Votre question

Probleme pc qui rame, s'eteind tout seul! Help !!!!!

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
26 Juin 2009 09:42:08

Bonjour,

Depuis 1 mois, mon ordinateur rame comme pas possible, et antivir' detecte de temps en temps un trojan, que je supprime mais il semble revenir a chaque fois.
Quelqu'un pourrait m'aider svp?? Je n'en peux vraiment plus.
D'autant plus que lorsque je fais un scan complet, il ne detecte que 3 trojans...

Ps : Mon ordinateur s'eteind tout seul aussi, en affichant deux fenetres d'erreur identiques a propos de visual c++ library .

Merci de votre aide!

Autres pages sur : probleme rame eteind seul help

Contenus similaires
27 Juin 2009 12:48:24

Bonjour,

Voici le rapport HijackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:47, on 2009-06-27
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\LaunchAp.exe
C:\Program Files\WButton.exe
C:\Program Files\HotkeyApp.exe
C:\Program Files\OSD.exe
C:\Program Files\OSDCtrl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Syncrosoft\POS\H2O\cledx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\LaunchAp.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Wbutton.exe"
O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\HotkeyApp.exe
O4 - HKLM\..\Run: [LMgrVolOSD] C:\Program Files\OSD.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Program Files\OSDCtrl.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [recinfo] c:\recinfo\recinfo.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSN...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O17 - HKLM\System\CCS\Services\Tcpip\..\{2080A61E-4995-465A-9FA0-D720177313E5}: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CCS\Services\Tcpip\..\{5EAA5194-FE8D-4B05-A5B6-4849A8756B4B}: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CS1\Services\Tcpip\..\{2080A61E-4995-465A-9FA0-D720177313E5}: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CS4\Services\Tcpip\..\{2080A61E-4995-465A-9FA0-D720177313E5}: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\WisLMSvc.exe

--
End of file - 12109 bytes
27 Juin 2009 13:10:26

UP ? ...

Mon processeur continue de tourner a 100%, et firefox rame comme pas possible a se lancer et a ouvrir les pages, les programmes aussi mettent 3h a se lancer!
27 Juin 2009 14:59:53

Bonjour TrampSound Record,

ta machine est infectée...

Désactive le Contrôle des comptes utilisateurs (UAC, tu le réactiveras après la désinfection) :

- Va dans démarrer>Panneau de configuration
- Double-clique sur l' icône Comptes d' utilisateurs
- Clique ensuite sur désactiver puis valide

1) Télécharge :
CCleaner - Slim : http://www.ccleaner.com/download/builds.aspx
Lance-le puis clique sur Options>Avancé et décoche Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures. Laisse-le avec ses réglages par défaut et ferme le programme pour l' instant.
Tuto : http://www.pcastuces.com/pratique/securite/nettoyer_win...

Malwarebytes' Anti-Malware : ICI
Lance-le et une fois l' exécutable téléchargé, double-clique sur mbam-setup.exe, l' installation commence. Laisse-toi guider par l' assistant : Choix de la langue, acceptation de la licence, dossier par défaut... Pense à cocher la case Créer une icône sur le Bureau. Tu arrives à présent à la fin de l' installation, ferme le programme pour l' instant.

2) Lance CCleaner :
Dans le menu Nettoyeur, clique sur Analyse (laisse-le travailler, cela peut durer longtemps la 1ère fois).
Puis clique sur le bouton Lancer le nettoyage.
Fais cela plusieurs fois et ferme CCleaner

3) Lance Malwarebytes' Anti-Malware :
Tuto : http://forum.pcastuces.com/malwarebytes_anti_malware___...

4) Poste le rapport Malwarebytes' Anti-Malware.

A+
28 Juin 2009 14:36:40

Tout d'abord, merci beaucoup de ton aide!

Alors, j'ai fait une analyse rapide avec Malwarebytes' . Voici le rapport :

Malwarebytes' Anti-Malware 1.36
Version de la base de données: 1945
Windows 6.0.6001 Service Pack 1

2009-06-28 14:33:43
mbam-log-2009-06-28 (14-33-35).txt

Type de recherche: Examen rapide
Eléments examinés: 63536
Temps écoulé: 20 minute(s), 6 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 10
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\{NSINAME} (Trojan.Agent) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2080a61e-4995-465a-9fa0-d720177313e5}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5eaa5194-fe8d-4b05-a5b6-4849a8756b4b}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2080a61e-4995-465a-9fa0-d720177313e5}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5eaa5194-fe8d-4b05-a5b6-4849a8756b4b}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{2080a61e-4995-465a-9fa0-d720177313e5}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{5eaa5194-fe8d-4b05-a5b6-4849a8756b4b}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.

Dossier(s) infecté(s):
C:\Users\Fabien&Matou Parfois\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\freshplay (Trojan.DNSChanger) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\freshplay (Trojan.DNSChanger) -> No action taken.

Fichier(s) infecté(s):
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\freshplay\Uninstall.lnk (Trojan.DNSChanger) -> No action taken.
C:\Windows\System32\gaopdxcounter (Trojan.Agent) -> No action taken.
28 Juin 2009 19:18:57

Bonjour TrampSound Record,

le rapport Malwarebytes' Anti-Malware indique Aucune action entreprise

Refais la manip' avec et supprime tout ce qu' il trouvera...

