Votre question

Ordinateur fonctionne que en mode sans echec sinon ecran noir

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
5 Mai 2009 16:04:20

bonjour,

j'ai depuis 3 jours un problème avec mon ordi (portable sony vaio), il ne fonctionne que en mode sans echec (avec connexion réseau).
en mode normal le bureau est noir avec ma souris au milieu et rien ne se passe.
au debut je pouvais aller sur mon bureau mais tout mes programmes bloquaient et ne s'ouvraient pas

j'ai fait plusieurs scan en ligne avec symantec... qui ne me trouve aucun virus.

je ne sais pas si s'en est un ou si c'est autre chose. si quelqu'un avait une idée ...

merci

Autres pages sur : ordinateur fonctionne mode echec sinon ecran noir

a c 295 8 Sécurité
5 Mai 2009 16:29:38

Bonjour,

  • Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
  • Double-clique sur RSIT.exe afin de lancer le programme.
    (Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)
  • Clique sur Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

    Note : les rapports sont sauvegardés dans le dossier C:\rsit.
    5 Mai 2009 19:13:20

    info.txt logfile of random's system information tool 1.06 2009-05-05 19:08:03

    ======Uninstall list======

    -->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    -->MsiExec.exe /I{0394CDC8-FABD-4ED8-B104-03393876DFDF}
    -->MsiExec.exe /I{0D397393-9B50-4C52-84D5-77E344289F87}
    -->MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
    -->MsiExec.exe /I{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}
    -->MsiExec.exe /I{83FFCFC7-88C6-41C6-8752-958A45325C82}
    -->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{363435F2-7426-11D8-9966-00A0C9663221}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x40c
    32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
    Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
    Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000101}
    Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5101}
    Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-119F-4D52-B551-6739B2B22101}
    Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-040C-1E257A25E34D}
    Adobe Reader 8.1.0 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81000000003}
    Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-0C40-4930-9AFE-113BCE553101}
    Alps Pointing-device for VAIO-->C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
    Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
    Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
    Atlantis - Sky Patrol -->C:\Big Fish Games\Atlantis - Sky Patrol\Uninstall.exe
    Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
    avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
    Big Fish Games Sudoku-->C:\Big Fish Games\sudoku\Uninstall.exe
    Browser Address Error Redirector-->regsvr32 /u /s "C:\PROGRA~1\GOOGLE~1\BAE.dll"
    Centre de Big Fish Games-->C:\Big Fish Games\Uninstall.exe
    Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
    Click to Disc Editor-->C:\Program Files\InstallShield Installation Information\{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}\setup.exe -runfromtemp -l0x040c
    Click to Disc-->C:\Program Files\InstallShield Installation Information\{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}\setup.exe -runfromtemp -l0x040c -removeonly
    Creative WebCam Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{363435F2-7426-11D8-9966-00A0C9663221}\setup.exe" -l0x40c /remove
    Creative WebCam Live! Driver (1.01.01.0730)-->C:\Windows\CtDrvIns.exe -uninstall -script Pd0630.uns -unsext NT -plugin P0630Pin.dll -pluginres P0630Pin.crl
    Fichiers de prise en charge de l'installation de Microsoft SQL Server (Français)-->MsiExec.exe /X{3380F354-C5F7-4E71-8F51-EEE6C3F06C62}
    GearDrvs-->MsiExec.exe /I{206FD69B-F9FE-4164-81BD-D52552BC9C23}
    Gestionnaire de contacts professionnels pour Outlook 2007 SP1-->"C:\Program Files\Microsoft Small Business\Business Contact Manager\SetupBootstrap\Setup.exe" /remove {69ca8988-1c6c-4285-b8af-db780a6e42af}
    Gestionnaire de contacts professionnels pour Outlook 2007 SP1-->MsiExec.exe /X{69CA8988-1C6C-4285-B8AF-DB780A6E42AF}
    Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
    Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
    Google Gmail Notifier-->"C:\Program Files\Google\Gmail Notifier\UninstallGmail.exe"
    Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
    Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
    HDAUDIO SoftV92 Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200\UIU32m.exe -U -ISnSZIRXz.inf
    HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
    HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
    Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
    Installation Windows Live-->MsiExec.exe /I{3CCB732A-E472-4CF9-B1EE-F18365341FE0}
    Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
    Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
    Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
    Junk Mail filter update-->MsiExec.exe /I{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}
    Kaspersky Online Scanner-->C:\Windows\system32\KASPER~1\KASPER~1\kavuninstall.exe
    Kaspersky On-line Scanner-->C:\Windows\system32\KASPER~1\KASPER~1\kavuninstall.exe
    Mahjong Towers Eternity -->C:\Big Fish Games\Mahjong Towers Eternity\Uninstall.exe
    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
    Micromega Software System EasyScan-->"C:\Program Files\EasyScan\Uninstall.exe"
    Microsoft Office 2003 Web Components-->MsiExec.exe /I{90A4040C-6000-11D3-8CFE-0150048383C9}
    Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
    Microsoft Office Small Business Connectivity Components-->MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D}
    Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)-->MsiExec.exe /I{480DBB60-F0B6-45F2-B26F-1A2E11197791}
    Microsoft SQL Server 2005-->"c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
    Microsoft SQL Server Native Client-->MsiExec.exe /I{1F24E48F-7692-4E89-8784-68DD4D2712A0}
    Microsoft SQL Server VSS Writer-->MsiExec.exe /I{A30179B7-997A-4D47-AA43-57AE59A9C78B}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
    Microsoft Windows Media Video 9 VCM-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\wmv9vcm.inf, Uninstall
    Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
    MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    Mystery Case Files - Prime Suspects -->C:\Big Fish Games\Mystery Case Files - Prime Suspects\Uninstall.exe
    Norton 360-->MsiExec.exe /I{63A6E9A9-A190-46D4-9430-2DB28654AFD8}
    OpenMG Limited Patch 4.7-07-15-19-01-->c:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.7-07-15-19-01\HotFixSetup\setup.exe /u
    OpenMG Secure Module 4.7.00-->c:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{CCD663AE-610D-4BDF-AAB0-E914B044527D} UNINSTALL
    OpenOffice.org Installer 1.0-->MsiExec.exe /X{3A2AF807-9F9F-43C9-A24A-17B617238B74}
    Outil de restauration de données VAIO-->C:\Program Files\InstallShield Installation Information\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}\setup.exe -runfromtemp -l0x040c -removeonly
    Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
    Outil VAIO Media Registration 6.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}\setup.exe" -l0x40c UNINSTALL -removeonly
    PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
    pdfforge Toolbar v1.0-->MsiExec.exe /X{B8B0FC8B-E69B-4215-AF1A-4BDFF20D794B}
    Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
    RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly
    Roxio Activation Module-->MsiExec.exe /I{07159635-9DFE-4105-BFC0-2817DB540C68}
    Roxio Easy Media Creator Home-->MsiExec.exe /I{B7FB0C86-41A4-4402-9A33-912C462042A0}
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Setting Utility Series-->"C:\Program Files\InstallShield Installation Information\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}\setup.exe" -runfromtemp -l0x040c -removeonly
    Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
    Sony Video Shared Library-->C:\Program Files\InstallShield Installation Information\{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}\setup.exe -runfromtemp -l0x040c -removeonly
    UsbFix-->C:\UsbFix\Uninstal.exe
    VAIO Content Folder Setting-->"C:\Program Files\InstallShield Installation Information\{23825B69-36DF-4DAD-9CFD-118D11D80F16}\setup.exe" -runfromtemp -l0x040c -removeonly
    VAIO Content Metadata Intelligent Analyzing Manager-->C:\Program Files\InstallShield Installation Information\{ABF29EC7-47C1-4C63-8FE7-3824FD66F357}\setup.exe -runfromtemp -l0x040c -removeonly
    VAIO Content Metadata Manager Setting-->C:\Program Files\InstallShield Installation Information\{69351E9E-23ED-41D5-B146-EDBF83C63B66}\setup.exe -runfromtemp -l0x040c -removeonly
    VAIO Content Metadata XML Interface Library-->C:\Program Files\InstallShield Installation Information\{B5E2DF30-1061-4DB4-AF28-08996C8E5680}\setup.exe -runfromtemp -l0x040c -removeonly
    VAIO Control Center-->"C:\Program Files\InstallShield Installation Information\{72042FA6-5609-489F-A8EA-3C2DD650F667}\setup.exe" -runfromtemp -l0x040c -removeonly
    VAIO DVD Menu Data Basic-->C:\Program Files\InstallShield Installation Information\{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}\setup.exe -runfromtemp -l0x040c -removeonly
    VAIO Entertainment Platform-->C:\Program Files\InstallShield Installation Information\{6B1F20F2-6321-4669-A58C-33DF8E7517FF}\setup.exe -runfromtemp -l0x040c -removeonly
    VAIO Event Service-->"C:\Program Files\InstallShield Installation Information\{C7477742-DDB4-43E5-AC8D-0259E1E661B1}\setup.exe" -runfromtemp -l0x040c -removeonly
    VAIO Launcher-->"C:\Program Files\InstallShield Installation Information\{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}\setup.exe" -runfromtemp -l0x040c -removeonly
    Vaio Marketing Tools-->C:\Program Files\Sony\Marketing Tools\Uninstaller.exe /bootstrap
    VAIO Media 6.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{560F6B2E-F0DF-44E5-8190-A4A161F0E205}\setup.exe" -l0x40c UNINSTALL -removeonly
    VAIO Media AC3 Decoder 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2063C2E8-3812-4BBD-9998-6610F80C1DD4}\Setup.exe" -l0x40c UNINSTALL
    VAIO Media Content Collection 6.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{500162A0-4DD5-460A-BAFD-895AAE48C532}\setup.exe" -l0x40c UNINSTALL -removeonly
    VAIO Media Integrated Server 6.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{785EB1D4-ECEC-4195-99B4-73C47E187721}\setup.exe" -l0x40c UNINSTALL -removeonly
    VAIO Media Redistribution 6.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}\setup.exe" -l0x40c UNINSTALL -removeonly
    VAIO Movie Story Template Data-->C:\Program Files\InstallShield Installation Information\{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}\setup.exe -runfromtemp -l0x040c -removeonly
    VAIO Movie Story-->C:\Program Files\InstallShield Installation Information\{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}\setup.exe -runfromtemp -l0x040c -removeonly
    VAIO MusicBox Sample Music-->"C:\Program Files\InstallShield Installation Information\{98FC7A64-774B-49B5-B046-4B4EBC053FA9}\setup.exe" -runfromtemp -l0x040c -removeonly
    VAIO MusicBox-->"C:\Program Files\InstallShield Installation Information\{4EA55D20-27FB-45D7-8726-147E8A5F6C62}\setup.exe" -runfromtemp -l0x040c -removeonly
    VAIO Original Function Setting-->"C:\Program Files\InstallShield Installation Information\{A63E7492-A0BC-4BB9-89A7-352965222380}\setup.exe" -runfromtemp -l0x040c -removeonly
    VAIO Power Management-->"C:\Program Files\InstallShield Installation Information\{802889F8-6AF5-45A5-9764-CA5B999E50FC}\setup.exe" -runfromtemp -l0x040c -removeonly
    VAIO Smart Network-->"C:\Program Files\InstallShield Installation Information\{3B659FAD-E772-44A3-B7E7-560FF084669F}\setup.exe" -runfromtemp -l0x040c -removeonly
    VAIO Update 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48820099-ED7D-424B-890C-9A82EF00656D}\setup.exe" -l0x40c -removeonly
    VAIO Wallpaper Contents-->"C:\Program Files\InstallShield Installation Information\{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}\setup.exe" -runfromtemp -l0x040c -removeonly
    VideoLAN VLC media player 0.8.6h-->C:\Program Files\VideoLAN\VLC\uninstall.exe
    Virtual Villagers -->C:\Big Fish Games\Virtual Villagers\Uninstall.exe
    Vuze Toolbar-->"C:\Program Files\AskBarDis\unins000.exe"
    Vuze-->C:\Program Files\Vuze\uninstall.exe
    Windows Live Call-->MsiExec.exe /I{01523985-2098-43AF-9C97-12B07BE02A9B}
    Windows Live Communications Platform-->MsiExec.exe /I{F69E83CF-B440-43F8-89E6-6EA80712109B}
    Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}
    Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
    Windows Live OneCare safety scanner-->"C:\Program Files\Windows Live Safety Center\UnInstall.exe"
    Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
    Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
    WinDVD for VAIO-->C:\Program Files\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp -l0x040c

