tygwen

et avast il vaux quoi en fait ? j'ai entendu dire qui prenais pas mal de ressource, mais c'est vrais ou faux ? et pour zonealarme c'est vrais qu'il me gave un peu j'aimerais bien changer

bonjours je vais passer sur un nouveau PC qui aura WIN 7 du coup je cherche un anti virus et un par feu performant et gratuit aussi merci pour vos conseil ps: j utilise zonalarme et antivir pour le moment sur mon WIN XP

j'ai déjà un écran plat ^^. merci pour ton aide thorgal, mais ta proposition est trop chère pour mon budget très serré.

la je suis bien décider, mais entre 2 le 1er => http://www.cdiscount.com/informatique/achat-pc-ordinateur/hp-g5320fr/f-107080904-xs674ea.html et celui la => http://www.cdiscount.com/informatique/achat-pc-ordinateur/hp-g5225fr/f-107080904-xh793ea.html le quelle serais le maïeur sur les 2 ?

est celui ci vous en pansez quoi ? http://www.cdiscount.com/informatique/achat-pc-ordinateur/hp-g5225fr/f-107080904-xh793ea.html

merci pour ta réponse Thorgal une autre question que vos c'est 2 pross (Intel Pentium E5700 et AMD Athlon II X2 250 )

bonsoir désoler pour le temps de réponse une machine qui avance a rien sa veux dire une machine qui devient lente rapidement une foi que tu a mis 1 ou 2 logicielle dessus. je suis toujours à la recherche vue que j'ai reporter la date d'achat ( tv a remplacer ).

bonjours je souaite acheter un PC de bureau au environ de 500 euros. sa sera surtout pour naviguer sur le net, stoker des photos et jouer de temps en temps. je comprend rien dans la description des nouveaux pross et j'ai peur de prendre une machine qui avance a rien.

je viens de trouver le problème ^^ ma livebox (orange quand tu nous tien ^^) j'avais monter le niveau de sécurité a élever et du coup plus rien passer. vraiment merci pour ton aide.

oui la pile est nase depuis plus de 2ans. mais javait toujours réussi à mettre a jour l'heure la pas moyen. grrrrr

j'ai fait une mise a jours manuelle et il me dit " erreur lors de la synchronisation de windows avec time.windows.com." dout peu venir se bug? pour amsn sa marche pas

oui "erreur de conection, connection tined oud"

j'ai pas trouver de fichier download2 et j'ai utiliser le fichier fix.reg une petit question sais tu comment se virus a pu rentré sur le PC?? PS: et une autre question je peu plus synchroniser l'heure de mon pc depuis l'attaque du virus et je ne peu plus utiliser amsn (msn) même une foi réinstaller. il resterais quelque chose dans le pc ?