A+
28 Juin 2009 20:06:55

J'ai refait un examen complet et j'ai tout supprimé. voici le rapport:

Malwarebytes' Anti-Malware 1.36
Version de la base de données: 1945
Windows 6.0.6001 Service Pack 1

2009-06-28 20:00:41
mbam-log-2009-06-28 (20-00-37).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 305865
Temps écoulé: 5 hour(s), 0 minute(s), 5 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 10
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\{NSINAME} (Trojan.Agent) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2080a61e-4995-465a-9fa0-d720177313e5}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5eaa5194-fe8d-4b05-a5b6-4849a8756b4b}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2080a61e-4995-465a-9fa0-d720177313e5}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5eaa5194-fe8d-4b05-a5b6-4849a8756b4b}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{2080a61e-4995-465a-9fa0-d720177313e5}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{5eaa5194-fe8d-4b05-a5b6-4849a8756b4b}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.

Dossier(s) infecté(s):
C:\Users\Fabien&Matou Parfois\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\freshplay (Trojan.DNSChanger) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\freshplay (Trojan.DNSChanger) -> No action taken.

Fichier(s) infecté(s):
C:\Program Files\Sony\Sound Forge 9.0\Keygen.exe (Backdoor.SDBot) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\freshplay\Uninstall.lnk (Trojan.DNSChanger) -> No action taken.
C:\Windows\System32\gaopdxcounter (Trojan.Agent) -> No action taken.
28 Juin 2009 20:08:27

Ah j'ai posté le rapport avant suppression. Voici le rapport apres que j'ai tout supprimé :

Malwarebytes' Anti-Malware 1.36
Version de la base de données: 1945
Windows 6.0.6001 Service Pack 1

2009-06-28 20:01:08
mbam-log-2009-06-28 (20-01-08).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 305865
Temps écoulé: 5 hour(s), 0 minute(s), 5 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 10
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\{NSINAME} (Trojan.Agent) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2080a61e-4995-465a-9fa0-d720177313e5}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5eaa5194-fe8d-4b05-a5b6-4849a8756b4b}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2080a61e-4995-465a-9fa0-d720177313e5}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5eaa5194-fe8d-4b05-a5b6-4849a8756b4b}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{2080a61e-4995-465a-9fa0-d720177313e5}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{5eaa5194-fe8d-4b05-a5b6-4849a8756b4b}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Users\Fabien&Matou Parfois\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\freshplay (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\freshplay (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\Sony\Sound Forge 9.0\Keygen.exe (Backdoor.SDBot) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\freshplay\Uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\gaopdxcounter (Trojan.Agent) -> Quarantined and deleted successfully.
28 Juin 2009 22:15:39

Re,
Voici le rapport combofix :

ComboFix 09-06-26.02 - Fabien&Matou Parfois 2009-06-28 21:53.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6001.1.1252.1.1036.18.2038.1149 [GMT 2:00]
Lancé depuis: c:\users\Fabien&Matou Parfois\Downloads\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
AV: Norman Security Suite ver. 7.00 *On-access scanning enabled* (Updated) {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: BitDefender Antispyware *disabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
---- Exécution préalable -------
.
c:\windows\system32\lsprst7.dll
c:\windows\system32\ssprs.dll

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys


((((((((((((((((((((((((((((( Fichiers créés du 2009-05-28 au 2009-06-28 ))))))))))))))))))))))))))))))))))))
.

2009-06-28 19:59 . 2009-06-28 20:02 -------- d-----w- c:\users\Fabien&Matou Parfois\AppData\Local\temp
2009-06-28 19:11 . 2009-06-28 19:12 -------- d-----w- C:\32788R22FWJFW.0.tmp
2009-06-28 12:00 . 2009-06-28 12:00 2967799 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-28 12:00 . 2009-04-06 13:32 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-28 11:59 . 2009-04-06 13:32 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-28 11:59 . 2009-06-28 12:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-28 11:52 . 2009-06-28 11:52 -------- d-----w- c:\program files\CCleaner
2009-06-27 10:42 . 2009-06-27 10:42 -------- d-----w- c:\program files\Trend Micro
2009-06-26 08:21 . 2009-06-26 08:22 -------- d-----w- C:\ToolBar SD
2009-06-26 07:33 . 2009-06-26 08:29 -------- d-----w- C:\Lop SD
2009-06-25 12:49 . 2008-07-07 18:21 147456 ----a-w- c:\users\Fabien&Matou Parfois\AppData\Roaming\Mozilla\Firefox\Profiles\6z3p6utc.default\extensions\{896b34a4-c83f-4ea7-8ef0-51ed7220ac94}\components\ChickenSleep-FF2-win.dll
2009-06-25 12:49 . 2008-04-30 13:53 147456 ----a-w- c:\users\Fabien&Matou Parfois\AppData\Roaming\Mozilla\Firefox\Profiles\6z3p6utc.default\extensions\{896b34a4-c83f-4ea7-8ef0-51ed7220ac94}\components\ChickenSleep.dll
2009-06-22 19:02 . 2008-12-06 04:42 376832 ----a-w- c:\windows\system32\winhttp.dll
2009-06-22 19:00 . 2009-03-03 04:40 499200 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2009-06-22 18:58 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-22 16:34 . 2008-03-03 13:05 54672 ----a-w- c:\windows\system32\vsutil_loc040c.dll
2009-06-22 16:34 . 2008-03-03 13:04 71144 ----a-w- c:\windows\system32\zlcommdb.dll
2009-06-22 16:34 . 2008-03-03 13:04 83432 ----a-w- c:\windows\system32\zlcomm.dll
2009-06-22 16:34 . 2008-03-03 13:05 1086952 ----a-w- c:\windows\system32\zpeng24.dll
2009-06-22 16:34 . 2009-06-22 16:34 -------- d-----w- c:\program files\Zone Labs
2009-06-22 16:34 . 2009-06-22 16:34 -------- d-----w- c:\programdata\CheckPoint
2009-06-22 16:31 . 2009-06-22 16:34 -------- d-----w- c:\windows\system32\ZoneLabs
2009-06-22 16:31 . 2008-03-03 13:06 279440 ------w- c:\windows\system32\drivers\vsdatant.sys
2009-06-22 15:06 . 2009-06-22 15:06 -------- d-----w- c:\users\Fabien&Matou Parfois\AppData\Roaming\Malwarebytes
2009-06-22 15:06 . 2009-06-22 15:06 -------- d-----w- c:\programdata\Malwarebytes
2009-06-18 10:13 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-06-18 10:13 . 2009-03-24 14:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-06-18 10:13 . 2009-06-18 10:13 -------- d-----w- c:\programdata\Avira
2009-06-18 10:13 . 2009-06-18 10:13 -------- d-----w- c:\program files\Avira
2009-06-18 09:24 . 2009-06-18 09:24 -------- d-----w- c:\programdata\InstallShield
2009-06-18 08:40 . 2009-06-18 08:40 -------- d-----w- c:\users\Fabien&Matou Parfois\{dfe4e2c2-4921-4884-9fb8-04c4b276ed72}
2009-06-18 08:40 . 2006-08-16 08:23 21888 ----a-w- c:\windows\system32\drivers\MA_CMIDI.SYS
2009-06-18 08:40 . 2006-08-16 08:23 86016 ----a-w- c:\windows\system32\MA_CMIDN.DLL
2009-06-18 08:40 . 2009-06-18 09:23 -------- d-----w- c:\program files\M-Audio
2009-06-18 08:40 . 2006-08-16 08:24 82944 ----a-w- c:\windows\system32\USBMN1X1.DLL
2009-06-18 08:40 . 2006-08-16 08:24 22208 ----a-w- c:\windows\system32\drivers\USBMN1X1.SYS
2009-06-18 08:40 . 2006-08-16 08:24 13504 ----a-w- c:\windows\system32\drivers\USB11LDR.SYS
2009-06-17 17:18 . 2009-06-17 17:18 -------- d-----w- c:\program files\iPod
2009-06-17 17:18 . 2009-06-17 17:19 -------- d-----w- c:\program files\iTunes
2009-06-16 12:08 . 2009-06-28 11:52 -------- d-----w- c:\program files\Panda Security
2009-06-05 11:57 . 2009-06-05 11:57 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-05 09:42 . 2009-06-05 09:42 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-05 09:42 . 2009-06-05 09:42 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-04 17:01 . 2009-06-04 17:01 -------- d-----w- C:\LogiShrd
2009-06-03 11:43 . 2005-05-09 18:08 33792 ----a-w- c:\windows\system32\drivers\cledx.sys
2009-06-03 11:23 . 2009-06-03 11:23 -------- d-----w- c:\program files\7-Zip
2009-06-02 22:36 . 2009-06-02 22:36 -------- d-----w- c:\program files\Ableton
2009-06-02 15:47 . 2009-06-02 15:47 -------- d-----w- c:\program files\Lame for Audacity
2009-06-02 15:44 . 2009-06-02 15:44 -------- d-----w- c:\program files\Audacity
2009-06-02 14:50 . 2009-06-02 14:50 1025 ----a-w- c:\windows\system32\sysprs7.dll
2009-06-02 14:50 . 2009-06-02 14:50 1025 ----a-w- c:\windows\system32\clauth2.dll
2009-06-02 14:50 . 2009-06-02 14:50 1025 ----a-w- c:\windows\system32\clauth1.dll
2009-06-02 14:47 . 2009-06-02 14:47 -------- d-----w- c:\program files\Common Files\KORG
2009-06-02 14:47 . 2009-06-02 14:47 -------- d-----w- c:\program files\KORG
2009-06-02 14:45 . 2009-06-02 14:45 2892 ----a-w- c:\windows\system32\audcon.sys
2009-06-02 14:45 . 2009-06-02 14:45 -------- d-----w- c:\programdata\Syncrosoft
2009-06-02 14:44 . 2007-10-24 08:47 23288 ----a-w- c:\windows\system32\drivers\synasUSB.sys
2009-06-02 14:44 . 2002-11-25 06:36 45056 ----a-w- c:\windows\system32\Synsopos.exe
2009-06-02 14:43 . 2006-01-29 09:48 147456 ------w- c:\windows\system32\SynsoLChk.dll
2009-06-02 14:43 . 2008-09-26 14:48 765952 ------w- c:\windows\system32\SYNSOACC.dll
2009-06-02 14:43 . 2009-06-03 12:07 -------- d-----w- c:\program files\Syncrosoft
2009-06-02 14:41 . 2006-09-20 13:13 163840 ----a-w- c:\windows\system32\ArtFfct.dll
2009-06-02 14:41 . 2009-06-02 14:41 -------- d-----w- c:\programdata\Arturia
2009-06-02 14:41 . 2009-06-02 14:41 -------- d-----w- c:\program files\Arturia
2009-06-02 11:51 . 2009-06-02 11:51 -------- dc-h--w- c:\programdata\{E0C041D8-7EFB-4E8C-A20F-651F5AD0B7C1}
2009-06-02 11:51 . 2009-02-17 12:10 3017256 -c--a-w- c:\programdata\{E0C041D8-7EFB-4E8C-A20F-651F5AD0B7C1}\Guitar Rig 3 Setup.exe
2009-06-02 11:49 . 2009-06-02 11:49 -------- dc-h--w- c:\programdata\{902029B2-957E-4066-85FA-30DA31731718}
2009-06-02 11:49 . 2009-01-15 11:39 2932576 -c--a-w- c:\programdata\{902029B2-957E-4066-85FA-30DA31731718}\Service Center Setup.exe
2009-06-02 11:49 . 2009-06-02 11:50 -------- d-----w- c:\program files\Common Files\Native Instruments
2009-06-02 11:49 . 2009-06-02 11:50 -------- d-----w- c:\program files\Native Instruments
2009-05-30 07:27 . 2009-05-30 07:27 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-05-30 07:26 . 2009-05-30 07:27 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-05-30 07:26 . 2009-05-30 07:27 -------- d-----w- c:\program files\DAEMON Tools Lite

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-28 20:00 . 2009-06-22 16:31 352615 ---ha-w- c:\windows\system32\drivers\vsconfig.xml
2009-06-28 18:27 . 2009-06-28 18:28 1368064 ----a-w- c:\windows\Internet Logs\xDBB75C.tmp
2009-06-28 12:04 . 2008-09-24 12:46 -------- d-----w- c:\users\Fabien&Matou Parfois\AppData\Roaming\Azureus
2009-06-26 18:09 . 2009-06-26 19:53 1353728 ----a-w- c:\windows\Internet Logs\xDB6DD0.tmp
2009-06-26 18:08 . 2009-06-26 19:53 29696 ----a-w- c:\windows\Internet Logs\xDB6D62.tmp
2009-06-26 16:39 . 2008-09-23 20:48 -------- d-----w- c:\users\Fabien&Matou Parfois\AppData\Roaming\LimeWire
2009-06-26 15:42 . 2009-06-26 16:17 184320 ----a-w- c:\windows\Internet Logs\xDB8229.tmp
2009-06-24 22:17 . 2008-11-26 19:04 1356 ----a-w- c:\users\Fabien&Matou Parfois\AppData\Local\d3d9caps.dat
2009-06-23 10:37 . 2009-06-23 11:18 109056 ----a-w- c:\windows\Internet Logs\xDBE0BD.tmp
2009-06-23 09:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-06-23 09:04 . 2008-12-17 10:52 -------- d-----w- c:\program files\Microsoft Silverlight
2009-06-22 23:32 . 2008-05-26 04:19 -------- d-----w- c:\program files\Microsoft Works
2009-06-22 23:31 . 2008-05-26 04:16 -------- d-----w- c:\programdata\Microsoft Help
2009-06-22 23:20 . 2008-01-21 07:23 679418 ----a-w- c:\windows\system32\perfh00C.dat
2009-06-22 23:20 . 2008-01-21 07:23 128418 ----a-w- c:\windows\system32\perfc00C.dat
2009-06-18 09:23 . 2008-09-15 10:13 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-18 09:23 . 2008-05-26 04:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-18 08:55 . 2009-05-10 19:21 -------- d-----w- c:\program files\MySpace
2009-06-17 17:18 . 2008-11-17 13:38 -------- d-----w- c:\program files\Common Files\Apple
2009-06-17 17:17 . 2008-09-28 13:27 -------- d-----w- c:\program files\QuickTime
2009-06-17 17:14 . 2008-11-17 13:35 -------- d-----w- c:\programdata\Apple
2009-06-03 12:01 . 2009-01-27 20:44 -------- d-----w- c:\program files\VstPlugins
2009-06-03 11:41 . 2009-03-20 12:41 -------- d-----w- c:\users\Fabien&Matou Parfois\AppData\Roaming\Steinberg
2009-06-03 11:37 . 2009-03-20 12:33 -------- d-----w- c:\program files\Steinberg
2009-06-02 22:47 . 2009-03-12 12:00 -------- d-----w- c:\users\Fabien&Matou Parfois\AppData\Roaming\Ableton
2009-05-30 07:35 . 2009-03-13 10:08 -------- d-----w- c:\programdata\Propellerhead Software
2009-05-30 07:35 . 2009-03-13 10:08 -------- d-----w- c:\users\Fabien&Matou Parfois\AppData\Roaming\Propellerhead Software
2009-05-30 07:34 . 2009-03-13 10:05 -------- d-----w- c:\program files\Propellerhead
2009-05-30 07:34 . 2009-05-29 14:11 -------- d-----w- c:\users\Fabien&Matou Parfois\AppData\Roaming\DAEMON Tools Lite
2009-05-29 14:12 . 2009-05-29 14:12 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-05-29 13:53 . 2009-05-29 13:52 -------- d-----w- c:\program files\MagicISO
2009-05-26 08:35 . 2008-09-24 12:44 -------- d-----w- c:\program files\Vuze
2009-05-26 07:45 . 2009-05-26 07:45 -------- d-----w- c:\program files\Common Files\Digidesign
2009-05-26 07:45 . 2009-05-26 07:45 -------- d-----w- c:\program files\Cakewalk
2009-05-24 19:14 . 2009-02-01 13:05 88 --sh--r- c:\windows\system32\5D8BD16552.sys
2009-05-24 19:14 . 2009-02-01 12:45 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-05-24 00:08 . 2009-03-19 10:58 -------- d-----w- c:\users\Fabien&Matou Parfois\AppData\Roaming\dvdcss
2009-05-10 19:22 . 2009-05-10 19:22 -------- d-----w- c:\users\Fabien&Matou Parfois\AppData\Roaming\MySpace
2009-05-10 19:21 . 2009-05-10 19:21 7047792 ----a-w- c:\users\Fabien&Matou Parfois\AppData\Roaming\MySpace\IM\Install\MSIMClientSetup.1.0.789.0-static-fr-A.exe
2009-04-24 16:05 . 2009-06-22 18:58 827904 ----a-w- c:\windows\system32\wininet.dll
2009-04-24 16:02 . 2009-06-22 18:58 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-24 13:44 . 2009-06-22 18:58 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-04-23 13:15 . 2009-04-23 13:15 1134024 ----a-w- c:\users\Fabien&Matou Parfois\AppData\Roaming\Mozilla\Firefox\Profiles\6z3p6utc.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
2009-04-23 12:42 . 2009-06-22 19:01 636928 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 12:03 . 2009-04-21 12:03 233472 ----a-w- c:\windows\system32\REX Shared Library.dll
2009-04-21 11:55 . 2009-06-22 19:01 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-04-14 08:40 . 2009-02-24 17:11 81984 ----a-w- c:\windows\system32\bdod.bin
2009-04-08 08:58 . 2009-04-08 08:58 0 ----a-w- c:\windows\nsreg.dat
2009-04-07 20:44 . 2009-01-15 19:26 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2009-04-07 20:44 . 2009-01-15 19:26 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2009-04-07 20:43 . 2009-01-15 19:24 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2007-07-26 12:56 . 2009-04-28 16:13 192512 ----a-w- c:\program files\HotkeyApp.exe
2007-04-26 11:29 . 2009-04-28 16:13 212992 ----a-w- c:\program files\WisWBSet.exe
2007-03-15 15:30 . 2009-04-28 16:13 32768 ----a-w- c:\program files\KBHook.dll
2007-03-15 12:55 . 2009-04-28 16:13 13866 ----a-w- c:\program files\hotkey.html
2007-02-06 14:50 . 2009-04-28 16:13 385024 ----a-w- c:\program files\Fn.exe
2006-12-26 09:23 . 2009-04-28 16:13 180224 ----a-w- c:\program files\OSD.exe
2006-12-11 14:51 . 2009-04-28 16:13 253952 ----a-w- c:\program files\SWATiDev.exe
2006-11-17 18:45 . 2009-04-28 16:13 118784 ----a-w- c:\program files\WisLMSvc.exe
2006-11-09 12:37 . 2009-04-28 16:13 86016 ----a-w- c:\program files\WButton.exe
2006-10-27 22:09 . 2009-04-28 16:13 94208 ----a-w- c:\program files\WisSvcCtrl.exe
2006-08-29 07:26 . 2009-04-28 16:13 241664 ----a-w- c:\program files\OSDCtrl.exe
2005-07-25 11:36 . 2009-04-28 16:13 32768 ----a-w- c:\program files\LaunchAp.exe
2005-05-03 12:22 . 2009-04-28 16:13 28672 ----a-w- c:\program files\FanSysTray.exe
2004-02-04 12:41 . 2009-04-28 16:13 24576 ----a-w- c:\program files\swreso.exe
2003-01-09 09:38 . 2009-04-28 16:13 1288 ----a-w- c:\program files\str_fr.txt
2002-11-15 09:06 . 2009-04-28 16:13 24576 ----a-w- c:\program files\swtv.exe
2002-01-02 12:34 . 2009-04-28 16:13 2863 ----a-w- c:\program files\langid
2008-09-29 07:07 . 2009-02-18 17:08 22576 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-06-28_19.38.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-02 13:02 . 2009-06-28 19:51 67390 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-09-15 10:47 . 2009-06-28 19:51 15180 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3663855210-1606263794-1537935665-1000_UserData.bin
+ 2008-09-15 09:10 . 2009-06-28 20:00 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-09-15 09:10 . 2009-06-28 19:34 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-09-15 09:10 . 2009-06-28 20:00 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-09-15 09:10 . 2009-06-28 19:34 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-15 09:10 . 2009-06-28 20:00 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-09-15 09:10 . 2009-06-28 19:34 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-06-28 19:34 . 2009-06-28 19:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-06-28 20:00 . 2009-06-28 20:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-06-28 20:00 . 2009-06-28 20:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-06-28 19:34 . 2009-06-28 19:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"recinfo"="c:\recinfo\recinfo.exe" [2008-02-13 52224]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-04-03 3558648]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-21 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-17 102400]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-25 136600]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-13 185872]
"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [BU]
"LaunchAp"="c:\program files\LaunchAp.exe" [2005-07-25 32768]
"Wbutton"="c:\program files\Wbutton.exe" [2006-11-09 86016]
"HotkeyApp"="c:\program files\HotkeyApp.exe" [2007-07-26 192512]
"LMgrVolOSD"="c:\program files\OSD.exe" [2006-12-26 180224]
"LMgrOSD"="c:\program files\OSDCtrl.exe" [2006-08-29 241664]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-12-18 307200]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-03 959976]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-07-06 4669440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [BU]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{223C407C-65CF-4EB4-8A53-8D1109F10D9A}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{50869C8B-BA81-4813-85AA-5DFF0E394013}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{DE201AE5-C1B2-4770-8B9E-1E915458C397}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{FDD1AF8C-ECAE-414C-B7D7-807CCBC8B282}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"TCP Query User{8CC446B9-731A-4315-AC85-CB0F9A97AEFC}c:\\program files\\freemultipostetv\\freemultipostetv.exe"= UDP:c:\program files\freemultipostetv\freemultipostetv.exe:FreeMultiPosteTV
"UDP Query User{9442047F-905F-489A-8923-144C531B0278}c:\\program files\\freemultipostetv\\freemultipostetv.exe"= TCP:c:\program files\freemultipostetv\freemultipostetv.exe:FreeMultiPosteTV
"TCP Query User{B3B06B81-885E-46E3-A201-490A6C6197DC}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{7F95FD56-A976-4B6F-BB7D-01D81D9D59E1}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{29081728-C2CC-4477-A3FA-A0E06559C597}c:\\program files\\steam\\steamapps\\libertinage_and_co\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\libertinage_and_co\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{7A84A991-A6E1-4FF2-A344-4DA644244DA4}c:\\program files\\steam\\steamapps\\libertinage_and_co\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\libertinage_and_co\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{7AFCA132-E434-4E91-BF92-B5837C73FFA4}c:\\users\\fabien&matou parfois\\downloads\\openliero\\openliero_beta\\openlierox.exe"= UDP:c:\users\fabien&matou parfois\downloads\openliero\openliero_beta\openlierox.exe:o penlierox.exe
"UDP Query User{CACCE03D-B03D-4929-BE9B-EEEE416A11B9}c:\\users\\fabien&matou parfois\\downloads\\openliero\\openliero_beta\\openlierox.exe"= TCP:c:\users\fabien&matou parfois\downloads\openliero\openliero_beta\openlierox.exe:o penlierox.exe
"TCP Query User{34EC7FB0-BDC2-419D-9F08-35B86FA09CF2}c:\\users\\fabien&matou parfois\\desktop\\merdasssssssssssses!\\trywow.exe"= UDP:c:\users\fabien&matou parfois\desktop\merdasssssssssssses!\trywow.exe:trywow.exe
"UDP Query User{56F8671F-3A3B-4FA9-A2C3-DF3A83C46599}c:\\users\\fabien&matou parfois\\desktop\\merdasssssssssssses!\\trywow.exe"= TCP:c:\users\fabien&matou parfois\desktop\merdasssssssssssses!\trywow.exe:trywow.exe
"{AAAF8777-6EDC-47D1-81D1-F6DC3A8142CA}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-2.4.3-to-3.0.2-frFR-Win-Final-downloader.exe:Blizzard Downloader
"{48AFB9E8-9C0C-44FC-996F-2E51713D8949}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-2.4.3-to-3.0.2-frFR-Win-Final-downloader.exe:Blizzard Downloader
"{951A6279-782D-4B5F-9C8F-8DA2F3A922C8}"= UDP:3724:Blizzard Downloader: 3724
"TCP Query User{620C9A97-6BE1-4B25-86CC-AF57F8147253}c:\\users\\fabien&matou parfois\\downloads\\openliero\\openliero_beta\\openlierox.exe"= UDP:c:\users\fabien&matou parfois\downloads\openliero\openliero_beta\openlierox.exe:o penlierox.exe
"UDP Query User{2AC7C829-11E2-425D-AB21-FAE306E4810C}c:\\users\\fabien&matou parfois\\downloads\\openliero\\openliero_beta\\openlierox.exe"= TCP:c:\users\fabien&matou parfois\downloads\openliero\openliero_beta\openlierox.exe:o penlierox.exe
"TCP Query User{1C4089C1-7E15-4A67-93BF-DA0102F9328F}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{7BB5F2E6-BDB7-407A-BFB6-A7B349DCD056}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{EB83E792-7C4D-4FC3-97AC-CB8F2240F3AA}c:\\program files\\autodesk\\maya2009\\bin\\maya.exe"= UDP:c:\program files\autodesk\maya2009\bin\maya.exe:Maya
"UDP Query User{1016E65D-A8CD-498B-908A-53FF95F1A5C1}c:\\program files\\autodesk\\maya2009\\bin\\maya.exe"= TCP:c:\program files\autodesk\maya2009\bin\maya.exe:Maya
"TCP Query User{655DA98D-6EFC-4E25-B3BC-A9A9256CCE60}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{DD48930D-6644-48DF-9F1F-DE1015BF65F9}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"TCP Query User{74E78C14-0B03-4E6B-BA38-FA17AAF9FFEC}c:\\users\\fabien&matou parfois\\downloads\\dames.exe"= UDP:c:\users\fabien&matou parfois\downloads\dames.exe:D ames.exe
"UDP Query User{BCE4B1CE-57B3-4798-877A-4A74A4E44AF5}c:\\users\\fabien&matou parfois\\downloads\\dames.exe"= TCP:c:\users\fabien&matou parfois\downloads\dames.exe:D ames.exe
"{E2FC601D-7759-45A7-9C8A-8C319C38E974}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"TCP Query User{AAC296AC-055F-48B0-9136-1FB5B32A7D5F}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{8074FBC4-99F8-4F6F-9D66-5FA0F0C0A38F}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{7B792CBC-442D-490A-84B0-A1B4CE66C448}d:\\program files\\adobe\\adobe after effects cs3\\support files\\afterfx.exe"= UDP:D :\program files\adobe\adobe after effects cs3\support files\afterfx.exe:Adobe After Effects CS3
"UDP Query User{B582BCB3-88C5-4228-A76C-CC455B5DE348}d:\\program files\\adobe\\adobe after effects cs3\\support files\\afterfx.exe"= TCP:D :\program files\adobe\adobe after effects cs3\support files\afterfx.exe:Adobe After Effects CS3
"{3F492429-6E2F-4284-93EE-CAA9A72EE80E}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{03702A8F-4313-48DF-9933-DE8DBC7B9E58}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{A22A7857-02D1-4373-86FC-22E41655483F}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{E0CEC4D2-070D-4BBA-8A3E-FA575EEA4D12}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{D12DAB83-72AA-4C04-B4C0-CF49939379D2}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{0F112630-3586-43A2-A89F-A1ED26DF637B}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{D44A2BEA-2CC0-4C6E-B46D-23351DB7FFC5}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{A15ECA86-BF49-4036-B4AA-1F2662CAD44A}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{4E0E4177-A1F0-4A98-8947-10085721B4EE}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{1F2E67BC-6C5F-426D-9FB1-E9D515007D24}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{E4E728DA-5A55-49E5-A189-392031F7CC09}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe
"{DC71D887-28AB-4A23-A0F2-E15AA7CEA5AA}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe
"{25B9FB65-2AF2-4AC6-8369-671E88BF27AE}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{927D2DFB-3015-4CAE-82FF-4570E909BE25}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"TCP Query User{0AB6E973-2944-4918-A606-514990E43F64}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{496F1A23-15E1-44D1-8695-F62C9855184E}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{AFCB9F8A-1680-421B-8BB8-562CA9CEA96F}c:\\program files\\webtarot\\webtarot.exe"= UDP:c:\program files\webtarot\webtarot.exe:jeu de tarot
"UDP Query User{D36F2BD8-5A55-4E4D-AFE2-E583E80A4F0D}c:\\program files\\webtarot\\webtarot.exe"= TCP:c:\program files\webtarot\webtarot.exe:jeu de tarot
"{297734E4-6822-4749-872B-267096075755}"= UDP:c:\program files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"{81B663A7-C8FC-4B4B-B74A-8451830C3FCC}"= TCP:c:\program files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"TCP Query User{18D50174-E934-41C9-8B5B-90B2B05FAFD7}c:\\program files\\edonkey2000\\edonkey2000.exe"= UDP:c:\program files\edonkey2000\edonkey2000.exe:edonkey2000
"UDP Query User{55E53184-C0BD-421C-BA4B-E8D436F843A9}c:\\program files\\edonkey2000\\edonkey2000.exe"= TCP:c:\program files\edonkey2000\edonkey2000.exe:edonkey2000
"TCP Query User{71281C05-E68F-4820-B343-268F9F0FC8B0}c:\\program files\\veoh networks\\veohwebplayer\\veohwebplayer.exe"= UDP:c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe:Veoh Web Player Beta
"UDP Query User{F9355C34-7A0B-4E7D-8FA6-082F2D8AF16F}c:\\program files\\veoh networks\\veohwebplayer\\veohwebplayer.exe"= TCP:c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe:Veoh Web Player Beta
"{EB90A7FC-5807-4AD8-87D0-0996D5495792}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{FD09659F-69B8-4E8E-91E4-98C23B83E9D9}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{2EED16F4-2C7B-4A06-80F7-DCB7CE8240ED}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{8AC9E23C-4A7E-4BE4-9FC7-8AE70C35C6ED}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{823536CD-1C8C-4A3D-A431-4DADD8A60D82}"= c:\program files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"{13D60AB1-0C0D-439A-8652-D27087679A95}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{D3A1CD94-BB77-44E7-92A0-3FEABDEAC952}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-18 108289]
R3 CLEDX;Team H2O CLEDX service;c:\windows\System32\drivers\cledx.sys [2009-06-03 33792]
R3 WisLMSvc;WisLMSvc;c:\program files\WisLMSvc.exe [2009-04-28 118784]
S3 SynasUSB;SynasUSB;c:\windows\System32\drivers\synasUSB.sys [2009-06-02 23288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://search.orbitdownloader.com
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Fabien&Matou Parfois\AppData\Roaming\Mozilla\Firefox\Profiles\6z3p6utc.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.Fr
FF - component: c:\program files\Mozilla Firefox\components\Scriptff.dll
FF - component: c:\users\Fabien&Matou Parfois\AppData\Roaming\Mozilla\Firefox\Profiles\6z3p6utc.default\extensions\{896b34a4-c83f-4ea7-8ef0-51ed7220ac94}\components\ChickenSleep-FF2-win.dll
FF - component: c:\users\Fabien&Matou Parfois\AppData\Roaming\Mozilla\Firefox\Profiles\6z3p6utc.default\extensions\{896b34a4-c83f-4ea7-8ef0-51ed7220ac94}\components\ChickenSleep.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-28 22:02
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CtrlVol = c:\program files\Launch Manager\CtrlVol.exe?????H?W???????W??6W??X&w?????6W?????0???$???????d???4? w*? ???????&wR?&w??????W???W???????F?4???o??u??W?????x?W?t???+?A???W?????J?A???"?????|?????F?$l@?H???????????? A?9?r?????J?A?[?@???W??v@???W???"???@???W????

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(9936)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\ZoneLabs\vsmon.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\System32\PSIService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\Common Files\logishrd\LQCVFX\COCIManager.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
.
**************************************************************************
.
Heure de fin: 2009-06-28 22:12 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-06-28 20:11

Avant-CF: 4,364,201,984 octets libres
Après-CF: 4,328,132,608 octets libres

387 --- E O F --- 2009-06-28 10:21

29 Juin 2009 13:17:56

Bonjour TrampSound Record,

as-tu une vie privée, familiale et professionnelle?

* Télécharge ToolBar-S&D (merci Team Idn) : http://eric.71.mespages.googlepages.com/ToolBarSD.exe

* Double-clique sur ToolBar-SD afin de lancer l' installation, un raccourci sera ajouté sur le Bureau
* Double-clique dessus pour démarrer l' outil et choisis la langue.
* Tape 1 puis sur la touche [Entrée] afin de lancer la recherche.
* Patiente jusqu' à la fin de celle-ci, le rapport s' ouvrira dans le Bloc-notes
* Poste le rapport (se trouvant également C:\TB.txt).

A+
3 Juillet 2009 18:25:51

Hey frederix.
Désolé mais j'ai été absent quelque jours.
Alors j'ai un probleme, toolbar-sd ne fonctionne pas! quand je veux faire une recherche, je met la langue et tape recherche. sa démarre normalement, mais un message d'erreur apparait a chaque fois : l'utilitaire QGREP a cessé de fonctionner ...
Comment puis-je faire?

Merci ^^
3 Juillet 2009 18:34:53

Ah et j'ai pas précisé, le message d'erreur sa le met toute les deux minutes, dès que le programme change de dossier a analyser, donc il faut rappuyer a chaque fois. Voilou, donc c'est un peu embetant...
3 Juillet 2009 20:17:00

TrampSound Record a dit :
> Ah et j'ai pas précisé, le message d'erreur sa le met toute les deux minutes, dès que le programme change de dossier a analyser, donc il faut rappuyer a chaque fois. Voilou, donc c'est un peu embetant...


> Désactive le Contrôle des comptes utilisateurs (UAC, tu le réactiveras après la désinfection) :

- Va dans démarrer>Panneau de configuration
- Double-clique sur l' icône Comptes d' utilisateurs
- Clique ensuite sur désactiver puis valide


Et fais la manip' de ToolBar S&D...
3 Juillet 2009 21:29:01

Je viens de vérifier, il est deja désactivé ( sous vista je vais dans comptes d'utilisateurs, puis activer ou desactiver le controle des comptes d'utilisateurs, et la la case est décochée. Donc normalement, c'est bon. Mais y'a toujours la même erreur quand je lance toolbar SD.
J'ai essayé en mode sans echec, idem ...
4 Juillet 2009 00:07:26

Bonsoir TrampSound Record,

ton Vista est un 64 bits?

A+

Edit : Télécharge SmitfraudFix (merci S!Ri) : http://siri.urz.free.fr/Fix/SmitfraudFix.exe

* Installe-le à la racine de C
* Double-clique sur l' exe pour le décompresser et le lancer
Utilisation-option1-Recherche :
* Double clique sur smitfraudfix.cmd
* Sélectionne 1 pour créer un rapport des fichiers responsables de l' infection
* Poste celui-ci

process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus...) comme étant un RiskTool. Il ne s' agit pas d' un virus, mais d' un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises il pourrait arrêter des logiciels de sécurité (antivirus, firewall...) d' où l' alerte émise par ces antivirus.
4 Juillet 2009 11:49:16

Salut frederix,

Euh aucune idée pour vista ... c'est vista edition familiale basique Service pack 1. En dessous il y a marqué systeme d'exploitation 32 bits.
Je fais le scan et je te poste sa ;) 
4 Juillet 2009 12:20:10

Voici le rapport ! :

SmitFraudFix v2.423

Scan done at 11:57:26.25, 2009-07-04
Run from C:\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\PSIService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\LaunchAp.exe
C:\Program Files\WButton.exe
C:\Program Files\HotkeyApp.exe
C:\Program Files\OSD.exe
C:\Program Files\OSDCtrl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Syncrosoft\POS\H2O\cledx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\WisLMSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles




»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\FABIEN~1\AppData\Local\Temp




»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\FABIEN~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Google\googletoolbar1.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"

»»»»»»»»»»»»»»»»»»»»»»»» RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""




»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{5EAA5194-FE8D-4B05-A5B6-4849A8756B4B}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5EAA5194-FE8D-4B05-A5B6-4849A8756B4B}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

4 Juillet 2009 19:28:41

Bonjour TrampSound Record,

double-clique sur smitfraudfix.cmd

* Sélectionne 2 pour supprimer les fichiers responsables de l' infection.
A la question Voulez-vous nettoyer le registre? répondre O (Oui) afin de débloquer le fond d' écran et de supprimer les clés de démarrage automatique de l' infection. Le fix déterminera si le fichier wininet.dll est infecté.
A la question Corriger le fichier infecté? répondre O (Oui) pour remplacer le fichier corrompu.
* Redémarre en mode normal et poste le rapport.

NB : Cette étape élimine les fichiers infectieux détectés à l' option 1. Attention elle supprime le fond d' écran!

A+
5 Juillet 2009 13:42:52

Je n'ai pas de smithfraud.cmd, seulement un .exe ..
5 Juillet 2009 13:54:28

SmitFraudFix v2.423

Rapport fait à 13:50:54.42, 2009-07-05
Executé à partir de C:\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Atheros AR5007EG Wireless Network Adapter
DNS Server Search Order: 89.2.0.1
DNS Server Search Order: 89.2.0.2

HKLM\SYSTEM\CCS\Services\Tcpip\..\{5EAA5194-FE8D-4B05-A5B6-4849A8756B4B}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5EAA5194-FE8D-4B05-A5B6-4849A8756B4B}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK.2



»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

6 Juillet 2009 01:40:13

Bonsoir TrampSound Record,

comment va ton Pc?

Poste un nouveau rapport HijackThis...

A+
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS