High-Tech Santé Médecine Droit-Finances

Auto-Entrepreneur

Comment faire ?

Rechercher : dans
Par :

Accès impossible sites anti virus et MAJ anti

Dernière réponse le 5 jui 2009 à 16:45:23 Scratch78, le 4 jui 2009 à 16:49:09 
 Signaler ce message aux modérateurs

Bonjour,

Je me suis aperçu que la mise à jour Avast ne se faisait plus (clé périmée mais impossible d'aller sur le site avst). De plus, impossible de me connecter en général aux sites anti-virus: avast, secsuer...

Ex: Firefox ne peut trouver le serveur à l'adresse www.avast.com.

Je suis sous XP, j'utilise Zone Alarm, Avast, Mozilla Firefox.

J'ai utlisé malwarebytes en mode sans echec et en mode normal, qui m'a supprimé 8 infections mais le problème demeure.

J'ai aussi tenté ccleaner, sdfix en mode sans echec, combofix, findykill, comme j'ai pu trouver ça et là que c'était utile mais rien...

Est-ce que quelq'un peut m'aider, je commence à déséspérer...

Voici un rapport hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:47:33, on 04/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ludovic Sturer\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/Newuploader/ImageUploader4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
End of file - 7142 bytes



Merci d'avance pour votre précieuse aide.

Cordialement,

Configuration: Windows XP
Firefox 3.0.11

Meilleures réponses pour « Accès impossible sites anti virus et MAJ anti » dans :
Quel est le meilleur anti-virus ? VoirC'est une question qui est très souvent posée dans le forum et les débats sont très souvent animés. Certains pensent que les meilleurs anti-virus sont ceux ci-dessous : ANTIVIR AVAST AVG Gdata Bit Defender
Quel est le meilleur antivirus gratuit ? VoirLe choix d'un anti-virus reste une décision personnelle, en fonction des goûts de chacun. Voici ci-dessous une sélection des meilleurs antivirus gratuits. 1. Antivir Personal Edition 2. Avast Home 3. AVG 4. Et aussi... 4.1 Autres...
Posez votre question Répondre

1

Chiquitine29, le 4 jui 2009 à 16:55:42
  • +1

Salut ,

J'ai aussi tenté ....... combofix

Tu as son rapport ? @+

   
Répondre à Chiquitine29

2

sapnakaj, le 4 jui 2009 à 16:57:48

AVAST AVAST AVAST....
Toujours choisir Antivir.
Essaye-le et désinstalle Avast.

   
Répondre à sapnakaj

3

Scratch78, le 4 jui 2009 à 21:21:16

Voici le rapport de combofix.

Sinon, pour antivir, je veux bien tenter si je suis sur que ça peut fonctionner mais impossible de me connecter à un site d'anti-virus, j'ai dit ;-)

Si j'y arrive, quelle est la démarche: d'abord désinstaller avast puis laner antivir ?



AV: avast! antivirus 4.7.1098 [VPS 080322-0] *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Pro Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\beep.sys
c:\windows\system32\drivers\null.sys

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-06-04 au 2009-07-04 ))))))))))))))))))))))))))))))))))))
.

2009-07-04 14:16 . 2009-07-04 14:16 -------- d-----w- c:\windows\ERUNT
2009-07-04 14:10 . 2009-07-04 14:35 -------- d-----w- C:\SDFix
2009-07-04 13:53 . 2009-07-04 13:53 -------- d-----w- c:\program files\CCleaner
2009-07-04 11:06 . 2009-07-04 11:39 -------- d-----w- C:\FindyKill
2009-07-04 06:14 . 2009-07-04 06:14 -------- d-----w- c:\documents and settings\Ludovic Sturer\Application Data\Malwarebytes
2009-07-04 06:14 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissar­my.sys
2009-07-04 06:14 . 2009-07-04 06:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-04 06:14 . 2009-07-04 06:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-04 06:14 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-04 14:34 . 2005-08-31 13:41 4212 ---h--w- c:\windows\system32\zllictbl.dat
2009-07-04 14:14 . 2009-07-04 14:31 7303680 ----a-w- c:\windows\Internet Logs\xDB43.tmp
2009-07-04 14:14 . 2009-07-04 14:31 275456 ----a-w- c:\windows\Internet Logs\xDB42.tmp
2009-07-04 11:38 . 1979-12-31 22:00 77254 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-04 11:38 . 1979-12-31 22:00 472796 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-03 20:46 . 2009-07-04 05:05 65536 ----a-w- c:\windows\Internet Logs\xDB40.tmp
2009-07-03 20:46 . 2009-07-04 05:05 7263232 ----a-w- c:\windows\Internet Logs\xDB41.tmp
2009-07-03 19:20 . 2009-07-03 19:47 151040 ----a-w- c:\windows\Internet Logs\xDB3E.tmp
2009-07-03 19:20 . 2009-07-03 19:47 7259648 ----a-w- c:\windows\Internet Logs\xDB3F.tmp
2009-07-02 18:57 . 2009-07-03 16:06 135680 ----a-w- c:\windows\Internet Logs\xDB3C.tmp
2009-07-02 18:57 . 2009-07-03 16:06 7259648 ----a-w- c:\windows\Internet Logs\xDB3D.tmp
2009-07-02 07:55 . 2009-07-02 16:40 39424 ----a-w- c:\windows\Internet Logs\xDB3A.tmp
2009-07-02 07:55 . 2009-07-02 16:40 7259648 ----a-w- c:\windows\Internet Logs\xDB3B.tmp
2009-07-01 19:19 . 2009-07-02 06:44 145408 ----a-w- c:\windows\Internet Logs\xDB38.tmp
2009-07-01 19:19 . 2009-07-02 06:44 7259648 ----a-w- c:\windows\Internet Logs\xDB39.tmp
2009-07-01 07:46 . 2009-07-01 16:46 46080 ----a-w- c:\windows\Internet Logs\xDB37.tmp
2009-07-01 05:26 . 2009-07-01 07:02 68096 ----a-w- c:\windows\Internet Logs\xDB35.tmp
2009-07-01 05:26 . 2009-07-01 07:03 7259136 ----a-w- c:\windows\Internet Logs\xDB36.tmp
2009-06-30 06:37 . 2009-06-30 16:40 7258624 ----a-w- c:\windows\Internet Logs\xDB34.tmp
2009-06-30 06:37 . 2009-06-30 16:40 37376 ----a-w- c:\windows\Internet Logs\xDB33.tmp
2009-06-30 05:31 . 2009-06-30 06:03 28672 ----a-w- c:\windows\Internet Logs\xDB31.tmp
2009-06-30 05:31 . 2009-06-30 06:03 7258624 ----a-w- c:\windows\Internet Logs\xDB32.tmp
2009-06-29 17:26 . 2009-06-30 05:22 60928 ----a-w- c:\windows\Internet Logs\xDB30.tmp
2009-06-29 10:09 . 2009-06-29 16:39 34304 ----a-w- c:\windows\Internet Logs\xDB2E.tmp
2009-06-29 10:09 . 2009-06-29 16:39 7258112 ----a-w- c:\windows\Internet Logs\xDB2F.tmp
2009-06-29 06:47 . 2009-06-29 07:11 113664 ----a-w- c:\windows\Internet Logs\xDB2D.tmp
2009-06-28 08:10 . 2009-06-28 09:21 118784 ----a-w- c:\windows\Internet Logs\xDB2B.tmp
2009-06-28 08:10 . 2009-06-28 09:21 7256064 ----a-w- c:\windows\Internet Logs\xDB2C.tmp
2009-06-27 19:33 . 2009-06-28 06:04 7256064 ----a-w- c:\windows\Internet Logs\xDB2A.tmp
2009-06-27 19:33 . 2009-06-28 06:04 605696 ----a-w- c:\windows\Internet Logs\xDB29.tmp
2009-06-27 05:49 . 2009-06-27 06:43 31744 ----a-w- c:\windows\Internet Logs\xDB28.tmp
2009-06-26 20:41 . 2009-06-27 05:25 241152 ----a-w- c:\windows\Internet Logs\xDB27.tmp
2009-06-25 21:30 . 2009-06-26 05:35 31744 ----a-w- c:\windows\Internet Logs\xDB25.tmp
2009-06-25 21:29 . 2009-06-26 05:35 7254528 ----a-w- c:\windows\Internet Logs\xDB26.tmp
2009-06-25 20:18 . 2009-06-25 21:13 7254528 ----a-w- c:\windows\Internet Logs\xDB24.tmp
2009-06-25 20:18 . 2009-06-25 21:13 155136 ----a-w- c:\windows\Internet Logs\xDB23.tmp
2009-06-25 05:26 . 2009-06-25 17:21 30208 ----a-w- c:\windows\Internet Logs\xDB21.tmp
2009-06-25 05:26 . 2009-06-25 17:21 7254528 ----a-w- c:\windows\Internet Logs\xDB22.tmp
2009-06-24 20:00 . 2009-06-25 05:05 142336 ----a-w- c:\windows\Internet Logs\xDB20.tmp
2009-06-24 05:08 . 2009-06-24 17:30 30208 ----a-w- c:\windows\Internet Logs\xDB1E.tmp
2009-06-24 05:08 . 2009-06-24 17:30 7254016 ----a-w- c:\windows\Internet Logs\xDB1F.tmp
2009-06-23 20:28 . 2009-06-24 04:42 62464 ----a-w- c:\windows\Internet Logs\xDB1D.tmp
2009-06-23 19:18 . 2009-06-23 19:43 139264 ----a-w- c:\windows\Internet Logs\xDB1B.tmp
2009-06-23 19:18 . 2009-06-23 19:44 7253504 ----a-w- c:\windows\Internet Logs\xDB1C.tmp
2009-06-23 07:14 . 2009-06-23 17:32 7253504 ----a-w- c:\windows\Internet Logs\xDB1A.tmp
2009-06-23 07:14 . 2009-06-23 17:32 42496 ----a-w- c:\windows\Internet Logs\xDB19.tmp
2009-06-22 19:06 . 2009-06-23 06:36 7252992 ----a-w- c:\windows\Internet Logs\xDB18.tmp
2009-06-22 19:06 . 2009-06-23 06:36 211968 ----a-w- c:\windows\Internet Logs\xDB17.tmp
2009-06-22 10:47 . 2009-06-22 10:49 132096 ----a-w- c:\windows\Internet Logs\xDB15.tmp
2009-06-22 10:47 . 2009-06-22 10:49 7251968 ----a-w- c:\windows\Internet Logs\xDB16.tmp
2009-06-21 20:05 . 2009-06-22 05:48 166400 ----a-w- c:\windows\Internet Logs\xDB13.tmp
2009-06-21 20:05 . 2009-06-22 05:48 7251968 ----a-w- c:\windows\Internet Logs\xDB14.tmp
2009-06-20 11:17 . 2009-06-20 21:50 235520 ----a-w- c:\windows\Internet Logs\xDB12.tmp
2009-06-20 06:35 . 2009-06-20 07:12 7249408 ----a-w- c:\windows\Internet Logs\xDB11.tmp
2009-06-20 06:35 . 2009-06-20 07:12 41984 ----a-w- c:\windows\Internet Logs\xDB10.tmp
2009-06-20 05:06 . 2009-06-20 05:08 49152 ----a-w- c:\windows\Internet Logs\xDBF.tmp
2009-06-19 20:39 . 2009-06-20 04:24 7241216 ----a-w- c:\windows\Internet Logs\xDBE.tmp
2009-06-19 20:39 . 2009-06-20 04:23 241152 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2009-06-19 17:21 . 2005-09-01 20:32 -------- d-----w- c:\documents and settings\Ludovic Sturer\Application Data\AdobeUM
2009-06-18 20:23 . 2009-06-19 17:12 313344 ----a-w- c:\windows\Internet Logs\xDBC.tmp
2009-06-18 20:23 . 2009-06-19 17:12 7241216 ----a-w- c:\windows\Internet Logs\xDBD.tmp
2009-06-18 06:10 . 2009-06-18 06:21 34816 ----a-w- c:\windows\Internet Logs\xDBA.tmp
2009-06-18 06:10 . 2009-06-18 06:21 7240192 ----a-w- c:\windows\Internet Logs\xDBB.tmp
2009-06-17 20:18 . 2009-06-18 05:27 7246848 ----a-w- c:\windows\Internet Logs\xDB9.tmp
2009-06-17 20:18 . 2009-06-18 05:27 288256 ----a-w- c:\windows\Internet Logs\xDB8.tmp
2009-06-17 06:10 . 2009-06-17 15:53 40448 ----a-w- c:\windows\Internet Logs\xDB6.tmp
2009-06-17 06:10 . 2009-06-17 15:53 7240192 ----a-w- c:\windows\Internet Logs\xDB7.tmp
2009-06-16 21:11 . 2009-06-17 05:34 7240192 ----a-w- c:\windows\Internet Logs\xDB5.tmp
2009-06-16 21:11 . 2009-06-17 05:34 138240 ----a-w- c:\windows\Internet Logs\xDB4.tmp
2009-06-16 18:51 . 2009-06-16 18:53 7243264 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2009-06-16 18:51 . 2009-06-16 18:52 169984 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2009-06-15 20:05 . 2009-06-16 05:45 207360 ----a-w- c:\windows\Internet Logs\xDB79.tmp
2009-06-15 20:05 . 2009-06-16 05:45 7242240 ----a-w- c:\windows\Internet Logs\xDB7A.tmp
2009-06-15 16:24 . 2009-06-15 16:41 7239680 ----a-w- c:\windows\Internet Logs\xDB78.tmp
2009-06-15 16:24 . 2009-06-15 16:41 58880 ----a-w- c:\windows\Internet Logs\xDB77.tmp
2009-06-14 18:52 . 2009-06-15 16:02 161280 ----a-w- c:\windows\Internet Logs\xDB75.tmp
2009-06-14 18:52 . 2009-06-15 16:02 7239680 ----a-w- c:\windows\Internet Logs\xDB76.tmp
2009-06-14 10:15 . 2009-06-14 15:48 7238144 ----a-w- c:\windows\Internet Logs\xDB74.tmp
2009-06-14 10:15 . 2009-06-14 15:48 92672 ----a-w- c:\windows\Internet Logs\xDB73.tmp
2009-06-13 09:15 . 2009-06-13 16:27 7238656 ----a-w- c:\windows\Internet Logs\xDB72.tmp
2009-06-13 09:15 . 2009-06-13 16:27 56320 ----a-w- c:\windows\Internet Logs\xDB71.tmp
2009-06-13 05:24 . 2009-06-13 08:35 7250944 ----a-w- c:\windows\Internet Logs\xDB70.tmp
2009-06-13 05:24 . 2009-06-13 08:35 243200 ----a-w- c:\windows\Internet Logs\xDB6F.tmp
2009-05-24 15:23 . 2005-03-21 08:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-12 17:50 . 2005-09-01 20:27 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-05-08 14:22 . 2007-04-22 05:07 -------- d-----w- c:\program files\MemoriesOnTV3
2009-05-08 05:29 . 2007-02-13 11:44 -------- d-----w- c:\program files\Google
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2006-07-05 10:56 . 1979-12-31 22:00 164746 --sha-r- c:\windows\system32\dvsxjs.dll
2006-05-03 09:06 . 2009-04-19 17:41 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2009-04-19 17:41 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2009-04-19 17:41 216064 --sh--r- c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-04_10.18.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-04 15:06 . 2009-07-04 15:06 16384 c:\windows\Temp\Perflib_Perfdata_634.dat
+ 1979-12-31 22:00 . 2009-07-04 11:38 63996 c:\windows\system32\perfc009.dat
- 1979-12-31 22:00 . 2009-04-10 18:39 63996 c:\windows\system32\perfc009.dat
+ 1979-12-31 22:00 . 2009-07-04 11:38 405446 c:\windows\system32\perfh009.dat
- 1979-12-31 22:00 . 2009-04-10 18:39 405446 c:\windows\system32\perfh009.dat
+ 2009-07-04 14:16 . 2009-07-04 14:16 159744 c:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat­
+ 2009-07-04 14:16 . 2008-08-07 13:27 163328 c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2009-07-04 14:16 . 2009-07-04 14:16 159744 c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2009-07-04 14:16 . 2008-08-07 13:27 163328 c:\windows\ERUNT\SDFIX\ERDNT.EXE
+ 2009-07-04 14:16 . 2009-07-04 14:16 7401472 c:\windows\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2009-07-04 14:16 . 2009-07-04 14:16 7401472 c:\windows\ERUNT\SDFIX\Users\00000001\ntuser.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2005-07-25 188459]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMS"="c:\program files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
"Zone Labs Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-03-16 755480]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 79224]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" - c:\windows\system32\Hdaudpropshortcut.exe [2004-08-12 61952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SRService]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PHIME2002ASync"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
"PHIME2002A"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
"MPS"=c:\acer\PSM.EXE
"AGRSMMSG"=AGRSMMSG.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe"
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
"MSPY2002"=c:\windows\system32\IME\PINTLGNT\ImScInst.exe /SYNC
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
"ISUSPM Startup"=c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"4974:TCP"= 4974:TCP:tnygldlj

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"= %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= c:\program files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
"c:\\Program Files\\MSN Messenger\\livecall.exe"= c:\program files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"= %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"= c:\program files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= c:\program files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= c:\program files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail
"c:\\Program Files\\Messenger\\msmsgs.exe"= c:\program files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= c:\windows\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Assistance à distance - Windows Messenger et voix
"c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"= c:\program files\IncrediMail\bin\ImLc.exe:*:Enabled:IncrediMail
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= c:\program files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
"c:\\Program Files\\MSN Messenger\\livecall.exe"= c:\program files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"= 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP"= 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"4974:TCP"= 4974:TCP:*:Enabled:tnygldlj

R0 m5287;m5287;c:\windows\system32\drivers\m5287.sys [01/01/1980 76544]
S2 yjzgkc;Time Boot;c:\windows\system32\svchost.exe -k netsvcs [01/01/1980 14336]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - TFMIWQ
*Deregistered* - tfmiwq

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter
DcomLaunch REG_MULTI_SZ DcomLaunch TermService
WudfServiceGroup REG_MULTI_SZ WUDFSvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
yjzgkc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
Alerter
LmHosts

.
Contenu du dossier 'Tâches planifiées'

2009-05-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-05-08 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-01-17 07:10]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.free.fr/
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
IE: &Add animation to IncrediMail Style Box - c:\progra~1\INCRED~1\bin\resources\WebMenuImg.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Barre RoboForm - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Enregistrer le formulaire - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Personnaliser le menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Remplir le formulaire - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
FF - ProfilePath - c:\documents and settings\Ludovic Sturer\Application Data\Mozilla\Firefox\Profiles\a6rd7gg1.default\
FF - prefs.js: browser.startup.homepage - www.free.fr
FF - component: c:\documents and settings\Ludovic Sturer\Application Data\Mozilla\Firefox\Profiles\a6rd7gg1.default\extensions\{22119944-ED35-4ab1-910B-E619EA06A115}\components\rfproxy_27.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

---- PARAMETRES FIREFOX ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-04 17:10
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-3450603700-3914315320-1958823886-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10b.exe"

[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{8D8763AB-E93B-4812-964E-F04E0008FD50}\Version]
@Denied: (A) (Everyone)
"GlobalState"=hex:1a,c1,2b,62,40,77,53,22,a5,21,86,c7,48,7a,95,e4,2d,77,82,b2
"{21701DD0-9D7E-43f7-A1B2-E92ED6E90A51}"=hex:61,a2,c2,2b,79,bf,a0,6c,56,26,25,
a3,80,47,01,69,de,c8,13,df,30,19,64,ae,4c,62,c6,01

[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash10b.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash10b.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil9b.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil9b.exe"

[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"

[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"

[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)

[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"

[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""

[HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(752)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(4072)
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\FXSAPI.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\progra~1\INCRED~1\bin\IMApp.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
.
**************************************************************************
.
Heure de fin: 2009-07-04 17:13 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-07-04 15:13
ComboFix2.txt 2009-07-04 10:25

Avant-CF: 59 712 929 792 octets libres
Après-CF: 59 684 184 064 octets libres

398

   
Répondre à Scratch78

4

Chiquitine29, le 4 jui 2009 à 21:43:32

Copie le texte ci-dessous :

File::
c:\windows\Internet Logs\*.tmp

Driver::
yjzgkc

NetSvc::
tfmiwq
yjzgkc
Alerter
LmHosts



Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ceci :

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt @+

   
Répondre à Chiquitine29

5

Scratch78, le 4 jui 2009 à 22:16:00

J'ai fait ce que tu m'as dit de faire mais Combofix bloque au moment où iles t indiquer un trcu du genre:

"Analyse en cours.
Cela peut prendre environ 10 minutes mais beaucoup plus si l'ordinateur est sérieusement infecté..."

J'ai essayé en fermant toutes les applications ZA, incredimail, avast...

Fermeture puis redémarrage avec le bouton de la tour obligé...

   
Répondre à Scratch78

6

Chiquitine29, le 4 jui 2009 à 22:22:32

Recommence et sois patient cette fois ci

@+

   
Répondre à Chiquitine29

7

Scratch78, le 4 jui 2009 à 22:49:45

J'ai été patient promis (30 minutes environ) mais rien ne se passe...

   
Répondre à Scratch78

8

Scratch78, le 5 jui 2009 à 08:06:32

Youpi, ça refonctionne.

Je ne suis pas trop sensible aux solutions miracles mais il faut bien se rendre à l'évidence.

Je viens de désinstaller Avast pour le remplacer par Antivir et là, plus de pb, ça refonctionne comme avant, toutes les pages internet sont accessibles....

Et pourtant, j'ai en testé des logiciels: malwarbytes, ccleaner, combofix, findykill, sdfix...

Moralité: ne pas tjs faire confiance à son antivirus m^me quand vous avez l'impression de ne pas avoir de virus.

Merci pour ton aide chiquitine29....

   
Répondre à Scratch78

9

 sapnakaj, le 5 jui 2009 à 16:45:23

Et merci sapnakaj de m'avoir dit de remplacer AVAST par ANTIVIR, car en effet sapnakaj tes conseils sont souvent de bonne augure :)

   
Répondre à sapnakaj
Posez votre question Répondre
Ils ont besoin de votre aide