows\system32\spr32d35.dll 2010-05-20 07:22 . 2010-05-20 07:35 -------- d-----w- c:\program files\Architecte_3D_Silver_Advanced 2010-05-20 07:20 . 2010-05-20 07:20 -------- d-sh--w- c:\windows\ftpcache 2010-05-19 19:53 . 2010-05-19 19:53 -------- d-----w- c:\program files\Microsoft Silverlight . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-29 12:32 . 2004-08-19 12:03 86472 ----a-w- c:\windows\system32\perfc00C.dat 2010-05-29 12:32 . 2004-08-19 12:03 514868 ----a-w- c:\windows\system32\perfh00C.dat 2010-05-29 12:28 . 2010-01-30 08:48 -------- d-----w- c:\program files\pdfforge Toolbar 2010-05-18 17:13 . 2010-01-22 10:58 -------- d-----w- c:\documents and settings\Julien\Application Data\Ressources Immobilieres 2010-05-13 14:48 . 2008-07-16 10:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-04-14 19:42 . 2010-01-22 11:10 79488 ----a-w- c:\documents and settings\Julien\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2010-04-14 12:57 . 2010-04-09 07:50 -------- d-----w- c:\documents and settings\Julien\Application Data\U3 2010-04-12 11:57 . 2010-04-12 11:57 1956808 ----a-w- c:\documents and settings\Julien\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe 2010-03-26 08:33 . 2010-04-13 12:37 1496064 ----a-w- c:\documents and settings\Julien\Application Data\Mozilla\Firefox\Profiles\8w6ap1r4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll 2010-03-26 08:33 . 2010-04-13 12:37 43008 ----a-w- c:\documents and settings\Julien\Application Data\Mozilla\Firefox\Profiles\8w6ap1r4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll 2010-03-26 08:33 . 2010-04-13 12:37 339456 ----a-w- c:\documents and settings\Julien\Application Data\Mozilla\Firefox\Profiles\8w6ap1r4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll 2010-03-26 08:32 . 2010-04-13 12:37 346112 ----a-w- c:\documents and settings\Julien\Application Data\Mozilla\Firefox\Profiles\8w6ap1r4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll 2010-03-10 06:16 . 2004-08-19 12:03 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-01-30 08:45 . 2010-01-30 08:45 17776464 ----a-w- c:\program files\PDFCreator-0_9_9_setup.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064] "ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2009-12-21 1803064] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-26 1024000] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-10 148888] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2008-02-22 1245184] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-07-16 29744] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368] "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792] "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Julien\Menu D‚marrer\Programmes\D‚marrage\ Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2008-10-2 546288] c:\documents and settings\Julien\Menu D‚marrer\Programmes\D‚marrage\ Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2008-10-2 546288] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-7-16 50688] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter] 2008-02-28 11:59 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"= "c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "16716:TCP"= 16716:TCP:NortonAV "13672:TCP"= 13672:TCP:NortonAV "14928:TCP"= 14928:TCP:NortonAV "17861:TCP"= 17861:TCP:NortonAV "65533:TCP"= 65533:TCP:Services "52344:TCP"= 52344:TCP:Services "3611:TCP"= 3611:TCP:Services "5722:TCP"= 5722:TCP:Services "3389:TCP"= 3389:TCP:Remote Desktop "4457:TCP"= 4457:TCP:Services "7414:TCP"= 7414:TCP:Services R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [16/07/2008 11:35 3456] R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [22/01/2010 16:40 108289] R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [08/01/2010 01:51 380928] S3 klmd23;klmd23;c:\windows\system32\drivers\klmd.sys [28/05/2010 10:17 52048] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://partnerpage.google.com/guyhoquetnantes.com?tab=m5 uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms} uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/fr_fr?hl=fr&client=dell-row&channel=fr-smb&ibd=6080716 uInternet Settings,ProxyServer = http=127.0.0.1:5555 uInternet Settings,ProxyOverride = <local> uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Julien\Application Data\Mozilla\Firefox\Profiles\8w6ap1r4.default\ FF - prefs.js: browser.startup.homepage - hxxp://partnerpage.google.com/guyhoquetnantes.com?tab=mS FF - component: c:\documents and settings\Julien\Application Data\Mozilla\Firefox\Profiles\8w6ap1r4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - plugin: c:\documents and settings\Julien\Application Data\Mozilla\Firefox\Profiles\8w6ap1r4.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll FF - plugin: c:\documents and settings\Julien\Application Data\Mozilla\plugins\npPxPlay.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHELINS SUPPRIMES - - - - AddRemove-gkvkrcedpddqlwx - c:\windows\system32\gkvkrcedpddqlwx.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-30 13:14 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(660) c:\windows\system32\Ati2evxx.dll c:\windows\System32\BCMLogon.dll - - - - - - - > 'explorer.exe'(3936) c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\System32\WLTRYSVC.EXE c:\windows\System32\bcmwltry.exe c:\windows\system32\Ati2evxx.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe c:\windows\system32\wbem\wmiapsrv.exe c:\program files\ATI Technologies\ATI.ACE\CLI.EXE c:\program files\ATI Technologies\ATI.ACE\cli.exe . ************************************************************************** . Heure de fin: 2010-05-30 13:19:58 - La machine a redémarré ComboFix-quarantined-files.txt 2010-05-30 11:19 ComboFix2.txt 2010-05-29 12:31 Avant-CF: 78 333 808 640 octets libres Après-CF: 78 222 843 904 octets libres - - End Of File - - 36507143237559E3DC0F444D53D5F882

