Possible virus sur mon ordinateur

http://www.cijoint.fr/cjlink.php?file=cj201106/cijXFO2PEM.txt

Salut





* Excuses j ai failli t' oublier !! >> Lis bien


1) • Télécharge Defogger (de jpshortstuff) sur ton Bureau
* ICI >>Defogger (de jpshortstuff)

• Lance le
• Pour Windows Vista et Windows 7,
• faire un clic droit et >> Exécuter en tant qu'administrateur.
• Une fenêtre apparait : clique sur "Disable"
• Un message va t'avertir que tes lecteurs virtuels vont être désactivés. Clique sur Oui pour continuer
• Attends que le message Finished apparaisse puis clique sur OK pour fermer la fenêtre.
• Defogger va te demander de redémarrer la machine. Accepte en cliquant sur OK


• PS >> Quand nous aurons terminé la désinfection, tu pourras réactiver ces logiciels en relançant Defogger et en cliquant sur "Re-enable"







2)/!\ Il faut IMPERATIVEMENT désactiver tous tes logiciels de protection(antivirus , antispyware )pour utiliser ce programme/!\

3) • Télécharge ComboFix (de sUBs) .
• sur ton bureau et pas ailleurs


• ICI >> * ICI >>ComboFix (de sUBs)

• Ferme toutes les fenêtres ouvertes

/!\ Déconnecte-toi du net/!\

• Double clic >> sur ComboFix.exe afin de le lancer
• sous Windows7/ Vista --> Ne pas oublier l'élévation des privilèges
• (Clic droit sur ComboFix.exe, puis sur >> Exécuter en tant qu'administrateur dans le menu déroulant.)
• Tapes sur la touche1 pour démarrer le scan et suis les instructions indiquées par combofix.


• Réponds oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

• /!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes. /!\
• /!\ (ne touche a rien pendant que l'outil travaille pour ne pas figer ton pc)/!\

• Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\






• Si ta connexion internet n'est plus active après le redémarrage
au cas faudra faire une réparation manuelle image ci dessous
• Regarde >>





@+ VIRUS/C/C

Bonjour,

Merci encore pour ton aide, voici :

