Trojan.Packed.NsAnti

Merci beaucoup pour votre réponse !! Voilà ci-dessous les deux rapports, ils me semblent un peu long, j espère ne pas avoir fait une erreur:
encore merci !!!

Logfile of random's system information tool 1.06 (written by random/random)
Run by Sarah J. at 2009-04-28 18:22:54
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 2 GB (5%) free of 38 GB
Total RAM: 511 MB (27% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:24:19, on 28.04.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
c:\program files\logitech\quickcam\lu\lulnchr.exe
c:\program files\logitech\quickcam\lu\LogitechUpdate.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Sarah Jacquier\Bureau\RSIT.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\trend micro\Sarah Jacquier.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://internet.sunrise.ch/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BackupNotify] C:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo RX560 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBPE.EXE /FU "C:\DOCUME~1\SARAHJ~1\LOCALS~1\Temp\E_SEF.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://internet.sunrise.ch/fr/hom/default.asp
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

Voici le rapport... Merci !!!
############################## [ UsbFix V3.014 ]

# User : Sarah J (Administrateurs) # SARAH
# Update on 27/04/09 by C_XX & Chiquitine29
# Start at: 19:00:58 | 28.04.2009

# Intel(R) Pentium(R) M processor 1.40GHz
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.11
# Windows Firewall Status : Enabled
# AV : Norton AntiVirus 2006 2005 [ Enabled | Updated ]
# FW : Norton Internet Worm Protection[ Enabled ]2006

# C:\ # Disque fixe local # 37.25 Go (1.8 Go free) # NTFS
# D:\ # Disque CD-ROM

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
c:\program files\logitech\quickcam\lu\lulnchr.exe
c:\program files\logitech\quickcam\lu\LogitechUpdate.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Registre # Startup ]

HKCU_Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
HKCU_Main: "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
HKCU_Main: "Start Page"="http://www.google.ch/"
HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"="Sarah Jacquier"
HKLM_logon: "AltDefaultUserName"="Sarah Jacquier"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: ATIModeChange=Ati2mdxx.exe
HKLM_Run: AGRSMMSG=AGRSMMSG.exe
HKLM_Run: Cpqset=C:\Program Files\HPQ\Default Settings\cpqset.exe
HKLM_Run: SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
HKLM_Run: ATIPTA=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
HKLM_Run: UpdateManager="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
HKLM_Run: SynTPLpr=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
HKLM_Run: SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
HKLM_Run: CamMonitor=C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
HKLM_Run: Share-to-Web Namespace Daemon=C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
HKLM_Run: HP Component Manager="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
HKLM_Run: HPDJ Taskbar Utility=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
HKLM_Run: ccApp="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
HKLM_Run: HP Software Update=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
HKLM_Run: UserFaultCheck=%systemroot%\system32\dumprep 0 -u
HKLM_Run: Symantec PIF AlertEng="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
HKLM_Run: Google Desktop Search="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
HKLM_Run: QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime
HKLM_Run: iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
HKLM_Run: LogitechCommunicationsManager="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
HKLM_Run: LogitechQuickCamRibbon="C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
HKLM_Run: KernelFaultCheck=%systemroot%\system32\dumprep 0 -k
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
HKCU_Run: BackupNotify=C:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
HKCU_Run: EPSON Stylus Photo RX560 Series=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBPE.EXE /FU "C:\DOCUME~1\SARAHJ~1\LOCALS~1\Temp\E_SEF.tmp" /EF "HKCU"
HKCU_Run: MsnMsgr="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
HKCU_Run: Skype="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
HKCU_Run: LDM=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
HKCU_Run: cdoosoft=C:\WINDOWS\system32\olhrwef.exe

################## [ Informations ]


################## [ Fichiers # Dossiers infectieux ]

Found ! C:\WINDOWS\system32\nmdfgds1.dll
Found ! C:\WINDOWS\system32\olhrwef.exe
C:\autorun.inf # -> fichier appelé : "C:\husyu8n.exe" ( présent ! )
Found ! C:\husyu8n.exe
Found ! C:\autorun.inf

################## [ Registre # Clés Run infectieuses ]