Bonjour, voila le rapport cordialement ComboFix 10-05-28.06 - Julien 30/05/2010 13:07:48.2.2 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1918.1446 [GMT 2:00] Lancé depuis: c:\documents and settings\Julien\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\Julien\Bureau\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FILE :: "c:\windows\system32\drivers\roxcymoc.sys" "c:\windows\system32\fylzrgmg.exe" "c:\windows\system32\gkvkrcedpddqlwx.exe" "c:\windows\system32\pjiurrst.dll" . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll c:\program files\pdfforge Toolbar\SSFF\components\SearchSettingsFF.dll c:\windows\system32\driVERs\roxcymoc.sys c:\windows\system32\fylzrgmg.exe c:\windows\system32\gkvkrcedpddqlwx.exe c:\windows\system32\pjiurrst.dll . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ROXCYMOC -------\Service_roxcymoc ((((((((((((((((((((((((((((( Fichiers créés du 2010-04-28 au 2010-05-30 )))))))))))))))))))))))))))))))))))) . 2010-05-28 19:27 . 2010-05-28 19:27 -------- d-----w- c:\documents and settings\HelpAssistant\UserData 2010-05-28 19:27 . 2010-05-28 19:27 -------- d-----w- c:\documents and settings\HelpAssistant\Tracing 2010-05-28 19:27 . 2010-05-28 19:27 -------- d-----w- c:\documents and settings\HelpAssistant\PrivacIE 2010-05-28 19:26 . 2010-05-28 19:26 -------- d-----w- c:\documents and settings\HelpAssistant\IETldCache 2010-05-28 19:26 . 2010-05-28 19:26 -------- d-----w- c:\documents and settings\HelpAssistant\IECompatCache 2010-05-28 09:57 . 2010-05-28 09:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-28 08:57 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-28 08:57 . 2010-05-28 08:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-05-28 08:57 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-28 08:17 . 2010-05-28 08:31 52048 ----a-w- c:\windows\system32\drivers\klmd.sys 2010-05-28 08:17 . 2010-05-28 08:31 -------- d-----w- C:\tdsskiller 2010-05-27 21:03 . 2010-05-27 21:03 -------- d-----w- c:\program files\$NtUninstallWTF1012$ 2010-05-27 21:02 . 2010-05-28 10:38 -------- d-----w- c:\documents and settings\Julien\Local Settings\Application Data\okjhdpafe 2010-05-20 07:33 . 2002-08-19 00:43 794624 ----a-w- c:\windows\system32\spr32d35.dll 2010-05-20 07:22 . 2010-05-20 07:35 -------- d-----w- c:\program files\Architecte_3D_Silver_Advanced 2010-05-20 07:20 . 2010-05-20 07:20 -------- d-sh--w- c:\windows\ftpcache 2010-05-19 19:53 . 2010-05-19 19:53 -------- d-----w- c:\program files\Microsoft Silverlight . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-29 12:32 . 2004-08-19 12:03 86472 ----a-w- c:\windows\system32\perfc00C.dat 2010-05-29 12:32 . 2004-08-19 12:03 514868 ----a-w- c:\windows\system32\perfh00C.dat 2010-05-29 12:28 . 2010-01-30 08:48 -------- d-----w- c:\program files\pdfforge Toolbar 2010-05-18 17:13 . 2010-01-22 10:58 -------- d-----w- c:\documents and settings\Julien\Application Data\Ressources Immobilieres 2010-05-13 14:48 . 2008-07-16 10:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-04-14 19:42 . 2010-01-22 11:10 79488 ----a-w- c:\documents and settings\Julien\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2010-04-14 12:57 . 2010-04-09 07:50 -------- d-----w- c:\documents and settings\Julien\Application Data\U3 2010-04-12 11:57 . 2010-04-12 11:57 1956808 ----a-w- c:\documents and settings\Julien\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe 2010-03-26 08:33 . 2010-04-13 12:37 1496064 ----a-w- c:\documents and settings\Julien\Application Data\Mozilla\Firefox\Profiles\8w6ap1r4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll 2010-03-26 08:33 . 2010-04-13 12:37 43008 ----a-w- c:\documents and settings\Julien\Application Data\Mozilla\Firefox\Profiles\8w6ap1r4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll 2010-03-26 08:33 . 2010-04-13 12:37 339456 ----a-w- c:\documents and settings\Julien\Application Data\Mozilla\Firefox\Profiles\8w6ap1r4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll 2010-03-26 08:32 . 