Antivirus Version Last Update Result AhnLab-V3 2010.09.28.00 2010.09.27 - AntiVir 7.10.12.54 2010.09.27 - Antiy-AVL 2.0.3.7 2010.09.27 - Authentium 5.2.0.5 2010.09.27 - Avast 4.8.1351.0 2010.09.27 - Avast5 5.0.594.0 2010.09.27 - AVG 9.0.0.851 2010.09.27 - BitDefender 7.2 2010.09.27 - CAT-QuickHeal 11.00 2010.09.27 - ClamAV 0.96.2.0-git 2010.09.27 - Comodo 6216 2010.09.27 - DrWeb 5.0.2.03300 2010.09.27 - Emsisoft 5.0.0.37 2010.09.27 - eSafe 7.0.17.0 2010.09.26 - eTrust-Vet 36.1.7879 2010.09.27 - F-Prot 4.6.2.117 2010.09.27 - F-Secure 9.0.15370.0 2010.09.27 - Fortinet 4.1.143.0 2010.09.26 - GData 21 2010.09.27 - Ikarus T3.1.1.90.0 2010.09.27 - Jiangmin 13.0.900 2010.09.27 - K7AntiVirus 9.63.2618 2010.09.27 - Kaspersky 7.0.0.125 2010.09.27 - McAfee 5.400.0.1158 2010.09.27 - McAfee-GW-Edition 2010.1C 2010.09.27 - Microsoft 1.6201 2010.09.27 - NOD32 5484 2010.09.27 - Norman 6.06.06 2010.09.27 - nProtect 2010-09-27.03 2010.09.27 - Panda 10.0.2.7 2010.09.27 - PCTools 7.0.3.5 2010.09.27 - Prevx 3.0 2010.09.27 - Rising 22.66.06.01 2010.09.27 - Sophos 4.58.0 2010.09.27 - Sunbelt 6935 2010.09.27 - SUPERAntiSpyware 4.40.0.1006 2010.09.27 - Symantec 20101.1.1.7 2010.09.27 - TheHacker 6.7.0.0.036 2010.09.27 - TrendMicro 9.120.0.1004 2010.09.27 - TrendMicro-HouseCall 9.120.0.1004 2010.09.27 - VBA32 3.12.14.1 2010.09.27 - ViRobot 2010.8.31.4017 2010.09.27 - VirusBuster 12.66.2.0 2010.09.27 - Additional information Show all MD5 : 66ef49622baa18e4d4f1fe4bae1d51b8 SHA1 : 0c2651ff9f5661ae124408c457f6c8ac20f0c9cb SHA256: d30daffafc29919c891c8952fc27890d735e4368c706ef452aa86b8b05cd7884 ssdeep: 6144:dtSiy0lFHPMXyNyNw71VtA4lEs7w92+L/6yeR6aPqmKw7h:dtSLxysNE1Vjw92+muaCmFh File size : 315408 bytes First seen: 2009-10-16 16:44:03 Last seen : 2010-09-27 20:17:00 TrID: Win64 Executable Generic (87.2%) Win32 Executable Generic (8.6%) Generic Win/DOS Executable (2.0%) DOS Executable Generic (2.0%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) sigcheck: publisher....: Kaspersky Lab copyright....: Copyright © Kaspersky Lab 1996-2009. product......: Kaspersky_ Anti-Virus _ description..: Klif Mini-Filter _fre_wnet_x86_ original name: KLIF internal name: KLIF file version.: 8.4.0.101 built by: WinDDK comments.....: n/a signers......: Kaspersky Lab VeriSign Class 3 Code Signing 2004 CA Class 3 Public Primary Certification Authority signing date.: 9:31 PM 10/9/2009 verified.....: - PEInfo: PE structure information [[ basic data ]] entrypointaddress: 0x47F74 timedatestamp....: 0x4ACF8E96 (Fri Oct 09 19:27:18 2009) machinetype......: 0x14c (I386) [[ 8 section(s) ]] name, viradd, virsiz, rawdsiz, ntropy, md5 .text, 0x1000, 0x35CFA, 0x35E00, 6.47, 9a7eefd58ad95fe8d5b70c60d7dbfab8 .rdata, 0x37000, 0x1B0C, 0x1C00, 4.33, 73b61928f8e12f4f916480bda327c099 .data, 0x39000, 0x2F28, 0x1200, 4.57, 8350b3b3633ca9115c344945a45b982f PAGE, 0x3C000, 0x7FB2, 0x8000, 6.40, bb40a61b814b4557d8c39edee6f0aac9 PAGEDATA, 0x44000, 0x7C, 0x200, 1.63, 6bd37e74ff04ea7dd3acc28377576bd0 INIT, 0x45000, 0x5CBA, 0x5E00, 6.23, 2b080f8d8901d746417a5bf231350b7a .rsrc, 0x4B000, 0x390, 0x400, 3.09, eb200494a33d110578b627973a75f667 .reloc, 0x4C000, 0x4074, 0x4200, 6.51, adb7d789269c15c154718ccba5b0ad66 [[ 3 import(s) ]] ntoskrnl.exe: IoQueueWorkItem, IoAllocateWorkItem, ZwOpenProcess, MmHighestUserAddress, RtlEqualUnicodeString, RtlEnumerateGenericTableWithoutSplayingAvl, _vsnwprintf, ZwEnumerateKey, ZwSetValueKey, ZwCreateFile, ZwDeleteKey, RtlIntegerToUnicodeString, ZwCreateKey, RtlUnicodeStringToInteger, FsRtlCheckLockForReadAccess, IoIsOperationSynchronous, KeClearEvent, ZwFlushVirtualMemory, RtlHashUnicodeString, KeSetPriorityThread, KeUnstackDetachProcess, ZwUnmapViewOfSection, ZwMapViewOfSection, KeStackAttachProcess, ZwCreateSection, MmUnsecureVirtualMemory, ExReInitializeRundownProtection, ObfReferenceObject, MmSecureVirtualMemory, IoUnregisterPlugPlayNotification, IoGetDeviceObjectPointer, IoRegisterPlugPlayNotification, SeTokenType, SeCreateClientSecurity, SeImpersonateClientEx, IoDeviceObjectType, IoBuildSynchronousFsdRequest, IoDeleteDevice, IoDeleteSymbolicLink, IoUnregisterShutdownNotification, ExGetPreviousMode, IoFreeMdl, MmUnlockPages, MmProbeAndLockPages, IoAllocateMdl, IoRegisterShutdownNotification, IoCreateSymbolicLink, IoCreateDevice, KeQueryInterruptTime, _stricmp, ZwQuerySystemInformation, KeDelayExecutionThread, strncmp, ZwQueryInformationProcess, KeServiceDescriptorTable, KeAddSystemServiceTable, PsLookupProcessByProcessId, IoGetBaseFileSystemDeviceObject, ZwOpenFile, ObQueryNameString, ObOpenObjectByName, strncpy, IoAllocateIrp, IoGetStackLimits, ObReferenceObjectByPointer, SeQueryAuthenticationIdToken, SeCaptureSubjectContext, PsDereferenceImpersonationToken, RtlCopySid, SeQueryInformationToken, PsReferenceImpersonationToken, PsReferencePrimaryToken, PsIsThreadTerminating, PsThreadType, PsProcessType, _allrem, MmUserProbeAddress, CmRegisterCallback, CmUnRegisterCallback, RtlGetVersion, PsGetVersion, ZwDeleteValueKey, ZwEnumerateValueKey, _allshl, InterlockedIncrement, InterlockedDecrement, InterlockedExchangeAdd, PsGetProcessId, IoThreadToProcess, PsLookupThreadByThreadId, ZwTerminateProcess, ProbeForRead, SeExports, NtBuildNumber, ZwQuerySection, RtlNumberGenericTableElementsAvl, swprintf, IoGetAttachedDeviceReference, PsRemoveCreateThreadNotifyRoutine, PsSetCreateThreadNotifyRoutine, PsSetCreateProcessNotifyRoutine, RtlSetDaclSecurityDescriptor, RtlGetAce, RtlAddAccessAllowedAce, RtlCreateAcl, RtlCreateSecurityDescriptor, ProbeForWrite, ZwSetInformationObject, ZwQueryObject, KeGetRecommendedSharedDataAlignment, KeNumberProcessors, KeInsertQueueApc, KeInitializeApc, IoIsSystemThread, NtQueryInformationProcess, RtlNtStatusToDosError, RtlAnsiStringToUnicodeString, ZwAllocateVirtualMemory, ZwFreeVirtualMemory, KeQueryTimeIncrement, KeTickCount, NtQueryInformationAtom, KeBugCheckEx, _allmul, _alldiv, KeWaitForMultipleObjects, IoGetRelatedDeviceObject, ObOpenObjectByPointer, IoFreeWorkItem, KeSetEvent, ExRundownCompleted, KeGetCurrentThread, ExInitializeRundownProtection, RtlUpcaseUnicodeChar, RtlUpperChar, PsCreateSystemThread, PsTerminateSystemThread, ExWaitForRundownProtectionRelease, ExReleaseRundownProtection, ExAcquireRundownProtection, KeInitializeEvent, IoBuildDeviceIoControlRequest, KeWaitForSingleObject, ZwOpenKey, ZwQueryValueKey, ZwClose, IoDriverObjectType, ObReferenceObjectByName, RtlLengthSid, MmIsAddressValid, RtlGetElementGenericTableAvl, RtlEnumerateGenericTableAvl, RtlDeleteElementGenericTableAvl, RtlLookupElementGenericTableAvl, RtlUpcaseUnicodeString, InitSafeBootMode, IoGetCurrentProcess, PsInitialSystemProcess, MmMapLockedPagesSpecifyCache, memmove, IoGetTopLevelIrp, RtlInitializeSid, RtlSubAuthoritySid, _wcsnicmp, PsGetThreadId, PsGetCurrentThreadId, FsRtlIsNameInExpression, KeQuerySystemTime, PsGetCurrentProcessId, IoFileObjectType, ObReferenceObjectByHandle, ObfDereferenceObject, RtlAppendUnicodeStringToString, RtlCopyUnicodeString, RtlAppendUnicodeToString, RtlInitializeGenericTableAvl, RtlInsertElementGenericTableAvl, RtlImageNtHeader, ExDeletePagedLookasideList, ExDeleteNPagedLookasideList, ExInitializePagedLookasideList, ExInitializeNPagedLookasideList, RtlCompareUnicodeString, IofCompleteRequest, IofCallDriver, IoWMIRegistrationControl, RtlCompareMemory, RtlInitUnicodeString, MmGetSystemRoutineAddress, memset, memcpy, IoWMIWriteEvent, ExFreePoolWithTag, ExAllocatePoolWithTag, InterlockedPushEntrySList, SeReleaseSubjectContext, InterlockedPopEntrySList, RtlUnwind HAL.dll: KfLowerIrql, KeAcquireInStackQueuedSpinLock, KeReleaseInStackQueuedSpinLock, ExAcquireFastMutex, ExReleaseFastMutex, KeQueryPerformanceCounter, KeGetCurrentIrql, KfRaiseIrql FLTMGR.SYS: FltWriteFile, FltGetRequestorProcess, FltGetFileNameInformation, FltParseFileNameInformation, FltIsDirectory, FltSetStreamContext, FltEnumerateVolumeInformation, FltGetStreamHandleContext, FltGetStreamContext, FltCreateSystemVolumeInformationFolder, FltSetInformationFile, FltGetVolumeContext, FltGetVolumeGuidName, FltEnumerateVolumes, FltReleaseFileNameInformation, FltGetFileNameInformationUnsafe, FltBuildDefaultSecurityDescriptor, FltCreateCommunicationPort, FltFreeSecurityDescriptor, FltSendMessage, FltCloseClientPort, FltCloseCommunicationPort, FltAllocatePoolAlignedWithTag, FltReadFile, FltFreePoolAlignedWithTag, FltAllocateCallbackData, FltLockUserBuffer, FltFreeCallbackData, FltPerformSynchronousIo, FltFreeGenericWorkItem, FltRegisterFilter, FltStartFiltering, FltGetDestinationFileNameInformation, FltGetContexts, FltSetStreamHandleContext, FltCancelFileOpen, FltFlushBuffers, FltSetCallbackDataDirty, FltGetRequestorProcessId, FltGetInstanceContext, FltGetVolumeProperties, FltAllocateContext, FltReleaseContext, FltQueryVolumeInformation, FltGetDiskDeviceObject, FltSetInstanceContext, FltAllocateGenericWorkItem, FltQueueGenericWorkItem, FltSetVolumeContext, FltObjectReference, FltGetVolumeName, FltCreateFile, FltGetVolumeFromFileObject, FltClose, FltUnregisterFilter, FltInitializePushLock, FltReferenceFileNameInformation, FltAcquirePushLockShared, FltDeletePushLock, FltAcquirePushLockExclusive, FltReleasePushLock, FltObjectDereference, FltReleaseContexts, FltQueryInformationFile VT Community 0 This file has never been reviewed by any VT Community member. Be the first one to comment on it! VirusTotal Team C:\Documents and Settings\Jonah\Application Data\download2\svcnost.exe => il le trouve pas. je fait quoi ?

