System security

Bonjour,

/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\

--> Télécharge ComboFix (de sUBs) sur ton Bureau.
--> Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
--> Il va te demander d'installer la console de récupération : accepte.
--> Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix

PS : si ComboFix ne se lance pas, renomme-le en CCM puis exécute-le.

Je n'arrive même pas a ouvrir mon antivirus pour le desactiver. Aucun programme ne peut se lancer. Il a surement une manip pour que je puisse y acceder?

Continue quand même.

Combofix lui non plus ne se lance pas...

Même en le renommant ?

oui même en le renomant comme tu me l'as indiqué rien ne se passe

--> Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

--> Double-clique sur RSIT.exe afin de lancer le programme.
(Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)

--> Clique sur Continue à l'écran Disclaimer.

--> Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

--> Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : les rapports sont sauvegardés dans le dossier C:\rsit.

Même ça je ne peux pas l'ouvrir, aucune application ne veut se lancer, même quand je redemarre le pc cette saleté se met en place avant que j'ai le temps d faire quoi que se soit

Même en mode sans échec ?

Comment faut faire pour redemarrer en mode sans echec ?

---> Pour redémarrer en mode sans échec :
- Redémarre ton PC.
- Au démarrage, tapote sur F8 (F5 sur certains PC) juste après l'affichage du BIOS et juste avant le chargement de Windows.
- Dans le menu d'options avancées, choisis Mode sans échec.
- Choisis ta session.

Bien joué, j'ai lancé combofix en ayant redemarré en mode sans echec, visiblement ça a fonctionné donc merci beaucoup a toi pour tes savants conseils

Tu as le rapport ?

ComboFix 09-06-26.02 - Lherbier 28/06/2009 17:56.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1014.794 [GMT 2:00]
Lancé depuis: c:\documents and settings\Lherbier\Bureau\CCM.exe
AV: Norton AntiVirus *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\10623914
c:\documents and settings\All Users\Application Data\10623914\10623914
c:\documents and settings\All Users\Application Data\10623914\10623914.exe
c:\documents and settings\Lherbier\Application Data\digifast
c:\documents and settings\Lherbier\Application Data\digifast\config.cfg
c:\documents and settings\Lherbier\Application Data\digifast\DFUninstall.exe
c:\documents and settings\Lherbier\Application Data\wiaserva.log
c:\documents and settings\Lherbier\Application Data\wiaservg.log
c:\documents and settings\Lherbier\Bureau\System Security 2009.lnk
c:\documents and settings\Lherbier\Local Settings\Temporary Internet Files\bestwiner.stt
c:\documents and settings\Lherbier\Local Settings\Temporary Internet Files\CPV.stt
c:\documents and settings\Lherbier\Local Settings\Temporary Internet Files\fbk.sts
c:\program files\Jcore
c:\program files\Jcore\Jcore2.dll
c:\program files\Manson\liser.dll
c:\program files\Manson\liser.exe
c:\program files\WWShow
c:\windows\Install.txt
c:\windows\KBPK090628.log
c:\windows\svhost.exe
c:\windows\system32\6to4v32.dll
c:\windows\system32\certstore.dat
c:\windows\system32\comsa32.sys
c:\windows\system32\drivers\ac242696.sys
c:\windows\system32\FInstall.sys
c:\windows\system32\gsf83iujid.dll
c:\windows\system32\Install.txt
c:\windows\system32\Microsoft\backup.ftp
c:\windows\system32\Microsoft\backup.tftp
c:\windows\system32\msncache.dll
c:\windows\system32\pwdmon.dll
c:\windows\system32\sopidkc.exe
c:\windows\system32\tpsaxyd.exe
c:\windows\system32\tpszxyd.sys
c:\windows\system32\wiawow32.sys

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6to4
-------\Legacy_dhcpsrv
-------\Legacy_msncache
-------\Legacy_PERFORMANCE_MONITOR
-------\Legacy_sopidkc
-------\Service_6to4
-------\Service_dhcpsrv
-------\Service_msncache
-------\Service_Performance Monitor
-------\Service_sopidkc
-------\Service_ac242696


((((((((((((((((((((((((((((( Fichiers créés du 2009-05-28 au 2009-06-28 ))))))))))))))))))))))))))))))))))))
.

2009-06-28 12:51 . 2009-06-28 15:03 -------- d-----w- c:\windows\DLL
2009-06-28 12:50 . 2009-06-28 12:50 86016 ----a-w- c:\windows\system32\lich.exe
2009-06-28 12:49 . 2009-06-28 12:49 12288 ----a-w- c:\windows\xfjfjdriri64u53qggrhy3axx81.exe
2009-06-28 12:49 . 2009-06-28 16:02 -------- d-sh--r- c:\program files\Manson
2009-06-28 12:48 . 2009-06-28 12:48 28672 ----a-w- C:\xesrtex.exe
2009-06-28 12:48 . 2009-06-28 12:48 211290 ----a-w- C:\nxqc.exe
2009-06-28 12:47 . 2009-06-28 12:47 494592 ----a-w- c:\windows\liel.exe
2009-06-23 11:08 . 2009-06-23 11:08 13824 ----a-w- c:\documents and settings\Lherbier\Application Data\cft\cft.exe
2009-06-23 11:08 . 2009-06-23 11:08 -------- d-----w- c:\documents and settings\Lherbier\Application Data\cft
2009-06-23 10:57 . 2009-06-28 13:29 -------- d-----w- c:\documents and settings\Lherbier\Application Data\pridl
2009-06-23 10:57 . 2009-06-28 10:22 11264 ----a-w- c:\documents and settings\Lherbier\Application Data\pridl\pridl.exe
2009-06-21 16:31 . 2009-06-27 10:37 -------- d-----w- c:\documents and settings\Lherbier\Local Settings\Application Data\AskToolbar
2009-06-21 16:31 . 2009-06-21 16:31 -------- d-----w- c:\program files\Ask.com
2009-06-21 16:31 . 2009-06-28 12:52 -------- d-----w- c:\documents and settings\Lherbier\Local Settings\Application Data\FLVService
2009-06-21 16:31 . 2009-06-21 16:31 -------- d-----w- c:\program files\Ask & Record Toolbar
2009-06-21 16:31 . 2009-06-21 16:31 -------- d-----w- c:\windows\Ask & Record Toolbar
2009-06-01 15:11 . 2009-06-01 15:11 -------- d-----w- c:\program files\DVD Decrypter

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-27 10:31 . 2009-02-18 13:16 -------- d-----w- c:\documents and settings\Lherbier\Application Data\CamfrogWEB
2009-06-27 10:31 . 2009-02-18 13:16 -------- d-----w- c:\program files\CFWebAdvancedU
2009-06-15 11:24 . 2009-01-05 12:47 -------- d-----w- c:\documents and settings\Lherbier\Application Data\uTorrent
2009-06-02 10:44 . 2005-11-26 12:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-01 14:59 . 2005-11-26 12:44 -------- d-----w- c:\program files\Fichiers communs\Symantec Shared
2009-06-01 14:58 . 2005-11-26 12:30 65288 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-01 14:29 . 2006-01-11 17:03 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-06-01 14:00 . 2009-01-31 02:54 -------- d-----w- c:\program files\Dofus
2009-06-01 13:59 . 2006-01-12 20:47 -------- d-----w- c:\program files\YDKJWIN
2009-06-01 13:57 . 2007-07-21 11:40 -------- d-----w- c:\program files\Firefly Studios
2009-06-01 13:55 . 2007-07-21 11:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Firefly Studios
2009-06-01 13:31 . 1980-01-01 08:00 76582 ----a-w- c:\windows\system32\perfc00C.dat
2009-06-01 13:31 . 1980-01-01 08:00 471484 ----a-w- c:\windows\system32\perfh00C.dat
2009-05-26 20:11 . 2009-05-14 05:04 3282755 ---h--r- c:\documents and settings\Lherbier\Application Data\WindowsLive.exe
2009-05-26 20:11 . 2009-05-14 05:04 3282755 ---h--r- c:\documents and settings\Lherbier\Application Data\WindowsLive.exe
2009-05-07 15:43 . 1980-01-01 08:00 347136 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:45 . 1980-01-01 08:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:45 . 2005-11-26 12:22 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-28 20:17 . 2009-04-28 19:22 408 ----a-w- c:\documents and settings\Lherbier\errorlog.tmp
2009-04-19 20:09 . 1980-01-01 08:00 1846784 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:17 . 1980-01-01 08:00 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2007-03-16 00:10 . 2009-01-08 11:59 23370 ----a-w- c:\program files\Illustrator CS3 — Lisez-moi.html
2004-04-09 13:13 . 2007-04-29 16:39 114688 ----a-w- c:\program files\NETGEAR DG632 USB Driveruninstalldrv.exe
.

------- Sigcheck -------

[7] 2004-08-20 00:10 14336 2979B03D5382A602623C0535B16AB9C0 c:\windows\system32\svchost.exe

[7] 2005-03-02 18:20 578048 C34920EB988CE98910BD6B0417F334EB c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[7] 2007-03-08 15:50 579072 4D88AAF39ADABFE45958EA1384E2C4FF c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[7] 2004-08-20 00:09 578048 61C8C283AD063BB697AE61A155C64A5A c:\windows\$NtUninstallKB890859$\user32.dll
[7] 2005-03-02 18:10 578048 0DF75FB73F705B011630159A43D7C354 c:\windows\$NtUninstallKB925902$\user32.dll
[7] 2007-03-08 15:37 578560 753354F594809A9B96F73999B435A533 c:\windows\system32\user32.dll
[7] 2007-03-08 15:37 578560 753354F594809A9B96F73999B435A533 c:\windows\system32\dllcache\user32.dll

[7] 2004-08-20 00:09 82944 EED74B969B2CA1ACC558FF60FB420E28 c:\windows\system32\ws2_32.dll

[7] 2005-10-21 03:39 665600 D327378CEEF9A141C7352691FC30A0DA c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll
[7] 2006-03-04 04:00 667648 241DBC4C2714B2F39AFDED49459ED420 c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll
[7] 2006-05-10 05:26 667648 44FCC339191ADB8892520DFA473C455F c:\windows\$hf_mig$\KB916281\SP2QFE\wininet.dll
[7] 2006-06-23 11:25 668672 582953780721AC5D38F98CAB229EC7B9 c:\windows\$hf_mig$\KB918899\SP2QFE\wininet.dll
[7] 2006-09-14 08:38 668672 B8B6F05885A6F42724E8D6BFEDE6BD3F c:\windows\$hf_mig$\KB922760\SP2QFE\wininet.dll
[7] 2007-03-23 09:29 823296 375B58A68A016546535A84060092325C c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll
[7] 2007-04-25 08:26 823808 47DDAD237F60729DEA2B9E0E2382B58F c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
[7] 2007-06-27 14:14 824320 7201D19B81883B57D5FFE8EBB5A83E8B c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
[7] 2007-08-20 09:49 825344 2DD1B0F579C80562EDCB8848FF7EA9F6 c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
[7] 2007-10-10 23:22 825344 871AE10D6AE8877E9636AE5017953D52 c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
[7] 2008-10-16 19:33 827904 37D1A1BFE3D9904F2C3D11592456F9C0 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[7] 2008-12-20 23:47 827904 4E192082A5FCE9EF19198A24CDEA3442 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[7] 2009-03-03 00:15 828416 39F71B559A97ED722F939A0EA7235323 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[7] 2009-04-29 04:37 828928 754097815B575A721AB58B1C55476805 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll
[7] 2004-08-20 00:09 660480 4E958B97EFC3D801F49283D1820F48B7 c:\windows\$NtUninstallKB905915$\wininet.dll
[7] 2005-10-21 03:41 662528 E41E8FDF62CF20F2E2B16D800D96EB51 c:\windows\$NtUninstallKB912812$\wininet.dll
[7] 2006-03-04 03:35 662528 19E1A21F21BC938A92EE8BE630994493 c:\windows\$NtUninstallKB916281$\wininet.dll
[7] 2006-05-10 05:24 662528 343FABBF09312842816E92947AACF73A c:\windows\$NtUninstallKB918899$\wininet.dll
[7] 2006-06-23 11:11 663040 4F343F414F05E81CF61B1001634FC6B7 c:\windows\$NtUninstallKB922760$\wininet.dll
[7] 2006-09-14 08:40 663040 B1E994472F3574DB141266F1AA905433 c:\windows\ie7\wininet.dll
[7] 2006-11-07 20:03 818688 92995334F993E6E49C25C6D02EC04401 c:\windows\ie7updates\KB928090-IE7\wininet.dll
[7] 2007-01-12 08:27 822784 BE43D00D802C92F01C8CC952C6F483F8 c:\windows\ie7updates\KB931768-IE7\wininet.dll
[7] 2007-02-27 13:26 822784 75DE73E328E300CAED5965FAEA2F5D3F c:\windows\ie7updates\KB933566-IE7\wininet.dll
[7] 2007-04-25 07:40 822784 2C138AB59E2FFA06E8952AE656E443C5 c:\windows\ie7updates\KB937143-IE7\wininet.dll
[7] 2007-06-27 13:24 823808 2274862267D7445E7010D9AF826E89C3 c:\windows\ie7updates\KB939653-IE7\wininet.dll
[7] 2007-08-20 09:59 824832 F6DFCEED3A7AA4C9EEB966D3F1ADC70A c:\windows\ie7updates\KB942615-IE7\wininet.dll
[7] 2007-10-10 23:49 824832 BC5119C53BDD48DABC628D448A3BDCCB c:\windows\ie7updates\KB958215-IE7\wininet.dll
[7] 2008-10-16 20:18 826368 CFBFA47415E85018E2CDC509E5E3D011 c:\windows\ie7updates\KB961260-IE7\wininet.dll
[7] 2008-12-20 22:47 826368 0551C946E305CEE0A79BA744DC141BFC c:\windows\ie7updates\KB963027-IE7\wininet.dll
[7] 2009-03-03 00:13 826368 68A2567FDD62AE7E31D8A885C5173EF9 c:\windows\ie7updates\KB969897-IE7\wininet.dll
[7] 2009-04-29 04:45 827392 08EFECB3F17F38F23F14148D374ACBC9 c:\windows\system32\wininet.dll
[7] 2009-04-29 04:45 827392 08EFECB3F17F38F23F14148D374ACBC9 c:\windows\system32\dllcache\wininet.dll

[7] 2005-05-25 19:07 359936 63FDFEA54EB53DE2D863EE454937CE1E c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[7] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[7] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2004-08-04 07:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB893066$\tcpip.sys
[-] 2005-12-26 14:37 359808 A938AD950B872200851574E9EBAC8535 c:\windows\$NtUninstallKB913446$\tcpip.sys
[-] 2006-03-12 17:43 359808 6EC61BD19B85B461B2F2088EE4C22F43 c:\windows\$NtUninstallKB917953$\tcpip.sys
[7] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\system32\drivers\tcpip.sys

[7] 2004-08-20 00:10 506368 123EEA158F74D0F67A51DCDF065D1091 c:\windows\system32\winlogon.exe

[-] 2009-06-28 16:13 212480 0B4ACD7FCC288B59FA48AEC37856D012 c:\windows\system32\dllcache\ndis.sys
[-] 2009-06-28 16:13 212480 0B4ACD7FCC288B59FA48AEC37856D012 c:\windows\system32\drivers\ndis.sys

[7] 2004-08-04 07:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\dllcache\ip6fw.sys
[7] 2004-08-04 07:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\drivers\ip6fw.sys

[7] 2005-03-02 18:13 2059008 5311776074B6C13F983DC75BAEAC9C0C c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[7] 2006-12-19 18:45 2061440 8B039EFBE4C9AA23F152FFA0E238B8FA c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[7] 2007-02-28 16:08 2061440 7A56A64EB50399613587E90292DD2AAB c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[7] 2009-02-09 11:42 2065024 0150FE5C1E07F8AE422FEC6C8E8A0C98 c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[7] 2009-02-10 17:06 2068096 F751E041E682F53EAF34F7FAEA78994D c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[7] 2009-02-09 11:17 2068224 ED5E20AE4AC5A63A4FF43FFE704A5153 c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 13:39 2065024 DCBC1A6D150B5EE1BD6257186157B0F3 c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[7] 2008-08-14 13:23 2068096 8DA71F1900721E1E4FCB5B02D55FB771 c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[7] 2008-08-14 18:26 2068096 755B50949D0DBC0F0136B0DB58765331 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2004-08-20 00:04 2058880 F252FAE094C54572ECE38A039F2103C4 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
[7] 2005-03-02 18:07 2058880 73FA9C95D235844A36968C7852C7DBDD c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe
[7] 2006-12-19 18:22 2059648 06015D137B02542F07D5CD7B144DF942 c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[7] 2008-08-14 13:44 2059776 F9720D61DF1E3E47614C4FC891F3FE44 c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2007-02-28 16:02 2059648 A1D5231403329478AE4FE2778C55C77F c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[7] 2009-02-09 11:50 2059776 663D7167ED065786EC9DCFF2569A39F7 c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2009-02-09 11:50 2059776 663D7167ED065786EC9DCFF2569A39F7 c:\windows\system32\ntkrnlpa.exe
[7] 2009-02-09 11:50 2059776 663D7167ED065786EC9DCFF2569A39F7 c:\windows\system32\dllcache\ntkrnlpa.exe

[7] 2005-03-02 18:13 2181632 3E2A0A4A0C0B19FC113618A9562A3B2A c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[7] 2006-12-19 18:45 2184064 1F3FA2065E6E043A1D82A487B5DA309C c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[7] 2007-02-28 16:08 2184192 8E244108562E0E452EB68DFF64CB08A9 c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[7] 2009-02-09 11:43 2188160 B55AA66BC9269BC5257B915FFDAA790B c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[7] 2009-02-09 11:24 2191104 AB896577F35CF5FED7A9F87D3C3205ED c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[7] 2009-02-10 17:16 2191232 BEF458B8424553279E95E250D1E0CE7E c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 13:39 2188032 C6649255E51F145B6E15C505AB68E459 c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[7] 2008-08-14 13:23 2191232 C8D4D5974F9671DA0A37175650912960 c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[7] 2008-08-14 18:26 2191232 D79210549BBF09B7638E860440504299 c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2004-08-20 00:04 2183040 7D38CE4398E6AA6339B4644FEADCC0D8 c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
[7] 2005-03-02 18:08 2181376 63729DD0F2AAE36CC52B89C05505146C c:\windows\$NtUninstallKB929338$\ntoskrnl.exe
[7] 2006-12-19 18:22 2182400 D27929DB7B7F92F9D0F8EC9BA01C601C c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[7] 2008-08-14 13:44 2182400 449566D74B5C261A3A54AA216F0C532B c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[7] 2007-02-28 16:02 2182400 7D6D19AAC51A4325F6039F083C22303C c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[7] 2009-02-09 11:50 2182528 4183ED119200F8520F5E834498AFB927 c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2009-02-09 11:50 2182528 4183ED119200F8520F5E834498AFB927 c:\windows\system32\ntoskrnl.exe
[7] 2009-02-09 11:50 2182528 4183ED119200F8520F5E834498AFB927 c:\windows\system32\dllcache\ntoskrnl.exe

[7] 2007-06-13 13:22 1037312 D0288319660EDCFED07C7E74C4EA38A5 c:\windows\explorer.exe
[-] 2007-06-13 13:10 1037312 2C85126ECB07B4B5BE414B80798E9F72 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2004-08-20 00:09 1036288 9557692F15316457B83EEC5C2831125A c:\windows\$NtUninstallKB938828$\explorer.exe
[-] 2007-06-13 13:22 1037312 2213A157D137B9F28EB96058E186EBFB c:\windows\system32\dllcache\explorer.exe

[-] 2009-02-09 09:53 111104 EEFFC14B162A2B42CFF67AEE6EF1D5E6 c:\windows\$hf_mig$\KB956572\SP2QFE\services.exe
[-] 2009-02-09 11:23 111104 CFB7913977E16CA47257F36D97F89146 c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[-] 2009-02-09 11:16 111104 45F800D8CBF23B6B41AF87F937C73856 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2004-08-20 00:10 108544 514E49F883229828E7E9698E9E47FE31 c:\windows\$NtUninstallKB956572$\services.exe
[7] 2009-02-09 10:08 111104 9D6BF82FE50D55F20F8E10E0F6653886 c:\windows\system32\services.exe
[-] 2009-02-09 10:08 111104 C1D76059ADB2383190C30F9231738D07 c:\windows\system32\dllcache\services.exe

[7] 2004-08-20 00:09 13312 259AF82A0932EEA4F316F92DB94707B6 c:\windows\system32\lsass.exe

[7] 2004-08-20 00:09 15360 64E41E8FEE655B03E3F19DED21BA5118 c:\windows\system32\ctfmon.exe

[-] 2005-06-11 00:17 57856 DC7720928E90A3A94E07654C24868444 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2004-08-20 00:10 57856 F8F37CB01C43F44AA608BBF4E78364FB c:\windows\$NtUninstallKB896423$\spoolsv.exe
[7] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\system32\spoolsv.exe

[7] 2008-10-16 13:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\wuauclt.exe
[7] 2008-10-16 13:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\dllcache\wuauclt.exe

[-] 2004-08-20 00:10 45056 99B545B2F56646CDD5F3EB2C2A35CF22 c:\windows\system32\userinit.exe

[7] 2004-08-20 00:09 297984 78F90C3E230AD122BCB116ABAD5FEFE9 c:\windows\system32\termsrv.dll

[7] 2006-07-05 10:58 1050112 FB85EF2A6713E3A58A497E093626B93C c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[7] 2007-04-16 16:11 1051136 62E3F0E9ABFCBCEE62C51546F622C455 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[7] 2009-03-21 13:58 1054208 2087E2764822A8D93A4CA7FA0FED35E8 c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[7] 2009-03-21 14:07 1054720 98F08549604D090B6B2514AF845F329F c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[7] 2009-03-21 14:00 1056768 C3AF0EEE26B59484E674673E3016AAB7 c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[7] 2004-08-20 00:09 1048576 C88F74591579DBDE273C61312B2D3886 c:\windows\$NtUninstallKB917422$\kernel32.dll
[7] 2006-07-05 10:56 1049088 CE4AF1FA47A29ADF97CB107775CE395C c:\windows\$NtUninstallKB935839$\kernel32.dll
[7] 2007-04-16 15:53 1049600 6F1FE2AE7B22EB9CED1BFF533C9455EA c:\windows\$NtUninstallKB959426$\kernel32.dll
[7] 2009-03-21 14:20 1051136 534040750B9E70B156A98F5D0E8F6D2A c:\windows\system32\kernel32.dll
[7] 2009-03-21 14:20 1051136 534040750B9E70B156A98F5D0E8F6D2A c:\windows\system32\dllcache\kernel32.dll

[7] 2004-08-20 00:09 17408 29D5E58FB089C41898A81BD4C8970F22 c:\windows\system32\powrprof.dll

[7] 2004-08-20 00:09 110080 E55DAFA1A354BD5CB69151563DC9748A c:\windows\system32\imm32.dll

[7] 2004-08-20 00:09 1548288 6D8F3AC555E3F8A569AA9B2A817698C1 c:\windows\system32\sfcfiles.dll

[7] 2004-08-20 00:09 176640 7E9D138DC991BCCE6E6026CD74E69CC4 c:\windows\system32\appmgmts.dll

[7] 2004-08-20 00:00 25216 E798705E8DC7FAB596EF6BFDF167E007 c:\windows\system32\drivers\kbdclass.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-20 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"ibmmessages"="c:\program files\IBM\Messages By IBM\ibmmessages.exe" [2004-08-06 442368]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-09-18 171464]
"Windows Live"="c:\documents and settings\Lherbier\Application Data\WindowsLive.exe" [2009-05-26 3282755]
"cft"="c:\documents and settings\Lherbier\Application Data\cft\cft.exe" [2009-06-23 13824]
"pridl"="c:\documents and settings\Lherbier\Application Data\pridl\pridl.exe" [2009-06-28 11264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-07-30 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-07-30 118784]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-05 897024]
"TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-03-04 94208]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2003-12-25 208896]
"UC_Start"="c:\program files\IBM\Updater\\ucstartup.exe" [2004-06-25 36864]
"UpdateManager"="c:\program files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-09-02 127035]
"ibmmessages"="c:\program files\IBM\Messages By IBM\\ibmmessages.exe" [2004-08-06 442368]
"IBMPRC"="c:\ibmtools\UTILS\ibmprc.exe" [2004-03-19 90112]
"QCWLICON"="c:\program files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2005-03-18 86016]
"BMMLREF"="c:\program files\ThinkPad\Utilities\BMMLREF.EXE" [2004-07-29 20480]
"BMMMONWND"="c:\progra~1\ThinkPad\UTILIT~1\BatInfEx.dll" [2004-07-29 397824]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-12-27 180269]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 57344]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-12-04 176128]
"HPHUPD05"="c:\program files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe" [2003-11-12 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 49152]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2004-02-02 495616]
"ccApp"="c:\program files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-01-09 115816]
"osCheck"="c:\program files\Norton AntiVirus\osCheck.exe" [2006-09-05 26248]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-18 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-09-14 267064]
"Symantec PIF AlertEng"="c:\program files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2009-04-09 970240]
"Ask and Record FLV Service"="c:\program files\Ask & Record Toolbar\FLVSrvc.exe" [2009-03-10 156672]
"LIEL"="c:\windows\liel.exe" [2009-06-28 494592]
"SVHOST"="c:\windows\svhost.exe" [2009-06-28 494592]
"reader_s"="c:\windows\System32\reader_s.exe" [2009-06-28 47104]
"15031534"="c:\documents and settings\All Users\Application Data\15031534\15031534.exe" [2009-06-28 1461830]
"S3TRAY2"="S3Tray2.exe" - c:\windows\system32\S3Tray2.exe [2001-10-12 69632]
"TrackPointSrv"="tp4serv.exe" - c:\windows\system32\tp4serv.exe [2003-11-13 94208]
"TP4EX"="tp4ex.exe" - c:\windows\system32\TP4EX.exe [2002-09-04 53248]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-20 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-20 15360]
"reader_s"="c:\documents and settings\Lherbier\reader_s.exe" [2009-06-28 20480]

c:\documents and settings\Lherbier\Menu D‚marrer\Programmes\D‚marrage\
fmnupd32.exe [2004-8-20 50909]
zqosys32.exe [2004-8-20 52052]

c:\documents and settings\Lherbier\Menu D‚marrer\Programmes\D‚marrage\
fmnupd32.exe [2004-8-20 50909]
zqosys32.exe [2004-8-20 52052]

c:\documents and settings\Lherbier\Menu D‚marrer\Programmes\D‚marrage\
fmnupd32.exe [2004-8-20 50909]
zqosys32.exe [2004-8-20 52052]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-8-7 131072]
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-12-15 1032192]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-11-26 45056]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Monitor.lnk - c:\program files\SanDisk\SanDisk TransferMate\SD Monitor.exe [2007-9-11 135168]

c:\documents and settings\Lherbier\Menu D‚marrer\Programmes\D‚marrage\
fmnupd32.exe [2004-8-20 50909]
zqosys32.exe [2004-8-20 52052]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
2005-03-18 11:07 262144 ----a-w- c:\windows\system32\QConGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2004-08-13 04:11 24576 ----a-w- c:\windows\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\IBM\\Updater\\jre\\bin\\javaw.exe"=
"%ProgramFiles%\\IBM\\Updater\\jre\\bin\\java.exe"=
"c:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe"=
"c:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Lherbier\\Mes documents\\Programmes\\utorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [26/11/2005 14:53 16384]
R2 EraserSvc10732;Symantec Eraser Service;c:\program files\Fichiers communs\Symantec Shared\ccSvcHst.exe [03/09/2006 01:04 108648]
R2 ibmfilter;ibmfilter;c:\windows\system32\drivers\ibmfilter.sys [24/09/2004 03:39 64256]
R2 lich;lich;c:\windows\system32\lich.exe [28/06/2009 14:50 86016]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [30/08/2007 21:50 112688]
R3 Tp4Track;IBM PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [01/01/1980 10:00 13904]
S2 xfjfjdriri64u53qggrhy3axx80;xfjfjdriri64u53qggrhy3axx80;c:\windows\xfjfjdriri64u53qggrhy3axx81.exe [28/06/2009 14:49 12288]
S3 HDJCtrl;Hercules DJ Control MP3 Service;c:\windows\system32\drivers\HDJCTRL.sys [06/09/2007 18:59 11008]
S3 HDJMidi;Hercules DJ Console MIDI;c:\windows\system32\drivers\hdjmidi.sys [06/09/2007 18:59 39424]
S3 LucentSoftModem;Lucent Technologies Soft Modem;c:\windows\system32\drivers\LTSM.sys [25/02/2003 19:06 802683]
S3 pcidisk;pcidisk;c:\windows\system32\pcidisk.sys [01/01/1980 10:00 2304]
S3 protect;protect;c:\windows\system32\drivers\protect.sys --> c:\windows\system32\drivers\protect.sys [?]
S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [26/11/2005 14:50 12288]
S3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [17/04/2009 20:59 16640]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - egathdrv
.
Contenu du dossier 'Tâches planifiées'

2009-06-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:57]

2009-06-05 c:\windows\Tasks\Norton AntiVirus - Analyse système complète - Lherbier.job
- c:\progra~1\NORTON~1\Navw32.exe [2006-09-06 21:38]

2009-06-28 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-06-04 16:04]

2009-06-28 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-14 20:18]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{D76AB2A1-00F3-42BD-F434-00BBC39C8953} - c:\windows\system32\gsf83iujid.dll
HKCU-Run-Windows Intranet controller - c:\windows\security\lsass.exe
HKCU-Run-DigiFast - c:\documents and settings\Lherbier\Application Data\digifast\digifast.exe
HKLM-Run-EdenFlirt - c:\program files\Eden Flirt\EdenFlirt.exe
HKLM-Run-Windows Intranet controller - c:\windows\security\lsass.exe
HKLM-Run-10623914 - c:\documents and settings\All Users\Application Data\10623914\10623914.exe
HKLM-Run-UC_SMB - (no file)
SharedTaskScheduler-{D76AB2A1-00F3-42BD-F434-00BBC39C8953} - c:\windows\system32\gsf83iujid.dll


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Lherbier\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
Trusted Zone: chat-land.org
DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://activex.camfrogweb.com/advanced/2.0.2.23/cfweb_activex.camfrogweb.com-advanced-2.0.2.23_instmodule.exe
DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} - hxxp://bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-28 18:07
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


c:\windows\system32\B.tmp 84 bytes
c:\documents and settings\Lherbier\Application Data\wiaserva.log 8 bytes
c:\documents and settings\Lherbier\Application Data\wiaservg.log 12 bytes

Scan terminé avec succès
Fichiers cachés: 3

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\5f558821]
"ImagePath"="\SystemRoot\System32\drivers\5f558821.sys"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1004)
c:\windows\system32\tphklock.dll

- - - - - - - > 'explorer.exe'(4900)
c:\documents and settings\Lherbier\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll
c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\system32\QCONSVC.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\TpKmpSvc.exe
c:\program files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\HPZipm12.exe
c:\docume~1\Lherbier\LOCALS~1\temp\LiveProfile.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Internet Explorer\iexplore.exe
c:\windows\system32\locator.exe
.
**************************************************************************
.
Heure de fin: 2009-06-28 18:18 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-06-28 16:17

Avant-CF: 7 806 320 640 octets libres
Après-CF: 8 368 746 496 octets libres

446 --- E O F --- 2009-06-11 11:28

""reader_s"="c:\windows\System32\reader_s.exe" [2009-06-28 47104]"

---> Infection Virut, ton Windows est mort à mon avis.

Plus d'infos :
http://www.commentcamarche.net/faq/sujet 16138 comment supprimer virut

au grand maux les grands remedes, formatage reinstallation