2010-04-13 12:37 346112 ----a-w- c:\documents and settings\Julien\Application Data\Mozilla\Firefox\Profiles\8w6ap1r4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll 2010-03-10 06:16 . 2004-08-19 12:03 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-01-30 08:45 . 2010-01-30 08:45 17776464 ----a-w- c:\program files\PDFCreator-0_9_9_setup.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064] "ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2009-12-21 1803064] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-26 1024000] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-10 148888] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2008-02-22 1245184] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-07-16 29744] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368] "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792] "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Julien\Menu D‚marrer\Programmes\D‚marrage\ Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2008-10-2 546288] c:\documents and settings\Julien\Menu D‚marrer\Programmes\D‚marrage\ Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2008-10-2 546288] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-7-16 50688] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter] 2008-02-28 11:59 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"= "c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "16716:TCP"= 16716:TCP:NortonAV "13672:TCP"= 13672:TCP:NortonAV "14928:TCP"= 14928:TCP:NortonAV "17861:TCP"= 17861:TCP:NortonAV "65533:TCP"= 65533:TCP:Services "52344:TCP"= 52344:TCP:Services "3611:TCP"= 3611:TCP:Services "5722:TCP"= 5722:TCP:Services "3389:TCP"= 3389:TCP:Remote Desktop "4457:TCP"= 4457:TCP:Services "7414:TCP"= 7414:TCP:Services R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [16/07/2008 11:35 3456] R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [22/01/2010 16:40 108289] R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [08/01/2010 01:51 380928] S3 klmd23;klmd23;c:\windows\system32\drivers\klmd.sys [28/05/2010 10:17 52048] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://partnerpage.google.com/guyhoquetnantes.com?tab=m5 uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms} uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/fr_fr?hl=fr&client=dell-row&channel=fr-smb&ibd=6080716 uInternet Settings,ProxyServer = http=127.0.0.1:5555 uInternet Settings,ProxyOverride = <local> uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Julien\Application Data\Mozilla\Firefox\Profiles\8w6ap1r4.default\ FF - prefs.js: browser.startup.homepage - hxxp://partnerpage.google.com/guyhoquetnantes.com?tab=mS FF - component: c:\documents and settings\Julien\Application Data\Mozilla\Firefox\Profiles\8w6ap1r4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - plugin: c:\documents and settings\Julien\Application Data\Mozilla\Firefox\Profiles\8w6ap1r4.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll FF - plugin: c:\documents and settings\Julien\Application Data\Mozilla\plugins\npPxPlay.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHELINS SUPPRIMES - - - - AddRemove-gkvkrcedpddqlwx - c:\windows\system32\gkvkrcedpddqlwx.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-30 13:14 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(660) c:\windows\system32\Ati2evxx.dll c:\windows\System32\BCMLogon.dll - - - - - - - > 'explorer.exe'(3936) c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\System32\WLTRYSVC.EXE c:\windows\System32\bcmwltry.exe c:\windows\system32\Ati2evxx.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe c:\windows\system32\wbem\wmiapsrv.exe c:\program files\ATI Technologies\ATI.ACE\CLI.EXE c:\program files\ATI Technologies\ATI.ACE\cli.exe . ************************************************************************** . Heure de fin: 2010-05-30 13:19:58 - La machine a redémarré ComboFix-quarantined-files.txt 2010-05-30 11:19 ComboFix2.txt 2010-05-29 12:31 Avant-CF: 78 333 808 640 octets libres Après-CF: 78 222 843 904 octets libres - - End Of File - - 36507143237559E3DC0F444D53D5F882