ComboFix 11-06-16.01 - nath 16/06/2011 22:07:38.1.2 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.33.1036.18.3893.2595 [GMT 2:00]
Lancé depuis: c:\users\nath\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-05-16 au 2011-06-16 ))))))))))))))))))))))))))))))))))))
.
.
2011-06-16 20:14 . 2011-06-16 20:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-16 11:47 . 2011-06-16 11:47 -------- d-----w- c:\users\nath\AppData\Local\{567C46EB-80F8-4722-ACDB-5D01191541D5}
2011-06-16 09:26 . 2011-05-09 22:00 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{41DA0C09-02CB-4A81-A595-80E5E7107174}\mpengine.dll
2011-06-15 22:05 . 2011-06-15 22:05 -------- d-----w- c:\users\nath\AppData\Local\{44092019-844F-4940-83C7-74164A6010DD}
2011-06-15 10:04 . 2011-06-15 10:04 -------- d-----w- c:\users\nath\AppData\Local\{633B7D2C-1931-4161-A185-908614D3A70A}
2011-06-14 13:08 . 2011-06-14 13:08 -------- d-----w- c:\users\nath\AppData\Local\{9C2E8C8D-C514-4870-9979-33ED2F033D58}
2011-06-13 18:58 . 2011-06-13 18:58 -------- d-----w- c:\users\nath\AppData\Local\{DAF263D8-9C84-42C4-8438-18FE36AB2F72}
2011-06-13 06:57 . 2011-06-13 18:58 -------- d-----w- c:\users\nath\AppData\Local\{CFA870C4-6ADA-4DD9-A7E6-FDE81A1546ED}
2011-06-12 13:08 . 2011-06-12 13:08 -------- d-----w- c:\users\nath\AppData\Local\{9AC2273B-5E47-4C14-ACA8-8C5F89E1F12D}
2011-06-12 10:26 . 2011-06-12 10:27 -------- d-----w- c:\users\nath\AppData\Local\{289C5460-C7F4-4F1F-A93D-DEF1119FDF0C}
2011-06-12 07:06 . 2011-06-12 07:06 -------- d-----w- c:\users\nath\AppData\Local\{6A0830E6-27CC-4EAC-9123-1F1203A87663}
2011-06-11 12:08 . 2011-06-11 12:08 -------- d-----w- c:\users\nath\AppData\Local\{93668400-2B85-4EAE-8796-F591361F109C}
2011-06-10 22:04 . 2011-06-10 22:04 -------- d-----w- c:\users\nath\AppData\Local\{D35A9C0B-1A1C-4D50-99B5-9C99DD0A9FC5}
2011-06-10 21:19 . 2011-06-10 21:19 -------- d-----w- c:\users\nath\AppData\Local\{17C74027-9E82-46D4-8A1D-2670A9F8DD00}
2011-06-10 20:24 . 2011-06-10 20:24 -------- d-----w- c:\users\nath\AppData\Local\{59C34CEF-828E-4ACB-8927-1B85A8343AFE}
2011-06-10 06:44 . 2011-06-10 06:44 -------- d-----w- c:\users\nath\AppData\Local\{49B62BED-FD65-4CD8-8448-19AFA653229D}
2011-06-10 06:44 . 2011-06-10 06:44 -------- d-----w- c:\users\nath\AppData\Local\{48008ECB-54AA-4C78-806C-49FBBEFF5096}
2011-06-09 10:39 . 2011-06-09 10:39 -------- d-----w- c:\users\nath\AppData\Local\{25840154-58F6-40A7-88A9-06838DC39D0A}
2011-06-09 10:38 . 2011-06-09 10:38 -------- d-----w- c:\users\nath\AppData\Local\{943078D5-73DD-4438-8179-34C096E559DB}
2011-06-08 19:45 . 2011-06-08 19:45 -------- d-----w- c:\users\nath\AppData\Local\{6FA1FADE-8A13-4F5B-94B6-7F414B864803}
2011-06-08 14:29 . 2007-06-26 22:54 33792 ----a-w- c:\windows\system32\Spool\prtprocs\x64\sst2cpc.dll
2011-06-08 14:27 . 2011-06-08 14:27 -------- d-----w- c:\program files\Scan Assistant
2011-06-08 14:27 . 2010-03-18 10:44 138776 ----a-r- c:\windows\SysWow64\TWAINDSM.dll
2011-06-08 14:27 . 2011-06-08 14:27 -------- d-----w- c:\users\nath\AppData\Local\S2PC
2011-06-08 14:27 . 2009-12-02 01:21 482408 ----a-w- c:\windows\SSndii.exe
2011-06-08 14:27 . 2011-06-08 14:27 -------- d-----w- c:\users\nath\AppData\Roaming\InstallShield
2011-06-08 14:27 . 2010-11-11 22:44 113768 ----a-w- c:\windows\Wiainst.exe
2011-06-08 14:26 . 2010-03-18 23:26 98816 ----a-w- c:\windows\system32\SaSegFlt.dll
2011-06-08 14:26 . 2010-03-18 23:26 333312 ----a-w- c:\windows\system32\SaMinDrv.dll
2011-06-08 14:26 . 2010-03-18 23:26 129536 ----a-w- c:\windows\system32\SaImgFlt.dll
2011-06-08 14:26 . 2010-03-18 23:26 55808 ----a-w- c:\windows\system32\SaErHdlr.dll
2011-06-08 14:26 . 2009-11-10 05:04 43520 ----a-w- c:\windows\system32\Ssusbp64.dll
2011-06-08 14:26 . 2009-07-11 16:45 49152 ----a-w- c:\windows\SysWow64\Ssusbpn.dll
2011-06-08 14:26 . 2009-07-11 16:45 11576 ----a-w- c:\windows\system32\drivers\SSPORT.sys
2011-06-08 14:26 . 2009-07-11 16:45 73728 ----a-w- c:\windows\system32\Ssdevm64.dll
2011-06-08 14:26 . 2009-07-11 16:45 57344 ----a-w- c:\windows\SysWow64\Ssdevm.dll
2011-06-08 14:24 . 2009-07-12 19:16 11576 ------w- c:\windows\SysWow64\drivers\SSPORT.SYS
2011-06-08 14:24 . 2011-06-08 14:24 -------- d-----w- C:\Temp
2011-06-08 07:44 . 2011-06-08 07:44 -------- d-----w- c:\users\nath\AppData\Local\{3D474A67-5400-40ED-A4B3-B506ADEE862B}
2011-06-08 07:30 . 2011-06-08 07:30 -------- d-----w- c:\users\nath\AppData\Local\{1391FF69-B9F4-42F5-923D-3A4A34EE249B}
2011-06-08 07:27 . 2011-06-08 07:27 -------- d-----w- c:\users\nath\AppData\Local\{A07AF913-9599-485E-8A8B-35A3BF6B8D15}
2011-06-07 19:14 . 2011-06-07 19:14 -------- d-----w- c:\users\nath\AppData\Local\{92DC3C56-F576-4947-AEE1-08D688D42A7D}
2011-06-07 07:13 . 2011-06-07 07:13 -------- d-----w- c:\users\nath\AppData\Local\{EF24C059-4E6A-4E04-B399-3C7CE602997C}
2011-06-06 23:26 . 2011-06-06 23:26 -------- d-----w- c:\windows\SysWow64\aliedit
2011-06-06 23:26 . 2011-06-06 23:27 -------- d-----w- c:\program files (x86)\Trademanager
2011-06-06 23:24 . 2011-06-06 23:24 -------- d-----w- c:\users\nath\AppData\Local\Alibaba
2011-06-06 21:36 . 2011-06-16 20:16 -------- d-----w- c:\users\nath\Tracing
2011-06-06 18:27 . 2011-06-06 18:27 -------- d-----w- c:\users\nath\AppData\Local\{57995E23-1E4B-455B-A022-BFE87A51B817}
2011-06-06 06:26 . 2011-06-06 06:26 -------- d-----w- c:\users\nath\AppData\Local\{6493E3E4-19A4-4984-9BE7-F50819F5F45B}
2011-06-05 15:18 . 2011-06-05 15:18 -------- d-----w- c:\users\nath\AppData\Local\{970773C8-85F3-485D-8135-EDA9E7111E53}
2011-06-05 01:47 . 2011-06-05 01:48 -------- d-----w- c:\users\nath\AppData\Local\{BFA867FE-CD52-4C7B-976A-B7AD7EBA2641}
2011-06-04 13:32 . 2011-06-04 13:32 -------- d-----w- c:\users\nath\AppData\Local\{6D0A3AE4-BA41-404C-B5D0-5D481165FB18}
2011-06-03 23:15 . 2011-06-03 23:15 -------- d-----w- c:\users\nath\AppData\Local\{2CC9767F-3780-4CA7-AEE3-6D3C945F3CCD}
2011-06-03 22:39 . 2011-06-03 22:39 -------- d-----w- c:\users\nath\AppData\Local\{DD002304-12CE-4472-8400-2B16118F97D2}
2011-06-03 10:08 . 2011-06-03 10:08 -------- d-----w- c:\users\nath\AppData\Local\{9A0BBA91-1D06-4690-90F0-0AA831C63D0E}
2011-06-02 21:58 . 2011-06-02 21:58 -------- d-----w- c:\users\nath\AppData\Local\{6F22DB6F-C3D3-4820-80DB-098C6EDF41B8}
2011-06-02 09:57 . 2011-06-02 09:57 -------- d-----w- c:\users\nath\AppData\Local\{A7EDF4A4-E77E-45EF-BFD0-343380FD4500}
2011-06-01 20:02 . 2011-06-01 20:03 -------- d-----w- c:\users\nath\AppData\Local\{F4BCFBD4-8FCF-4678-8751-28ABD99612F5}
2011-06-01 07:50 . 2011-06-01 07:50 -------- d-----w- c:\users\nath\AppData\Local\{64908CE8-2821-44B9-A9D2-90CDF02C923E}
2011-06-01 01:02 . 2011-06-01 01:02 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-06-01 00:15 . 2011-06-01 00:15 -------- d-----w- c:\users\nath\AppData\Local\{BC526AD9-8889-4A0B-9F3A-6EDE60D8D550}
2011-05-31 23:47 . 2011-05-31 23:47 -------- d-----w- c:\users\nath\AppData\Local\{6CF0039E-EC96-4DB4-AD1A-AA7889875C08}
2011-05-31 10:21 . 2011-05-31 10:21 -------- d-----w- c:\users\nath\AppData\Local\{B65D11EB-46AA-4623-BBCD-F5E643E8418D}
2011-05-30 22:20 . 2011-05-30 22:21 -------- d-----w- c:\users\nath\AppData\Local\{AF9E0E51-D638-4A8E-A6F3-6555ED81FB95}
2011-05-30 21:57 . 2011-05-30 21:57 -------- d-----w- c:\users\nath\AppData\Local\{2FA6EC3D-9AB5-4CF4-88E0-B42C164B4360}
2011-05-30 09:28 . 2011-05-30 09:28 -------- d-----w- c:\users\nath\AppData\Local\{381E6374-663B-4678-A327-848AECB842CA}
2011-05-29 12:01 . 2011-05-29 12:02 -------- d-----w- c:\users\nath\AppData\Local\{144753A6-AEFA-46B1-9F17-86CCA2CA9308}
2011-05-28 23:30 . 2011-05-28 23:30 -------- d-----w- c:\users\nath\AppData\Local\{AAD08595-87C9-4485-B6A2-4AD0DD72B510}
2011-05-28 22:33 . 2011-05-28 22:33 -------- d-----w- c:\users\nath\AppData\Roaming\Malwarebytes
2011-05-28 22:33 . 2010-12-20 16:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-28 22:33 . 2011-05-28 22:33 -------- d-----w- c:\programdata\Malwarebytes
2011-05-28 22:33 . 2011-05-28 22:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-05-28 22:33 . 2010-12-20 16:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-28 20:41 . 2011-05-28 20:41 -------- d-----w- c:\users\nath\AppData\Local\{89B26791-D681-4DA0-9CE2-E1A93ED3628D}
2011-05-28 08:06 . 2011-05-28 08:06 -------- d-----w- c:\users\nath\AppData\Local\{1E4369D9-D6B5-4CBA-93AE-7F87B378C019}
2011-05-27 20:03 . 2011-05-27 20:04 -------- d-----w- c:\users\nath\AppData\Local\{BDF7AE22-A578-48D0-8EAF-116BB7F2A3F0}
2011-05-27 06:46 . 2011-05-27 06:46 -------- d-----w- c:\users\nath\AppData\Local\{5465B3BE-7957-4D9D-865C-BB4FD59F4B98}
2011-05-26 18:45 . 2011-05-26 18:45 -------- d-----w- c:\users\nath\AppData\Local\{3184C090-A32D-420A-BD4C-9082BBB836F5}
2011-05-26 17:59 . 2011-05-26 17:59 512 ----a-w- C:\PhysicalDisk0_MBR.bin
2011-05-26 17:54 . 2011-05-29 11:27 -------- d-----w- c:\program files (x86)\ZHPDiag
2011-05-26 17:39 . 2011-05-26 17:39 -------- d-----w- c:\program files (x86)\Ad-Remover
2011-05-26 15:58 . 2011-05-26 15:58 -------- d-----w- c:\program files (x86)\trend micro
2011-05-26 15:58 . 2011-05-26 15:58 -------- d-----w- C:\rsit
2011-05-26 14:19 . 2011-05-26 14:19 -------- d-----w- c:\program files (x86)\Common Files\Skype
2011-05-26 14:19 . 2011-05-26 14:19 -------- d-----r- c:\program files (x86)\Skype
2011-05-26 06:44 . 2011-05-26 06:44 -------- d-----w- c:\users\nath\AppData\Local\{A9A0BF03-F7E0-4C58-AE2A-562C2A99B1C5}
2011-05-25 09:56 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-25 09:24 . 2011-05-25 09:24 -------- d-----w- c:\users\nath\AppData\Local\{D719D2A9-AA4B-488D-9F20-A90989EF6E53}
2011-05-24 18:24 . 2011-05-24 18:24 -------- d-----w- c:\users\nath\AppData\Local\{FC51CE92-A188-430C-B485-4448504E7428}
2011-05-24 13:53 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-24 13:53 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-05-24 06:23 . 2011-05-24 06:24 -------- d-----w- c:\users\nath\AppData\Local\{DC909697-2FA5-4352-BCE3-703FBE1CE875}
2011-05-23 18:22 . 2011-05-23 18:23 -------- d-----w- c:\users\nath\AppData\Local\{D10E72E9-7CD5-40A9-A982-F3D43B0108E4}
2011-05-23 06:21 . 2011-05-23 06:22 -------- d-----w- c:\users\nath\AppData\Local\{1A78E099-E8DE-4F1F-809A-54F5AC84070B}
2011-05-22 11:40 . 2011-05-22 11:40 -------- d-----w- c:\users\nath\AppData\Local\{DAA6AC22-002F-421E-8795-428F909878C4}
2011-05-21 17:52 . 2011-05-21 17:52 -------- d-----w- c:\programdata\ClubSanDisk
2011-05-21 14:48 . 2011-05-21 14:48 -------- d-----w- c:\users\nath\AppData\Local\{73C54C91-BFFB-4307-9820-6C409AA9B073}
2011-05-21 00:46 . 2011-05-21 00:46 -------- d-----w- c:\users\nath\AppData\Local\{829D7100-9B64-4C8A-9F87-E764958E02A8}
2011-05-20 23:58 . 2011-05-20 23:58 -------- d-----w- c:\users\nath\AppData\Local\{9EF1B43B-5C62-443C-8913-CCB9EAD5FC2A}
2011-05-20 10:36 . 2011-05-20 10:36 -------- d-----w- c:\users\nath\AppData\Local\{052E3FC0-266A-4F53-B113-D3F2A6996F3C}
2011-05-19 19:10 . 2011-05-19 19:10 -------- d-----w- c:\users\nath\AppData\Local\{EE277D8F-2620-4F3F-A6AE-F439910F4170}
2011-05-19 07:09 . 2011-05-19 07:09 -------- d-----w- c:\users\nath\AppData\Local\{C120B239-0644-4215-A7FB-73038E594752}
2011-05-18 18:53 . 2011-05-18 18:53 -------- d-----w- c:\users\nath\AppData\Local\{4A4831E2-82D2-41CE-A2DA-0844A2580AAA}
2011-05-18 06:52 . 2011-05-18 06:52 -------- d-----w- c:\users\nath\AppData\Local\{37E1E403-D19C-4506-A001-063F5C34E8B9}
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-14 03:07 . 2011-03-28 23:25 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-04-09 06:45 . 2011-05-11 06:42 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 06:13 . 2011-05-11 06:42 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:13 . 2011-05-11 06:42 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-03-19 16:06 . 2010-06-24 02:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UpdatePDRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-02-15 1230704]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"CLX3180_Scan2Pc"="c:\windows\Twain_32\Samsung\CLX3180\Scan2pc.exe" [2010-11-12 1998848]
.
c:\users\nath\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-07-11 11576]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
Contenu du dossier 'Tâches planifiées'
.
2011-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1972273453-3807663751-171534141-1001Core.job
- c:\users\nath\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-19 16:12]
.
2011-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1972273453-3807663751-171534141-1001UA.job
- c:\users\nath\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-19 16:12]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverla yidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-15 9644576]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-12-28 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-12-28 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-12-28 415256]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: taobao.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\nath\AppData\Roaming\Mozilla\Firefox\Profiles\vgym3ewg.default\
FF - prefs.js: browser.startup.homepage - www.google.fr
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
FF - Ext: Page Speed: {e3f6c2cc-d8db-498c-af6c-499fb211db97} - %profile%\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
c:\program files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Heure de fin: 2011-06-16 22:22:35 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-06-16 20:22
.
Avant-CF: 135 806 791 680 octets libres
Après-CF: 135 817 048 064 octets libres
.
- - End Of File - - A51E4810724D036D6C67493DC3BE3594

Salut






2)Télécharge OTL (de OldTimer) sur ton Bureau.

* ICI >> OTL (de OldTimer)



* Utilisateurs Windows XP => double clique >>sur OTL.exe
* Utilisateurs Windows Vista / windows 7 => clic droit "executer en tant que en tant qu'administrateur "sur OTL.exe pour le lancer.

coches les cases Tous les Utilisateurs et minimal output

Copies et colles le contenue de cette citation dans la partie inférieure d'OTL sous >> Personalisation :





netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE\%Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.*
%SYSTEMDRIVE%\*.exe
%PROGRAMFILES%\*.*
%PROGRAMFILES%\*.
/md5start
volsnap.sys
hidserv.dll
appmgmts.dll
eventlog.dll
winlogon.exe
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
wininet.dll
wininit.exe
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
explorer.exe
svchost.exe
userinit.exe
qmgr.dll
ws2_32.dll
proquota.exe
imm32.dll
kernel32.dll
ndis.sys
autochk.exe
spoolsv.exe
xmlprov.dll
ntmssvc.dll
mswsock.dll
Beep.SYS
ntfs.sys
termsrv.dll
sfcfiles.dll
st3shark.sys
winlogon.exe
wininit.ini
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT





* Cliques sur l'icône "Analyse" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un ou deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( dans certains cas).
* Copie et colle le contenu de OTL.Txt dans ta prochaine réponse

• Héberge le rapport >> OTL.Txt sur ce site,

• Rends toi sur >> cijoint.fr
• clic sur Parcourir
• trouve >> le rapport que tu viens d'enregistrer qui doit par exemple être sur ton bureau
• et valide en cliquant sur >> Cliquez ici pour déposer le Fichier
• Un lien de ce genre [http://www.cijoint.fr/cjlink.php?file=cj201004/cijecaEGX.txt] te sera généré,
• Il te suffit de le poster

* fais aprés de même avec le rapport >> Extras.Txt






@+ VIRUS/C/C

Salut,

Voici :
http://www.cijoint.fr/cjlink.php?file=cj201106/cijXurHEli.txt

http://www.cijoint.fr/cjlink.php?file=cj201106/cijTm6lGVo.txt

Salut







* Relance OTL ,
* >> double clic sur OTL.exe pour le lancer
* Windows XP >> double clic sur OTL.exe pour le lancer
* Windows7/VIsta >> clic droit exécuter en tant qu'administrateur sur OTL.exe pour le lancer,
* Copie et colle du texte en gras çi-dessous

* Tu commençes bien à >> OTL , les : inclus devant OTL jusqu'à >> [Reboot] inclus dans la partie inférieure d'OTL sous "Personalisation"
* Cliques sur >> CORRECTION:




:OTL
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
[2011/06/16 22:04:24 | 000,256,512 | ---- | C] () -- C:\windows\PEV.exe
[2011/06/16 22:04:24 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2011/06/16 22:04:24 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2011/06/16 22:04:24 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2011/06/16 22:04:24 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe


:Commands
[emptytemp]
[emptyflash]
[Reboot]


* copie/colle le contenu du rapport texte qui apparait au Redémarrage de ton PC.




@+ VIRUS/C/C

Salut,

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324}\ deleted successfully.
File {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
C:\Windows\PEV.exe moved successfully.
C:\Windows\MBR.exe moved successfully.
C:\Windows\sed.exe moved successfully.
C:\Windows\grep.exe moved successfully.
C:\Windows\zip.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: nath
->Temp folder emptied: 2014988 bytes
->Temporary Internet Files folder emptied: 9410575 bytes
->Java cache emptied: 10562 bytes
->FireFox cache emptied: 60306354 bytes
->Google Chrome cache emptied: 40923106 bytes
->Flash cache emptied: 20272 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3261177 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 49554 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 111.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: nath
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.24.1 log created on 06182011_193058

Files\Folders moved on Reboot...
C:\Users\nath\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Salut




1) Comment se comporte ton PC??



2) Rends toi ici ==> Eset Online scanner

avec Internet Explorer

>>ICI >> Eset Online scanner

*

utilises Internet Explorer pour pouvoir le lancer (Contrôles ActiveX).

*Coches la case: Yes, I accept the Terms of use puis cliques sur Start.
* Installes les contrôles Active X proposés.
* Choisis et coches les actions de nettoyage:


>>

* A la fin de l analyse colle le rapport : C:\Program Files\EsetOnlineScanner\log.txt

a la fin de l analyse

coches la case >>Désinstaller l application à la fermeture



* Réactives ton Antivirus


Tu posteras le rapport ou une capture d écran des résultats

C:\Program Files\ESET Online Scanner\log.txt ou C:\Program Files (x86) \ESET Online Scanner\log.txt

@+ VIRUS/C/C