Je suis contaminé

janisse · le 9 décembre 2006

Bonjour,

Je suis contaminé (peut être par Win Antirus pro 2006 ?) ou par autre chose.

Pouvez vous m'aider ?

Voici mon rapport HijackThis :

Logfile of HijackThis v1.99.1

Scan saved at 19:42:19, on 09/12/2006

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Program Files\CyberLink Media Carnival\PowerVCR II\Agent.exe

C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe

C:\PROGRA~1\RACLE~1\dllhost.exe

C:\Program Files\Micro Application\12 DICOS Indispensables\MediaDICO12.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe

C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe

C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe

C:\Program Files\Micro Application\12 DICOS Indispensables\Rac12.EXE

C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe

C:\WINDOWS\System32\wbem\wmiapsrv.exe

C:\WINDOWS\??stem\d?dplay.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Outlook Express\msimn.exe

C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {9EB4A935-30A1-5F3E-D25C-1873163F0398} - C:\WINDOWS\System32\jje.dll

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\System32\udiqektt.dll

O2 - BHO: (no name) - {3A947772-3B29-41DB-A436-4B5CAAECE2F6} - C:\WINDOWS\System32\ddcdcca.dll

O2 - BHO: (no name) - {9EB4A935-30A1-5F3E-D25C-1873163F0398} - C:\WINDOWS\System32\jje.dll

O2 - BHO: (no name) - {A03F1748-898A-9019-8DAF-A028E62C67BE} - C:\WINDOWS\System32\joszear.dll (file missing)

O2 - BHO: (no name) - {C07B3C6C-B47B-4428-B8D6-F33C9237E7EE} - C:\WINDOWS\System32\pmkhh.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Agent] "C:\Program Files\CyberLink Media Carnival\PowerVCR II\Agent.exe"

O4 - HKLM\..\Run: [Remote_Agent] "C:\Program Files\CyberLink Media Carnival\PowerVCR II\RemoteAgent.exe"

O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"

O4 - HKCU\..\Run: [MediaDico] C:\Program Files\Micro Application\12 DICOS Indispensables\LanceMediaDICO12.exe Lancement

O4 - HKCU\..\Run: [Trte] "C:\PROGRA~1\RACLE~1\dllhost.exe" -vt yazb

O4 - HKCU\..\Run: [Wrnupe] C:\WINDOWS\??stem\d?dplay.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://cdn.drivecleaner.com/installdrivecleanerstart_fr.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: ddcdcca - C:\WINDOWS\SYSTEM32\ddcdcca.dll

O20 - Winlogon Notify: pmkhh - C:\WINDOWS\System32\pmkhh.dll

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe

O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe

Merci pour votre aide

Janisse

bruce lee · le 9 décembre 2006

bonjour janisse et bienvenue sur zebulon

1. Télécharge combofix.exe (par sUBs) sur ton Bureau

2. Double clique combofix.exe et suis les invites.

3. Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

Poste aussi un nouveau rapport hijackthis

janisse · le 9 décembre 2006

Merci Bruce Lee pour ta réponse rapide et ton aide :

Voici le rapport Combofix :

ComboFix 06.11.27W - Running from: "C:\Documents and Settings\JANISSON Jo‰l\Bureau"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Program Files\Fichiers communs\Yazzle1125OinAdmin.exe

C:\Program Files\Fichiers communs\Yazzle1125OinUninstaller.exe

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Program Files\RACLE~1

C:\QooBox\Purity\Program Files\SEMBLY~1

C:\QooBox\Purity\Program Files\RACLE~1\dllhost.exe

C:\QooBox\Purity\Program Files\RACLE~1\?racle

C:\QooBox\Purity\WINDOWS\STEM~1

C:\QooBox\Purity\WINDOWS\STEM~1\d?dplay.exe

C:\QooBox\Purity\WINDOWS\system32\FNTS~1

C:\QooBox\Purity\WINDOWS\system32\ICROSO~1

((((((((((((((((((((((((((((((( Files Created from 2006-11-09 to 2006-12-09 ))))))))))))))))))))))))))))))))))