Bonjour, voila le rapport ComboFix 10-05-28.06 - Julien 29/05/2010 14:21:38.1.2 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1918.1493 [GMT 2:00] Lancé depuis: c:\documents and settings\Julien\Bureau\ComboFix.exe AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\pc-3\RavMonLog c:\program files\pdfforge Toolbar\SearchSettings.dll c:\windows\system32\st325602.dll . original MBR restored successfully ! . ((((((((((((((((((((((((((((( Fichiers créés du 2010-04-28 au 2010-05-29 )))))))))))))))))))))))))))))))))))) . 2010-05-28 19:27 . 2010-05-28 19:27 -------- d-----w- c:\documents and settings\HelpAssistant\UserData 2010-05-28 19:27 . 2010-05-28 19:27 -------- d-----w- c:\documents and settings\HelpAssistant\Tracing 2010-05-28 19:27 . 2010-05-28 19:27 -------- d-----w- c:\documents and settings\HelpAssistant\PrivacIE 2010-05-28 19:26 . 2010-05-28 19:26 -------- d-----w- c:\documents and settings\HelpAssistant\IETldCache 2010-05-28 19:26 . 2010-05-28 19:26 -------- d-----w- c:\documents and settings\HelpAssistant\IECompatCache 2010-05-28 09:57 . 2010-05-28 09:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-28 08:57 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-28 08:57 . 2010-05-28 08:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-05-28 08:57 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-28 08:17 . 2010-05-28 08:31 52048 ----a-w- c:\windows\system32\drivers\klmd.sys 2010-05-28 08:17 . 2010-05-28 08:31 -------- d-----w- C:\tdsskiller 2010-05-27 21:05 . 2010-05-29 12:29 823808 ----a-w- c:\windows\system32\drivers\roxcymoc.sys 2010-05-27 21:03 . 2010-05-27 21:03 50981 ----a-w- c:\windows\system32\gkvkrcedpddqlwx.exe 2010-05-27 21:03 . 2010-05-27 21:03 -------- d-----w- c:\program files\$NtUninstallWTF1012$ 2010-05-27 21:02 . 2010-05-28 10:38 -------- d-----w- c:\documents and settings\Julien\Local Settings\Application Data\okjhdpafe 2010-05-25 05:38 . 2010-05-25 05:38 309248 ----a-w- c:\windows\system32\pjiurrst.dll 2010-05-24 16:31 . 2010-05-24 16:31 40633 ----a-w- c:\windows\system32\fylzrgmg.exe 2010-05-20 07:33 . 2002-08-19 00:43 794624 ----a-w- c:\windows\system32\spr32d35.dll 2010-05-20 07:22 . 2010-05-20 07:35 -------- d-----w- c:\program files\Architecte_3D_Silver_Advanced 2010-05-20 07:20 . 2010-05-20 07:20 -------- d-sh--w- c:\windows\ftpcache 2010-05-19 19:53 . 2010-05-19 19:53 -------- d-----w- c:\program files\Microsoft Silverlight . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-29 12:28 . 2010-01-30 08:48 -------- d-----w- c:\program files\pdfforge Toolbar 2010-05-29 12:25 . 2004-08-19 12:03 86472 ----a-w- c:\windows\system32\perfc00C.dat 2010-05-29 12:25 . 2004-08-19 12:03 514868 ----a-w- c:\windows\system32\perfh00C.dat 2010-05-18 17:13 . 2010-01-22 10:58 -------- d-----w- c:\documents and settings\Julien\Application Data\Ressources Immobilieres 2010-05-13 14:48 . 2008-07-16 10:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-04-14 19:42 . 2010-01-22 11:10 79488 ----a-w- c:\documents and settings\Julien\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2010-04-14 12:57 . 2010-04-09 07:50 -------- d-----w- c:\documents and settings\Julien\Application Data\U3 2010-04-12 11:57 . 2010-04-12 11:57 1956808 ----a-w- c:\documents and settings\Julien\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe 2010-03-26 08:33 . 2010-04-13 12:37 1496064 ----a-w- c:\documents and settings\Julien\Application Data\Mozilla\Firefox\Profiles\8w6ap1r4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll 2010-03-26 08:33 . 2010-04-13 12:37 43008 ----a-w- c:\documents and settings\Julien\Application Data\Mozilla\Firefox\Profiles\8w6ap1r4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll 2010-03-26 08:33 . 2010-04-13 12:37 339456 ----a-w- c:\documents and settings\Julien\Application Data\Mozilla\Firefox\Profiles\8w6ap1r4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll 2010-03-26 08:32 . 2010-04-13 12:37 346112 ----a-w- c:\documents and settings\Julien\Application Data\Mozilla\Firefox\Profiles\8w6ap1r4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll 2010-03-10 06:16 . 2004-08-19 12:03 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-01-30 08:45 . 