    ======Security center information======

    AS: Windows Defender (disabled)

    ======System event log======

    Computer Name: matth
    Event Code: 10005
    Message: DCOM a reçu l'erreur "1068" lors de la mise en route du service fdPHost avec les arguments "" pour démarrer le serveur :
    {145B4335-FE2A-4927-A040-7C35AD3180EF}
    Record Number: 119698
    Source Name: Microsoft-Windows-DistributedCOM
    Time Written: 20090505133535.000000-000
    Event Type: Erreur
    User:

    Computer Name: matth
    Event Code: 10005
    Message: DCOM a reçu l'erreur "1084" lors de la mise en route du service WSearch avec les arguments "" pour démarrer le serveur :
    {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    Record Number: 119700
    Source Name: Microsoft-Windows-DistributedCOM
    Time Written: 20090505133537.000000-000
    Event Type: Erreur
    User:

    Computer Name: matth
    Event Code: 10005
    Message: DCOM a reçu l'erreur "1084" lors de la mise en route du service WSearch avec les arguments "" pour démarrer le serveur :
    {9E175B6D-F52A-11D8-B9A5-505054503030}
    Record Number: 119701
    Source Name: Microsoft-Windows-DistributedCOM
    Time Written: 20090505133540.000000-000
    Event Type: Erreur
    User:

    Computer Name: matth
    Event Code: 10005
    Message: DCOM a reçu l'erreur "1068" lors de la mise en route du service BITS avec les arguments "" pour démarrer le serveur :
    {4991D34B-80A1-4291-83B6-3328366B9097}
    Record Number: 119702
    Source Name: Microso
    Contenus similaires
    5 Mai 2009 19:13:48

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Matthieu at 2009-05-05 19:12:15
    Microsoft® Windows Vista™ Édition Familiale Premium
    System drive C: has 11 GB (11%) free of 98 GB
    Total RAM: 2038 MB (59% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:12:16, on 5/05/2009
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16830)
    Boot mode: Safe mode with network support

    Running processes:
    C:\Windows\Explorer.EXE
    C:\Windows\helppane.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Users\Matthieu\Downloads\RSIT.exe
    C:\Program Files\trend micro\Matthieu.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-vaio.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll (file missing)
    O1 - Hosts: ::1 localhost
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
    O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
    O13 - Gopher Prefix:
    O15 - Trusted Zone: http://*.mappy.com
    O15 - Trusted Zone: http://*.orange.fr
    O15 - Trusted Zone: http://rw.search.ke.voila.fr
    O15 - Trusted Zone: http://orange.weborama.fr
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin...
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
    O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
    O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
    O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
    O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
    O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
    O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 10391 bytes

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-11-07 2436160]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
    pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll [2009-01-30 650752]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {B922D405-6D13-4A2B-AE89-08A030DA4402} - pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll [2009-01-30 650752]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2007-11-07 1006264]
    "IgfxTray"=C:\Windows\system32\igfxtray.exe [2007-09-20 141848]
    "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2007-09-20 154136]
    "Persistence"=C:\Windows\system32\igfxpers.exe [2007-09-20 137752]
    "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-08-25 4669440]
    "Apoint"=C:\Program Files\Apoint\Apoint.exe [2007-06-10 118784]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]
    "ISBMgr.exe"=C:\Program Files\Sony\ISB Utility\ISBMgr.exe [2007-09-19 311296]
    "Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-12-12 29744]
    "MarketingTools"=C:\Program Files\Sony\Marketing Tools\MarketingTools.exe [2007-11-07 36864]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
    "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
    "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=C:\Program Files\Google\Gmail Notifier\gnotify.exe [2005-07-15 479232]
    "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]
    "TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-03-06 198160]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-04-06 401040]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe [2008-02-26 443968]
    "NSUFloatingUI"=C:\Program Files\Sony\Network Utility\LANUtil.exe [2007-09-20 253952]
    "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728]

    C:\Users\Matthieu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    C:\Windows\system32\igfxdev.dll [2007-09-20 200704]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\VESWinlogon]
    C:\Windows\system32\VESWinlogon.dll [2007-08-14 98304]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\Program Files\River Past\Cam Do\CamDo.exe"="C:\Program Files\River Past\Cam Do\CamDo.exe:*:Enabled:River Past Cam Do"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f5cadef9-7f75-11dd-8d02-001a80b88cdf}]
    shell\Auto\command - wscript "esta ig.vbs"
    shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript "esta ig.vbs"


    ======List of files/folders created in the last 1 months======

    2009-05-05 19:07:37 ----D---- C:\Program Files\trend micro
    2009-05-05 19:07:36 ----D---- C:\rsit
    2009-05-05 10:53:43 ----D---- C:\UsbFix
    2009-05-05 10:47:13 ----A---- C:\TB.txt
    2009-05-05 10:46:33 ----D---- C:\ToolBar SD
    2009-05-05 10:43:17 ----SHD---- C:\$RECYCLE.BIN
    2009-05-04 12:47:49 ----D---- C:\Users\Matthieu\AppData\Roaming\Malwarebytes
    2009-05-04 12:47:44 ----D---- C:\ProgramData\Malwarebytes
    2009-05-04 12:47:44 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-05-03 20:07:33 ----D---- C:\Windows\system32\Kaspersky Lab
    2009-05-03 18:08:16 ----D---- C:\Windows\Registration
    2009-05-03 18:08:01 ----A---- C:\Windows\ntbtlog.txt
    2009-04-17 00:25:37 ----A---- C:\Windows\system32\winhttp.dll
    2009-04-17 00:25:34 ----A---- C:\Windows\system32\xolehlp.dll
    2009-04-17 00:25:34 ----A---- C:\Windows\system32\msdtcprx.dll
    2009-04-17 00:25:23 ----A---- C:\Windows\system32\rpcss.dll
    2009-04-17 00:25:20 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
    2009-04-17 00:25:20 ----A---- C:\Windows\system32\ntoskrnl.exe
    2009-04-17 00:25:20 ----A---- C:\Windows\system32\ntkrnlpa.exe
    2009-04-17 00:25:19 ----A---- C:\Windows\system32\sdohlp.dll
    2009-04-17 00:25:19 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
    2009-04-17 00:25:19 ----A---- C:\Windows\system32\iasrecst.dll
    2009-04-17 00:25:19 ----A---- C:\Windows\system32\iasdatastore.dll
    2009-04-17 00:25:19 ----A---- C:\Windows\system32\iasads.dll
    2009-04-17 00:25:12 ----A---- C:\Windows\system32\lsasrv.dll
    2009-04-17 00:25:12 ----A---- C:\Windows\system32\kernel32.dll
    2009-04-17 00:25:11 ----A---- C:\Windows\system32\secur32.dll
    2009-04-17 00:25:11 ----A---- C:\Windows\system32\lsass.exe
    2009-04-17 00:25:11 ----A---- C:\Windows\system32\apilogen.dll
    2009-04-17 00:25:11 ----A---- C:\Windows\system32\amxread.dll
    2009-04-17 00:25:02 ----A---- C:\Windows\system32\mshtml.dll
    2009-04-17 00:24:59 ----A---- C:\Windows\system32\ieframe.dll
    2009-04-17 00:24:58 ----A---- C:\Windows\system32\urlmon.dll
    2009-04-17 00:24:58 ----A---- C:\Windows\system32\iertutil.dll
    2009-04-17 00:24:58 ----A---- C:\Windows\system32\iedkcs32.dll
    2009-04-17 00:24:58 ----A---- C:\Windows\system32\dxtmsft.dll
    2009-04-17 00:24:57 ----A---- C:\Windows\system32\wininet.dll
    2009-04-17 00:24:57 ----A---- C:\Windows\system32\occache.dll
    2009-04-17 00:24:57 ----A---- C:\Windows\system32\msfeeds.dll
    2009-04-17 00:24:57 ----A---- C:\Windows\system32\ieaksie.dll
    2009-04-17 00:24:57 ----A---- C:\Windows\system32\dxtrans.dll
    2009-04-17 00:24:56 ----A---- C:\Windows\system32\mshtmled.dll
    2009-04-17 00:24:56 ----A---- C:\Windows\system32\jsproxy.dll
    2009-04-17 00:24:56 ----A---- C:\Windows\system32\ieencode.dll
    2009-04-17 00:24:56 ----A---- C:\Windows\system32\admparse.dll
    2009-04-17 00:24:55 ----A---- C:\Windows\system32\mstime.dll
    2009-04-17 00:24:55 ----A---- C:\Windows\system32\ieui.dll
    2009-04-17 00:24:55 ----A---- C:\Windows\system32\iesetup.dll
    2009-04-17 00:24:55 ----A---- C:\Windows\system32\iernonce.dll
    2009-04-17 00:24:55 ----A---- C:\Windows\system32\ie4uinit.exe
    2009-04-17 00:24:55 ----A---- C:\Windows\system32\icardie.dll
    2009-04-17 00:24:55 ----A---- C:\Windows\system32\advpack.dll
    2009-04-17 00:24:54 ----A---- C:\Windows\system32\pngfilt.dll
    2009-04-17 00:24:54 ----A---- C:\Windows\system32\ieUnatt.exe
    2009-04-17 00:24:54 ----A---- C:\Windows\system32\ieakui.dll
    2009-04-17 00:24:53 ----A---- C:\Windows\system32\mshtmler.dll
    2009-04-17 00:24:52 ----A---- C:\Windows\system32\ieapfltr.dll
    2009-04-10 12:31:58 ----D---- C:\Program Files\Securitoo
    2009-04-10 12:29:04 ----D---- C:\Program Files\Common Files\France Telecom