2006-12-09 19:54 <REP> d-------- C:\WINDOWS\system32\ActiveScan

2006-12-09 19:30 126,996 --a------ C:\WINDOWS\system32\fsrlaeng.dll

2006-12-09 19:27 <REP> d-------- C:\!KillBox

2006-12-09 19:14 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise

2006-12-09 16:28 56,832 --a------ C:\WINDOWS\system32\jje.dll

2006-12-09 16:28 <REP> d-------- C:\Documents and Settings\JANISSON Jo‰l\Application Data\àdobe

2006-12-09 16:27 <REP> d-------- C:\Program Files\Lavasoft

2006-12-09 16:27 <REP> d-------- C:\Documents and Settings\JANISSON Jo‰l\Application Data\Lavasoft

2006-12-07 12:45 126,996 --a------ C:\WINDOWS\system32\siotcmth.dll

2006-11-30 12:46 126,996 --a------ C:\WINDOWS\system32\fvdjvkfh.dll

2006-11-27 20:06 88,340 --a------ C:\WINDOWS\system32\ubrfeana.exe

2006-11-27 20:06 42,516 --a------ C:\WINDOWS\system32\udiqektt.dll

2006-11-25 19:11 720,896 -ra------ C:\WINDOWS\system32\a3d.dll

2006-11-25 19:11 57,344 --a------ C:\WINDOWS\system32\drivers\drmk.sys

2006-11-25 19:11 549,368 -ra------ C:\WINDOWS\system32\drivers\smwdm.sys

2006-11-25 19:11 4,816 -ra------ C:\WINDOWS\system32\drivers\aeaudio.sys

2006-11-25 19:11 3,744 -ra------ C:\WINDOWS\system32\drivers\smsens.sys

2006-11-25 19:11 135,040 --a------ C:\WINDOWS\system32\drivers\portcls.sys

2006-11-25 18:57 730,700 --------- C:\WINDOWS\system32\drivers\alcxwdm.sys

2006-11-25 18:57 46,592 --------- C:\WINDOWS\soundman.exe

2006-11-25 18:57 208,896 --------- C:\WINDOWS\alcupd.exe

2006-11-25 18:57 131,072 --------- C:\WINDOWS\alcrmv.exe

2006-11-25 18:57 <REP> d-------- C:\Program Files\Realtek Sound Manager

2006-11-25 18:57 <REP> d-------- C:\Program Files\AvRack

2006-11-25 18:56 44 --a------ C:\WINDOWS\system32\msssc.dll

2006-11-25 18:55 <REP> d-------- C:\Program Files\ASUS

2006-11-25 18:54 306,688 --a------ C:\WINDOWS\IsUninst.exe

2006-11-24 20:37 <REP> d-------- C:\Documents and Settings\JANISSON Jo‰l\Application Data\DriveCleaner 2006 Free

2006-11-23 12:48 38,420 --a------ C:\WINDOWS\system32\ynucgyjr.dll

2006-11-23 12:20 126,996 --a------ C:\WINDOWS\system32\ktjttvky.dll

2006-11-19 08:46 <REP> d-------- C:\Program Files\Barbie

2006-11-16 11:03 126,996 --------- C:\WINDOWS\system32\dbxanqki.dll

2006-11-14 18:34 <REP> dr-h----- C:\Documents and Settings\JANISSON Jo‰l\Recent

2006-11-11 21:40 <REP> d--h----- C:\WINDOWS\PIF

2006-11-11 21:40 <REP> d-------- C:\Program Files\VSToolbar

2006-11-11 21:40 <REP> d-------- C:\Documents and Settings\JANISSON Jo‰l\Application Data\CyberLink

2006-11-11 21:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MSN6

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-12-09 20:13 580153 ---hs---- C:\WINDOWS\system32\hhkmp.ini2

2006-12-09 20:06 -------- d-------- C:\Program Files\Fichiers communs

2006-12-09 19:57 -------- d-------- C:\Program Files\Internet Explorer

2006-12-09 19:33 12288 --ahs---- C:\Program Files\Thumbs.db

2006-12-09 16:32 569578 ---hs---- C:\WINDOWS\system32\hhkmp.bak2

2006-12-09 16:28 2 --a------ C:\WINDOWS\system32\wnsapiit.exe

2006-12-09 16:28 -------- d-------- C:\Documents and Settings\JANISSON Jo‰l\Application Data\àdobe

2006-12-09 16:27 -------- d-------- C:\Documents and Settings\JANISSON Jo‰l\Application Data\Lavasoft

2006-12-07 16:09 -------- d-------- C:\Program Files\Common Files

2006-12-06 20:05 1196209 ---hs---- C:\WINDOWS\system32\hhkmp.bak1

2006-11-25 18:57 -------- d--h----- C:\Program Files\InstallShield Installation Information

2006-11-24 20:37 -------- d-------- C:\Documents and Settings\JANISSON Jo‰l\Application Data\DriveCleaner 2006 Free

2006-11-11 21:40 -------- d-------- C:\Program Files\InterActual

2006-11-11 21:40 -------- d-------- C:\Documents and Settings\JANISSON Jo‰l\Application Data\CyberLink

2006-11-11 21:39 -------- d-------- C:\Program Files\PowerArchiver

2006-11-07 14:40 -------- d---s---- C:\Documents and Settings\JANISSON Jo‰l\Application Data\Microsoft

2006-11-05 13:30 -------- d-------- C:\Documents and Settings\JANISSON Jo‰l\Application Data\Adobe

2006-11-02 13:01 110612 --------- C:\WINDOWS\system32\daokgwtv.exe

2006-11-02 13:00 60436 --------- C:\WINDOWS\system32\frtggqvk.dll

2006-11-01 17:51 -------- d-------- C:\Program Files\Trend Micro

2006-11-01 09:57 -------- d-------- C:\Documents and Settings\JANISSON Jo‰l\Application Data\MSN6

2006-11-01 09:44 40973 --------- C:\WINDOWS\system32\awtrqno.dll

2006-10-26 17:50 8012 --a------ C:\WINDOWS\algs.exe

2006-10-26 17:50 40973 --------- C:\WINDOWS\system32\ddcdcca.dll

2006-10-26 17:50 16384 --------- C:\WINDOWS\system32\wu.exe

2006-10-26 09:13 706 --a------ C:\Documents and Settings\JANISSON Jo‰l\Application Data\update.log

2006-10-26 08:15 98324 --------- C:\WINDOWS\system32\uyxcutlg.dll

2006-10-26 08:15 688180 --------- C:\WINDOWS\system32\pmkhh.dll

2006-10-26 08:15 67604 --------- C:\WINDOWS\system32\omlldqfx.exe

2006-10-26 08:15 -------- d-------- C:\Documents and Settings\JANISSON Jo‰l\Application Data\SearchToolbarCorp

2006-10-25 23:46 40973 --------- C:\WINDOWS\system32\tuvutsr.dll

2006-10-25 21:23 40973 --------- C:\WINDOWS\system32\rqromnl.dll

2006-10-25 20:27 40973 --------- C:\WINDOWS\system32\byxwxut.dll

2006-10-25 20:17 40973 --------- C:\WINDOWS\system32\khfcaby.dll

2006-10-25 20:07 40973 --------- C:\WINDOWS\system32\hggedcb.dll

2006-10-25 19:26 40973 --------- C:\WINDOWS\system32\rqrrppq.dll

2006-10-25 19:10 40973 --------- C:\WINDOWS\system32\cbxutqn.dll

2006-10-25 18:31 40973 --------- C:\WINDOWS\system32\efcyyaa.dll

2006-10-25 12:21 40973 --------- C:\WINDOWS\system32\ssqrolk.dll

2006-10-25 12:19 -------- d-------- C:\Program Files\NetMeeting

2006-10-25 10:06 40973 --------- C:\WINDOWS\system32\hgggffd.dll

2006-10-25 09:53 -------- d-------- C:\Documents and Settings\JANISSON Jo‰l\Application Data\Ahead

2006-10-17 18:09 -------- d-------- C:\Program Files\Ubisoft

2006-10-17 17:48 -------- d-------- C:\Program Files\Ubi Soft

2006-10-17 17:47 -------- d-------- C:\Program Files\Fichiers communs\InstallShield

2006-10-11 18:56 -------- d-------- C:\Program Files\Eidos Interactive

2006-10-11 18:20 -------- d--h----- C:\Program Files\WindowsUpdate

2006-10-11 17:54 3432 --------- C:\WINDOWS\system32\dmydyhx.exe

2006-10-11 17:54 -------- d-------- C:\Program Files\HP

2006-10-11 17:54 -------- d-------- C:\Program Files\Fichiers communs\HP

2006-10-11 17:54 -------- d-------- C:\Program Files\Corel(2)

2006-10-11 10:06 -------- d-------- C:\Documents and Settings\JANISSON Jo‰l\Application Data\HP

2006-10-11 09:58 -------- d-------- C:\Program Files\Fichiers communs\Hewlett-Packard

2006-10-10 15:01 34816 --------- C:\WINDOWS\system32\ttkonmr.exe

2006-10-08 16:33 62 --ahs---- C:\Documents and Settings\JANISSON Jo‰l\Application Data\desktop.ini

2006-10-08 16:19 34308 --------- C:\WINDOWS\system32\BASSMOD.dll

2006-10-08 15:42 0 -rahs---- C:\MSDOS.SYS

2006-10-08 15:42 0 -rahs---- C:\IO.SYS

2006-10-08 15:42 0 --a------ C:\CONFIG.SYS

2006-10-08 15:42 0 --a------ C:\AUTOEXEC.BAT

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"MediaDico"="C:\\Program Files\\Micro Application\\12 DICOS Indispensables\\LanceMediaDICO12.exe Lancement"

"Trte"="\"C:\\PROGRA~1\\RACLE~1\\dllhost.exe\" -vt yazb"

"Wrnupe"="C:\\WINDOWS\\??stem\\d?dplay.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"

"nwiz"="nwiz.exe /install"

"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"

"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"

"Agent"="\"C:\\Program Files\\CyberLink Media Carnival\\PowerVCR II\\Agent.exe\""

"Remote_Agent"="\"C:\\Program Files\\CyberLink Media Carnival\\PowerVCR II\\RemoteAgent.exe\""

"pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security 12\\pccguide.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]

"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]

"Installed"="1"

"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]

"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]

"DeskHtmlVersion"=dword:00000110

"DeskHtmlMinorVersion"=dword:00000005

"Settings"=dword:00000001

"GeneralFlags"=dword:00000004

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="Ma page d'accueil"

"Flags"=dword:00000002

"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\

00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00

"CurrentState"=hex:04,00,00,40

"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\

ff,ff,04,00,00,00

"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\

00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]

"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"

"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

"{3A947772-3B29-41DB-A436-4B5CAAECE2F6}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"dontdisplaylastusername"=dword:00000000

"legalnoticecaption"=""

"legalnoticetext"=""

"shutdownwithoutlogon"=dword:00000001

"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]

"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"

"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"

"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"

"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="ccleaner"

"hkey"="HKCU"

"command"="\"C:\\Program Files\\CCleaner\\ccleaner.exe\" /AUTO"

"inimapping"="0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcdcca

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmkhh

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-12-09 20:14:06.68

C:\ComboFix.txt ... 06-12-09 20:14

C:\ComboFix2.txt ... 06-12-09 20:06

Voici le rapport HijackThis :

Logfile of HijackThis v1.99.1

Scan saved at 20:16:32, on 09/12/2006