2010-01-30 08:45 17776464 ----a-w- c:\program files\PDFCreator-0_9_9_setup.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll" [2010-01-08 700416] [HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064] "ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2009-12-21 1803064] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-26 1024000] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-10 148888] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2008-02-22 1245184] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-07-16 29744] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368] "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792] "SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2010-01-08 974848] "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504] "MChk"="c:\windows\system32\fylzrgmg.exe" [2010-05-24 40633] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Julien\Menu D‚marrer\Programmes\D‚marrage\ Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2008-10-2 546288] c:\documents and settings\Julien\Menu D‚marrer\Programmes\D‚marrage\ Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2008-10-2 546288] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-7-16 50688] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter] 2008-02-28 11:59 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"= "c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "16716:TCP"= 16716:TCP:NortonAV "13672:TCP"= 13672:TCP:NortonAV "14928:TCP"= 14928:TCP:NortonAV "17861:TCP"= 17861:TCP:NortonAV "65533:TCP"= 65533:TCP:Services "52344:TCP"= 52344:TCP:Services "3611:TCP"= 3611:TCP:Services "5722:TCP"= 5722:TCP:Services "3389:TCP"= 3389:TCP:Remote Desktop "4457:TCP"= 4457:TCP:Services "7414:TCP"= 7414:TCP:Services R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [16/07/2008 11:35 3456] R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [22/01/2010 16:40 108289] R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [08/01/2010 01:51 380928] S3 klmd23;klmd23;c:\windows\system32\drivers\klmd.sys [28/05/2010 10:17 52048] --- Autres Services/Pilotes en mémoire --- *Deregistered* - roxcymoc . . ------- Examen supplémentaire ------- . uStart Page = hxxp://partnerpage.google.com/guyhoquetnantes.com?tab=m5 uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms} uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/fr_fr?hl=fr&client=dell-row&channel=fr-smb&ibd=6080716 uInternet Settings,ProxyServer = http=127.0.0.1:5555 uInternet Settings,ProxyOverride = <local> uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Julien\Application Data\Mozilla\Firefox\Profiles\8w6ap1r4.default\ FF - prefs.js: browser.startup.homepage - hxxp://partnerpage.google.com/guyhoquetnantes.com?tab=mS FF - component: c:\documents and settings\Julien\Application Data\Mozilla\Firefox\Profiles\8w6ap1r4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - component: c:\program files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll FF - component: c:\program files\pdfforge Toolbar\SSFF\components\SearchSettingsFF.dll FF - plugin: c:\documents and settings\Julien\Application Data\Mozilla\Firefox\Profiles\8w6ap1r4.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll FF - plugin: c:\documents and settings\Julien\Application Data\Mozilla\plugins\npPxPlay.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe HKLM-Run-skb - drppvohl.dll SafeBoot-klmd23.sys MSConfigStartUp-EoEngine - c:\program files\EoRezo\EoEngine.exe MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-29 14:28 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... c:\docume~1\Julien\LOCALS~1\Temp\catchme.dll 53248 bytes executable Scan terminé avec succès Fichiers cachés: 1 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\roxcymoc] . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(844) c:\windows\system32\Ati2evxx.dll c:\windows\System32\BCMLogon.dll . Heure de fin: 2010-05-29 14:31:00 ComboFix-quarantined-files.txt 2010-05-29 12:30 Avant-CF: 78 345 498 624 octets libres Après-CF: 78 350 282 752 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect - - End Of File - - C1A8744DBE27F851C6C8D5D5442A2A69