il marche bien merci pour l'aide, tout seul j'étais bon pour un formatage.

Logfile of random's system information tool 1.08 (written by random/random) Run by Jonah at 2010-09-26 19:09:32 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 981 MB (10%) free of 10 GB Total RAM: 511 MB (14% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:09:40, on 26/09/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE E:\hamachi-2.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Jonah\Bureau\RSIT.exe C:\Program Files\trend micro\Jonah.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Orange : téléphones, forfaits, Internet, actualité, sport, video R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file) O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Ouvrir le fichier PDF dans Word (PDF Converter 3.0) - res://C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /300 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files\HiDownload\hidownload.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - E:\hamachi-2.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\System32\tlntsvr.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Jonah/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.jpg -- End of file - 7977 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - E:\SPYBOT~1\SDHelper.dll [2009-01-26 1879896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 501400] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}] EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe [2003-04-25 683520] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"=1 "NoDriveAutoRun"=67108863 "NoDriveTypeAutoRun"=323 "NoDrives"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\TYPSoft FTP Server\ftpserv.exe"="C:\TYPSoft FTP Server\ftpserv.exe:*:Enabled:TYPSoft FTP Server" "C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "E:\Age of empires\age2_x1\_age2_x1.exe"="E:\Age of empires\age2_x1\_age2_x1.exe:*:Enabled:Age of Empires II Expansion" "C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper" "E:\Microsoft Office\Office12\OUTLOOK.EXE"="E:\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Program Files\aMSN\bin\wish.exe"="C:\Program Files\aMSN\bin\wish.exe:*:Enabled:Wish Application" "E:\Program Files\Call of Duty\CoDMP.exe"="E:\Program Files\Call of Duty\CoDMP.exe:*:Enabled:CoDMP" "C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE"="C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4" "C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" "C:\Program Files\Adobe\Adobe Help Center\ahc.exe"="C:\Program Files\Adobe\Adobe Help Center\ahc.exe:*:Enabled:Adobe Help Center" "C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "E:\Age of empires\age2_x1\age2_x1.exe"="E:\Age of empires\age2_x1\age2_x1.exe:*:Enabled:Age of Empires II Expansion" "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox" "C:\DOCUME~1\Jonah\LOCALS~1\Temp\google.exe"="C:\DOCUME~1\Jonah\LOCALS~1\Temp\google.exe:*:Enabled:ldrsoft" "C:\Documents and Settings\Jonah\Application Data\download2\svcnost.exe"="C:\Documents and Settings\Jonah\Application Data\download2\svcnost.exe:*:Enabled:ldrsoft" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" ======File associations====== .js - edit - "E:\Macromedia Studio 8\Dreamweaver 8\dreamweaver.exe" "%1" ======List of files/folders created in the last 1 months====== 2010-09-30 23:36:54 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-09-24 23:21:22 ----A---- C:\WINDOWS\system32\drivers\64041602.sys 2010-09-24 23:21:22 ----A---- C:\WINDOWS\system32\drivers\64041601.sys 2010-09-24 23:21:22 ----A---- C:\WINDOWS\system32\drivers\6404160.sys 2010-09-24 23:15:57 ----A---- C:\TDSSKiller.2.4.2.1_24.09.2010_23.15.57_log.txt 2010-09-23 22:35:33 ----A---- C:\TDSSKiller.2.4.2.1_23.09.2010_22.35.33_log.txt 2010-09-23 22:33:02 ----A---- C:\TDSSKiller.2.4.2.1_23.09.2010_22.33.02_log.txt 2010-09-23 21:56:00 ----A---- C:\WINDOWS\ntbtlog.txt 2010-09-21 18:45:03 ----D---- C:\Documents and Settings\Jonah\Application Data\download2 2010-09-11 23:15:35 ----SHD---- C:\RECYCLER 2010-09-11 13:05:55 ----D---- C:\WINDOWS\temp 2010-09-11 13:05:53 ----A---- C:\ComboFix.txt 2010-09-10 22:13:47 ----A---- C:\WINDOWS\explorer.exe 2010-09-10 19:41:33 ----A---- C:\Boot.bak 2010-09-10 19:41:26 ----RASHD---- C:\cmdcons 2010-09-10 19:38:53 ----A---- C:\WINDOWS\NIRCMD.exe 2010-09-10 19:38:14 ----D---- C:\WINDOWS\ERDNT 2010-09-09 13:15:20 ----D---- C:\Program Files\trend micro 2010-09-09 13:15:19 ----D---- C:\rsit 2010-09-09 07:24:53 ----D---- C:\Documents and Settings\Jonah\Application Data\Malwarebytes 2010-09-09 07:24:36 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2010-09-02 22:08:06 ----A---- C:\WINDOWS\lsrslt.ini 2010-09-01 19:12:01 ----D---- C:\Program Files\Enigma Software Group 2010-09-01 19:11:22 ----D---- C:\WINDOWS\95431C66CF9A4913BFFF6050785AFB65.TMP ======List of files/folders modified in the last 1 months====== 2010-10-01 12:57:31 ----AC---- C:\WINDOWS\WININIT.INI 2010-09-30 23:36:53 ----SHD---- C:\WINDOWS\CSC 2010-09-30 20:14:33 ----D---- C:\Documents and Settings\Jonah\Application Data\uTorrent 2010-09-30 20:14:25 ----D---- C:\Program Files\Mozilla Thunderbird 2010-09-30 20:14:25 ----D---- C:\Program Files\GoldWave 2010-09-30 20:14:25 ----D---- C:\Program Files\ConTEXT 2010-09-30 18:33:51 ----HD---- C:\Program Files\InstallShield Installation Information 2010-09-26 19:09:37 ----D---- C:\WINDOWS\Prefetch 2010-09-26 19:04:32 ----D---- C:\Program Files\Mozilla Firefox 2010-09-26 19:04:03 ----D---- C:\WINDOWS\system32\CatRoot2 2010-09-25 13:36:50 ----D---- C:\WINDOWS 2010-09-25 09:44:07 ----D---- C:\WINDOWS\system32\Restore 2010-09-24 23:37:33 ----HD---- C:\WINDOWS\inf 2010-09-24 23:37:33 ----D---- C:\WINDOWS\system32\drivers 2010-09-24 23:35:47 ----D---- C:\Program Files 2010-09-24 23:24:51 ----SHD---- C:\System Volume Information 2010-09-23 18:26:58 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2010-09-23 18:26:02 ----D---- C:\WINDOWS\Minidump 2010-09-12 18:48:08 ----D---- C:\Documents and Settings\Jonah\Application Data\vlc 2010-09-12 05:30:12 ----D---- C:\Documents and Settings\Jonah\Application Data\dvdcss 2010-09-12 02:31:16 ----A---- C:\WINDOWS\NeroDigital.ini 2010-09-11 13:02:17 ----A---- C:\WINDOWS\system.ini 2010-09-11 13:02:08 ----D---- C:\WINDOWS\system32\drivers\etc 2010-09-11 13:00:00 ----D---- C:\WINDOWS\system32\config 2010-09-11 12:57:14 ----D---- C:\WINDOWS\system32 2010-09-11 12:57:14 ----D---- C:\WINDOWS\AppPatch 2010-09-11 12:57:13 ----D---- C:\Program Files\Fichiers communs 2010-09-10 22:13:53 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-09-10 19:41:33 ----RASH---- C:\boot.ini 2010-09-09 19:02:37 ----SD---- C:\Documents and Settings\Jonah\Application Data\Microsoft 2010-09-09 19:02:36 ----SHD---- C:\WINDOWS\Installer 2010-09-09 13:55:06 ----D---- C:\WINDOWS\Debug 2010-09-08 07:21:19 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-09-01 19:11:19 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 64041602;64041602 Boot Guard Driver; C:\WINDOWS\system32\DRIVERS\64041602.sys [2009-10-22 37392] R0 nv_agp;NVIDIA nForce AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\nv_agp.sys [2003-03-19 18688] R0 ohci1394;Contrôleurs hôte IEEE 1394 compatible OHCI; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2008-04-13 61696] R0 si3112r;Silicon Image SiI 3112 SATARaid Controller; C:\WINDOWS\system32\drivers\si3112r.sys [2004-05-12 97408] R0 SiFilter;SATALink driver accelerator; C:\WINDOWS\System32\DRIVERS\SiWinAcc.sys [2003-10-15 10240] R0 SiWinAcc;SiWinAcc; C:\WINDOWS\system32\drivers\SiWinAcc.sys [2003-10-15 10240] R1 64041601;64041601; C:\WINDOWS\system32\DRIVERS\64041601.sys [2009-09-25 128016] R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-14 41856] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 cpuidlep;CpuIdle Pro System Driver; C:\WINDOWS\system32\drivers\cpuidlep.sys [2007-04-19 4484] R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-04-09 31548] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-14 56816] R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys [] R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2006-11-22 2829824] R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-09-23 26176] R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944] R3 nvax;Service for NVIDIA® nForce Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2003-08-13 36864] R3 nvnforce;Service for NVIDIA® nForce Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2003-08-13 311552] R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2007-02-03 47360] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-08 14604] R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\yukonwxp.sys [2003-10-23 174336] S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] S3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800] S3 catchme;catchme; \??\C:\tygwen13189t\catchme.sys [] S3 driverhardwarev2;driverhardwarev2; C:\WINDOWS\system32\drivers\driverhardwarev2.sys [] S3 esgiguard;esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [] S3 GVCplDrv;GVCplDrv; C:\WINDOWS\system32\drivers\GVCplDrv.sys [2003-09-30 22880] S3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288] S3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824] S3 nm;Pilote du Moniteur réseau; C:\WINDOWS\System32\DRIVERS\NMnt.sys [2008-04-13 40320] S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-02-22 137216] S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-02-22 8320] S3 nmwcdcj;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2007-02-22 12288] S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-02-22 12288] S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 42000] S3 nsysaudm;nsysaudm; C:\WINDOWS\system32\drivers\nsysaudm.sys [] S3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2003-06-07 70656] S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS [] S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS [] S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2005-07-12 17664] S3 RT2500;RT2500 Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT2500.sys [2005-07-05 242176] S3 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-07-13 28520] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2006-12-19 639224] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2007-08-31 217208] R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-07-13 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-23 185089] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-11-22 430080] R2 Diskeeper;Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2005-11-23 765952] R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE [2007-01-11 113664] R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; E:\hamachi-2.exe [2010-03-30 1107336] R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336] R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2007-11-04 66872] R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2007-11-04 103736] R2 StarWindService;StarWind iSCSI Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [2005-04-02 217600] R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008] S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-11-22 520192] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-01-25 93048] S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-06-15 300544] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF-----------------

Autoscan: completed 1 minute ago (events: 55, objects: 549207, time: 13:51:17) 24/09/2010 23:38:44 Task started 24/09/2010 23:40:55 Detected: Trojan.Win32.FakeAV.gxe C:\Documents and Settings\Jonah\Application Data\hotfix.exe 24/09/2010 23:41:27 Deleted: Trojan.Win32.FakeAV.gxe C:\Documents and Settings\Jonah\Application Data\hotfix.exe 24/09/2010 23:48:06 Detected: Trojan.Win32.FakeAV.gxa C:\Documents and Settings\Jonah\Local Settings\temp\963955.exe 24/09/2010 23:48:14 Deleted: Trojan.Win32.FakeAV.gxa C:\Documents and Settings\Jonah\Local Settings\temp\963955.exe 25/09/2010 00:02:49 Detected: Packed.Win32.Krap.hc C:\System Volume Information\_restore{F5BFE604-B2C5-4042-9DA3-33308147D0EF}\RP10\A0002460.exe 25/09/2010 00:03:05 Deleted: Packed.Win32.Krap.hc C:\System Volume Information\_restore{F5BFE604-B2C5-4042-9DA3-33308147D0EF}\RP10\A0002460.exe 25/09/2010 00:03:13 Detected: Trojan.Win32.Patched.kl C:\System Volume Information\_restore{F5BFE604-B2C5-4042-9DA3-33308147D0EF}\RP13\A0002557.exe 25/09/2010 00:03:44 Detected: Trojan-Clicker.Win32.Agent.oha C:\System Volume Information\_restore{F5BFE604-B2C5-4042-9DA3-33308147D0EF}\RP14\A0002961.exe 25/09/2010 00:04:24 Detected: Trojan-Spy.Win32.Wemon.zx C:\System Volume Information\_restore{F5BFE604-B2C5-4042-9DA3-33308147D0EF}\RP19\A0005313.exe 25/09/2010 09:17:55 Disinfected: Trojan.Win32.Patched.kl C:\System Volume Information\_restore{F5BFE604-B2C5-4042-9DA3-33308147D0EF}\RP13\A0002557.exe 25/09/2010 09:17:55 Disinfected: Trojan.Win32.Patched.kl C:\System Volume Information\_restore{F5BFE604-B2C5-4042-9DA3-33308147D0EF}\RP13\A0002557.exe 25/09/2010 09:17:56 Deleted: Trojan-Spy.Win32.Wemon.zx C:\System Volume Information\_restore{F5BFE604-B2C5-4042-9DA3-33308147D0EF}\RP19\A0005313.exe 25/09/2010 09:17:57 Detected: Trojan-Clicker.Win32.Agent.oha C:\System Volume Information\_restore{F5BFE604-B2C5-4042-9DA3-33308147D0EF}\RP19\A0005314.exe 25/09/2010 09:17:57 Detected: Trojan.Win32.FakeAV.gxe C:\System Volume Information\_restore{F5BFE604-B2C5-4042-9DA3-33308147D0EF}\RP19\A0005318.exe 25/09/2010 09:18:02 Deleted: Trojan-Clicker.Win32.Agent.oha C:\System Volume Information\_restore{F5BFE604-B2C5-4042-9DA3-33308147D0EF}\RP14\A0002961.exe 25/09/2010 09:18:08 Deleted: Trojan-Clicker.Win32.Agent.oha C:\System Volume Information\_restore{F5BFE604-B2C5-4042-9DA3-33308147D0EF}\RP19\A0005314.exe 25/09/2010 09:18:10 Deleted: Trojan.Win32.FakeAV.gxe C:\System Volume Information\_restore{F5BFE604-B2C5-4042-9DA3-33308147D0EF}\RP19\A0005318.exe 25/09/2010 09:18:10 Detected: Trojan-Proxy.Win32.Agent.daq C:\System Volume Information\_restore{F5BFE604-B2C5-4042-9DA3-33308147D0EF}\RP2\A0002210.exe 25/09/2010 09:18:16 Deleted: Trojan-Proxy.Win32.Agent.daq C:\System Volume Information\_restore{F5BFE604-B2C5-4042-9DA3-33308147D0EF}\RP2\A0002210.exe 25/09/2010 09:18:29 Detected: Trojan-Proxy.Win32.Agent.daq C:\System Volume Information\_restore{F5BFE604-B2C5-4042-9DA3-33308147D0EF}\RP2\A0002231.exe 25/09/2010 09:18:35 Deleted: Trojan-Proxy.Win32.Agent.daq C:\System Volume Information\_restore{F5BFE604-B2C5-4042-9DA3-33308147D0EF}\RP2\A0002231.exe 25/09/2010 09:18:44 Detected: Trojan-Clicker.Win32.Agent.oha C:\System Volume Information\_restore{F5BFE604-B2C5-4042-9DA3-33308147D0EF}\RP6\A0002304.exe 25/09/2010 09:18:49 Deleted: Trojan-Clicker.Win32.Agent.oha C:\System Volume Information\_restore{F5BFE604-B2C5-4042-9DA3-33308147D0EF}\RP6\A0002304.exe 25/09/2010 09:47:52 Processing error E:\jeux\mini cd1\NFSMW-MINI.mdf/0compressed.zip Read error 25/09/2010 09:47:57 Processing error E:\jeux\mini cd1\NFSMW-MINI.mdf Read error 25/09/2010 10:04:52 Processing error E:\jeux\Need.For.Speed.Undercover.FRENCH-ReVOLVeR\Need.For.Speed.Undercover.FRENCH-ReVOLVeR.iso/Group10.cab Read error 25/09/2010 10:05:10 Processing error E:\jeux\Need.For.Speed.Undercover.FRENCH-ReVOLVeR\Need.For.Speed.Undercover.FRENCH-ReVOLVeR.iso/Group11.cab Read error 25/09/2010 10:05:44 Processing error E:\jeux\Need.For.Speed.Undercover.FRENCH-ReVOLVeR\Need.For.Speed.Undercover.FRENCH-ReVOLVeR.iso/Group112.cab Read error 25/09/2010 10:06:04 Processing error E:\jeux\rld-etqw.iso/Setup/rsrc/etqw.exe Read error 25/09/2010 10:07:20 Processing error E:\jeux\Need.For.Speed.Undercover.FRENCH-ReVOLVeR\Need.For.Speed.Undercover.FRENCH-ReVOLVeR.iso/Group114.cab Read error 25/09/2010 10:07:20 Processing error E:\jeux\Need.For.Speed.Undercover.FRENCH-ReVOLVeR\Need.For.Speed.Undercover.FRENCH-ReVOLVeR.iso Read error 25/09/2010 10:14:46 Detected: Trojan-Spy.Win32.Zbot.anzj E:\Téléchargements\packupdate107_2114.exe 25/09/2010 10:14:53 Deleted: Trojan-Spy.Win32.Zbot.anzj E:\Téléchargements\packupdate107_2114.exe 25/09/2010 10:41:54 Processing error H:\film\Les guignols de l'info 2007\CD1\ind-guignol1.rar Read error 25/09/2010 10:46:02 Processing error H:\film\Les guignols de l'info 2007\CD2\ind-guignol2.rar Read error 25/09/2010 11:20:57 Processing error E:\jeux\Call.Of.Duty.World.At.War.FRENCH-ReVOLVeR.iso/Setup/Data/main/iw_00.iwd Read error 25/09/2010 11:20:57 Processing error E:\jeux\mini cd1\NFSMW-MINI.mdf/0compressed.zip Read error 25/09/2010 11:20:57 Processing error E:\jeux\mini cd1\NFSMW-MINI.mdf Read error 25/09/2010 11:35:40 Processing error E:\jeux\Call.Of.Duty.World.At.War.FRENCH-ReVOLVeR.iso Read error 25/09/2010 11:38:26 Processing error E:\jeux\Need.For.Speed.Undercover.FRENCH-ReVOLVeR\Need.For.Speed.Undercover.FRENCH-ReVOLVeR.iso/Group10.cab Read error 25/09/2010 11:38:50 Processing error E:\jeux\rld-etqw.iso/Setup/rsrc/etqw.exe Read error 25/09/2010 11:38:50 Processing error E:\jeux\Need.For.Speed.Undercover.FRENCH-ReVOLVeR\Need.For.Speed.Undercover.FRENCH-ReVOLVeR.iso/Group11.cab Read error 25/09/2010 11:50:02 Processing error E:\jeux\Need.For.Speed.Undercover.FRENCH-ReVOLVeR\Need.For.Speed.Undercover.FRENCH-ReVOLVeR.iso Read error 25/09/2010 12:22:08 Processing error E:\jeux\mini cd1\NFSMW-MINI.mdf/0compressed.zip Read error 25/09/2010 12:22:08 Processing error E:\jeux\Call.Of.Duty.World.At.War.FRENCH-ReVOLVeR.iso/Setup/Data/main/iw_00.iwd Read error 25/09/2010 12:22:09 Processing error E:\jeux\mini cd1\NFSMW-MINI.mdf Read error 25/09/2010 12:39:22 Processing error E:\jeux\Call.Of.Duty.World.At.War.FRENCH-ReVOLVeR.iso Read error 25/09/2010 12:42:01 Processing error E:\jeux\Need.For.Speed.Undercover.FRENCH-ReVOLVeR\Need.For.Speed.Undercover.FRENCH-ReVOLVeR.iso/Group10.cab Read error 25/09/2010 12:42:19 Processing error E:\jeux\Need.For.Speed.Undercover.FRENCH-ReVOLVeR\Need.For.Speed.Undercover.FRENCH-ReVOLVeR.iso/Group11.cab Read error 25/09/2010 12:42:51 Processing error E:\jeux\Need.For.Speed.Undercover.FRENCH-ReVOLVeR\Need.For.Speed.Undercover.FRENCH-ReVOLVeR.iso/Group112.cab Read error 25/09/2010 12:43:14 Processing error E:\jeux\rld-etqw.iso/Setup/rsrc/etqw.exe Read error 25/09/2010 12:50:57 Processing error E:\jeux\Need.For.Speed.Undercover.FRENCH-ReVOLVeR\Need.For.Speed.Undercover.FRENCH-ReVOLVeR.iso Read error 25/09/2010 13:12:55 Processing error H:\film\Les guignols de l'info 2007\CD1\ind-guignol1.rar Read error 25/09/2010 13:30:01 Task completed

bonsoir je suis de retour et le pc a encore plus de problème, j'ai galéré pour retourner sur le net 2 VT Community user(s) with a total of 489 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware. File name: explorer.exe Submission date: 2010-09-23 20:23:30 (UTC) Current status: queued queued (#1) analysing finished Result: 0/ 43 (0.0%) VT Community goodware Safety score: 100.0% Compact Print results Antivirus Version Last Update Result AhnLab-V3 2010.09.23.00 2010.09.23 - AntiVir 7.10.12.23 2010.09.23 - Antiy-AVL 2.0.3.7 2010.09.23 - Authentium 5.2.0.5 2010.09.23 - Avast 4.8.1351.0 2010.09.23 - Avast5 5.0.594.0 2010.09.23 - AVG 9.0.0.851 2010.09.23 - BitDefender 7.2 2010.09.23 - CAT-QuickHeal 11.00 2010.09.23 - ClamAV 0.96.2.0-git 2010.09.23 - Comodo 6178 2010.09.23 - DrWeb 5.0.2.03300 2010.09.23 - Emsisoft 5.0.0.37 2010.09.23 - eSafe 7.0.17.0 2010.09.21 - eTrust-Vet 36.1.7872 2010.09.23 - F-Prot 4.6.2.117 2010.09.23 - F-Secure 9.0.15370.0 2010.09.23 - Fortinet 4.1.143.0 2010.09.23 - GData 21 2010.09.23 - Ikarus T3.1.1.88.0 2010.09.23 - Jiangmin 13.0.900 2010.09.21 - K7AntiVirus 9.63.2589 2010.09.23 - Kaspersky 7.0.0.125 2010.09.23 - McAfee 5.400.0.1158 2010.09.23 - McAfee-GW-Edition 2010.1C 2010.09.23 - Microsoft 1.6201 2010.09.23 - NOD32 5474 2010.09.23 - Norman 6.06.06 2010.09.23 - nProtect 2010-09-23.02 2010.09.23 - Panda 10.0.2.7 2010.09.23 - PCTools 7.0.3.5 2010.09.23 - Prevx 3.0 2010.09.23 - Rising 22.66.00.07 2010.09.21 - Sophos 4.58.0 2010.09.23 - Sunbelt 6918 2010.09.23 - SUPERAntiSpyware 4.40.0.1006 2010.09.23 - Symantec 20101.1.1.7 2010.09.23 - TheHacker 6.7.0.0.029 2010.09.23 - TrendMicro 9.120.0.1004 2010.09.23 - TrendMicro-HouseCall 9.120.0.1004 2010.09.23 - VBA32 3.12.14.1 2010.09.22 - ViRobot 2010.9.23.4057 2010.09.23 - VirusBuster 12.65.23.0 2010.09.23 - Additional information Show all MD5 : f2317622d29f9ff0f88aeecd5f60f0dd SHA1 : d54b0b83de6ee5922dd90db1446872bf32062b25 SHA256: 1ab74a4ae472156a5d2c6714e2e1a60e3b32ceb4996f923887a12b6a27315d13 TDSSKiller na rien trouver

GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover Rootkit scan 2010-09-13 09:59:47 Windows 5.1.2600 Service Pack 3 Running: 2isbyyx5.exe; Driver: C:\DOCUME~1\Jonah\LOCALS~1\Temp\ugldqpod.sys ---- System - GMER 1.0.15 ---- SSDT B05D9D76 ZwCreateKey SSDT B05D9D6C ZwCreateThread SSDT B05D9D7B ZwDeleteKey SSDT B05D9D85 ZwDeleteValueKey SSDT B05D9D8A ZwLoadKey SSDT B05D9D58 ZwOpenProcess SSDT B05D9D5D ZwOpenThread SSDT B05D9D94 ZwReplaceKey SSDT B05D9D8F ZwRestoreKey SSDT B05D9D80 ZwSetValueKey SSDT B05D9D67 ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- init C:\WINDOWS\system32\drivers\nvax.sys entry point in "init" section [0xF877C49E] ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.) AttachedDevice \FileSystem\Fastfat \Fat SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x00 0xDD 0xBD 0x74 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x8B 0x5A 0x0A 0x4C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x05 0x92 0x10 0x64 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x18 0x44 0x5F 0x11 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x00 0xDD 0xBD 0x74 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x8B 0x5A 0x0A 0x4C ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x05 0x92 0x10 0x64 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x18 0x44 0x5F 0x11 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x62 0x8A 0xDC 0x9C ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x8B 0x5A 0x0A 0x4C ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xE1 0xB2 0xEA 0xA4 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x18 0x44 0x5F 0x11 ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@E:\Macromedia Studio 8\Dreamweaver 8\Configuration\Behaviors\Events\4.0 et ultÃ\x2026Â\xbdrieurs.htm 1 ---- EOF - GMER 1.0.15 ---- je vais pas être présent quelque jours si il y a besoin ont reprendra sa plus tard. sa te dérange pas?

Le membre Thanos ne peut plus recevoir de nouveaux messages je fait comment du coup ^^

ComboFix 10-09-09.04 - Jonah 11/09/2010 12:53:42.2.1 - x86 MINIMAL Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.511.366 [GMT 2:00] Lancé depuis: c:\documents and settings\Jonah\Bureau\tygwen.exe Commutateurs utilisés :: c:\documents and settings\Jonah\Bureau\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {804E58E8-FFA4-00C8-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {00000000-0000-0000-0000-000000000000} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804E5358-FFA4-00C8-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804E5358-FFA4-00DA-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804E5358-FFA4-00EB-0D24-347CA8A3377C} file zipped: c:\documents and settings\All Users\Application Data\packautoapi.exe file zipped: c:\windows\propaudiomsg.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\packautoapi.exe c:\documents and settings\Jonah\Application Data\vvlcamwbq c:\documents and settings\Jonah\Local Settings\Application Data\vvlcamwbq c:\windows\propaudiomsg.exe . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MACONFSERVICE -------\Service_GAGPDrv -------\Service_maconfservice ((((((((((((((((((((((((((((( Fichiers créés du 2010-08-11 au 2010-09-11 )))))))))))))))))))))))))))))))))))) . 2010-09-30 18:21 . 2010-09-08 05:21 500104 ----a-w- c:\windows\system32\perfh040.dat 2010-09-30 18:21 . 2010-09-08 05:21 80360 ----a-w- c:\windows\system32\perfc040.dat 2010-09-10 21:07 . 2010-09-10 21:29 -------- d-----w- C:\tygwen 2010-09-10 20:13 . 2010-09-09 11:59 1037824 -c--a-w- c:\windows\system32\dllcache\explorer.exe 2010-09-10 20:13 . 2010-09-09 11:59 1037824 ----a-w- c:\windows\explorer.exe 2010-09-09 11:15 . 2010-09-09 11:15 -------- d-----w- c:\program files\trend micro 2010-09-09 11:15 . 2010-09-09 11:15 -------- d-----w- C:\rsit 2010-09-09 05:24 . 2010-09-09 05:24 -------- d-----w- c:\documents and settings\Jonah\Application Data\Malwarebytes 2010-09-09 05:24 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-09-09 05:24 . 2010-09-09 05:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-09-09 05:24 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-09-01 17:12 . 2010-09-01 17:12 -------- d-----w- c:\program files\Enigma Software Group 2010-09-01 17:11 . 2010-09-09 17:02 -------- d-----w- c:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-10-01 10:16 . 2010-01-03 17:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-09-30 20:37 . 2006-12-19 18:11 69984 ----a-w- c:\documents and settings\Jonah\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-09-30 18:14 . 2010-06-27 20:36 -------- d-----w- c:\documents and settings\Jonah\Application Data\uTorrent 2010-09-30 18:14 . 2007-10-29 18:19 -------- d-----w- c:\program files\ConTEXT 2010-09-30 18:14 . 2007-02-03 15:13 -------- d-----w- c:\program files\GoldWave 2010-09-30 18:14 . 2006-12-19 19:12 -------- d-----w- c:\program files\Mozilla Thunderbird 2010-09-30 16:33 . 2006-12-19 20:59 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-09-08 05:21 . 2001-08-28 12:00 80508 ----a-w- c:\windows\system32\perfc00C.dat 2010-09-08 05:21 . 2001-08-28 12:00 500482 ----a-w- c:\windows\system32\perfh00C.dat 2010-09-05 15:42 . 2009-12-04 21:29 -------- d-----w- c:\documents and settings\Jonah\Application Data\vlc 2010-09-05 03:53 . 2007-02-02 10:54 -------- d-----w- c:\documents and settings\Jonah\Application Data\dvdcss 2010-09-01 17:11 . 2007-12-02 19:11 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard 2010-06-25 18:16 . 2010-06-25 18:16 15962 ----a-w- c:\windows\W2BNEUnin.dat 2010-06-25 18:16 . 2010-06-25 18:16 98304 ----a-w- c:\windows\W2BNEUnin.exe 2010-06-25 18:16 . 2010-06-25 18:16 2829 ----a-w- c:\windows\W2BNEUnin.pif 2006-05-03 09:06 . 2007-11-24 14:56 163328 --sh--r- c:\windows\system32\flvDX.dll 2007-02-21 10:47 . 2007-11-24 14:56 31232 --sh--r- c:\windows\system32\msfDX.dll 2008-03-16 12:30 . 2008-11-28 10:25 216064 --sh--r- c:\windows\system32\nbDX.dll . ------- Sigcheck ------- [-] 2009-12-21 . FE1B72EA7D56047544F71E6561E92D6B . 5942784 . . [8.00.6001.18876] . . c:\windows\system32\mshtml.dll [-] 2009-12-21 . FE1B72EA7D56047544F71E6561E92D6B . 5942784 . . [8.00.6001.18876] . . c:\windows\system32\dllcache\mshtml.dll [7] 2009-02-21 . D79AEC545A98057155099FB69BB3C4D3 . 3596800 . . [7.00.6000.21015] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\mshtml.dll [7] 2009-02-20 . 78068F040272D5EEF5198B3C75DD4D99 . 3595264 . . [7.00.6000.16825] . . c:\windows\ie8\mshtml.dll [7] 2009-01-16 . 0975BFBBCF2639C8BB5C0790F020DE6C . 3594752 . . [7.00.6000.16809] . . c:\windows\ie7updates\KB963027-IE7\mshtml.dll [7] 2009-01-16 . F386435C5E0A5D86E9F90B659D4F6075 . 3596288 . . [7.00.6000.20996] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll [7] 2008-08-27 . 3CCDB836BBAB800FDED3181AF7EED38F . 3593216 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB961260-IE7\mshtml.dll [7] 2008-08-26 . 0F345A2FE55C3DC9693AAAF2E983F4AD . 3594752 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll [7] 2008-04-14 . C4153F037157C7BE7C54FD88887F027D . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll [7] 2007-10-30 . EB4E53C96D5FB4A9A3F1EAEB782D8862 . 3593216 . . [7.00.6000.20710] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll [7] 2007-10-30 . 89397AFC934A509580FF089035E71DA8 . 3590656 . . [7.00.6000.16587] . . c:\windows\ie7updates\KB956390-IE7\mshtml.dll [-] 2007-08-22 . 8DCC33B8D7E1C3ECD4DC3F9A9B8493D3 . 3079168 . . [6.00.2900.3199] . . c:\windows\ie7\mshtml.dll [-] 2007-08-22 . 6B815842B4A9CDED3D7E9846639E69FA . 3085824 . . [6.00.2900.3199] . . c:\windows\$hf_mig$\KB939653\SP2QFE\mshtml.dll [7] 2007-08-20 . 12357B36CB76D754FB9AE7822A64A03D . 3584512 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB942615-IE7\mshtml.dll [7] 2007-08-20 . 12357B36CB76D754FB9AE7822A64A03D . 3584512 . . [7.00.6000.16544] . . c:\windows\SoftwareDistribution\Download\36e241a7c6880a9ebdbe78b98d36306d\SP2GDR\mshtml.dll [7] 2007-08-20 . D9481E937D5BE0B2D5DBCD87745E925A . 3592192 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll [7] 2007-08-20 . D9481E937D5BE0B2D5DBCD87745E925A . 3592192 . . [7.00.6000.20661] . . c:\windows\SoftwareDistribution\Download\36e241a7c6880a9ebdbe78b98d36306d\SP2QFE\mshtml.dll [7] 2007-08-13 . C6EC2493346ED8888A549F59210A8ED3 . 3578368 . . [7.00.5730.13] . . c:\windows\ie7updates\KB939653-IE7\mshtml.dll [-] 2007-06-15 . CA8215FF55022B47D6948C4BB09E8D52 . 3085312 . . [6.00.2900.3157] . . c:\windows\$hf_mig$\KB937143\SP2QFE\mshtml.dll [-] 2007-05-04 . BE930AD339B283D83030BD7E67D1CCFD . 3085312 . . [6.00.2900.3132] . . c:\windows\$hf_mig$\KB933566\SP2QFE\mshtml.dll [-] 2007-02-19 . 942AB79C4A9DDEED3FE39C424967B91B . 3084288 . . [6.00.2900.3086] . . c:\windows\$hf_mig$\KB931768\SP2QFE\mshtml.dll [-] 2007-01-04 . 1703F708C9D604CDD3D8C199861DC2E4 . 3083264 . . [6.00.2900.3059] . . c:\windows\$hf_mig$\KB928090\SP2QFE\mshtml.dll [-] 2006-10-23 . EE542871960ACFD459F4113B1BCC6C10 . 3082240 . . [6.00.2900.3020] . . c:\windows\$hf_mig$\KB925454\SP2QFE\mshtml.dll [7] 2004-08-19 . 7CA9E0D2C4DCA6B710FD57F40E597337 . 3003392 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\mshtml.dll [-] 2009-12-21 . A8D4AB4ECD850013612E2B6F96EF2394 . 916480 . . [8.00.6001.18876] . . c:\windows\system32\wininet.dll [-] 2009-12-21 . A8D4AB4ECD850013612E2B6F96EF2394 . 916480 . . [8.00.6001.18876] . . c:\windows\system32\dllcache\wininet.dll [7] 2009-03-03 . 39F71B559A97ED722F939A0EA7235323 . 828416 . . [7.00.6000.21020] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll [7] 2009-03-03 . 68A2567FDD62AE7E31D8A885C5173EF9 . 826368 . . [7.00.6000.16827] . . c:\windows\ie8\wininet.dll [7] 2008-12-20 . 4E192082A5FCE9EF19198A24CDEA3442 . 827904 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll [7] 2008-12-20 . 0551C946E305CEE0A79BA744DC141BFC . 826368 . . [7.00.6000.16791] . . c:\windows\ie7updates\KB963027-IE7\wininet.dll [7] 2008-08-26 . 4B0E70D44297877A313045BD059770E1 . 827904 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll [7] 2008-08-26 . E30CACD98479B36A3DBFA3267BF62DD0 . 826368 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB961260-IE7\wininet.dll [7] 2008-04-14 . 4A6E04EA20F48D750D9BFED8600D516B . 670208 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll [7] 2007-10-10 . BC5119C53BDD48DABC628D448A3BDCCB . 824832 . . [7.00.6000.16574] . . c:\windows\ie7updates\KB956390-IE7\wininet.dll [7] 2007-10-10 . 871AE10D6AE8877E9636AE5017953D52 . 825344 . . [7.00.6000.20696] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll [-] 2007-08-22 . 18048557AA56DE4B1955FDF7A21F9B24 . 663040 . . [6.00.2900.3199] . . c:\windows\ie7\wininet.dll [-] 2007-08-22 . 4F6A45B54D26708E2C2BF2C43D83EDEA . 669696 . . [6.00.2900.3199] . . c:\windows\$hf_mig$\KB939653\SP2QFE\wininet.dll [7] 2007-08-20 . F6DFCEED3A7AA4C9EEB966D3F1ADC70A . 824832 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB942615-IE7\wininet.dll [7] 2007-08-20 . F6DFCEED3A7AA4C9EEB966D3F1ADC70A . 824832 . . [7.00.6000.16544] . . c:\windows\SoftwareDistribution\Download\36e241a7c6880a9ebdbe78b98d36306d\SP2GDR\wininet.dll [7] 2007-08-20 . 2DD1B0F579C80562EDCB8848FF7EA9F6 . 825344 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll [7] 2007-08-20 . 2DD1B0F579C80562EDCB8848FF7EA9F6 . 825344 . . [7.00.6000.20661] . . c:\windows\SoftwareDistribution\Download\36e241a7c6880a9ebdbe78b98d36306d\SP2QFE\wininet.dll [7] 2007-08-13 . A4A0FC92358F39538A6494C42EF99FE9 . 818688 . . [7.00.5730.13] . . c:\windows\ie7updates\KB939653-IE7\wininet.dll [-] 2007-06-26 . 19058FBDC72F7BAE085369C6D0A7D074 . 669696 . . [6.00.2900.3164] . . c:\windows\$hf_mig$\KB937143\SP2QFE\wininet.dll [-] 2007-04-18 . A3BF56A786B277E881FD9137F55F0B4B . 669696 . . [6.00.2900.3121] . . c:\windows\$hf_mig$\KB933566\SP2QFE\wininet.dll [-] 2007-02-19 . 1BDE6D5DBA35797ECA8DB8FCB80FC015 . 669696 . . [6.00.2900.3086] . . c:\windows\$hf_mig$\KB931768\SP2QFE\wininet.dll [-] 2007-01-04 . 114342601AC7EA73B0D2A0ED8505B8B9 . 669184 . . [6.00.2900.3059] . . c:\windows\$hf_mig$\KB928090\SP2QFE\wininet.dll [-] 2006-10-23 . EFA0C2870CBA1747809A13E09F35BF82 . 668672 . . [6.00.2900.3020] . . c:\windows\$hf_mig$\KB925454\SP2QFE\wininet.dll [7] 2004-08-19 . 4E958B97EFC3D801F49283D1820F48B7 . 660480 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\wininet.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "*hostfatevts.exe"="c:\documents and settings\Jonah\Menu Démarrer\Programmes\Système\Démarrage\hostfatevts.exe" [2010-09-11 153600] c:\documents and settings\Jonah\Menu D‚marrer\Programmes\SystŠme\D‚marrage\ hostfatevts.exe [2010-9-11 153600] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ WlanUtility.lnk.disabled [2007-10-6 768] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4400 Series] 2007-03-01 06:01 180736 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATICAE.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2009-03-05 15:07 2260480 --sha-r- e:\spybot - search & destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperCopier.exe] 2003-04-24 22:03 683520 ----a-w- c:\program files\SuperCopier\SuperCopier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] 2009-11-13 11:31 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" /min "DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" "LogMeIn Hamachi Ui"="E:\hamachi-2-ui.exe" --auto-start "nForce Tray Options"=sstray.exe /r "SpybotSnD"="e:\spybot - search & destroy\SpybotSD.exe" /autocheck "SpyHunter Security Suite"=c:\program files\Enigma Software Group\SpyHunter\SpyHunter4.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\TYPSoft FTP Server\\ftpserv.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "%windir%\\system32\\sessmgr.exe"= "e:\\Age of empires\\age2_x1\\_age2_x1.exe"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= "e:\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\aMSN\\bin\\wish.exe"= "e:\\Program Files\\Call of Duty\\CoDMP.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Adobe\\Adobe Help Center\\ahc.exe"= "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "e:\\Age of empires\\age2_x1\\age2_x1.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "47624:TCP"= 47624:TCP:aoe2 "13139:UDP"= 13139:UDP:aoe1 R0 si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\si3112r.sys [19/12/2006 18:32 97408] R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [19/12/2006 18:32 10240] S2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [07/12/2007 16:54 217208] S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [01/05/2009 09:38 108289] S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;e:\hamachi-2.exe -s --> e:\hamachi-2.exe -s [?] S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13/11/2009 13:31 92008] S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25/01/2007 19:31 42000] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19/12/2006 21:58 639224] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.orange.fr/ IE: Download All Files by HiDownload IE: Download by HiDownload IE: E&xporter vers Microsoft Excel - e:\micros~1\Office12\EXCEL.EXE/3000 IE: Ouvrir le fichier PDF dans Word (PDF Converter 3.0) - c:\program files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /300 FF - ProfilePath - c:\documents and settings\Jonah\Application Data\Mozilla\Firefox\Profiles\2weruy4l.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-09-11 13:02 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . Heure de fin: 2010-09-11 13:05:53 - La machine a redémarré ComboFix-quarantined-files.txt 2010-09-11 11:05 ComboFix2.txt 2010-09-10 17:59 Avant-CF: 960 311 296 octets libres Après-CF: 860 798 976 octets libres - - End Of File - - 6B928746E5E97CB9598FEDF1479715D4 pour CF-Submit.htm j'arrive pas a mettre la main dessus.

bon la j'ai merder j'ai pas double clique sur CF-Submit.htm et j'ai perdu le rapport dans la bataille j'ai moyen de rechoper tout sa ?

non j'utilise le même pc . bon j'ai laisser tourner le logiciel tout la nuit et il a pas bouger. du coup je lais arrêter se matin. je doit fair quoi ?

sa fait plus de 10 min que le logiciel dit qui va se lancer c'est normal ?