Found ! HKLM\software\microsoft\security center\\ "AntiVirusDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
Found ! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "cdoosoft"
Found ! HKU\S-1-5-21-3417952865-395674317-2273855193-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "cdoosoft"

################## [ Registre # Mountpoints2 ]

HKCU\Software\Microsoft\....\MountPoints2\{1c3a8610-5e4b-11dc-90c5-000e356e18cd}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{1c3a8610-5e4b-11dc-90c5-000e356e18cd}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{1c3a8639-5e4b-11dc-90c5-000e356e18cd}\Shell\Auto\command
HKCU\Software\Microsoft\....\MountPoints2\{1c3a8639-5e4b-11dc-90c5-000e356e18cd}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{37233ff0-284d-11de-91d7-000e356e18cd}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{37233ff0-284d-11de-91d7-000e356e18cd}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{41fac940-f456-11dd-91b5-000e356e18cd}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{41fac940-f456-11dd-91b5-000e356e18cd}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{84bc3b80-3942-11dc-90bd-000e356e18cd}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{84bc3b80-3942-11dc-90bd-000e356e18cd}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{bfdc0300-3b2b-11d9-8e5e-806d6172696f}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{bfdc0300-3b2b-11d9-8e5e-806d6172696f}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{efdf5006-da69-11dd-919a-000e356e18cd}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{efdf5006-da69-11dd-919a-000e356e18cd}\Shell\open\Command

################## [ ! Fin du rapport # UsbFix V3.014 ! ]

Merci pour cette réponse rapide et pour la clarté de vos instructions !!! Je fais tout cela dès maintenant... et vous poste ensuite les 2 rapports...

Voici le premier rapport... je passe maintenant à l étape 2...


############################## [ UsbFix V3.014 ]

# User : Sarah Jacquier (Administrateurs) # SARAH
# Update on 27/04/09 by C_XX & Chiquitine29
# Start at: 19:24:39 | 28.04.2009

# Intel(R) Pentium(R) M processor 1.40GHz
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.11
# Windows Firewall Status : Enabled
# AV : Norton AntiVirus 2006 2005 [ Enabled | Updated ]
# FW : Norton Internet Worm Protection[ Enabled ]2006

# C:\ # Disque fixe local # 37.25 Go (1.8 Go free) # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque amovible # 7.45 Go (2.82 Go free) [INTENSO USB] # FAT32
# F:\ # Disque fixe local # 372.52 Go (218.18 Go free) [My Passport] # FAT32

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe

################## [ Fichiers # Dossiers infectieux ]

Deleted ! C:\WINDOWS\system32\nmdfgds1.dll
Deleted ! C:\WINDOWS\system32\olhrwef.exe
C:\autorun.inf # -> fichier appelé : "C:\husyu8n.exe" ( présent ! )
Deleted ! -> C:\husyu8n.exe
Deleted ! C:\autorun.inf
E:\autorun.inf # -> fichier appelé : "E:\husyu8n.exe" ( présent ! )
Deleted ! -> E:\husyu8n.exe
Deleted ! E:\autorun.inf
F:\autorun.inf # -> fichier appelé : "F:\husyu8n.exe" ( présent ! )
Deleted ! -> F:\husyu8n.exe
Deleted ! F:\Setup.exe
Deleted ! F:\autorun.inf

################## [ Registre # Clés Run infectieuses ]

# HKLM\software\microsoft\security center\\ "AntiVirusDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
Deleted ! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "cdoosoft"

################## [ Registre # Mountpoints2 ]

Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{1c3a8610-5e4b-11dc-90c5-000e356e18cd}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{1c3a8610-5e4b-11dc-90c5-000e356e18cd}\Shell\open\Command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{1c3a8639-5e4b-11dc-90c5-000e356e18cd}\Shell\Auto\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{1c3a8639-5e4b-11dc-90c5-000e356e18cd}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{37233ff0-284d-11de-91d7-000e356e18cd}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{37233ff0-284d-11de-91d7-000e356e18cd}\Shell\open\Command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{41fac940-f456-11dd-91b5-000e356e18cd}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{41fac940-f456-11dd-91b5-000e356e18cd}\Shell\open\Command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{84bc3b80-3942-11dc-90bd-000e356e18cd}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{84bc3b80-3942-11dc-90bd-000e356e18cd}\Shell\open\Command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{bfdc0300-3b2b-11d9-8e5e-806d6172696f}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{bfdc0300-3b2b-11d9-8e5e-806d6172696f}\Shell\open\Command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{efdf5006-da69-11dd-919a-000e356e18cd}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{efdf5006-da69-11dd-919a-000e356e18cd}\Shell\open\Command

################## [ Listing des fichiers présent ]

[24.03.2007 13:04|--a------|23489040] - C:\AdbeRdr709_fr_FR.exe
[21.04.2009 19:54|-rahs----|216] - C:\boot.ini
[24.04.2003 02:00|-rahs----|4952] - C:\Bootfont.bin
[04.05.2004 09:53|--a------|1645320] - C:\gdiplus.dll
[?|?|?] - C:\hiberfil.sys
[29.12.2007 15:28|--a------|2326] - C:\hpfr3320.log
[12.02.2009 03:41|--a------|711173] - C:\hpfr3740.log
[20.11.2004 20:23|--a------|175] - C:\hsc.log
[18.02.2007 21:53|-rahs----|0] - C:\IO.SYS
[18.02.2007 21:53|-rahs----|0] - C:\MSDOS.SYS
[27.06.2005 13:03|-rahs----|47564] - C:\NTDETECT.COM
[20.04.2009 20:52|-rahs----|252240] - C:\NTLDR
[?|?|?] - C:\pagefile.sys
[21.11.2004 06:59|--a------|161] - C:\sedinst.log
[21.11.2004 06:59|--a------|175] - C:\sedinst2.log
[08.04.2009 10:49|--ah-----|268] - C:\sqmdata00.sqm
[09.04.2009 08:27|--ah-----|268] - C:\sqmdata01.sqm
[14.04.2009 13:57|--ah-----|268] - C:\sqmdata02.sqm
[14.04.2009 23:57|--ah-----|268] - C:\sqmdata03.sqm
[18.04.2009 14:54|--ah-----|268] - C:\sqmdata04.sqm
[10.03.2009 12:57|--ah-----|268] - C:\sqmdata05.sqm
[11.03.2009 01:46|--ah-----|268] - C:\sqmdata06.sqm
[15.03.2009 00:13|--ah-----|268] - C:\sqmdata07.sqm
[15.03.2009 23:06|--ah-----|268] - C:\sqmdata08.sqm
[16.03.2009 21:07|--ah-----|268] - C:\sqmdata09.sqm
[16.03.2009 22:00|--ah-----|268] - C:\sqmdata10.sqm
[16.03.2009 23:08|--ah-----|268] - C:\sqmdata11.sqm
[16.03.2009 23:20|--ah-----|268] - C:\sqmdata12.sqm
[17.03.2009 07:12|--ah-----|268] - C:\sqmdata13.sqm
[26.03.2009 23:17|--ah-----|268] - C:\sqmdata14.sqm
[28.03.2009 21:03|--ah-----|268] - C:\sqmdata15.sqm
[30.03.2009 00:41|--ah-----|268] - C:\sqmdata16.sqm
[30.03.2009 14:39|--ah-----|268] - C:\sqmdata17.sqm
[01.04.2009 15:07|--ah-----|268] - C:\sqmdata18.sqm
[02.04.2009 01:18|--ah-----|268] - C:\sqmdata19.sqm
[08.04.2009 10:49|--ah-----|244] - C:\sqmnoopt00.sqm
[09.04.2009 08:27|--ah-----|244] - C:\sqmnoopt01.sqm
[14.04.2009 13:57|--ah-----|244] - C:\sqmnoopt02.sqm
[14.04.2009 23:56|--ah-----|244] - C:\sqmnoopt03.sqm
[18.04.2009 14:54|--ah-----|244] - C:\sqmnoopt04.sqm
[10.03.2009 12:57|--ah-----|244] - C:\sqmnoopt05.sqm
[11.03.2009 01:46|--ah-----|244] - C:\sqmnoopt06.sqm
[15.03.2009 00:13|--ah-----|244] - C:\sqmnoopt07.sqm
[15.03.2009 23:06|--ah-----|244] - C:\sqmnoopt08.sqm
[16.03.2009 21:07|--ah-----|244] - C:\sqmnoopt09.sqm
[16.03.2009 22:00|--ah-----|244] - C:\sqmnoopt10.sqm
[16.03.2009 23:08|--ah-----|244] - C:\sqmnoopt11.sqm
[16.03.2009 23:20|--ah-----|244] - C:\sqmnoopt12.sqm
[17.03.2009 07:11|--ah-----|244] - C:\sqmnoopt13.sqm
[26.03.2009 23:17|--ah-----|244] - C:\sqmnoopt14.sqm
[28.03.2009 21:03|--ah-----|244] - C:\sqmnoopt15.sqm
[30.03.2009 00:41|--ah-----|244] - C:\sqmnoopt16.sqm
[30.03.2009 14:39|--ah-----|244] - C:\sqmnoopt17.sqm
[01.04.2009 15:07|--ah-----|244] - C:\sqmnoopt18.sqm
[02.04.2009 01:18|--ah-----|244] - C:\sqmnoopt19.sqm
[20.11.2004 20:15|--a------|35722] - C:\sunjava.log
[17.01.2009 22:52|--a------|11] - C:\trace.ini
[28.04.2009 19:17|--a------|9440] - C:\UsbFix rapport 1.txt
[28.04.2009 19:26|--a------|8047] - C:\UsbFix.txt
[19.03.2009 10:20|--a------|1008640] - E:\PTA 2009 janvier-mars du 18.03.2009.revu.doc
[19.03.2009 10:53|--a------|69632] - E:\Suivi de la mise en oeuvre des activit‚s de ADEPAC II.xls
[15.08.2007 22:29|--a------|3443310] - E:\Divers photos … trier aout 2007 120.jpg
[18.04.2009 23:07|--a------|36352] - E:\tuer le virus h‚.doc
[02.04.2009 11:01|--a------|887328] - E:\les grandes phases de l'‚laboration d'un PCD II.pptx
[24.04.2004 12:38|--a------|37888] - F:\JSTART.exe
[16.07.2008 09:14|--a------|42760] - F:\WDInstaller.xml
[08.07.2008 11:53|--a------|1760039] - F:\WDSetup.exe
[08.02.2008 13:44|--a------|4574208] - F:\WDSync.exe
[07.01.2009 17:35|--a------|62] - F:\wdEULA.log
[07.01.2009 17:35|--a------|14] - F:\wdstatus.log
[07.01.2009 17:40|--a------|659] - F:\wdinstaller.log
[30.05.2008 09:31|--ah-----|54] - F:\autorun.in_2.org
[11.02.2005 22:00|--a------|116006400] - F:\maman.ppt
[16.12.2007 18:00|--a------|22098] - F:\carteam.gif
[16.12.2007 17:57|--a------|24222] - F:\carte_AFRIQUE.gif
[16.12.2007 17:58|--a------|26656] - F:\carte_ASIE.gif
[05.02.2009 14:56|--a------|78190] - F:\Burkina 3.jpg

################## [ Vaccination ]

# C:\autorun.inf -> Folder created by UsbFix.
# E:\autorun.inf -> Folder created by UsbFix.
# F:\autorun.inf -> Folder created by UsbFix.

################## [ Cracks / Keygens / Serials ]

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\norton$20wmi$20master$20patch_0.1_french_livetri.zip

################## [ ! Fin du rapport # UsbFix V3.014 ! ]

Voici le deuxième rapport après plus de deux heures d analyse...

Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2050
Windows 5.1.2600 Service Pack 3

28.04.2009 22:03:00
mbam-log-2009-04-28 (22-03-00).txt

Type de recherche: Examen complet (C:\|E:\|F:\|)
Eléments examinés: 206440
Temps écoulé: 2 hour(s), 13 minute(s), 33 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 6

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\System Volume Information\_restore{733DECEB-662C-4DFA-903C-C91D146E319B}\RP4\A0005521.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{733DECEB-662C-4DFA-903C-C91D146E319B}\RP4\A0005539.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{733DECEB-662C-4DFA-903C-C91D146E319B}\RP4\A0005553.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{733DECEB-662C-4DFA-903C-C91D146E319B}\RP4\A0005567.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{733DECEB-662C-4DFA-903C-C91D146E319B}\RP5\A0005616.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{733DECEB-662C-4DFA-903C-C91D146E319B}\RP7\A0005809.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

Bonsoir !!! Merci pour votre réponse, Voici le rapport de Combofix:
Mon PC est toujours aussi lent par contre je vois des améliorations: l écran tout noir a disparu et ma photo de fond d écran est réapparue comme par magie...
Par contre je n avais pas branché mes clés usb et mon disque dur externe pendant le scan Combofix, peut être aurais-je du ???
Merci d'avance !!!


ComboFix 09-04-29.07 - Sarah J 01.05.2009 18:44.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.41.1036.18.511.144 [GMT 0:00]
Lancé depuis: c:\documents and settings\Sarah Jacquier\Bureau\ComboFix.exe
AV: Norton AntiVirus 2006 *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *enabled*
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\_000005_.tmp.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-06-01 au 2009-5-1 ))))))))))))))))))))))))))))))))))))
.

2009-05-01 17:35 . 2009-05-01 17:35 -------- d-----w c:\program files\CCleaner
2009-04-29 20:27 . 2009-04-30 09:43 -------- d-----w c:\documents and settings\All Users\Application Data\NOS
2009-04-29 20:27 . 2009-04-30 09:43 -------- d-----w c:\program files\NOS
2009-04-28 19:43 . 2009-04-28 19:43 -------- d-----w c:\documents and settings\Sarah Jacquier\Application Data\Malwarebytes
2009-04-28 19:43 . 2009-04-06 15:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-28 19:43 . 2009-04-06 15:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-28 19:43 . 2009-04-28 19:43 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-28 19:43 . 2009-04-28 19:43 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-28 18:59 . 2009-04-28 19:28 -------- d-----w C:\UsbFix
2009-04-28 18:22 . 2009-04-28 18:24 -------- d-----w c:\program files\trend micro
2009-04-28 18:22 . 2009-04-28 19:18 -------- d-----w C:\rsit
2009-04-28 09:17 . 2009-04-28 09:17 -------- d-----w c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP
2009-04-23 15:51 . 2008-04-21 21:15 219136 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-20 21:21 . 2009-04-20 21:21 -------- d-----w c:\windows\l2schemas
2009-04-20 21:21 . 2009-04-20 21:21 -------- d-----w c:\windows\system32\fr
2009-04-18 19:07 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-18 19:07 . 2009-02-09 11:24 2191104 ------w c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-18 19:07 . 2009-03-06 14:20 286720 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-18 19:07 . 2009-02-09 11:23 111104 ------w c:\windows\system32\dllcache\services.exe
2009-04-18 19:06 . 2009-02-09 10:53 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-18 19:06 . 2009-02-09 10:53 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-18 19:06 . 2009-02-09 10:53 685568 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-18 19:06 . 2009-02-09 10:53 735744 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-18 19:06 . 2009-02-09 10:53 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-18 19:06 . 2009-02-09 10:53 739840 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-18 19:06 . 2009-02-09 11:23 2147328 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-18 19:06 . 2009-02-09 11:23 2025984 ------w c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-18 18:52 . 2008-12-16 12:31 354304 ------w c:\windows\system32\dllcache\winhttp.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-30 16:28 . 2004-11-20 20:14 -------- d-----w c:\program files\Java
2009-04-30 16:26 . 2003-06-23 10:41 445584 ----a-w c:\windows\system32\perfh00C.dat
2009-04-30 16:26 . 2003-06-23 10:41 64016 ----a-w c:\windows\system32\perfc00C.dat
2009-04-29 21:49 . 2005-01-10 11:47 -------- d-----w c:\program files\Fichiers communs\Adobe
2009-04-29 19:03 . 2004-11-20 20:39 -------- d-----w c:\program files\Hewlett-Packard
2009-04-29 18:38 . 2006-04-20 16:40 -------- d-----w c:\program files\Panasonic
2009-04-29 18:32 . 2007-05-06 20:27 -------- d-----w c:\program files\Google
2009-04-20 21:28 . 2003-06-23 10:44 77607 ----a-w c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-04-18 22:10 . 2004-11-20 20:49 -------- d-----w c:\program files\Norton AntiVirus
2009-04-18 18:38 . 2004-11-20 20:49 -------- d-----w c:\program files\Fichiers communs\Symantec Shared
2009-03-09 05:19 . 2009-02-04 19:04 410984 -c--a-w c:\windows\system32\deploytk.dll
2009-03-06 14:20 . 2003-04-24 02:00 286720 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:13 . 2005-02-18 15:36 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 17:10 . 2009-01-29 19:13 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-10 19:06 . 2003-04-24 02:00 2068096 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 14:05 . 2003-04-24 02:00 1846912 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:24 . 2003-04-24 02:00 2191104 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:23 . 2003-04-24 02:00 111104 ----a-w c:\windows\system32\services.exe
2009-02-09 10:53 . 2003-04-24 02:00 735744 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:53 . 2005-01-14 05:34 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:53 . 2003-04-24 02:00 739840 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:53 . 2003-04-24 02:00 685568 ----a-w c:\windows\system32\advapi32.dll
2009-02-07 16:18 . 2009-02-07 16:18 127034 -c----r c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2009-02-06 17:21 . 2009-02-06 17:21 56 ---ha-w c:\windows\system32\ezsidmv.dat
2009-02-06 14:15 . 2009-02-06 14:15 0 -c--a-w c:\windows\nsreg.dat
2009-02-06 10:39 . 2003-04-24 02:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:58 . 2003-04-24 02:00 56832 ----a-w c:\windows\system32\secur32.dll
2004-08-19 23:10 . 2006-08-16 18:33 73728 -csha-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BackupNotify"="c:\program files\HP\Digital Imaging\bin\backupnotify.exe" [2004-01-08 32768]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-02-04 23975720]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2009-02-07 66864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-03-01 200766]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-01-20 335872]
"UpdateManager"="c:\program files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-07-15 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-07-15 618496]
"CamMonitor"="c:\program files\HP\Digital Imaging\Unload\hpqcmon.exe" [2002-10-06 90112]
"Share-to-Web Namespace Daemon"="c:\program files\HP\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 241664]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-07-10 188416]
"ccApp"="c:\program files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-03-07 53096]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"Symantec PIF AlertEng"="c:\program files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-01-08 29744]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"LogitechCommunicationsManager"="c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"ATIModeChange"="Ati2mdxx.exe" - c:\windows\system32\Ati2mdxx.exe [2001-09-04 28672]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2003-05-06 88267]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
AutoTBar.exe [2003-9-30 57344]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-2-10 110592]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-2-7 66864]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"MIDI1"= SYNCOR11.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-01-08 29744]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-04-15 101936]
S3 WBSD;Winbond Secure Digital Storage (SD/MMC) Device Driver;c:\windows\system32\Drivers\WBSD.SYS [2004-03-18 27008]


--- Autres Services/Pilotes en mémoire ---

*Deregistered* - AFD
*Deregistered* - ALG
*Deregistered* - Apple Mobile Device
*Deregistered* - Arp1394
*Deregistered* - Ati HotKey Poller
*Deregistered* - AudioSrv
*Deregistered* - Automatic LiveUpdate Scheduler
*Deregistered* - Beep
*Deregistered* - BITS
*Deregistered* - Bonjour Service
*Deregistered* - Browser
*Deregistered* - ccEvtMgr
*Deregistered* - ccSetMgr
*Deregistered* - Cdfs
*Deregistered* - Compbatt
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - Dnscache
*Deregistered* - eeCtrl
*Deregistered* - EraserUtilRebootDrv
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - helpsvc
*Deregistered* - HidServ
*Deregistered* - HTTP
*Deregistered* - ImapiService
*Deregistered* - IntelIde
*Deregistered* - IpNat
*Deregistered* - iPod Service
*Deregistered* - IPSec
*Deregistered* - irda
*Deregistered* - Irmon
*Deregistered* - JavaQuickStarterService
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LiveUpdate
*Deregistered* - LiveUpdate Notice Service
*Deregistered* - LmHosts
*Deregistered* - LVCOMSer
*Deregistered* - LVPr2Mon
*Deregistered* - LVPrcSrv
*Deregistered* - LVUSBSta
*Deregistered* - MDM
*Deregistered* - mnmdd
*Deregistered* - MountMgr
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - navapsvc
*Deregistered* - NAVENG
*Deregistered* - NAVEX15
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - NPFMntor
*Deregistered* - Npfs
*Deregistered* - NSCService
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - PartMgr
*Deregistered* - ParVdm
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasirda
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - SAVRT
*Deregistered* - SAVRTPEL
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - SNDSrvc
*Deregistered* - SoundMAX Agent Service (default)
*Deregistered* - Spooler
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - swenum
*Deregistered* - Symantec Core LC
*Deregistered* - SYMDNS
*Deregistered* - SymEvent
*Deregistered* - SYMFW
*Deregistered* - SYMIDS
*Deregistered* - SYMIDSCO
*Deregistered* - symlcbrd
*Deregistered* - SYMNDIS
*Deregistered* - SYMREDRV
*Deregistered* - SYMTDI
*Deregistered* - SymWSC
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TermDD
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - Update
*Deregistered* - usnjsvc
*Deregistered* - VgaSave
*Deregistered* - ViaIde
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - WmiApSrv
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC
.
Contenu du dossier 'Tâches planifiées'

2009-04-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-01-30 c:\windows\Tasks\Norton AntiVirus - Effectuer une analyse complète du système - Sarah Jacquier.job
- c:\progra~1\NORTON~1\Navw32.exe [2005-09-23 11:00]

2009-04-30 c:\windows\Tasks\User_Feed_Synchronization-{1E65F71B-8749-4312-BD6D-FE1CC35260BA}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 10:58]

2009-05-01 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 09:20]
.
.
------- Examen supplémentaire -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://internet.sunrise.ch/
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Sarah Jacquier\Application Data\Mozilla\Firefox\Profiles\rx75teia.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-01 18:57
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????7?4?3?1??`???? ???B???????????????B? ??????

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(7636)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Fichiers communs\Symantec Shared\CCSETMGR.EXE
c:\program files\Fichiers communs\Symantec Shared\CCEVTMGR.EXE
c:\program files\Fichiers communs\Symantec Shared\SNDSrvc.exe
c:\program files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Norton AntiVirus\NAVAPSVC.EXE
c:\program files\Norton AntiVirus\IWP\NPFMNTOR.EXE
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\HP\HP Share-to-Web\hpgs2wnf.exe
c:\program files\HP\hpcoretech\comp\hptskmgr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Fichiers communs\LogiShrd\LQCVFX\COCIManager.exe
c:\program files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
c:\program files\Logitech\QuickCam\LU\LULnchr.exe
c:\program files\Logitech\QuickCam\LU\LogitechUpdate.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Windows Live\Messenger\usnsvc.exe
c:\program files\Symantec\LiveUpdate\AUPDATE.EXE
c:\program files\Symantec\LiveUpdate\LuComServer_3_4.EXE
c:\program files\Symantec\LiveUpdate\LuCallbackProxy.exe
c:\program files\Symantec\LiveUpdate\LuCallbackProxy.exe
c:\program files\Symantec\LiveUpdate\LuCallbackProxy.exe
c:\program files\Symantec\LiveUpdate\LuCallbackProxy.exe
c:\program files\Messenger\msmsgs.exe
.
**************************************************************************
.
Heure de fin: 2009-05-01 19:15 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-05-01 19:15

Avant-CF: 3'232'751'616 octets libres
Après-CF: 3'127'517'184 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP �dition familiale" /fastdetect /NoExecute=OptIn

373 --- E O F --- 2009-04-24 03:04