bonsoir, si je n'ai pas la console de recuperation y a t il une autre solution?

Alors verdict au démarrage voila le premier message apparu RUNDLL erreur de chargement de drppvohl.dll le module spécifié est introuvable ensuite il me propose un débogage une éxeption " erreur d'execution" c'est produite dans script débogeurs possibles nouvelle instance de microsoft script editor autrement internet explorer ne fonctionne pas mais mozilla oui je trouve le pc un peu lent, il a tendance a buger

Pour l'instant je sais pas, je suis toujours en mode sans echec, donc la je vais demarrer une session normale, et vous tiens au courant.

voila le nouveau rapport cordialement Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 4151 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 8.0.6001.18702 28/05/2010 15:01:07 mbam-log-2010-05-28 (15-01-07).txt Type d'examen: Examen complet (C:\|) Elément(s) analysé(s): 253630 Temps écoulé: 34 minute(s), 8 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 2 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\CLSID\{c7ba40a1-74f2-52bd-f411-04b15a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c7ba40a1-74f2-52bd-f411-04b15a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{c7ba40a1-74f2-52bd-f411-04b15a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)

non je ne l'ai pas vu dans votre procédure c'est vrai, je ne me fais pas aider ailleurs , j'essaie juste de comprendre c'est tout. c'est en fouillant dans les topics précedent que j'ai vu ça... bon je relance

re, Je précise que j'ai fait toutes ces manip en mode sans echec reseau pour la premiere manip tdsskiller, je n'ai pas reussit a avoir le rapport par contre j'ai vu ça un peu plus loin... NB: Pendant la procédure, si TDSSKiller fait apparaître ce message: Citation Hidden service detected: nom du service caché: Type "delete" (without quotes) to delete it: 14:30:08:000 0256, tape delete et valide par la touche Enter. Il y aura un rapport TDSSKiller.txt sur le C:\ Ouvre le fichier texte et copie l'entièreté du contenu; colle-le dans ta réponse. faut il que je refasse cette manipulation??? c'est ce qu'il avait d'affiché.. le reste ok mais assez galère car ordi plante souvent... bien a vous Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 4151 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 8.0.6001.18702 28/05/2010 12:38:34 mbam-log-2010-05-28 (12-38-34).txt Type d'examen: Examen complet (C:\|) Elément(s) analysé(s): 253619 Temps écoulé: 33 minute(s), 30 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 1 Clé(s) du Registre infectée(s): 20 Valeur(s) du Registre infectée(s): 9 Elément(s) de données du Registre infecté(s): 2 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 9 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): C:\WINDOWS\system32\ec1fom.dll (Trojan.Ertfor) -> Delete on reboot. Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\CLSID\{c7ba40a1-74f2-52bd-f411-04b15a2c8953} (Trojan.Ertfor) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c7ba40a1-74f2-52bd-f411-04b15a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c7ba40a1-74f2-52bd-f411-04b15a2c8953} (Trojan.Ertfor) -> Delete on reboot. HKEY_CLASSES_ROOT\cscrptxt.cscrptxt (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{154c8bb1-0f91-44e4-9155-310c13704348} (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{5e1ecee0-e13f-40c7-8248-474fe9ef1cb3} (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{bee7c5f3-7549-4318-96eb-128c00a84582} (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e0ec6fba-f009-3535-95d6-b6390db27da1} (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\cscrptxt.cscrptxt.1.0 (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adgj.aghlp (Adware.EZLife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adgj.aghlp.1 (Adware.EZLife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adshothlpr.adshothlpr (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adshothlpr.adshothlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{c7ba40a1-74f2-52bd-f411-04b15a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hsfg9w8gujsokgahi8gysgnsdgefshyjy (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tvthpcot (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mcexecwin (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tvthpcot (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tzvurhkgiravc (Trojan.Agent) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\system32\ec1fom.dll (Trojan.Ertfor) -> Delete on reboot. C:\Documents and Settings\Julien\Local Settings\Temp\kynck.dll (Trojan.Ertfor) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drppvohl.dll (Adware.EZlife) -> Quarantined and deleted successfully. C:\Program Files\EoRezo\EoEngine.exe (Rogue.Eorezo) -> Quarantined and deleted successfully. C:\Program Files\EoRezo\EoAdv\EoAdv.dll (Rogue.Eorezo) -> Quarantined and deleted successfully. C:\Documents and Settings\Julien\Local Settings\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Julien\Local Settings\Temp\taskmgr.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Julien\Local Settings\Application Data\okjhdpafe\ulqjwmdtssd.exe (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fseywodeifm.dll (Trojan.Agent) -> Quarantined and deleted successfully.

Bonjour a tous, voila mon probléme, je n'arrive plus à me connecter à internet, j'ai mon antivirus bloqué ( antivir) , et windows me demande d'installer un antispyware , qui ma détecté pas mal de virus, alors que j'ai lancé un scan en mode sans échec avec antivir et rien??? que ce passe-t-il? ? Je précise que je suis bloqué donc pas d'acces à internet depuis mon pc je suis sous windows xp et les mises à jour sont ok merci de votre aide julien

merci de la réponse bon a priori erreur de ma part , je n'ai pas pris le bon logiciel , j'ai pris la pack office .... dsl bon je recommance et vous tiens au courant @+

ça commence mal , je n'arrive pas à démarrer avec le cd d'installation de xp , j'ai ete dans le boot menu et selectionné cd rom puis sauvegarder, mais il ne veut pas le prendre j'arrive rapidement sur la page ou il me demande si je veut redemarrer en mode sans echec ect... j'ai du louper une etape je veux bien de l'aide merci ( je sais pas pourquoi j'étais connecté en invité) ???

ok , bon je ferai ça demain et vous tiendrais au courant a plus et merci

SALUT quand tu enleve ta clef pense a click droit sur l'icone pour l'enlever avec l'utilitaire de fermeture peut etre que tu le fais deja , en tout cas j'ai deja eu ce probleme avec une clef usb.

oui c' est bien le cd d'origine.

dites moi comment je dois faire , si je dois réinstaller windows xp , ou pas ? Merci d'avance