    ======List of files/folders modified in the last 1 months======

    2009-05-05 19:07:37 ----RD---- C:\Program Files
    2009-05-05 19:06:57 ----D---- C:\Program Files\Mozilla Firefox
    2009-05-05 16:00:17 ----D---- C:\Windows\Temp
    2009-05-05 13:42:43 ----D---- C:\Windows\System32
    2009-05-05 13:42:42 ----D---- C:\Windows\inf
    2009-05-05 13:42:42 ----A---- C:\Windows\system32\PerfStringBackup.INI
    2009-05-04 12:47:47 ----D---- C:\Windows\system32\drivers
    2009-05-04 12:47:44 ----HD---- C:\ProgramData
    2009-05-04 12:03:31 ----D---- C:\Windows\Prefetch
    2009-05-04 12:02:42 ----D---- C:\Windows\system32\LogFiles
    2009-05-03 20:07:34 ----SD---- C:\Windows\Downloaded Program Files
    2009-05-03 18:08:42 ----D---- C:\Windows\system32\wbem
    2009-05-03 18:08:16 ----D---- C:\Windows
    2009-05-03 18:04:48 ----D---- C:\Windows\system32\config
    2009-05-03 18:04:38 ----D---- C:\Windows\Tasks
    2009-05-03 18:04:38 ----D---- C:\Windows\system32\spool
    2009-05-03 18:04:38 ----D---- C:\Windows\system32\catroot2
    2009-05-03 18:02:25 ----SHD---- C:\System Volume Information
    2009-04-30 09:53:26 ----SHD---- C:\Windows\Installer
    2009-04-27 14:46:33 ----D---- C:\Users\Matthieu\AppData\Roaming\Skype
    2009-04-27 12:26:43 ----D---- C:\Users\Matthieu\AppData\Roaming\skypePM
    2009-04-23 12:35:40 ----D---- C:\Users\Matthieu\AppData\Roaming\Sony Corporation
    2009-04-17 19:07:37 ----D---- C:\Windows\winsxs
    2009-04-17 19:07:27 ----D---- C:\Windows\system32\catroot
    2009-04-17 19:04:26 ----D---- C:\Program Files\Windows Mail
    2009-04-17 19:04:25 ----D---- C:\Windows\system32\manifeststore
    2009-04-17 19:04:25 ----D---- C:\Windows\AppPatch
    2009-04-17 19:04:24 ----D---- C:\Windows\system32\migration
    2009-04-17 19:04:24 ----D---- C:\Program Files\Internet Explorer
    2009-04-10 12:34:44 ----SD---- C:\Users\Matthieu\AppData\Roaming\Microsoft
    2009-04-10 12:29:04 ----D---- C:\Program Files\Common Files
    2009-04-08 22:08:56 ----D---- C:\Users\Matthieu\AppData\Roaming\dvdcss

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2008-11-26 23152]
    R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2008-11-26 50864]
    R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-06-10 140800]
    R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-10-25 776704]
    R3 SFEP;Sony Firmware Extension Parser; C:\Windows\system32\DRIVERS\SFEP.sys [2007-08-29 9344]
    R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-09-20 246784]
    S1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2008-11-26 111184]
    S1 DMICall;Sony DMI Call service; C:\Windows\system32\DRIVERS\DMICall.sys [2007-09-19 10216]
    S2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
    S2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-11-26 51792]
    S2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2007-09-20 12672]
    S2 regi;regi; C:\Windows\system32\drivers\regi.sys [2007-04-17 11032]
    S2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-09-20 8192]
    S3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-05-29 14208]
    S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
    S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
    S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-09-20 985600]
    S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
    S3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-09-20 207360]
    S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-09-20 1776128]
    S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-08-25 1841312]
    S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
    S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
    S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
    S3 P0630VID;Creative WebCam Live!; C:\Windows\system32\DRIVERS\P0630Vid.sys [2004-07-30 91830]
    S3 PCAMp50;PCAMp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCAMp50.sys [2006-11-28 28224]
    S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCASp50.sys [2006-11-28 27072]
    S3 StillCam;Pilote d'appareil photo numérique série; C:\Windows\system32\DRIVERS\serscan.sys [2006-11-02 9216]
    S3 ti21sony;ti21sony; C:\Windows\system32\drivers\ti21sony.sys [2007-06-06 812544]
    S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328]
    S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2007-02-13 128104]
    S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-09-20 659968]
    S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
    S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
    S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    S2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
    S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
    S2 BcmSqlStartupSvc;Service de démarrage SQL Server pour le Gestionnaire de contacts professionnels; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312]
    S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
    S2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
    S2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2006-11-02 22016]
    S2 NSUService;NSUService; C:\Program Files\Sony\Network Utility\NSUService.exe [2007-09-20 204800]
    S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2006-11-02 22016]
    S2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
    S2 SQLWriter;Enregistreur VSS SQL Server; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
    S2 VAIO Event Service;VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [2007-08-14 182392]
    S2 VAIOMediaPlatform-IntegratedServer-AppServer;VAIO Media Integrated Server; C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe [2007-06-20 2523136]
    S2 VAIOMediaPlatform-IntegratedServer-HTTP;VAIO Media Integrated Server (HTTP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 397312]
    S2 VAIOMediaPlatform-IntegratedServer-UPnP;VAIO Media Integrated Server (UPnP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 1089536]
    S2 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection; C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 745472]
    S2 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 397312]
    S2 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 1089536]
    S2 VzCdbSvc;VAIO Entertainment Database Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [2007-08-28 192512]
    S2 VzFw;VAIO Entertainment File Import Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [2007-08-28 131072]
    S2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-09-20 386560]
    S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-12-15 72704]
    S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
    S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
    S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-12-12 29744]
    S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-07 138168]
    S3 IDriverT;InstallDriver Table Manager; c:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
    S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2006-12-14 45056]
    S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
    S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2006-12-14 57344]
    S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2006-12-14 69632]
    S3 VAIO Entertainment TV Device Arbitration Service;VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [2007-06-28 73728]
    S3 VAIOMediaPlatform-Mobile-Gateway;VAIO Media Gateway Server; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe [2007-06-20 499712]
    S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-09-28 292128]
    S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface; C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-09-20 79136]
    S3 Vcsw;VAIO Entertainment UPnP Client Adapter; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [2007-06-28 274432]
    S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]

    -----------------EOF-----------------

    a c 295 8 Sécurité
    5 Mai 2009 19:36:12

  • Désactive l'UAC le temps de la désinfection.

  • Télécharge UsbFix (de C_XX & Chiquitine29) sur ton Bureau.
  • Lance l'installation avec les paramètres par défaut.
  • Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.
  • Clique droit sur le raccourci UsbFix sur ton Bureau et choisis Exécuter en tant qu'administrateur.
  • Choisis l'option 1 (Recherche).
  • Laisse travailler l'outil.
  • Poste le rapport UsbFix.txt.

    Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).

    "Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    5 Mai 2009 20:23:38

    bon alors je ne sais pas si ca peut servir apres avoir desactivé l'UAC l'ordinateur à redémarrer en mode normal et j'ai pu lancer usb fix en mode normal, mais la connexion à internet etait impossible.

    voici le rapport:


    ############################## [ UsbFix V3.016 # Scan ]

    # User : Matthieu (Administrateurs) # MATTH
    # Update on 02/05/09 by Chiquitine29, C_XX & Chimay8
    # WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
    # Start at: 20:15:58 | 5/05/2009

    # Intel(R) Pentium(R) Dual CPU T2330 @ 1.60GHz
    # Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6000 32-bit) #
    # Internet Explorer 7.0.6000.16830
    # Windows Firewall Status : Disabled

    # C:\ # Disque fixe local # 95,28 Go (8,58 Go free) # NTFS
    # D:\ # Disque amovible
    # E:\ # Disque amovible
    # F:\ # Disque CD-ROM
    # G:\ # Disque fixe local # 46,33 Go (15,36 Go free) [DONNEES] # NTFS
    # H:\ # Disque amovible # 1,91 Go (570,89 Mo free) [CLÉ MATTH] # FAT32

    ############################## [ Processus actifs ]

    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Windows\System32\svchost.exe
    C:\Program Files\Sony\Network Utility\NSUService.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\system32\igfxext.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Sony\ISB Utility\ISBMgr.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\Sony\Network Utility\LANUtil.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Apoint\ApMsgFwd.exe
    C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Alwil Software\Avast4\setup\avast.setup
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe

    ################## [ Registre # Startup ]

    HKCU_Main: "Local Page"="C:\\Windows\\system32\\blank.htm"
    HKCU_Main: "Search Page"="http://www.google.com"
    HKCU_Main: "Start Page"="http://www.club-vaio.com"
    HKCU_Main: "Secondary Start Pages"=hex(7):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,70,00,\
    HKLM_logon: "Userinit"="C:\\Windows\\system32\\userinit.exe,"
    HKLM_logon: "LegalNoticeCaption"=""
    HKLM_logon: "LegalNoticeText"=""
    HKLM_Run: Windows Defender=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
    HKLM_Run: IgfxTray=C:\Windows\system32\igfxtray.exe
    HKLM_Run: HotKeysCmds=C:\Windows\system32\hkcmd.exe
    HKLM_Run: Persistence=C:\Windows\system32\igfxpers.exe
    HKLM_Run: RtHDVCpl=RtHDVCpl.exe
    HKLM_Run: Apoint=C:\Program Files\Apoint\Apoint.exe
    HKLM_Run: Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    HKLM_Run: ISBMgr.exe="C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
    HKLM_Run: Google Desktop Search="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    HKLM_Run: MarketingTools=C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
    HKLM_Run: SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    HKLM_Run: avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    HKLM_Run: {0228e555-4f9c-4e35-a3ec-b109a192b4c2}=C:\Program Files\Google\Gmail Notifier\gnotify.exe
    HKLM_Run: HP Software Update=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    HKLM_Run: TkBellExe="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
    HKCU_Run: Picasa Media Detector=C:\Program Files\Picasa2\PicasaMediaDetector.exe
    HKCU_Run: NSUFloatingUI="C:\Program Files\Sony\Network Utility\LANUtil.exe"
    HKCU_Run: WMPNSCFG=C:\Program Files\Windows Media Player\WMPNSCFG.exe

    ################## [ Informations ]


    ################## [ Fichiers # Dossiers infectieux ]

    Found ! H:\ravmone.exe
    Found ! H:\msvcr71.dll

    ################## [ Registre # Clés Run infectieuses ]

    Found ! HKLM\software\microsoft\security center\Svc\\ "AntiVirusOverride"
    # -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )

    ################## [ Registre # Mountpoints2 ]

    HKCU\Software\Microsoft\....\MountPoints2\{f5cadef9-7f75-11dd-8d02-001a80b88cdf}\Shell\Auto\command
    HKCU\Software\Microsoft\....\MountPoints2\{f5cadef9-7f75-11dd-8d02-001a80b88cdf}\Shell\AutoRun\command

    ################## [ ! Fin du rapport # UsbFix V3.016 ! ]

    a c 295 8 Sécurité
    5 Mai 2009 20:33:14

    Le disque amovible CLÉ MATTH est infecté.

  • Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.
  • Clique droit sur le raccourci UsbFix présent sur ton Bureau et choisis Exécuter en tant qu'administrateur.
  • Choisis l'option 2 (Suppression).
  • Ton Bureau disparaîtra et le PC redémarrera.
  • Au redémarrage, UsbFix scannera ton PC, laisse travailler l'outil.
  • Ensuite, poste le rapport UsbFix.txt qui apparaîtra avec le Bureau .

    Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).
    5 Mai 2009 21:10:49

    bon ca ne marche pas.

    en effet en mode normal je lance usb fix normalement sans probleme il redemarre, mais lorsqu'il se relance il se bloque sur un ecran noir avec la fenetre usb fix qui s'affiche et qui dit qu'il va se lancer mais meme au bout de 15 min, rien ...
    lorsque je le ferme le bureau s'affiche a nouveau, en cherchant le rapport usb fix il y en a un sur le disque dur mais il n'y a rien dessus ...
    a c 295 8 Sécurité
    5 Mai 2009 21:20:41

    On va faire sans UsbFix.

  • Télécharge OTMoveIt3 (OldTimer) sur ton Bureau.
  • Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.
  • Clique droit sur OTMoveIt3.exe et choisis Exécuter en tant qu'administrateur.
  • Copie (Ctrl+C) le texte suivant ci-dessous :

    :processes
    explorer.exe

    :files
    H:\ravmone.exe
    H:\msvcr71.dll

    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f5cadef9-7f75-11dd-8d02-001a80b88cdf}]

    :commands
    [purity]
    [emptytemp]
    [reboot]


  • Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
  • Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

    ---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.

  • Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    ---> Le nom du rapport correspond au moment de sa création : date_heure.log
    5 Mai 2009 21:40:06

    ========== PROCESSES ==========
    Process explorer.exe killed successfully.
    ========== FILES ==========
    File/Folder H:\ravmone.exe not found.
    File/Folder H:\msvcr71.dll not found.
    ========== REGISTRY ==========
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\\ not found.
    Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f5cadef9-7f75-11dd-8d02-001a80b88cdf}\\ not found.
    ========== COMMANDS ==========
    File delete failed. C:\Users\Matthieu\AppData\Local\Temp\etilqs_MpMyqWeUkXOzyz3KcDxT scheduled to be deleted on reboot.
    User's Temp folder emptied.
    User's Internet Explorer cache folder emptied.
    Windows Temp folder emptied.
    File delete failed. C:\Users\Matthieu\AppData\Local\Mozilla\Firefox\Profiles\3jp21u1r.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
    File delete failed. C:\Users\Matthieu\AppData\Local\Mozilla\Firefox\Profiles\3jp21u1r.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
    File delete failed. C:\Users\Matthieu\AppData\Local\Mozilla\Firefox\Profiles\3jp21u1r.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
    File delete failed. C:\Users\Matthieu\AppData\Local\Mozilla\Firefox\Profiles\3jp21u1r.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
    File delete failed. C:\Users\Matthieu\AppData\Local\Mozilla\Firefox\Profiles\3jp21u1r.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
    File delete failed. C:\Users\Matthieu\AppData\Local\Mozilla\Firefox\Profiles\3jp21u1r.default\XUL.mfl scheduled to be deleted on reboot.
    FireFox cache emptied.
    Temp folders emptied.

    OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05052009_213014

    Files moved on Reboot...
    File C:\Users\Matthieu\AppData\Local\Temp\etilqs_MpMyqWeUkXOzyz3KcDxT not found!
    C:\Users\Matthieu\AppData\Local\Mozilla\Firefox\Profiles\3jp21u1r.default\Cache\_CACHE_001_ moved successfully.
    C:\Users\Matthieu\AppData\Local\Mozilla\Firefox\Profiles\3jp21u1r.default\Cache\_CACHE_002_ moved successfully.
    C:\Users\Matthieu\AppData\Local\Mozilla\Firefox\Profiles\3jp21u1r.default\Cache\_CACHE_003_ moved successfully.
    C:\Users\Matthieu\AppData\Local\Mozilla\Firefox\Profiles\3jp21u1r.default\Cache\_CACHE_MAP_ moved successfully.
    C:\Users\Matthieu\AppData\Local\Mozilla\Firefox\Profiles\3jp21u1r.default\urlclassifier3.sqlite moved successfully.
    C:\Users\Matthieu\AppData\Local\Mozilla\Firefox\Profiles\3jp21u1r.default\XUL.mfl moved successfully.
    a c 295 8 Sécurité
    5 Mai 2009 21:44:43

    Refais l'option 1 d'UsbFix.
    5 Mai 2009 21:46:35


    ############################## [ UsbFix V3.016 # Scan ]

    # User : Matthieu (Administrateurs) # MATTH
    # Update on 02/05/09 by Chiquitine29, C_XX & Chimay8
    # WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
    # Start at: 21:45:45 | 5/05/2009

    # Intel(R) Pentium(R) Dual CPU T2330 @ 1.60GHz
    # Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6000 32-bit) #
    # Internet Explorer 7.0.6000.16830
    # Windows Firewall Status : Disabled

    # C:\ # Disque fixe local # 95,28 Go (11,61 Go free) # NTFS
    # F:\ # Disque CD-ROM
    # G:\ # Disque fixe local # 46,33 Go (16,04 Go free) [DONNEES] # NTFS
    # H:\ # Disque amovible # 1,91 Go (574,57 Mo free) [CLÉ MATTH] # FAT32

    ############################## [ Processus actifs ]

    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\Explorer.EXE
    C:\Windows\helppane.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\wbem\wmiprvse.exe

    ################## [ Registre # Startup ]

    HKCU_Main: "Local Page"="C:\\Windows\\system32\\blank.htm"
    HKCU_Main: "Search Page"="http://www.google.com"
    HKCU_Main: "Start Page"="http://www.club-vaio.com"
    HKCU_Main: "Secondary Start Pages"=hex(7):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,70,00,\
    HKLM_logon: "Userinit"="C:\\Windows\\system32\\userinit.exe,"
    HKLM_logon: "LegalNoticeCaption"=""
    HKLM_logon: "LegalNoticeText"=""
    HKLM_Run: Windows Defender=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
    HKLM_Run: IgfxTray=C:\Windows\system32\igfxtray.exe
    HKLM_Run: HotKeysCmds=C:\Windows\system32\hkcmd.exe
    HKLM_Run: Persistence=C:\Windows\system32\igfxpers.exe
    HKLM_Run: RtHDVCpl=RtHDVCpl.exe
    HKLM_Run: Apoint=C:\Program Files\Apoint\Apoint.exe
    HKLM_Run: Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    HKLM_Run: ISBMgr.exe="C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
    HKLM_Run: Google Desktop Search="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    HKLM_Run: MarketingTools=C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
    HKLM_Run: SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    HKLM_Run: avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    HKLM_Run: {0228e555-4f9c-4e35-a3ec-b109a192b4c2}=C:\Program Files\Google\Gmail Notifier\gnotify.exe
    HKLM_Run: HP Software Update=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    HKLM_Run: TkBellExe="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
    HKCU_Run: Picasa Media Detector=C:\Program Files\Picasa2\PicasaMediaDetector.exe
    HKCU_Run: NSUFloatingUI="C:\Program Files\Sony\Network Utility\LANUtil.exe"
    HKCU_Run: WMPNSCFG=C:\Program Files\Windows Media Player\WMPNSCFG.exe

    ################## [ Informations ]


    ################## [ Fichiers # Dossiers infectieux ]


    ################## [ Registre # Clés Run infectieuses ]

    Found ! HKLM\software\microsoft\security center\Svc\\ "AntiVirusOverride"
    # -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )

    ################## [ Registre # Mountpoints2 ]

    # -> Not Found !

    ################## [ ! Fin du rapport # UsbFix V3.016 ! ]

    a c 295 8 Sécurité
    5 Mai 2009 22:00:13

    Il faut que tu installes le SP1 de Vista.
    5 Mai 2009 22:02:22

    c'est à dire?

    peux tu préciser ...
    merci
    5 Mai 2009 22:21:22

    mais il dise qu'il faut au moins 12Go de libre sur certains site alors que je n'ai pas ca de disponible...
    y'a pas moyen de faire autrement ???
    a c 295 8 Sécurité
    5 Mai 2009 22:28:13

    Il est impératif d'avoir le SP1.

    Le SP1 ne prend pas 12Go.
    5 Mai 2009 22:31:39

    sur le site il parle de faire la mise à jour avec windows update si l'on a qu'un seul ordinateur.
    est ce possible en mode sans echec ???
    a c 295 8 Sécurité
    5 Mai 2009 22:34:14

    Citation :
    sur le site il parle de faire la mise à jour avec windows update si l'on a qu'un seul ordinateur.

    ---> Oui mais ça fonctionne aussi avec le lien que je t'ai donné (testé par moi-même).

    Citation :
    est ce possible en mode sans echec ???

    ---> Aucune idée.
    6 Mai 2009 12:10:20

    bon alors j'ai fait l'installation, je crois que ca a marché.
    mais lorsque j'ouvre mon bureau normalement, aucun connexion à internet n'est possible, je peux ouvrir des programmes mais ca bug au bout de 30s et je suis obligé de redémarrer.
    et ca ne marche toujours qu'en mode sans echec
    a c 295 8 Sécurité
    6 Mai 2009 17:09:37

    Ton problème est apparu comment ?
    6 Mai 2009 19:56:21

    mon probleme du debut est apparu quand j'ai voulu le redemarrer un matin apres l'avoir utilisé le soir sans aucun souci et sans rien telechargé...
    a c 295 8 Sécurité
    6 Mai 2009 20:13:02

    Essaie une restauration système avant ce problème.
    6 Mai 2009 20:16:17

    deja fait mais ca n'a rien donné
    a c 295 8 Sécurité
    6 Mai 2009 20:34:00

  • Télécharge Dr.Web CureIt! sur ton Bureau.
  • Double-clique sur drweb-cureit.exe et clique sur Commencer le scan.
  • Ce scan rapide permet l'analyse des processus chargés en mémoire; s'il trouve des processus infectés, clique sur le bouton Oui pour Tout à l'invite.
  • Lorsque le scan rapide est terminé, clique sur Options > Changer la configuration.
  • Choisis l'onglet Scanner, et décoche Analyse heuristique.
  • De retour à la fenêtre principale : choisis Analyse complète.
  • Clique la flèche verte sur la droite et le scan débutera. Une publicité apparaît quelquefois, ferme-la.
  • Clique Oui pour Tout si un fichier est détecté.
  • A la fin du scan, si des infections sont trouvées, clique sur Tout sélectionner, puis sur Désinfecter. Si la désinfection est impossible, clique sur Quarantaine.
  • Au menu principal de l'outil, en haut à gauche, clique sur le menu Fichier et choisis Enregistrer le rapport.
  • Sauvegarde le rapport sur ton Bureau. Ce dernier se nommera DrWeb.csv.
  • Ferme Dr.Web CureIt!
  • Redémarre ton ordinateur (très important) car certains fichiers peuvent être déplacés/réparés au redémarrage.
  • Suite au redémarrage, poste (Copie/Colle) le contenu du rapport de l'outil Dr.Web dans ta prochaine réponse.

    NB : Dr.Web en version gratuite est un scanner à la demande et n'entre pas en conflit avec ton antivirus résident. Tu pourras finalement supprimer Dr.Web à la fin des manipulations.
    7 Mai 2009 15:19:50

    voici le rapport de dr web

    UsbFix.exe\data013 C:\Documents and Settings\Matthieu\Downloads\UsbFix.exe Tool.Prockill
    UsbFix.exe C:\Documents and Settings\Matthieu\Downloads Conteneur comporte des objets infectés Supprimé.
    UsbFix.exe\data013 C:\Users\Matthieu\Downloads\UsbFix.exe Tool.Prockill
    UsbFix.exe C:\Users\Matthieu\Downloads Conteneur comporte des objets infectés Chemin invalide pour le fichier
    RavMonE.exe C:\_OTMoveIt\MovedFiles\05052009_212541 Win32.HLLW.Peerav Supprimé.

    je n'ai toujours pas pu me connecter à internet et mes programmes bloquent ... :( 
    a c 295 8 Sécurité
    7 Mai 2009 15:34:59

  • Supprime les traces de Norton avec ceci.
    7 Mai 2009 15:49:29

    voila c'est fait mais rien de nouveau ...
    7 Mai 2009 16:09:17

    bon mon disque dur n'est apparament pas en mode IPO
    par contre j'ai reussi à démarrer le gestionnaire de périphérique en mode normal et j'ai vu ceci:

    dans appareil mobile, il y avait un triangle jaune devant :

    "pilote de volume de systeme de fichiers microsoft WPD"

    est ce que ca peut etre ca ?
    si oui que faire.

    merci
    a c 295 8 Sécurité
    7 Mai 2009 16:19:38

    Ça ne me dit rien.
    7 Mai 2009 19:45:43

    c'est peut etre plus un probleme windows, non ?
    a c 295 8 Sécurité
    7 Mai 2009 19:54:29

    Je pense aussi.
    7 Mai 2009 19:57:26

    je vais refaire un post dans windows ...

    merci pour tout
    a c 295 8 Sécurité
    7 Mai 2009 20:17:00

    Tiens-moi au courant.
    7 Mai 2009 22:21:47

    bon j'ai du nouveau.

    apres avoir fait une derniere detection de virus avec combo fix

    j'ai reussi a me reconnecter mais ca bloquait encore pour certains programme

    après j'ai fait un nettoyage de disque et fait supprimer tout ce qu'il me disait de supprimer...

    j'ai redémarrer mon ordinateur en mode normal et tout à l'air normal...

    à n'y rien comprendre.

    du coup je ne sais pas trop ce que c'etait surement un virus qd meme?

    en tout cas merci pour tout
    a c 295 8 Sécurité
    7 Mai 2009 22:47:07

    Tu as le rapport de ComboFix ?
    8 Mai 2009 12:41:48

    bon ca ne marche pas encore terrible, en mode normal la connexion marche une fois sur deux, et des fois les programmes bloquent...

    a mon avis il s'agit bien d'un virus.
    j'ai le nouveau rapport combofix :
    ComboFix 09-05-07.06 - Matthieu 08/05/2009 12:23.2 - NTFSx86 NETWORK
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.33.1036.18.2038.1500 [GMT 2:00]
    Lancé depuis: c:\users\Matthieu\Downloads\ComboFix.exe
    * Un nouveau point de restauration a été créé
    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2009-04-08 au 2009-05-08 ))))))))))))))))))))))))))))))))))))
    .

    2009-05-08 09:55 . 2009-05-08 09:55 -------- d-----w c:\users\Matthieu\AppData\Roaming\AVG8
    2009-05-08 09:43 . 2009-05-08 09:43 -------- d-----w c:\program files\CCleaner
    2009-05-08 09:37 . 2009-05-08 09:37 -------- d-----w c:\program files\ewido anti-spyware 4.0
    2009-05-07 18:32 . 2009-05-07 18:32 -------- d-----w C:\3753da3a9fb808f25d0f4b4ce3a922c5
    2009-05-07 18:32 . 2009-05-07 18:32 -------- d-----w C:\e45cdfa8ba675f105765a170b3
    2009-05-07 13:42 . 2009-05-07 13:42 -------- d-----w c:\programdata\NortonInstaller
    2009-05-07 13:42 . 2009-05-07 13:42 -------- d-----w c:\users\All Users\NortonInstaller
    2009-05-06 19:16 . 2009-05-07 08:26 -------- d-----w c:\users\Matthieu\DoctorWeb
    2009-05-05 21:27 . 2009-05-05 21:10 47560 ----a-w c:\windows\system32\SPReview.exe
    2009-05-05 21:27 . 2009-05-05 21:10 152576 ----a-w c:\windows\system32\SPWizUI.dll
    2009-05-05 20:55 . 2008-01-18 21:33 44032 ----a-w c:\windows\system32\cbsra.exe
    2009-05-05 20:55 . 2009-05-05 20:56 -------- d-----w C:\ebb871ffd74f4ef90e8f8e4f
    2009-05-05 20:55 . 2009-05-05 20:55 -------- d-----w C:\491adcfcf13b00baed30
    2009-05-05 19:25 . 2009-05-05 19:25 -------- d-----w C:\_OTMoveIt
    2009-05-05 17:07 . 2009-05-05 17:12 -------- d-----w c:\program files\trend micro
    2009-05-05 17:07 . 2009-05-05 17:08 -------- d-----w C:\rsit
    2009-05-05 08:53 . 2009-05-05 20:10 -------- d-----w C:\UsbFix
    2009-05-05 08:46 . 2009-05-05 08:48 -------- d-----w C:\ToolBar SD
    2009-05-05 08:43 . 2009-05-05 08:43 -------- d-sh--w C:\$RECYCLE.BIN
    2009-05-04 10:47 . 2009-05-04 10:47 -------- d-----w c:\users\Matthieu\AppData\Roaming\Malwarebytes
    2009-05-04 10:47 . 2009-05-04 10:47 -------- d-----w c:\programdata\Malwarebytes
    2009-05-04 10:47 . 2009-05-04 10:47 -------- d-----w c:\users\All Users\Malwarebytes
    2009-05-03 18:07 . 2009-05-03 18:07 -------- d-----w c:\windows\system32\Kaspersky Lab
    2009-04-10 10:33 . 2006-11-28 18:46 28224 ----a-w c:\windows\system32\drivers\PCAMp50.sys
    2009-04-10 10:33 . 2006-11-28 18:46 27072 ----a-w c:\windows\system32\drivers\PCASp50.sys
    2009-04-10 10:31 . 2009-04-10 10:31 -------- d-----w c:\program files\Securitoo
    2009-04-10 10:29 . 2009-04-10 10:29 -------- d-----w c:\program files\Common Files\France Telecom

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-05-08 09:42 . 2006-11-02 15:48 745318 ----a-w c:\windows\system32\perfh00C.dat
    2009-05-08 09:42 . 2006-11-02 15:48 140414 ----a-w c:\windows\system32\perfc00C.dat
    2009-05-07 19:30 . 2008-05-27 09:53 1356 ----a-w c:\users\Matthieu\AppData\Local\d3d9caps.dat
    2009-05-07 13:43 . 2008-05-24 13:56 -------- d-----w c:\program files\Common Files\Symantec Shared
    2009-05-05 19:35 . 2008-05-27 09:53 106640 ----a-w c:\users\Matthieu\AppData\Local\GDIPFONTCACHEV1.DAT
    2009-04-17 17:04 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
    2009-04-02 11:42 . 2009-04-02 11:42 -------- d-----w c:\program files\WMV9_VCM
    2009-03-21 14:22 . 2009-03-21 14:20 -------- d-----w c:\program files\PDFCreator
    2009-03-21 14:21 . 2009-03-21 14:21 -------- d-----w c:\program files\pdfforge Toolbar
    2009-03-19 10:59 . 2007-11-07 13:17 -------- d-----w c:\program files\Microsoft SQL Server
    2009-03-18 08:45 . 2007-11-07 13:21 -------- d-----w c:\program files\DivX
    2009-03-17 03:16 . 2009-04-16 22:25 14848 ----a-w c:\windows\system32\apilogen.dll
    2009-03-17 03:16 . 2009-04-16 22:25 25600 ----a-w c:\windows\system32\amxread.dll
    2009-03-03 04:24 . 2009-04-16 22:25 3503584 ----a-w c:\windows\system32\ntkrnlpa.exe
    2009-03-03 04:24 . 2009-04-16 22:25 3469280 ----a-w c:\windows\system32\ntoskrnl.exe
    2009-03-03 04:20 . 2009-04-16 22:24 826368 ----a-w c:\windows\system32\wininet.dll
    2009-03-03 04:19 . 2009-04-16 22:25 158720 ----a-w c:\windows\system32\sdohlp.dll
    2009-03-03 04:19 . 2009-04-16 22:25 549888 ----a-w c:\windows\system32\rpcss.dll
    2009-03-03 04:19 . 2009-04-16 22:25 24576 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
    2009-03-03 04:16 . 2009-04-16 22:24 56320 ----a-w c:\windows\system32\iesetup.dll
    2009-03-03 04:16 . 2009-04-16 22:25 97280 ----a-w c:\windows\system32\iasrecst.dll
    2009-03-03 04:16 . 2009-04-16 22:25 53248 ----a-w c:\windows\system32\iasads.dll
    2009-03-03 04:16 . 2009-04-16 22:25 37888 ----a-w c:\windows\system32\iasdatastore.dll
    2009-03-03 04:16 . 2009-04-16 22:24 78336 ----a-w c:\windows\system32\ieencode.dll
    2009-03-03 04:15 . 2009-04-16 22:24 72704 ----a-w c:\windows\system32\admparse.dll
    2009-03-03 02:40 . 2009-04-16 22:25 654336 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
    2009-03-03 02:08 . 2009-04-16 22:24 26624 ----a-w c:\windows\system32\ieUnatt.exe
    2009-03-03 00:44 . 2009-04-16 22:24 48128 ----a-w c:\windows\system32\mshtmler.dll
    2009-02-13 07:26 . 2009-04-16 22:25 72704 ----a-w c:\windows\system32\secur32.dll
    2009-02-13 07:26 . 2009-04-16 22:25 1233408 ----a-w c:\windows\system32\lsasrv.dll
    2009-02-13 07:26 . 2009-04-16 22:25 7680 ----a-w c:\windows\system32\lsass.exe
    2009-02-09 01:59 . 2009-03-11 10:38 2028032 ----a-w c:\windows\system32\win32k.sys
    2008-12-13 10:14 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-05-07_19.15.46 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-05-27 09:54 . 2009-05-08 10:06 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-05-27 09:54 . 2009-05-07 18:31 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-05-27 09:54 . 2009-05-07 18:31 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-05-27 09:54 . 2009-05-08 10:06 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2006-11-02 10:33 . 2009-05-08 09:42 656850 c:\windows\System32\perfh009.dat
    - 2006-11-02 10:33 . 2009-05-07 18:39 656850 c:\windows\System32\perfh009.dat
    - 2006-11-02 10:33 . 2009-05-07 18:39 121446 c:\windows\System32\perfc009.dat
    + 2006-11-02 10:33 . 2009-05-08 09:42 121446 c:\windows\System32\perfc009.dat
    + 2008-05-27 09:54 . 2009-05-08 10:06 1523712 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-05-27 09:54 . 2009-05-07 18:31 1523712 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
    2009-01-30 14:12 650752 ----a-w c:\program files\pdfforge Toolbar\WidgiToolbarIE.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\WidgiToolbarIE.dll" [2009-01-30 650752]

    [HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
    "NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2007-09-20 253952]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-20 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-20 154136]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-20 137752]
    "Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-10 118784]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
    "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-09-19 311296]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-12 29744]
    "MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2007-11-07 36864]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
    "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-06 198160]
    "!ewido"="c:\program files\ewido anti-spyware 4.0\ewido.exe" [2006-06-16 6283264]
    "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-08-25 4669440]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "GrpConv"="grpconv -o" [X]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

    c:\users\Matthieu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    2007-08-14 19:05 98304 ----a-w c:\windows\System32\VESWinlogon.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{58CDA8C9-C883-4B6E-A05F-1BDA9371B7B1}"= Disabled:UDP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
    "{4C6F3B17-7AED-4F83-B7CF-9B48FB0C959E}"= Disabled:TCP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
    "{B89EE9B4-9094-45F4-96C5-D9044E7A060C}"= UDP:c:\program files\Sony\VAIO Media Integrated Server\VMISrv.exe:[VAIO Media] Integrated Server
    "{D5013AE2-391B-48AD-A951-920057EB211E}"= TCP:c:\program files\Sony\VAIO Media Integrated Server\VMISrv.exe:[VAIO Media] Integrated Server
    "{B2A37831-7599-4AFA-99FE-5F86422B719F}"= UDP:c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe:[VAIO Media] HTTP Server
    "{7BBEA102-9ADE-4DDB-AF20-6297F3379B6F}"= TCP:c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe:[VAIO Media] HTTP Server
    "{6382DFC2-D235-4AB3-9FD6-8A155051BC86}"= UDP:c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe:[VAIO Media] Content Collection
    "{74215158-21E9-4E59-B4B1-C9E24F84DE7F}"= TCP:c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe:[VAIO Media] Content Collection
    "{A5EA9615-FC11-4743-9E59-AE88B162B30F}"= UDP:c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe:[VAIO Media] UPnP Server
    "{50AE8A22-E75C-4BAC-83FC-6BE90F00BFA6}"= TCP:c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe:[VAIO Media] UPnP Server
    "{C6DCBD39-F4F5-4766-A546-DD9BEF7A1A30}"= UDP:c:\program files\Sony\VAIO Media Integrated Server\Platform\VmServerSettings.exe:[VAIO Media] SNAC Server
    "{51DCB9B6-46E2-4125-B0B3-9DCA6BCD5DED}"= TCP:c:\program files\Sony\VAIO Media Integrated Server\Platform\VmServerSettings.exe:[VAIO Media] SNAC Server
    "{C45425B5-A9EC-47E7-8351-402ED05C12EF}"= Disabled:UDP:c:\users\Matthieu\AppData\Local\Temp\7zSC950.tmp\setup\HPZnui01.exe:hpznui01.exe
    "{4E05C8D9-3871-49E5-B258-5106909751C1}"= Disabled:TCP:c:\users\Matthieu\AppData\Local\Temp\7zSC950.tmp\setup\HPZnui01.exe:hpznui01.exe
    "{F2B0AFA5-6697-4B0E-9C42-470937F48683}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "TCP Query User{C2F9105B-B21F-40A0-B843-61073D1799DB}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
    "UDP Query User{106BCE31-D7ED-4FC3-9739-EAF80124595A}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
    "TCP Query User{9A9B623C-E030-44F2-BF8C-AEB564907D22}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
    "UDP Query User{871864FE-8DCB-4B0C-88A9-97B2423B59AD}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
    "{D08A613D-F523-4AEF-B88C-EA7FDB1EFC9F}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
    "{85717844-719B-46F7-970A-221F04D76271}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
    "TCP Query User{F1E56A31-0088-47A8-8A55-E32FACF629A8}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
    "UDP Query User{13D526A5-0CD0-4B54-9D9A-68FD6EAE6659}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
    "{0B6C8167-8EFD-46C5-9420-63C61FA909E2}"= Disabled:UDP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
    "{69F583CE-CF88-4A53-927B-B4810B6EBE17}"= Disabled:TCP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
    "{1EAFE4A3-5434-4CF8-A670-46E8F8DCD1F9}"= UDP:c:\users\Matthieu\AppData\Local\Temp\7zS201D.tmp\SymNRT.exe:Norton Removal Tool
    "{D21DFE5B-B05B-4682-8D74-BB872522801E}"= TCP:c:\users\Matthieu\AppData\Local\Temp\7zS201D.tmp\SymNRT.exe:Norton Removal Tool

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "c:\\Program Files\\River Past\\Cam Do\\CamDo.exe"= c:\program files\River Past\Cam Do\CamDo.exe:*:Enabled:River Past Cam Do

    R3 SFEP;Sony Firmware Extension Parser;c:\windows\System32\drivers\SFEP.sys [7/11/2007 20:42 9344]
    S1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [27/05/2008 12:13 111184]
    S2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [27/05/2008 12:13 20560]
    S2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [27/05/2008 12:13 51792]
    S2 BcmSqlStartupSvc;Service de démarrage SQL Server pour le Gestionnaire de contacts professionnels;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [16/01/2008 9:46 30312]
    S2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [24/05/2008 16:11 204800]
    S2 regi;regi;c:\windows\System32\drivers\regi.sys [17/04/2007 20:09 11032]
    S2 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [24/05/2008 15:52 745472]
    S2 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [24/05/2008 15:52 397312]
    S2 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [24/05/2008 15:52 1089536]
    S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [7/11/2007 15:21 29744]
    S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [24/11/2008 23:31 29263712]
    S3 P0630VID;Creative WebCam Live!;c:\windows\System32\drivers\P0630Vid.sys [3/06/2008 16:30 91830]
    S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [10/04/2009 12:33 28224]
    S3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [7/11/2007 20:42 812544]
    S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [24/05/2008 16:01 292128]
    S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [24/05/2008 16:02 79136]

    --- Autres Services/Pilotes en mémoire ---

    *NewlyCreated* - ECACHE

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKLM-RunOnce-<NO NAME> - (no file)


    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.club-vaio.com
    mWindow Title =
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: mappy.com
    Trusted Zone: orange.fr
    Trusted Zone: voila.fr\rw.search.ke
    Trusted Zone: weborama.fr\orange
    FF - ProfilePath - c:\users\Matthieu\AppData\Roaming\Mozilla\Firefox\Profiles\3jp21u1r.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig?hl=fr
    FF - component: c:\program files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-05-08 12:26
    Windows 6.0.6000 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:0000003d
    .
    Heure de fin: 2009-05-08 12:27
    ComboFix-quarantined-files.txt 2009-05-08 10:27
    ComboFix2.txt 2009-05-07 19:17

    Avant-CF: 31.632.535.552 octets libres
    Après-CF: 31.892.486.144 octets libres

    229 --- E O F --- 2009-04-28 07:28
    a c 295 8 Sécurité
    8 Mai 2009 12:47:27

    Rien de supprimer par ComboFix.
    8 Mai 2009 12:49:22

    est ce que je peux lancer autre chose ???
    a c 295 8 Sécurité
    8 Mai 2009 12:53:32

    Je n'ai plus rien à te donner.
    8 Mai 2009 13:04:35

    dans le gestionnaire de peripherique j'ai :
    autre peripherique
    - peripherique inconnu ( avce un triangle jaune...)

    je n'ai rien brancher de nouveau pourtant.

    je sais pas si ca peut aider
    8 Mai 2009 19:33:51

    recherche de rootkit avec Gmer voici le rapport(si ca peut donner d'autre piste...):

    GMER 1.0.15.14972 - http://www.gmer.net
    Rootkit scan 2009-05-08 19:05:32
    Windows 6.0.6000


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0x8C8BC00A]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0x8C8BBF4A]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0x8C8BBFAE]

    ---- Kernel code sections - GMER 1.0.15 ----

    ? C:\Windows\system32\Drivers\PROCEXP90.SYS Le fichier spécifié est introuvable. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2924] kernel32.dll!ExitProcess 7674D84E 5 Bytes JMP 05052422 C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)
    .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2924] USER32.dll!MessageBoxA 75E656DF 5 Bytes JMP 050523CC C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)
    .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2924] USER32.dll!MessageBoxW 75E9FBED 5 Bytes JMP 050523F7 C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Windows\system32\services.exe[548] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00200002
    IAT C:\Windows\system32\services.exe[548] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00200000

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

    ---- EOF - GMER 1.0.15 ----
    a c 295 8 Sécurité
    8 Mai 2009 19:35:06

    Rien de particulier.
    8 Mai 2009 21:49:46

    une autre analyse combo fix (au cas ou) :
    ComboFix 09-05-07.06 - Matthieu 08/05/2009 21:17.4 - NTFSx86 NETWORK
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.33.1036.18.2038.1619 [GMT 2:00]
    Lancé depuis: c:\users\Matthieu\Downloads\ComboFix.exe
    Commutateurs utilisés :: c:\users\Matthieu\Desktop\CFScript.txt
    AV: avast! antivirus 4.8.1296 [VPS 090502-0] *On-access scanning disabled* (Updated)
    * Un nouveau point de restauration a été créé
    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2009-04-08 au 2009-05-08 ))))))))))))))))))))))))))))))))))))
    .

    2009-05-08 09:55 . 2009-05-08 09:55 -------- d-----w c:\users\Matthieu\AppData\Roaming\AVG8
    2009-05-08 09:43 . 2009-05-08 09:43 -------- d-----w c:\program files\CCleaner
    2009-05-08 09:37 . 2009-05-08 11:22 -------- d-----w c:\program files\ewido anti-spyware 4.0
    2009-05-07 18:32 . 2009-05-07 18:32 -------- d-----w C:\e45cdfa8ba675f105765a170b3
    2009-05-07 13:42 . 2009-05-07 13:42 -------- d-----w c:\programdata\NortonInstaller
    2009-05-07 13:42 . 2009-05-07 13:42 -------- d-----w c:\users\All Users\NortonInstaller
    2009-05-06 19:16 . 2009-05-07 08:26 -------- d-----w c:\users\Matthieu\DoctorWeb
    2009-05-05 21:27 . 2009-05-05 21:10 47560 ----a-w c:\windows\system32\SPReview.exe
    2009-05-05 21:27 . 2009-05-05 21:10 152576 ----a-w c:\windows\system32\SPWizUI.dll
    2009-05-05 20:55 . 2008-01-18 21:33 44032 ----a-w c:\windows\system32\cbsra.exe
    2009-05-05 20:55 . 2009-05-05 20:56 -------- d-----w C:\ebb871ffd74f4ef90e8f8e4f
    2009-05-05 20:55 . 2009-05-05 20:55 -------- d-----w C:\491adcfcf13b00baed30
    2009-05-05 19:25 . 2009-05-05 19:25 -------- d-----w C:\_OTMoveIt
    2009-05-05 17:07 . 2009-05-05 17:12 -------- d-----w c:\program files\trend micro
    2009-05-05 17:07 . 2009-05-05 17:08 -------- d-----w C:\rsit
    2009-05-05 08:53 . 2009-05-05 20:10 -------- d-----w C:\UsbFix
    2009-05-05 08:46 . 2009-05-05 08:48 -------- d-----w C:\ToolBar SD
    2009-05-05 08:43 . 2009-05-05 08:43 -------- d-sh--w C:\$RECYCLE.BIN
    2009-05-04 10:47 . 2009-05-04 10:47 -------- d-----w c:\users\Matthieu\AppData\Roaming\Malwarebytes
    2009-05-04 10:47 . 2009-05-04 10:47 -------- d-----w c:\programdata\Malwarebytes
    2009-05-04 10:47 . 2009-05-04 10:47 -------- d-----w c:\users\All Users\Malwarebytes
    2009-05-03 18:07 . 2009-05-03 18:07 -------- d-----w c:\windows\system32\Kaspersky Lab
    2009-04-10 10:33 . 2006-11-28 18:46 28224 ----a-w c:\windows\system32\drivers\PCAMp50.sys
    2009-04-10 10:33 . 2006-11-28 18:46 27072 ----a-w c:\windows\system32\drivers\PCASp50.sys
    2009-04-10 10:31 . 2009-04-10 10:31 -------- d-----w c:\program files\Securitoo
    2009-04-10 10:29 . 2009-04-10 10:29 -------- d-----w c:\program files\Common Files\France Telecom

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-05-08 19:13 . 2006-11-02 15:48 745318 ----a-w c:\windows\system32\perfh00C.dat
    2009-05-08 19:13 . 2006-11-02 15:48 140414 ----a-w c:\windows\system32\perfc00C.dat
    2009-05-08 17:47 . 2008-05-27 09:53 1356 ----a-w c:\users\Matthieu\AppData\Local\d3d9caps.dat
    2009-05-07 13:43 . 2008-05-24 13:56 -------- d-----w c:\program files\Common Files\Symantec Shared
    2009-05-05 19:35 . 2008-05-27 09:53 106640 ----a-w c:\users\Matthieu\AppData\Local\GDIPFONTCACHEV1.DAT
    2009-04-17 17:04 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
    2009-04-02 11:42 . 2009-04-02 11:42 -------- d-----w c:\program files\WMV9_VCM
    2009-03-21 14:22 . 2009-03-21 14:20 -------- d-----w c:\program files\PDFCreator
    2009-03-21 14:21 . 2009-03-21 14:21 -------- d-----w c:\program files\pdfforge Toolbar
    2009-03-19 10:59 . 2007-11-07 13:17 -------- d-----w c:\program files\Microsoft SQL Server
    2009-03-18 08:45 . 2007-11-07 13:21 -------- d-----w c:\program files\DivX
    2009-03-17 03:16 . 2009-04-16 22:25 14848 ----a-w c:\windows\system32\apilogen.dll
    2009-03-17 03:16 . 2009-04-16 22:25 25600 ----a-w c:\windows\system32\amxread.dll
    2009-03-03 04:24 . 2009-04-16 22:25 3503584 ----a-w c:\windows\system32\ntkrnlpa.exe
    2009-03-03 04:24 . 2009-04-16 22:25 3469280 ----a-w c:\windows\system32\ntoskrnl.exe
    2009-03-03 04:20 . 2009-04-16 22:24 826368 ----a-w c:\windows\system32\wininet.dll
    2009-03-03 04:19 . 2009-04-16 22:25 158720 ----a-w c:\windows\system32\sdohlp.dll
    2009-03-03 04:19 . 2009-04-16 22:25 549888 ----a-w c:\windows\system32\rpcss.dll
    2009-03-03 04:19 . 2009-04-16 22:25 24576 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
    2009-03-03 04:16 . 2009-04-16 22:24 56320 ----a-w c:\windows\system32\iesetup.dll
    2009-03-03 04:16 . 2009-04-16 22:25 97280 ----a-w c:\windows\system32\iasrecst.dll
    2009-03-03 04:16 . 2009-04-16 22:25 53248 ----a-w c:\windows\system32\iasads.dll
    2009-03-03 04:16 . 2009-04-16 22:25 37888 ----a-w c:\windows\system32\iasdatastore.dll
    2009-03-03 04:16 . 2009-04-16 22:24 78336 ----a-w c:\windows\system32\ieencode.dll
    2009-03-03 04:15 . 2009-04-16 22:24 72704 ----a-w c:\windows\system32\admparse.dll
    2009-03-03 02:40 . 2009-04-16 22:25 654336 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
    2009-03-03 02:08 . 2009-04-16 22:24 26624 ----a-w c:\windows\system32\ieUnatt.exe
    2009-03-03 00:44 . 2009-04-16 22:24 48128 ----a-w c:\windows\system32\mshtmler.dll
    2009-02-13 07:26 . 2009-04-16 22:25 72704 ----a-w c:\windows\system32\secur32.dll
    2009-02-13 07:26 . 2009-04-16 22:25 1233408 ----a-w c:\windows\system32\lsasrv.dll
    2009-02-13 07:26 . 2009-04-16 22:25 7680 ----a-w c:\windows\system32\lsass.exe
    2009-02-09 01:59 . 2009-03-11 10:38 2028032 ----a-w c:\windows\system32\win32k.sys
    2008-12-13 10:14 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-05-07_19.15.46 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-05-27 09:54 . 2009-05-08 19:06 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-05-27 09:54 . 2009-05-07 18:31 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-05-27 09:54 . 2009-05-07 18:31 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-05-27 09:54 . 2009-05-08 19:06 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2006-11-02 10:33 . 2009-05-08 19:13 656850 c:\windows\System32\perfh009.dat
    - 2006-11-02 10:33 . 2009-05-07 18:39 656850 c:\windows\System32\perfh009.dat
    - 2006-11-02 10:33 . 2009-05-07 18:39 121446 c:\windows\System32\perfc009.dat
    + 2006-11-02 10:33 . 2009-05-08 19:13 121446 c:\windows\System32\perfc009.dat
    + 2008-05-27 09:54 . 2009-05-08 19:06 1523712 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-05-27 09:54 . 2009-05-07 18:31 1523712 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
    2009-01-30 14:12 650752 ----a-w c:\program files\pdfforge Toolbar\WidgiToolbarIE.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\WidgiToolbarIE.dll" [2009-01-30 650752]

    [HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
    "NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2007-09-20 253952]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-20 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-20 154136]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-20 137752]
    "Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-10 118784]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
    "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-09-19 311296]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-12 29744]
    "MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2007-11-07 36864]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
    "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-06 198160]
    "!ewido"="c:\program files\ewido anti-spyware 4.0\ewido.exe" [2006-06-16 6283264]
    "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-08-25 4669440]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "GrpConv"="grpconv -o" [X]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

    c:\users\Matthieu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    2007-08-14 19:05 98304 ----a-w c:\windows\System32\VESWinlogon.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{58CDA8C9-C883-4B6E-A05F-1BDA9371B7B1}"= Disabled:UDP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
    "{4C6F3B17-7AED-4F83-B7CF-9B48FB0C959E}"= Disabled:TCP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
    "{B89EE9B4-9094-45F4-96C5-D9044E7A060C}"= UDP:c:\program files\Sony\VAIO Media Integrated Server\VMISrv.exe:[VAIO Media] Integrated Server
    "{D5013AE2-391B-48AD-A951-920057EB211E}"= TCP:c:\program files\Sony\VAIO Media Integrated Server\VMISrv.exe:[VAIO Media] Integrated Server
    "{B2A37831-7599-4AFA-99FE-5F86422B719F}"= UDP:c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe:[VAIO Media] HTTP Server
    "{7BBEA102-9ADE-4DDB-AF20-6297F3379B6F}"= TCP:c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe:[VAIO Media] HTTP Server
    "{6382DFC2-D235-4AB3-9FD6-8A155051BC86}"= UDP:c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe:[VAIO Media] Content Collection
    "{74215158-21E9-4E59-B4B1-C9E24F84DE7F}"= TCP:c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe:[VAIO Media] Content Collection
    "{A5EA9615-FC11-4743-9E59-AE88B162B30F}"= UDP:c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe:[VAIO Media] UPnP Server
    "{50AE8A22-E75C-4BAC-83FC-6BE90F00BFA6}"= TCP:c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe:[VAIO Media] UPnP Server
    "{C6DCBD39-F4F5-4766-A546-DD9BEF7A1A30}"= UDP:c:\program files\Sony\VAIO Media Integrated Server\Platform\VmServerSettings.exe:[VAIO Media] SNAC Server
    "{51DCB9B6-46E2-4125-B0B3-9DCA6BCD5DED}"= TCP:c:\program files\Sony\VAIO Media Integrated Server\Platform\VmServerSettings.exe:[VAIO Media] SNAC Server
    "{C45425B5-A9EC-47E7-8351-402ED05C12EF}"= Disabled:UDP:c:\users\Matthieu\AppData\Local\Temp\7zSC950.tmp\setup\HPZnui01.exe:hpznui01.exe
    "{4E05C8D9-3871-49E5-B258-5106909751C1}"= Disabled:TCP:c:\users\Matthieu\AppData\Local\Temp\7zSC950.tmp\setup\HPZnui01.exe:hpznui01.exe
    "{F2B0AFA5-6697-4B0E-9C42-470937F48683}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "TCP Query User{C2F9105B-B21F-40A0-B843-61073D1799DB}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
    "UDP Query User{106BCE31-D7ED-4FC3-9739-EAF80124595A}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
    "TCP Query User{9A9B623C-E030-44F2-BF8C-AEB564907D22}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
    "UDP Query User{871864FE-8DCB-4B0C-88A9-97B2423B59AD}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
    "{D08A613D-F523-4AEF-B88C-EA7FDB1EFC9F}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
    "{85717844-719B-46F7-970A-221F04D76271}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
    "TCP Query User{F1E56A31-0088-47A8-8A55-E32FACF629A8}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
    "UDP Query User{13D526A5-0CD0-4B54-9D9A-68FD6EAE6659}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
    "{0B6C8167-8EFD-46C5-9420-63C61FA909E2}"= Disabled:UDP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
    "{69F583CE-CF88-4A53-927B-B4810B6EBE17}"= Disabled:TCP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
    "{1EAFE4A3-5434-4CF8-A670-46E8F8DCD1F9}"= UDP:c:\users\Matthieu\AppData\Local\Temp\7zS201D.tmp\SymNRT.exe:Norton Removal Tool
    "{D21DFE5B-B05B-4682-8D74-BB872522801E}"= TCP:c:\users\Matthieu\AppData\Local\Temp\7zS201D.tmp\SymNRT.exe:Norton Removal Tool

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "c:\\Program Files\\River Past\\Cam Do\\CamDo.exe"= c:\program files\River Past\Cam Do\CamDo.exe:*:Enabled:River Past Cam Do

    R3 SFEP;Sony Firmware Extension Parser;c:\windows\System32\drivers\SFEP.sys [7/11/2007 20:42 9344]
    S1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [27/05/2008 12:13 111184]
    S2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [27/05/2008 12:13 20560]
    S2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [27/05/2008 12:13 51792]
    S2 BcmSqlStartupSvc;Service de démarrage SQL Server pour le Gestionnaire de contacts professionnels;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [16/01/2008 9:46 30312]
    S2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [24/05/2008 16:11 204800]
    S2 regi;regi;c:\windows\System32\drivers\regi.sys [17/04/2007 20:09 11032]
    S2 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [24/05/2008 15:52 745472]
    S2 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [24/05/2008 15:52 397312]
    S2 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [24/05/2008 15:52 1089536]
    S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [7/11/2007 15:21 29744]
    S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [24/11/2008 23:31 29263712]
    S3 P0630VID;Creative WebCam Live!;c:\windows\System32\drivers\P0630Vid.sys [3/06/2008 16:30 91830]
    S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [10/04/2009 12:33 28224]
    S3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [7/11/2007 20:42 812544]
    S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [24/05/2008 16:01 292128]
    S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [24/05/2008 16:02 79136]

    --- Autres Services/Pilotes en mémoire ---

    *NewlyCreated* - ECACHE

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKLM-RunOnce-<NO NAME> - (no file)


    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.club-vaio.com
    mWindow Title =
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: mappy.com
    Trusted Zone: orange.fr
    Trusted Zone: voila.fr\rw.search.ke
    Trusted Zone: weborama.fr\orange
    FF - ProfilePath - c:\users\Matthieu\AppData\Roaming\Mozilla\Firefox\Profiles\3jp21u1r.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig?hl=fr
    FF - component: c:\program files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-05-08 21:20
    Windows 6.0.6000 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    Heure de fin: 2009-05-08 21:21
    ComboFix-quarantined-files.txt 2009-05-08 19:21
    ComboFix2.txt 2009-05-08 10:27
    ComboFix3.txt 2009-05-07 19:17

    Avant-CF: 31.505.498.112 octets libres
    Après-CF: 31.397.584.896 octets libres

    223 --- E O F --- 2009-04-28 07:28
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS