[Résolu]Win 32 trojan gen other

micose

9 Mai 2009 20:22:32

Bonsoir ^^ vous allez bien ?

voila j'ai un ptit prob avast me trouve un virus win32 trojan gen other masi ne peut pas l'effacer , est ce que vous pourriez m'aider a regler ce petit probleme

je vous remercie d'avance , car c asse ennuyant il ne marche que en mode sans echec :s
bonne soirée ^^

Autres pages sur : resolu win trojan gen other

| Etre averti des réponses
| Alerter

Répondre à micose

Destrio5

9 Mai 2009 20:23:19

Bonjour,

Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

Double-clique sur RSIT.exe afin de lancer le programme.
(Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)

Clique sur Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : les rapports sont sauvegardés dans le dossier C:\rsit.

| Alerter

Répondre à Destrio5

micose

9 Mai 2009 20:36:24

re et merci de votre aide ^^ tenez le rapport

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2009-05-09 22:34:18
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 2 GB (15%) free of 15 GB
Total RAM: 1023 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:34:39, on 09/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
d:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
d:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Administrateur.WINXPCRA-B3127B\Application Data\Microsoft\Windows\lsass.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Documents and Settings\Administrateur.WINXPCRA-B3127B\Bureau\RSIT.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\Administrateur.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qk...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=6...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=6...
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] d:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "d:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKLM\..\Policies\Explorer\Run: [Lsass Service] C:\Documents and Settings\Administrateur.WINXPCRA-B3127B\Application Data\Microsoft\Windows\lsass.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDesktop] regsvr32 /s /i:U /n shell32.dll (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDesktop] regsvr32 /s /i:U /n shell32.dll (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDesktop] regsvr32 /s /i:U /n shell32.dll (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDesktop] regsvr32 /s /i:U /n shell32.dll (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{271308C6-CD83-4B7D-A0B4-B93D598918E4}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{81DF945F-FB70-4A8E-90FA-E4E6593AA7B2}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9325 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Maintenance en 1 clic.job
C:\WINDOWS\tasks\XoftSpySE 2.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2009-02-27 1194496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - Barre d'outils &Crawler - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2009-02-27 1194496]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-01-30 13594624]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-01-30 86016]
"Raccourci vers la page des propriétés de High Definition Audio"=C:\WINDOWS\system32\HDAShCut.exe [2005-01-07 61952]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2006-10-18 802816]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2006-10-18 696320]
"SpywareTerminator"=C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe [2009-03-03 2233856]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2006-06-01 573440]
"HControl"=C:\WINDOWS\ATK0100\HControl.exe [2006-04-17 110592]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-05-12 774233]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Adobe Reader Speed Launcher"=D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"avast!"=d:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"ZoneAlarm Client"=d:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2007-06-21 919016]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Lsass Service"=C:\Documents and Settings\Administrateur.WINXPCRA-B3127B\Application Data\Microsoft\Windows\lsass.exe [2009-05-09 65024]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-29 687560]

C:\Documents and Settings\Administrateur.WINXPCRA-B3127B\Menu Démarrer\Programmes\Démarrage
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2007-03-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"MemCheckBoxInRunDlg"=1
"NoSMBalloonTip"=1
"NoDesktopCleanupWizard"=1
"NoWelcomeScreen"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\BitSpirit\BitSpirit.exe"="C:\Program Files\BitSpirit\BitSpirit.exe:*:Enabled:The powerful and easy-to-use BitTorrent Client"
"C:\Documents and Settings\Administrateur.WINXPCRA-B3127B\Local Settings\Temp\IXP000.TMP\Zone Alarm Pro.exe"="C:\Documents and Settings\Administrateur.WINXPCRA-B3127B\Local Settings\Temp\IXP000.TMP\Zone Alarm Pro.exe:*:Enabled:C:\DOCUME~1\ADMINI~1.WIN\LOCALS~1\Temp\IXP000.TMP\Zone Alarm Pro.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0315b958-096f-11de-a2d9-0018f3004528}]
shell\Auto\command - auto.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d43d830-1620-11de-a302-d1c3ec9559e9}]
shell\AutoRun\command - WDSetup.exe

======List of files/folders created in the last 1 months======

2009-05-09 22:34:18 ----D---- C:\rsit
2009-05-09 21:07:34 ----D---- C:\WINDOWS\CSC
2009-05-09 21:07:22 ----A---- C:\WINDOWS\ntbtlog.txt
2009-05-09 18:50:32 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-09 16:47:16 ----A---- C:\WINDOWS\system32\vsutil_loc040c.dll
2009-05-09 16:47:06 ----A---- C:\WINDOWS\system32\vsregexp.dll
2009-05-09 16:47:06 ----A---- C:\WINDOWS\system32\libeay32_0.9.6l.dll
2009-05-09 16:46:55 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2009-05-09 16:46:55 ----A---- C:\WINDOWS\system32\zlcomm.dll
2009-05-09 16:46:47 ----A---- C:\WINDOWS\system32\vswmi.dll
2009-05-09 16:46:39 ----A---- C:\WINDOWS\system32\zpeng24.dll
2009-05-09 16:46:37 ----A---- C:\WINDOWS\system32\vsxml.dll
2009-05-09 16:46:31 ----A---- C:\WINDOWS\system32\vspubapi.dll
2009-05-09 16:46:29 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2009-05-09 16:45:38 ----A---- C:\WINDOWS\system32\vsutil.dll
2009-05-09 16:45:38 ----A---- C:\WINDOWS\system32\vsinit.dll
2009-05-09 16:45:38 ----A---- C:\WINDOWS\system32\vsdata.dll
2009-05-09 15:56:50 ----A---- C:\WINDOWS\system32\MSVCP71.dll
2009-05-09 15:56:50 ----A---- C:\WINDOWS\system32\MFC71.dll
2009-05-09 15:56:50 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-05-09 15:26:15 ----A---- C:\WINDOWS\system32\gxvxchcenwjdkjsnapltdotxeupawuvxednta.dll
2009-05-09 15:25:42 ----A---- C:\WINDOWS\system32\SYS32DLL.exe
2009-05-09 15:25:42 ----A---- C:\SYS32DLL.bat
2009-05-09 15:25:41 ----A---- C:\WINDOWS\st_1241885842.exe
2009-05-09 15:25:40 ----D---- C:\WINDOWS\system32\796525
2009-05-08 14:09:49 ----D---- C:\Documents and Settings\Administrateur.WINXPCRA-B3127B\Application Data\Media Player Classic
2009-05-08 10:30:15 ----A---- C:\WINDOWS\system32\javaws.exe
2009-05-08 10:30:15 ----A---- C:\WINDOWS\system32\javaw.exe
2009-05-08 10:30:15 ----A---- C:\WINDOWS\system32\java.exe
2009-04-22 18:26:42 ----D---- C:\WINDOWS\system32\AGEIA
2009-04-22 18:26:40 ----D---- C:\Program Files\AGEIA Technologies
2009-04-22 18:23:23 ----D---- C:\NVIDIA
2009-04-21 12:36:00 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2009-04-21 12:36:00 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2009-04-21 12:35:57 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2009-04-21 12:35:56 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2009-04-21 12:35:56 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2009-04-21 12:35:55 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2009-04-21 12:35:54 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2009-04-21 12:35:52 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2009-04-21 12:35:52 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2009-04-21 12:35:49 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2009-04-21 12:35:48 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2009-04-21 12:35:48 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2009-04-21 12:35:47 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2009-04-21 12:35:46 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2009-04-21 12:35:45 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2009-04-21 12:35:45 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2009-04-21 12:35:44 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2009-04-21 12:35:42 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2009-04-21 12:35:42 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2009-04-21 12:35:40 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2009-04-21 12:35:39 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2009-04-21 12:35:38 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2009-04-21 12:35:37 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2009-04-21 12:35:36 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2009-04-21 12:35:34 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2009-04-21 12:35:34 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2009-04-21 12:35:29 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2009-04-17 18:52:05 ----D---- C:\Documents and Settings\Administrateur.WINXPCRA-B3127B\Application Data\LG Electronics
2009-04-17 15:18:53 ----D---- C:\Program Files\LG Electronics
2009-04-17 15:17:39 ----D---- C:\Documents and Settings\Administrateur.WINXPCRA-B3127B\Application Data\InstallShield

======List of files/folders modified in the last 1 months======

2009-05-09 22:34:09 ----D---- C:\WINDOWS\Temp
2009-05-09 22:29:27 ----D---- C:\Program Files\Mozilla Firefox
2009-05-09 22:28:50 ----D---- C:\Documents and Settings\Administrateur.WINXPCRA-B3127B\Application Data\OpenOffice.org2
2009-05-09 22:02:28 ----D---- C:\WINDOWS\Internet Logs
2009-05-09 21:53:52 ----D---- C:\WINDOWS
2009-05-09 21:53:52 ----AD---- C:\WINDOWS\system32
2009-05-09 21:41:25 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-05-09 20:56:55 ----D---- C:\WINDOWS\system32\drivers
2009-05-09 19:48:18 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-09 18:12:27 ----D---- C:\Program Files\Spyware Terminator
2009-05-09 17:54:58 ----D---- C:\WINDOWS\system32\config
2009-05-09 16:47:23 ----D---- C:\WINDOWS\system32\ZoneLabs
2009-05-09 15:25:38 ----SHD---- C:\RECYCLER
2009-05-09 15:22:11 ----D---- C:\Documents and Settings\Administrateur.WINXPCRA-B3127B\Application Data\Spyware Terminator
2009-05-09 12:45:40 ----D---- C:\WINDOWS\Prefetch
2009-05-09 12:00:54 ----SHD---- C:\WINDOWS\Installer
2009-05-09 12:00:41 ----HD---- C:\Config.Msi
2009-05-09 10:07:34 ----D---- C:\Program Files\BitSpirit
2009-05-09 10:07:18 ----D---- C:\Program Files\Fichiers communs\BitSpirit
2009-05-08 19:05:36 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spyware Terminator
2009-05-08 14:15:49 ----A---- C:\WINDOWS\NeroDigital.ini
2009-05-08 10:30:03 ----D---- C:\Program Files\Java
2009-05-04 20:21:23 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
2009-05-04 14:36:08 ----D---- C:\Documents and Settings\Administrateur.WINXPCRA-B3127B\Application Data\dvdcss
2009-04-28 22:47:38 ----HD---- C:\LG3G
2009-04-28 22:36:16 ----HD---- C:\WINDOWS\inf
2009-04-22 18:30:05 ----D---- C:\WINDOWS\nview
2009-04-22 18:30:05 ----D---- C:\WINDOWS\Help
2009-04-22 18:26:27 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard
2009-04-22 18:25:11 ----D---- C:\WINDOWS\system32\dllcache
2009-04-21 12:36:02 ----D---- C:\WINDOWS\system32\DirectX
2009-04-20 18:06:12 ----HD---- C:\Program Files\InstallShield Installation Information
2009-04-17 15:18:53 ----RD---- C:\Program Files
2009-04-17 00:21:25 ----D---- C:\Program Files\WinClamAVShield
2009-04-16 00:20:35 ----D---- C:\WINDOWS\Debug

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2006-03-02 40320]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2007-06-21 394984]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.6.0.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-03-03 21425]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R2 s24trans;Transport RLAN; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2006-10-19 12544]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2007-03-31 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 CmBatt;Pilote d'adaptateur secteur Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2007-03-18 14080]
R3 HdAudAddService;Pilote de fonction Microsoft UAA pour Service High Definition Audio; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2005-02-18 5632]
R3 NETw3x32;Pilote de carte réseau Intel(R) PRO/Wireless 3945ABG pour Windows XP 32 bits; C:\WINDOWS\system32\DRIVERS\NETw3x32.sys [2006-10-17 1711104]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2007-03-31 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-01-30 6250848]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-07-14 28544]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-07-12 51328]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-07-14 307968]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-02-27 81408]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2006-03-02 67584]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2006-06-01 894336]
R3 SynMini;USB2.0 VGA WebCam; C:\WINDOWS\System32\Drivers\SynMini.sys [2006-07-03 1056512]
R3 SynScan;USB2.0 VGA WebCam Still Image; C:\WINDOWS\System32\Drivers\SynScan.sys [2006-06-30 8064]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-05-12 193056]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2007-03-18 26624]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2007-03-18 57600]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2007-03-18 20480]
S3 a9bx11dd;a9bx11dd; C:\WINDOWS\system32\drivers\a9bx11dd.sys []
S3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-06-21 142848]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2007-03-18 17024]
S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2007-03-18 9600]
S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2007-03-18 12288]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2007-03-18 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2007-03-18 85376]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2007-03-18 10880]
S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2007-03-18 20992]
S3 SaiHA503;SaiHA503; C:\WINDOWS\system32\DRIVERS\SaiHA503.sys [2007-05-01 132232]
S3 SaiLA503;SaiLA503; C:\WINDOWS\system32\DRIVERS\SaiLA503.sys [2007-05-01 15488]
S3 SaiUA503;SaiUA503; C:\WINDOWS\system32\DRIVERS\SaiUA503.sys [2007-05-01 28416]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2007-03-18 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2007-03-18 15360]
S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2007-07-11 12416]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2007-07-11 19840]
S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2007-07-11 21632]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2007-03-18 26496]
S3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-04-04 1429632]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2007-03-18 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2007-03-18 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2007-03-18 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2006-03-02 73600]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; d:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2006-10-18 434176]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-01-30 168004]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2006-10-18 327680]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2006-10-18 946176]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2009-03-03 540672]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2007-06-21 75304]
R3 avast! Mail Scanner;avast! Mail Scanner; d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; d:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 TUWinStylerThemeSvc;TuneUp WinStyler Theme Service; C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe [2005-08-10 118272]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2006-03-02 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------

| Alerter

Répondre à micose

Destrio5

9 Mai 2009 20:42:45

[#ff0000]/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\[/#f]

Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.

Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.

Il va te demander d'installer la console de récupération : accepte.

Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix

| Alerter

Répondre à Destrio5

micose

9 Mai 2009 21:04:14

re voici le rapport
ComboFix 09-05-08.03 - Administrateur 09/05/2009 22:48.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1023.492 [GMT 2:00]
Lancé depuis: c:\documents and settings\Administrateur.WINXPCRA-B3127B\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrateur.WINXPCRA-B3127B\Application Data\Microsoft\Windows\lsass.exe
c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\recycler\S-9-7-19-100008889-100012520-100020595-3776.com
c:\windows\system32\gxvxchcenwjdkjsnapltdotxeupawuvxednta.dll
c:\windows\system32\SYS32DLL.exe
d:\recycler\S-9-7-19-100008889-100012520-100020595-3776.com

----- BITS: Il y a peut-être des sites infectés -----

hxxp://updateserver.info
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-04-09 au 2009-05-09 ))))))))))))))))))))))))))))))))))))
.

2009-05-09 20:34 . 2009-05-09 20:34 -------- d-----w C:\rsit
2009-05-09 14:47 . 2009-05-09 20:29 4212 ---h--w c:\windows\system32\zllictbl.dat
2009-05-09 14:47 . 2007-06-21 19:55 54672 ----a-w c:\windows\system32\vsutil_loc040c.dll
2009-05-09 14:46 . 2007-06-21 19:54 1086952 ----a-w c:\windows\system32\zpeng24.dll
2009-05-09 13:56 . 2003-03-18 19:20 1060864 ----a-w c:\windows\system32\MFC71.dll
2009-05-09 13:56 . 2003-03-18 18:14 499712 ----a-w c:\windows\system32\MSVCP71.dll
2009-05-09 13:25 . 2009-05-09 13:25 -------- d-----r c:\documents and settings\LocalService.AUTORITE NT.000\Favoris
2009-05-09 13:25 . 2009-05-09 13:25 1199 ----a-w C:\SYS32DLL.bat
2009-05-09 13:25 . 2009-05-09 13:25 17408 ----a-w c:\windows\st_1241885842.exe
2009-05-09 13:25 . 2009-05-09 15:30 -------- d-----w c:\windows\system32\796525
2009-05-08 12:09 . 2009-05-08 12:09 -------- d-----w c:\documents and settings\Administrateur.WINXPCRA-B3127B\Application Data\Media Player Classic
2009-04-22 16:26 . 2009-04-22 16:26 -------- d-----w c:\windows\system32\AGEIA
2009-04-22 16:26 . 2009-04-22 16:26 -------- d-----w c:\program files\AGEIA Technologies
2009-04-22 16:23 . 2009-04-22 16:23 -------- d-----w C:\NVIDIA
2009-04-21 10:50 . 2009-04-21 10:50 -------- d-----w c:\documents and settings\Administrateur.WINXPCRA-B3127B\Local Settings\Application Data\Funcom
2009-04-21 10:36 . 2009-03-09 13:27 1846632 ----a-w c:\windows\system32\D3DCompiler_41.dll
2009-04-21 10:36 . 2009-03-09 13:27 453456 ----a-w c:\windows\system32\d3dx10_41.dll
2009-04-17 16:52 . 2009-04-17 16:52 -------- d-----w c:\documents and settings\Administrateur.WINXPCRA-B3127B\Application Data\LG Electronics
2009-04-17 13:18 . 2007-07-11 08:45 21632 ----a-w c:\windows\system32\drivers\lgusbmodem.sys
2009-04-17 13:18 . 2007-07-11 13:51 19840 ----a-w c:\windows\system32\drivers\lgusbdiag.sys
2009-04-17 13:18 . 2007-07-11 08:40 12416 ----a-w c:\windows\system32\drivers\lgusbbus.sys
2009-04-17 13:18 . 2009-04-17 13:18 -------- d-----w c:\program files\LG Electronics
2009-04-17 13:17 . 2009-04-17 13:17 -------- d-----w c:\documents and settings\Administrateur.WINXPCRA-B3127B\Application Data\InstallShield

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-09 19:00 . 2009-05-09 20:02 2035200 ----a-w c:\windows\Internet Logs\xDB1.tmp
2009-05-09 17:39 . 2009-05-09 17:39 165094 ----a-w c:\windows\Internet Logs\vsmon_2nd_2009_05_09_18_56_22_small.dmp.zip
2009-05-09 16:12 . 2008-04-16 08:43 -------- d-----w c:\program files\Spyware Terminator
2009-05-09 10:45 . 2009-03-03 12:23 12680 ----a-w c:\documents and settings\Administrateur.WINXPCRA-B3127B\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-09 08:07 . 2009-03-03 22:24 -------- d-----w c:\program files\BitSpirit
2009-05-09 08:07 . 2009-03-03 22:24 -------- d-----w c:\program files\Fichiers communs\BitSpirit
2009-05-08 08:30 . 2006-11-13 16:47 -------- d-----w c:\program files\Java
2009-04-22 16:26 . 2006-11-12 17:23 -------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2009-04-20 16:06 . 2006-11-19 15:36 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-16 22:21 . 2008-05-21 09:37 -------- d-----w c:\program files\WinClamAVShield
2009-04-01 09:55 . 2006-03-02 10:00 11973 ----a-w c:\windows\system32\drivers\secdrv.sys
2009-04-01 08:57 . 2009-04-01 08:57 -------- d-----w c:\program files\Ahead
2009-03-30 19:47 . 2006-03-02 10:00 83484 ----a-w c:\windows\system32\perfc00C.dat
2009-03-30 19:47 . 2006-03-02 10:00 505148 ----a-w c:\windows\system32\perfh00C.dat
2009-03-16 12:18 . 2009-04-21 10:35 69448 ----a-w c:\windows\system32\XAPOFX1_3.dll
2009-03-16 12:18 . 2009-04-21 10:35 517448 ----a-w c:\windows\system32\XAudio2_4.dll
2009-03-16 12:18 . 2009-04-21 10:35 235352 ----a-w c:\windows\system32\xactengine3_4.dll
2009-03-16 12:18 . 2009-04-21 10:35 22360 ----a-w c:\windows\system32\X3DAudio1_6.dll
2009-03-11 12:03 . 2009-03-11 12:03 -------- d-----w c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-03-09 13:27 . 2009-04-21 10:35 4178264 ----a-w c:\windows\system32\D3DX9_41.dll
2009-03-09 03:19 . 2009-03-16 18:33 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-05 10:39 . 2009-03-05 10:42 90112 ----a-w c:\windows\system32\p5dll.dll
2009-03-05 10:37 . 2009-03-05 10:37 4096 ----a-w c:\windows\d3dx.dat
2009-03-05 10:16 . 2009-03-05 10:08 717296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-03-03 16:58 . 2009-03-03 16:58 142592 ----a-w c:\windows\system32\drivers\sp_rsdrv2.sys
2009-03-03 12:30 . 2009-03-03 12:30 319488 ----a-w c:\windows\system32\AegisI5Installer.exe
2009-03-03 12:30 . 2009-03-03 12:30 21425 ----a-w c:\windows\system32\drivers\AegisP.sys
2009-03-03 12:30 . 2009-03-03 10:50 86331 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-03 11:48 . 2009-03-03 11:48 0 ----a-w c:\windows\nsreg.dat
2009-03-03 11:39 . 2009-03-03 11:39 153 ----a-w c:\documents and settings\Administrateur.WINXPCRA-B3127B\Local Settings\Application Data\fusioncache.dat
2009-03-03 11:38 . 2009-03-03 11:38 2272 ----a-w c:\documents and settings\LocalService.AUTORITE NT.000\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-03-03 10:50 . 2006-03-02 10:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-03-03 10:47 . 2009-03-03 10:47 21892 ----a-w c:\windows\system32\emptyregdb.dat
2009-02-21 16:03 . 2007-04-21 16:19 26512 ----a-w c:\documents and settings\MaxXx\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-09 18:56 . 2009-03-04 11:15 67584 ----a-w c:\windows\system32\ff_vfw.dll
2007-01-10 14:24 . 2007-01-10 14:24 278528 ----a-w c:\program files\Fichiers communs\FDEUnInstaller.exe
2006-12-29 22:33 . 2007-04-02 12:48 4704 ----a-w c:\program files\satsukidecodersettings.ini
2003-06-09 05:38 . 2007-02-28 11:01 106496 ----a-w c:\program files\mozilla firefox\plugins\cdrPeops.dll
2003-07-31 21:20 . 2007-02-28 11:01 385024 ----a-w c:\program files\mozilla firefox\plugins\gpuPeteD3D.dll
2003-07-31 21:21 . 2007-02-28 11:01 401408 ----a-w c:\program files\mozilla firefox\plugins\gpuPeteDX6D3D.dll
2003-07-31 21:19 . 2007-02-28 11:01 397312 ----a-w c:\program files\mozilla firefox\plugins\gpuPeteOpenGL.dll
2003-06-09 05:38 . 2007-02-28 11:01 77824 ----a-w c:\program files\mozilla firefox\plugins\spuPeopsDSound.dll
.

------- Sigcheck -------

[-] 2007-03-18 14:31 360576 C7BE59B07C6EB74BEA6FD67C1B164015 c:\windows\system32\drivers\tcpip.sys

[-] 2007-03-20 21:36 2140672 7322182EF6E0BC440380AF9B59133DE6 c:\windows\system32\ntoskrnl.exe

[-] 2007-04-09 09:50 2691584 5284B332F274BE2B576B2D3FB619FF37 c:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-30 13594624]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-30 86016]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"SpywareTerminator"="c:\progra~1\SPYWAR~1\SpywareTerminatorShield.exe" [2009-03-03 2233856]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-06-01 573440]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-04-17 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-12 774233]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"avast!"="d:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"ZoneAlarm Client"="d:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 919016]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-01-30 1657376]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-03-18 12451]
"ShowDesktop"="shell32.dll" - c:\windows\system32\shell32.dll [2007-04-04 18590720]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2006-03-02 101888]

c:\documents and settings\Administrateur.WINXPCRA-B3127B\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Hotfix-KB5504305 REG_SZ c:\windows\system32\rundll83.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"DisablePagingExecutive"=dword:00000001
"SecondLevelDataCache"=dword:00000200

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\BitSpirit\\BitSpirit.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4008:TCP"= 4008:TCP:*

isabled:SolidNetworkManager
"4008:UDP"= 4008:UDP:*

isabled:SolidNetworkManager

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [09/05/2009 15:57 114768]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [03/03/2009 18:58 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [09/05/2009 15:57 20560]
R3 SynMini;USB2.0 VGA WebCam;c:\windows\system32\drivers\SynMini.sys [12/11/2006 18:40 1056512]
R3 SynScan;USB2.0 VGA WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [12/11/2006 18:40 8064]
S3 SaiHA503;SaiHA503;c:\windows\system32\drivers\SaiHA503.sys [01/05/2007 15:44 132232]
S3 SaiLA503;SaiLA503;c:\windows\system32\drivers\SaiLA503.sys [01/05/2007 15:44 15488]
S3 SaiUA503;SaiUA503;c:\windows\system32\drivers\SaiUA503.sys [01/05/2007 15:44 28416]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0315b958-096f-11de-a2d9-0018f3004528}]
\Shell\Auto\command - auto.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d43d830-1620-11de-a302-d1c3ec9559e9}]
\Shell\AutoRun\command - WDSetup.exe
.
Contenu du dossier 'Tâches planifiées'

2009-05-08 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe [2005-11-10 22:03]

2009-05-09 c:\windows\Tasks\XoftSpySE 2.job
- c:\program files\XoftSpySE\XoftSpy.exe [2007-07-13 12:44]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Explorer_Run-Lsass Service - c:\documents and settings\Administrateur.WINXPCRA-B3127B\Application Data\Microsoft\Windows\lsass.exe

.
------- Examen supplémentaire -------
.
uStart Page =
mStart Page =
uInternet Connection Wizard,ShellNext = hxxp://www.google.fr/
uSearchURL,(Default) = hxxp://www.google.fr/keyword/%s
IE: Crawler Search - tbr:iemenu
IE: Download Using &BitSpirit - c:\program files\BitSpirit\bsurl.htm
IE: Télécharger avec &BitSpirit - c:\program files\BitSpirit\bsurl.htm
IE: ÓÃ±ÈÌØ¾«ÁéÏÂÔØ(&B)
TCP: {271308C6-CD83-4B7D-A0B4-B93D598918E4} = 208.67.220.220,208.67.222.222
TCP: {81DF945F-FB70-4A8E-90FA-E4E6593AA7B2} = 208.67.220.220,208.67.222.222
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\Administrateur.WINXPCRA-B3127B\Application Data\Mozilla\Firefox\Profiles\0movmxuh.default\
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xwsg.dll
FF - plugin: c:\documents and settings\Administrateur.WINXPCRA-B3127B\Application Data\Mozilla\Firefox\Profiles\0movmxuh.default\extensions\SolidStateION@solidstatenetworks.com\plugins\npssn.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: d:\program files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll

---- PARAMETRES FIREFOX ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-09 22:51
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Lsass Service = c:\documents and settings\Administrateur.WINXPCRA-B3127B\Application Data\Microsoft\Windows\lsass.exe??????????????????????????

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2009-05-09 22:53
ComboFix-quarantined-files.txt 2009-05-09 20:53
ComboFix2.txt 2008-10-03 08:04
ComboFix3.txt 2008-09-23 09:00
ComboFix4.txt 2007-05-20 17:46

Avant-CF: 2 276 147 200 octets libres
Après-CF: 2 311 684 096 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

233

| Alerter

Répondre à micose

Destrio5

9 Mai 2009 21:07:59

Télécharge UsbFix (de C_XX & Chiquitine29) sur ton Bureau.

Lance l'installation avec les paramètres par défaut.

Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.

Double-clique sur le raccourci UsbFix sur ton Bureau.

Choisis l'option 1 (Recherche).

Laisse travailler l'outil.

Poste le rapport UsbFix.txt.

Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).

"Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.

| Alerter

Répondre à Destrio5

micose

9 Mai 2009 21:12:06

voili voilou , mais pour le moment il ya plus de soucis

je poste le rapport ( et merci encore! )
############################## [ UsbFix V3.017 # Scan ]

# User : Administrateur (Administrateurs) # WINXPCRA-B3127B
# Update on 06/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 23:09:24 | 09/05/2009

# Genuine Intel(R) CPU T2050 @ 1.60GHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Disabled

# C:\ # Disque fixe local # 15,02 Go (2,17 Go free) # NTFS
# D:\ # Disque fixe local # 78,14 Go (19,93 Go free) [Nouveau nom] # NTFS
# E:\ # Disque CD-ROM # 530,06 Mo (0 Mo free) [DISK2] # CDFS
# F:\ # Disque amovible # 941,92 Mo (342,79 Mo free) # FAT32
# G:\ # Disque CD-ROM
# H:\ # Disque amovible # 60,93 Mo (52,62 Mo free) [Carte mÚm] # FAT

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
d:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
d:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Registre # Startup ]

HKCU_Main: "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese..."
HKCU_Main: "Start Page"=""
HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"="Administrateur"
HKLM_logon: "AltDefaultUserName"="Administrateur"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM_Run: nwiz=nwiz.exe /install
HKLM_Run: NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM_Run: Raccourci vers la page des propriétés de High Definition Audio=HDAShCut.exe
HKLM_Run: IntelZeroConfig="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
HKLM_Run: IntelWireless="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
HKLM_Run: SpywareTerminator="C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
HKLM_Run: SMSERIAL=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
HKLM_Run: HControl=C:\WINDOWS\ATK0100\HControl.exe
HKLM_Run: SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
HKLM_Run: NeroFilterCheck=C:\WINDOWS\system32\NeroCheck.exe
HKLM_Run: Adobe Reader Speed Launcher="D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKLM_Run: SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
HKLM_Run: avast!=d:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
HKLM_Run: ZoneAlarm Client="d:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: msnmsgr="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
HKCU_Run: DAEMON Tools Lite="C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

################## [ Informations ]

################## [ Fichiers # Dossiers infectieux ]

Found ! "C:\WINDOWS\system32\796525"
H:\autorun.inf # -> fichier appelé : "H:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorun.exe" ( absent ! )
Found ! H:\autorun.inf
Found ! H:\recycler\S-9-7-19-100008889-100012520-100020595-3776.com

################## [ Registre # Clés Run infectieuses ]

Found ! HKLM\software\microsoft\security center\\ "AntiVirusDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
Found ! HKLM\software\microsoft\security center\\ "AntiVirusOverride"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
Found ! HKLM\software\microsoft\security center\\ "FirewallOverride"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
Found ! HKLM\software\microsoft\security center\\ "UpdatesDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
Found ! HKLM\SYSTEM\CurrentControlSet\Services\GXVXCSERV.SYS
Found ! HKLM\SYSTEM\ControlSet001\Services\GXVXCSERV.SYS

################## [ Registre # Mountpoints2 ]

HKCU\Software\Microsoft\....\MountPoints2\{0315b958-096f-11de-a2d9-0018f3004528}\Shell\Auto\command
HKCU\Software\Microsoft\....\MountPoints2\{0315b958-096f-11de-a2d9-0018f3004528}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{4d43d830-1620-11de-a302-d1c3ec9559e9}\Shell\AutoRun\command

################## [ ! Fin du rapport # UsbFix V3.017 ! ]

| Alerter

Répondre à micose

Destrio5

9 Mai 2009 21:19:11

Citation :

mais pour le moment il ya plus de soucis

---> Ton disque H est infecté.

Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.

Double-clique sur le raccourci UsbFix présent sur ton Bureau pour le lancer.

Choisis l'option 2 (Suppression).

Ton Bureau disparaîtra et le PC redémarrera.

Au redémarrage, UsbFix scannera ton PC, laisse travailler l'outil.

Ensuite, poste le rapport UsbFix.txt qui apparaîtra avec le Bureau .

Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).

| Alerter

Répondre à Destrio5

micose

9 Mai 2009 21:37:25

revoici le rapport ^^

############################## [ UsbFix V3.017 # Cleaning ]

# User : Administrateur (Administrateurs) # WINXPCRA-B3127B
# Update on 06/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 23:29:33 | 09/05/2009

# Genuine Intel(R) CPU T2050 @ 1.60GHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Disabled

# C:\ # Disque fixe local # 15,02 Go (2,17 Go free) # NTFS
# D:\ # Disque fixe local # 78,14 Go (19,93 Go free) [Nouveau nom] # NTFS
# E:\ # Disque CD-ROM # 530,06 Mo (0 Mo free) [DISK2] # CDFS
# G:\ # Disque CD-ROM
# H:\ # Disque amovible # 60,93 Mo (52,62 Mo free) [Carte mÚm] # FAT

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
d:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
d:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe

################## [ Fichiers # Dossiers infectieux ]

Deleted ! "C:\WINDOWS\system32\796525"
H:\autorun.inf # -> fichier appelé : "H:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorun.exe" ( absent ! )
Deleted ! H:\autorun.inf
Deleted ! H:\recycler\S-9-7-19-100008889-100012520-100020595-3776.com

################## [ Registre # Clés Run infectieuses ]

# HKLM\software\microsoft\security center\\ "AntiVirusDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
# HKLM\software\microsoft\security center\\ "AntiVirusOverride"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
# HKLM\software\microsoft\security center\\ "FirewallOverride"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
# HKLM\software\microsoft\security center\\ "UpdatesDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
Deleted ! HKLM\SYSTEM\CurrentControlSet\Services\GXVXCSERV.SYS
Deleted ! HKLM\SYSTEM\ControlSet002\Services\GXVXCSERV.SYS

################## [ Registre # Mountpoints2 ]

Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{0315b958-096f-11de-a2d9-0018f3004528}\Shell\Auto\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{4d43d830-1620-11de-a302-d1c3ec9559e9}\Shell\AutoRun\command

################## [ Listing des fichiers présent ]

[12/11/2006 17:43|--a------|0] - C:\AUTOEXEC.BAT
[03/03/2009 12:45|--a------|327] - C:\Boot.bak
[09/05/2009 22:48|-rahs----|397] - C:\boot.ini
[02/03/2006 12:00|-rahs----|4952] - C:\Bootfont.bin
[03/08/2004 23:00|--a------|263488] - C:\cmldr
[09/05/2009 22:53|--a------|16757] - C:\ComboFix.txt
[12/11/2006 17:43|--a------|0] - C:\CONFIG.SYS
[03/03/2009 20:36|--a------|4128] - C:\INFCACHE.1
[12/11/2006 17:43|-rahs----|0] - C:\IO.SYS
[12/11/2006 17:43|-rahs----|0] - C:\MSDOS.SYS
[02/03/2006 12:00|-rahs----|47564] - C:\NTDETECT.COM
[02/03/2006 12:00|-rahs----|251712] - C:\ntldr
[?|?|?] - C:\pagefile.sys
[09/05/2009 15:25|--a------|1199] - C:\SYS32DLL.bat
[28/04/2009 22:37|--a------|0] - C:\Tech_Vista.log
[09/05/2009 23:33|--a------|3948] - C:\UsbFix.txt
[06/05/2009 14:01|--a------|129] - D:\Lecteur CD.lnk
[29/07/2004 11:40|-r-------|4693129] - E:\Data11.cab
[29/07/2004 12:28|-r-------|490943766] - E:\Data2.cab
[29/07/2004 12:30|-r-------|59801544] - E:\Ryzom.msi
[27/12/2002 18:44|--ah-----|703] - F:\SETTINGS.DAT
[22/06/2007 20:41|--a------|877936] - F:\AutoTransfer.exe
[27/12/2002 18:44|--ah-----|4194304] - F:\STDBSTR.DAT
[27/12/2002 18:44|--ah-----|1200] - F:\STDBSTR.IDX
[27/12/2002 18:44|--ah-----|1931264] - F:\STDBDATA.DAT
[27/12/2002 18:44|--ah-----|116] - F:\STDBDATA.IDX
[27/12/2002 18:44|--ah-----|505985] - F:\RAMLIST.DAT
[14/03/2009 00:56|--a------|3240] - F:\BOOTEX.LOG
[02/04/2008 23:32|--a------|7061900] - F:\04 Loose Ends.mp3
[15/06/2006 19:05|--a------|4770858] - F:\Samurai Champloo - YOU.mp3
[27/01/2008 01:45|--a------|8163265] - F:\01 Let Go.mp3
[16/01/2009 21:00|--a------|296] - F:\WMPInfo.xml
[21/07/2007 23:23|--a------|6896667] - F:\05 no man's land - sufjan stevens.mp3
[18/10/2007 16:57|--a------|3697988] - F:\ironic.mp3
[19/06/2008 00:15|--a------|4821610] - F:\02-korn-hollow_life.mp3
[15/06/2006 19:00|--a------|5922275] - F:\Samurai Champloo - Fly.mp3
[12/11/2008 14:01|--a------|15176] - F:\cvmoi.odt
[15/06/2006 19:02|--a------|4134871] - F:\Noir - Kirei Na Kanjou.mp3
[15/06/2006 19:06|--a------|4762506] - F:\Samurai Champloo - Who's Theme.mp3
[16/03/2006 15:47|--a------|5007488] - F:\03 Boa - Duvet (Acoustic Version).mp3
[12/05/2008 15:54|--a------|9109632] - F:\Orbital -Hackers Soundtrack- Halcyon And On And On.mp3
[21/07/2007 23:22|--a------|4440321] - F:\01 the winner is - mychael danna & devotchka.mp3
[21/07/2007 23:26|--a------|8832027] - F:\08 chicago - sufjan stevens.mp3
[15/06/2006 19:29|--a------|3128842] - F:\Samurai champloo - Sneak chamber.mp3
[15/06/2006 18:49|--a------|4513541] - F:\Samurai champloo - the space between two worlds.mp3
[15/06/2006 18:49|--a------|4802769] - F:\Samurai champloo - Shiki no Uta.mp3
[27/01/2008 01:45|--a------|8933970] - F:\02 Breathe In.mp3
[02/04/2008 23:32|--a------|10042015] - F:\08 The Walk.mp3
[10/12/2007 19:47|--a------|9547904] - F:\40 - Banjiya Blues.mp3
[27/01/2008 01:45|--a------|7803380] - F:\04 Must Be Dreaming.mp3
[02/04/2008 23:32|--a------|5768485] - F:\09 Just for Now.mp3
[15/06/2006 18:52|--a------|4915200] - F:\Kurau phantom memory - Natsukashii Umi.mp3
[15/06/2006 19:28|--a------|3131350] - F:\Samurai champloo - New dimension.mp3
[15/06/2006 19:25|--a------|7412911] - F:\Samurai Champloo - How You Feel.mp3
[04/03/2007 01:37|--a------|7996598] - F:\10-korn-make_me_bad_-_in_between_days_feat._the_cure.mp3
[15/06/2006 19:30|--a------|5943115] - F:\Samurai Champloo - Funkin.mp3
[10/08/2008 00:04|--a------|6483636] - F:\03 - Je suis une feuille.mp3
[15/06/2006 18:49|--a------|3235422] - F:\Samurai champloo - battlecry.mp3
[03/04/2009 00:03|--a------|6537893] - F:\03. Korn - Chi.mp3
[15/06/2006 18:47|--a------|4009482] - F:\Samurai champloo - aruarian dance.mp3
[03/04/2009 00:07|--a------|6539044] - F:\05. Korn - Got The Life.mp3
[27/01/2008 01:45|--a------|8989915] - F:\03 It's Good to Be in Love.mp3
[03/04/2009 00:07|--a------|8358341] - F:\06. Korn - All In The Family.mp3
[03/04/2009 00:05|--a------|7882792] - F:\07. Korn - Beg For Me.mp3
[27/01/2008 01:46|--a------|8357820] - F:\08 Hear Me Out.mp3
[10/12/2007 19:47|--a------|5337216] - F:\31 - Jinsei wa Belt Conveyor no Youni Nagareru.mp3
[27/01/2008 01:47|--a------|7028500] - F:\09 Maddening Shroud.mp3
[27/01/2008 01:45|--a------|7684810] - F:\10 Flicks.mp3
[27/01/2008 01:45|--a------|9969370] - F:\12 Old Piano.mp3
[27/01/2008 01:45|--a------|8369510] - F:\15 Close Up.mp3
[03/04/2009 00:07|--a------|7738885] - F:\09. Korn - Somebody Someone.mp3
[27/04/2009 23:41|--a------|9671738] - F:\02 Rhinoceros.mp3
[30/04/2009 14:03|--a------|14167] - F:\lettre motiv.odt
[03/04/2009 00:07|--a------|6126905] - F:\12. Korn - Play Me (Feat. Nas).mp3
[05/04/2009 16:27|--a------|7797763] - F:\03. You Found Me.mp3
[05/04/2009 16:27|--a------|9721211] - F:\04. Say When.mp3
[05/04/2009 16:27|--a------|8284267] - F:\05. Never Say Never.mp3
[05/04/2009 16:27|--a------|7582096] - F:\06. Where The Story Ends.mp3
[27/04/2009 23:54|--a------|7435980] - F:\03 Drown.mp3
[21/12/2007 18:23|--a------|11599872] - F:\RIP SLYME - 13 - Matahou Nichi Made.mp3
[03/05/2009 23:37|--a------|12951150] - F:\12 Remember (Rip Slyme with MONGOL800).mp3
[03/05/2009 23:39|--a------|11591836] - F:\13 ___.mp3
[02/04/2008 23:32|--a------|6931640] - F:\01 Headlock.mp3
[02/04/2008 23:32|--a------|7425960] - F:\02 Goodnight and Go.mp3
[02/04/2008 23:32|--a------|8026325] - F:\03 Have You Got It in You-.mp3
[03/05/2009 23:22|--a------|3155274] - F:\01 Introduction.mp3
[28/04/2009 00:12|--a------|5648449] - F:\05 Today.mp3
[28/04/2009 00:14|--a------|5272410] - F:\06 Disarm.mp3
[28/04/2009 00:26|--a------|5092419] - F:\07 Landslide.mp3
[28/04/2009 00:20|--a------|7092367] - F:\09 1979.mp3
[28/04/2009 00:19|--a------|7102470] - F:\08 Bullet With Butterfly Wings.mp3
[28/04/2009 00:26|--a------|7000612] - F:\11 Tonight, Tonight.mp3
[28/04/2009 00:26|--a------|8053608] - F:\12 Eye.mp3
[28/04/2009 00:26|--a------|5600816] - F:\14 Perfect.mp3
[28/04/2009 00:22|--a------|7274641] - F:\15 The Everlasting Gaze.mp3
[28/04/2009 00:24|--a------|7382287] - F:\16 Stand Inside Your Love.mp3
[28/04/2009 00:26|--a------|6949824] - F:\18 [Untitled] [#].mp3
[21/12/2007 17:52|--a------|10917888] - F:\RIP SLYME - 07 - BLUE BE-BOP.mp3
[21/12/2007 18:12|--a------|12877824] - F:\RIP SLYME - 11 - GALAXY.mp3
[21/12/2007 18:18|--a------|13527040] - F:\RIP SLYME - 12 - Tasogare Surround.mp3
[21/12/2007 18:29|--a------|9808260] - F:\RIP SLYME - 06 - Tokyo Classic.mp3
[08/07/2008 15:11|--a------|3977216] - F:\01 - EPOCH -intro-.mp3
[08/07/2008 16:28|--a------|13766656] - F:\01 - Shizuku Ippai no Kioku.mp3
[30/11/2006 09:50|--a------|12589056] - F:\04 - burou.mp3
[30/11/2006 09:49|--a------|9592960] - F:\09 - Break Beats ERA.mp3
[08/07/2008 16:54|--a------|11020288] - F:\11 - LOVE.mp3
[08/07/2008 16:15|--a------|11413632] - F:\12 - Present.mp3
[08/07/2008 16:16|--a------|2476160] - F:\13 - LINDA.mp3
[30/11/2006 09:49|--a------|11509888] - F:\14 - Wonderful.mp3
[03/05/2009 23:38|--a------|8494293] - F:\06 _____.mp3
[03/05/2009 23:21|--a------|1934836] - F:\07 concourse1.mp3
[03/05/2009 23:39|--a------|11640910] - F:\10 I·N·G.mp3
[03/05/2009 23:22|--a------|2337821] - F:\11 concourse2.mp3
[22/10/2008 16:31|--a------|57670] - H:\MeBoyBuilder.jar
[16/06/2000 17:27|-ra------|1048576] - H:\WWW.POKEBASE.NET_Pokemon_jaune.gb
[13/11/2007 17:01|--a------|34876] - H:\13112007.3gp
[27/11/2008 20:22|--a------|798422] - H:\27112008.3gp
[24/04/2008 20:56|--a------|5672164] - H:\04 - Leave Me Alone.mp3
[09/05/2009 15:25|-rahs----|246] - H:\aautorun.inf
[09/05/2009 16:51|-rahs----|246] - H:\aautorun.infapaapaapaapaaautorun.infa1

################## [ Vaccination ]

# C:\autorun.inf -> Folder created by UsbFix.
# D:\autorun.inf -> Folder created by UsbFix.
# F:\autorun.inf -> Folder created by UsbFix.
# H:\autorun.inf -> Folder created by UsbFix.

################## [ Cracks / Keygens / Serials ]

# -> Nothing found !

################## [ ! Fin du rapport # UsbFix V3.017 ! ]

| Alerter

Répondre à micose

Destrio5

9 Mai 2009 21:58:49

Citation :

[09/05/2009 15:25|-rahs----|246] - H:\aautorun.inf
[09/05/2009 16:51|-rahs----|246] - H:\aautorun.infapaapaapaapaaautorun.infa1

---> Ça te dit quelque chose ?

| Alerter

Répondre à Destrio5

micose

9 Mai 2009 22:06:37

non jamais touche c l'ancienne carte memoire de mon telephone portable je men suis servi uniquemtn pour transferer des photos ou videos, et comme j'ai change de telephone j'ai jamais retire la carte memoire du pc mais bon c le bon jour pour je pense lol

| Alerter

Répondre à micose

micose

9 Mai 2009 22:10:31

et des musiques et une fois une tentative d'emulateur pour telephnoe mais ce truc aautorun aucune idee

| Alerter

Répondre à micose

Destrio5

9 Mai 2009 22:12:29

Désinstalle UsbFix.

Menu Démarrer > Exécuter > Tape combofix /u et valide.

Télécharge OTMoveIt3 (OldTimer) sur ton Bureau.

Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.

Double-clique sur OTMoveIt3.exe afin de le lancer.

Copie (Ctrl+C) le texte suivant ci-dessous :

:processes
explorer.exe

:files
c:\windows\st_1241885842.exe
C:\SYS32DLL.bat
H:\aautorun.inf
H:\aautorun.infapaapaapaapaaautorun.infa1

:commands
[purity]
[emptytemp]
[reboot]

Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
---> Le nom du rapport correspond au moment de sa création : date_heure.log

| Alerter

Répondre à Destrio5

micose

9 Mai 2009 22:28:11

alors voici le rapport mmh par contre j'ai mon bureau et ma barre et le menu demarrer qui ont disparue mtn

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
c:\windows\st_1241885842.exe moved successfully.
C:\SYS32DLL.bat moved successfully.
H:\aautorun.inf moved successfully.
H:\aautorun.infapaapaapaapaaautorun.infa1 moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\ADMINI~1.WIN\LOCALS~1\Temp\etilqs_35lIxcXZ11zmfvNAOTM3 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1.WIN\LOCALS~1\Temp\~DF57CF.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Administrateur.WINXPCRA-B3127B\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_110.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_264.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT0334f.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT03eac.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Administrateur.WINXPCRA-B3127B\Local Settings\Application Data\Mozilla\Firefox\Profiles\0movmxuh.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrateur.WINXPCRA-B3127B\Local Settings\Application Data\Mozilla\Firefox\Profiles\0movmxuh.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrateur.WINXPCRA-B3127B\Local Settings\Application Data\Mozilla\Firefox\Profiles\0movmxuh.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrateur.WINXPCRA-B3127B\Local Settings\Application Data\Mozilla\Firefox\Profiles\0movmxuh.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrateur.WINXPCRA-B3127B\Local Settings\Application Data\Mozilla\Firefox\Profiles\0movmxuh.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrateur.WINXPCRA-B3127B\Local Settings\Application Data\Mozilla\Firefox\Profiles\0movmxuh.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05102009_002432

| Alerter

Répondre à micose

Destrio5

9 Mai 2009 22:34:39

Citation :

alors voici le rapport mmh par contre j'ai mon bureau et ma barre et le menu demarrer qui ont disparue mtn

---> Redémarre ton PC et ça s'arrangera.

Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.

Double-clique sur le fichier téléchargé pour lancer le processus d'installation.

Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.

Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.

Sélectionne Exécuter un examen rapide.

Clique sur Rechercher. L'analyse démarre.

A la fin de l'analyse, un message s'affiche :

Citation :

L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.

Ferme tes navigateurs.

Si des malwares ont été détectés, clique sur Afficher les résultats.

Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.

MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.

| Alerter

Répondre à Destrio5

micose

9 Mai 2009 22:42:02

En redemarrant j'ai eu droit a un nouveau rapport je le post au cas ou , et je vais faire ce que tu m'as dis avec malwayr byte"s

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
c:\windows\st_1241885842.exe moved successfully.
C:\SYS32DLL.bat moved successfully.
H:\aautorun.inf moved successfully.
H:\aautorun.infapaapaapaapaaautorun.infa1 moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\ADMINI~1.WIN\LOCALS~1\Temp\etilqs_35lIxcXZ11zmfvNAOTM3 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1.WIN\LOCALS~1\Temp\~DF57CF.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Administrateur.WINXPCRA-B3127B\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_110.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_264.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT0334f.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT03eac.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Administrateur.WINXPCRA-B3127B\Local Settings\Application Data\Mozilla\Firefox\Profiles\0movmxuh.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrateur.WINXPCRA-B3127B\Local Settings\Application Data\Mozilla\Firefox\Profiles\0movmxuh.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrateur.WINXPCRA-B3127B\Local Settings\Application Data\Mozilla\Firefox\Profiles\0movmxuh.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrateur.WINXPCRA-B3127B\Local Settings\Application Data\Mozilla\Firefox\Profiles\0movmxuh.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrateur.WINXPCRA-B3127B\Local Settings\Application Data\Mozilla\Firefox\Profiles\0movmxuh.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrateur.WINXPCRA-B3127B\Local Settings\Application Data\Mozilla\Firefox\Profiles\0movmxuh.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05102009_002432

Files moved on Reboot...
File C:\DOCUME~1\ADMINI~1.WIN\LOCALS~1\Temp\etilqs_35lIxcXZ11zmfvNAOTM3 not found!
File C:\DOCUME~1\ADMINI~1.WIN\LOCALS~1\Temp\~DF57CF.tmp not found!
File C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
C:\WINDOWS\temp\Perflib_Perfdata_110.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_264.dat not found!
File C:\WINDOWS\temp\ZLT0334f.TMP not found!
File C:\WINDOWS\temp\ZLT03eac.TMP not found!
C:\Documents and Settings\Administrateur.WINXPCRA-B3127B\Local Settings\Application Data\Mozilla\Firefox\Profiles\0movmxuh.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Administrateur.WINXPCRA-B3127B\Local Settings\Application Data\Mozilla\Firefox\Profiles\0movmxuh.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Administrateur.WINXPCRA-B3127B\Local Settings\Application Data\Mozilla\Firefox\Profiles\0movmxuh.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Administrateur.WINXPCRA-B3127B\Local Settings\Application Data\Mozilla\Firefox\Profiles\0movmxuh.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Administrateur.WINXPCRA-B3127B\Local Settings\Application Data\Mozilla\Firefox\Profiles\0movmxuh.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Administrateur.WINXPCRA-B3127B\Local Settings\Application Data\Mozilla\Firefox\Profiles\0movmxuh.default\XUL.mfl moved successfully.

| Alerter

Répondre à micose

micose

9 Mai 2009 22:51:37

et voici le rapport mbm ^^

Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2102
Windows 5.1.2600 Service Pack 2

10/05/2009 00:50:24
mbam-log-2009-05-10 (00-50-24).txt

Type de recherche: Examen rapide
Eléments examinés: 105322
Temps écoulé: 6 minute(s), 51 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\currentcontrolset\control\lsa\Hotfix-KB5504305 (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

| Alerter

Répondre à micose

micose

9 Mai 2009 22:53:23

hey au fait merci de me filer un coup de main surtout a cette heure ci

!

| Alerter

Répondre à micose

Destrio5

9 Mai 2009 23:02:11

Bien, tu peux me poster le rapport info situé dans C:\rsit ?

| Alerter

Répondre à Destrio5

micose

9 Mai 2009 23:04:20

voila
Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2009-05-09 22:34:18
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 2 GB (15%) free of 15 GB
Total RAM: 1023 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:34:39, on 09/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
d:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
d:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Administrateur.WINXPCRA-B3127B\Application Data\Microsoft\Windows\lsass.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Documents and Settings\Administrateur.WINXPCRA-B3127B\Bureau\RSIT.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\Administrateur.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qk...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=6...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=6...
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] d:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "d:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKLM\..\Policies\Explorer\Run: [Lsass Service] C:\Documents and Settings\Administrateur.WINXPCRA-B3127B\Application Data\Microsoft\Windows\lsass.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDesktop] regsvr32 /s /i:U /n shell32.dll (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDesktop] regsvr32 /s /i:U /n shell32.dll (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDesktop] regsvr32 /s /i:U /n shell32.dll (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDesktop] regsvr32 /s /i:U /n shell32.dll (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{271308C6-CD83-4B7D-A0B4-B93D598918E4}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{81DF945F-FB70-4A8E-90FA-E4E6593AA7B2}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9325 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Maintenance en 1 clic.job
C:\WINDOWS\tasks\XoftSpySE 2.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2009-02-27 1194496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - Barre d'outils &Crawler - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2009-02-27 1194496]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-01-30 13594624]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-01-30 86016]
"Raccourci vers la page des propriétés de High Definition Audio"=C:\WINDOWS\system32\HDAShCut.exe [2005-01-07 61952]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2006-10-18 802816]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2006-10-18 696320]
"SpywareTerminator"=C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe [2009-03-03 2233856]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2006-06-01 573440]
"HControl"=C:\WINDOWS\ATK0100\HControl.exe [2006-04-17 110592]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-05-12 774233]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Adobe Reader Speed Launcher"=D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"avast!"=d:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"ZoneAlarm Client"=d:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2007-06-21 919016]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Lsass Service"=C:\Documents and Settings\Administrateur.WINXPCRA-B3127B\Application Data\Microsoft\Windows\lsass.exe [2009-05-09 65024]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-29 687560]

C:\Documents and Settings\Administrateur.WINXPCRA-B3127B\Menu Démarrer\Programmes\Démarrage
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2007-03-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"MemCheckBoxInRunDlg"=1
"NoSMBalloonTip"=1
"NoDesktopCleanupWizard"=1
"NoWelcomeScreen"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\BitSpirit\BitSpirit.exe"="C:\Program Files\BitSpirit\BitSpirit.exe:*:Enabled:The powerful and easy-to-use BitTorrent Client"
"C:\Documents and Settings\Administrateur.WINXPCRA-B3127B\Local Settings\Temp\IXP000.TMP\Zone Alarm Pro.exe"="C:\Documents and Settings\Administrateur.WINXPCRA-B3127B\Local Settings\Temp\IXP000.TMP\Zone Alarm Pro.exe:*:Enabled:C:\DOCUME~1\ADMINI~1.WIN\LOCALS~1\Temp\IXP000.TMP\Zone Alarm Pro.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0315b958-096f-11de-a2d9-0018f3004528}]
shell\Auto\command - auto.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d43d830-1620-11de-a302-d1c3ec9559e9}]
shell\AutoRun\command - WDSetup.exe

======List of files/folders created in the last 1 months======

2009-05-09 22:34:18 ----D---- C:\rsit
2009-05-09 21:07:34 ----D---- C:\WINDOWS\CSC
2009-05-09 21:07:22 ----A---- C:\WINDOWS\ntbtlog.txt
2009-05-09 18:50:32 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-09 16:47:16 ----A---- C:\WINDOWS\system32\vsutil_loc040c.dll
2009-05-09 16:47:06 ----A---- C:\WINDOWS\system32\vsregexp.dll
2009-05-09 16:47:06 ----A---- C:\WINDOWS\system32\libeay32_0.9.6l.dll
2009-05-09 16:46:55 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2009-05-09 16:46:55 ----A---- C:\WINDOWS\system32\zlcomm.dll
2009-05-09 16:46:47 ----A---- C:\WINDOWS\system32\vswmi.dll
2009-05-09 16:46:39 ----A---- C:\WINDOWS\system32\zpeng24.dll
2009-05-09 16:46:37 ----A---- C:\WINDOWS\system32\vsxml.dll
2009-05-09 16:46:31 ----A---- C:\WINDOWS\system32\vspubapi.dll
2009-05-09 16:46:29 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2009-05-09 16:45:38 ----A---- C:\WINDOWS\system32\vsutil.dll
2009-05-09 16:45:38 ----A---- C:\WINDOWS\system32\vsinit.dll
2009-05-09 16:45:38 ----A---- C:\WINDOWS\system32\vsdata.dll
2009-05-09 15:56:50 ----A---- C:\WINDOWS\system32\MSVCP71.dll
2009-05-09 15:56:50 ----A---- C:\WINDOWS\system32\MFC71.dll
2009-05-09 15:56:50 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-05-09 15:26:15 ----A---- C:\WINDOWS\system32\gxvxchcenwjdkjsnapltdotxeupawuvxednta.dll
2009-05-09 15:25:42 ----A---- C:\WINDOWS\system32\SYS32DLL.exe
2009-05-09 15:25:42 ----A---- C:\SYS32DLL.bat
2009-05-09 15:25:41 ----A---- C:\WINDOWS\st_1241885842.exe
2009-05-09 15:25:40 ----D---- C:\WINDOWS\system32\796525
2009-05-08 14:09:49 ----D---- C:\Documents and Settings\Administrateur.WINXPCRA-B3127B\Application Data\Media Player Classic
2009-05-08 10:30:15 ----A---- C:\WINDOWS\system32\javaws.exe
2009-05-08 10:30:15 ----A---- C:\WINDOWS\system32\javaw.exe
2009-05-08 10:30:15 ----A---- C:\WINDOWS\system32\java.exe
2009-04-22 18:26:42 ----D---- C:\WINDOWS\system32\AGEIA
2009-04-22 18:26:40 ----D---- C:\Program Files\AGEIA Technologies
2009-04-22 18:23:23 ----D---- C:\NVIDIA
2009-04-21 12:36:00 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2009-04-21 12:36:00 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2009-04-21 12:35:57 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2009-04-21 12:35:56 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2009-04-21 12:35:56 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2009-04-21 12:35:55 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2009-04-21 12:35:54 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2009-04-21 12:35:52 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2009-04-21 12:35:52 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2009-04-21 12:35:49 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2009-04-21 12:35:48 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2009-04-21 12:35:48 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2009-04-21 12:35:47 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2009-04-21 12:35:46 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2009-04-21 12:35:45 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2009-04-21 12:35:45 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2009-04-21 12:35:44 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2009-04-21 12:35:42 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2009-04-21 12:35:42 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2009-04-21 12:35:40 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2009-04-21 12:35:39 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2009-04-21 12:35:38 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2009-04-21 12:35:37 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2009-04-21 12:35:36 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2009-04-21 12:35:34 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2009-04-21 12:35:34 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2009-04-21 12:35:29 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2009-04-17 18:52:05 ----D---- C:\Documents and Settings\Administrateur.WINXPCRA-B3127B\Application Data\LG Electronics
2009-04-17 15:18:53 ----D---- C:\Program Files\LG Electronics
2009-04-17 15:17:39 ----D---- C:\Documents and Settings\Administrateur.WINXPCRA-B3127B\Application Data\InstallShield

======List of files/folders modified in the last 1 months======

2009-05-09 22:34:09 ----D---- C:\WINDOWS\Temp
2009-05-09 22:29:27 ----D---- C:\Program Files\Mozilla Firefox
2009-05-09 22:28:50 ----D---- C:\Documents and Settings\Administrateur.WINXPCRA-B3127B\Application Data\OpenOffice.org2
2009-05-09 22:02:28 ----D---- C:\WINDOWS\Internet Logs
2009-05-09 21:53:52 ----D---- C:\WINDOWS
2009-05-09 21:53:52 ----AD---- C:\WINDOWS\system32
2009-05-09 21:41:25 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-05-09 20:56:55 ----D---- C:\WINDOWS\system32\drivers
2009-05-09 19:48:18 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-09 18:12:27 ----D---- C:\Program Files\Spyware Terminator
2009-05-09 17:54:58 ----D---- C:\WINDOWS\system32\config
2009-05-09 16:47:23 ----D---- C:\WINDOWS\system32\ZoneLabs
2009-05-09 15:25:38 ----SHD---- C:\RECYCLER
2009-05-09 15:22:11 ----D---- C:\Documents and Settings\Administrateur.WINXPCRA-B3127B\Application Data\Spyware Terminator
2009-05-09 12:45:40 ----D---- C:\WINDOWS\Prefetch
2009-05-09 12:00:54 ----SHD---- C:\WINDOWS\Installer
2009-05-09 12:00:41 ----HD---- C:\Config.Msi
2009-05-09 10:07:34 ----D---- C:\Program Files\BitSpirit
2009-05-09 10:07:18 ----D---- C:\Program Files\Fichiers communs\BitSpirit
2009-05-08 19:05:36 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spyware Terminator
2009-05-08 14:15:49 ----A---- C:\WINDOWS\NeroDigital.ini
2009-05-08 10:30:03 ----D---- C:\Program Files\Java
2009-05-04 20:21:23 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
2009-05-04 14:36:08 ----D---- C:\Documents and Settings\Administrateur.WINXPCRA-B3127B\Application Data\dvdcss
2009-04-28 22:47:38 ----HD---- C:\LG3G
2009-04-28 22:36:16 ----HD---- C:\WINDOWS\inf
2009-04-22 18:30:05 ----D---- C:\WINDOWS\nview
2009-04-22 18:30:05 ----D---- C:\WINDOWS\Help
2009-04-22 18:26:27 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard
2009-04-22 18:25:11 ----D---- C:\WINDOWS\system32\dllcache
2009-04-21 12:36:02 ----D---- C:\WINDOWS\system32\DirectX
2009-04-20 18:06:12 ----HD---- C:\Program Files\InstallShield Installation Information
2009-04-17 15:18:53 ----RD---- C:\Program Files
2009-04-17 00:21:25 ----D---- C:\Program Files\WinClamAVShield
2009-04-16 00:20:35 ----D---- C:\WINDOWS\Debug

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2006-03-02 40320]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2007-06-21 394984]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.6.0.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-03-03 21425]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R2 s24trans;Transport RLAN; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2006-10-19 12544]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2007-03-31 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 CmBatt;Pilote d'adaptateur secteur Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2007-03-18 14080]
R3 HdAudAddService;Pilote de fonction Microsoft UAA pour Service High Definition Audio; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2005-02-18 5632]
R3 NETw3x32;Pilote de carte réseau Intel(R) PRO/Wireless 3945ABG pour Windows XP 32 bits; C:\WINDOWS\system32\DRIVERS\NETw3x32.sys [2006-10-17 1711104]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2007-03-31 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-01-30 6250848]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-07-14 28544]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-07-12 51328]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-07-14 307968]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-02-27 81408]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2006-03-02 67584]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2006-06-01 894336]
R3 SynMini;USB2.0 VGA WebCam; C:\WINDOWS\System32\Drivers\SynMini.sys [2006-07-03 1056512]
R3 SynScan;USB2.0 VGA WebCam Still Image; C:\WINDOWS\System32\Drivers\SynScan.sys [2006-06-30 8064]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-05-12 193056]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2007-03-18 26624]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2007-03-18 57600]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2007-03-18 20480]
S3 a9bx11dd;a9bx11dd; C:\WINDOWS\system32\drivers\a9bx11dd.sys []
S3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-06-21 142848]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2007-03-18 17024]
S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2007-03-18 9600]
S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2007-03-18 12288]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2007-03-18 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2007-03-18 85376]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2007-03-18 10880]
S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2007-03-18 20992]
S3 SaiHA503;SaiHA503; C:\WINDOWS\system32\DRIVERS\SaiHA503.sys [2007-05-01 132232]
S3 SaiLA503;SaiLA503; C:\WINDOWS\system32\DRIVERS\SaiLA503.sys [2007-05-01 15488]
S3 SaiUA503;SaiUA503; C:\WINDOWS\system32\DRIVERS\SaiUA503.sys [2007-05-01 28416]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2007-03-18 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2007-03-18 15360]
S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2007-07-11 12416]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2007-07-11 19840]
S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2007-07-11 21632]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2007-03-18 26496]
S3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-04-04 1429632]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2007-03-18 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2007-03-18 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2007-03-18 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2006-03-02 73600]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; d:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2006-10-18 434176]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-01-30 168004]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2006-10-18 327680]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2006-10-18 946176]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2009-03-03 540672]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2007-06-21 75304]
R3 avast! Mail Scanner;avast! Mail Scanner; d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; d:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 TUWinStylerThemeSvc;TuneUp WinStyler Theme Service; C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe [2005-08-10 118272]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2006-03-02 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------

| Alerter

Répondre à micose

Destrio5

9 Mai 2009 23:07:05

C'est le rapport log que tu as posté.

| Alerter

Répondre à Destrio5

micose

9 Mai 2009 23:08:37

oups sorry voici le bon

info.txt logfile of random's system information tool 1.06 2009-05-09 22:34:43

======Uninstall list======

-->MsiExec /X{8AAB4176-A747-493A-A42C-B63CFADFD8E3}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A91000000001}
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
ATK0100 ACPI UTILITY-->C:\WINDOWS\ATK0100\XPunin.exe
avast! Antivirus-->d:\Program Files\Alwil Software\Avast4\aswRunDll.exe "d:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
BitSpirit v3.5.0.236 Stable-->"C:\Program Files\BitSpirit\unins000.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Client Windows Rights Management avec Service Pack 2-->MsiExec.exe /X{1D13221B-42DE-4B3C-A43F-0F6AF3CF3DA2}
Crawler Toolbar with Web Security Guard-->C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe uninst
Galerie de photos Windows Live-->MsiExec.exe /X{44E54A81-9D91-4AA1-9417-80AFF134F5FF}
High Definition Audio - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
K-Lite Codec Pack 4.7.0 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
LCD-Test-->"C:\Program Files\LCD-Test\unins000.exe"
LG PC Suite-->C:\Program Files\InstallShield Installation Information\{993960EE-CA4D-443F-8F88-E24260DD5FD2}\setup.exe -runfromtemp -l0x040c -removeonly
LG USB Modem driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\setup.exe" -l0x40c LG -removeonly
Logiciel Intel(R) PROSet/Wireless-->C:\WINDOWS\Installer\iProInst.exe
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi-->MsiExec.exe /I{90CC4231-94AC-45CD-991A-0253BFAC0650}
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
mHelp-->MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft .NET Framework 3.0 French Language Pack-->MsiExec.exe /X{E3C080B0-23F5-49AF-89F8-8E8DBC89E659}
Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 French Language Pack\setup.exe
Motorola SM56 Data Fax Modem-->rundll32.exe sm56coin.dll,SM56UnInstaller
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{8AAB4176-A747-493A-A42C-B63CFADFD8E3}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Ryzom-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{0869FBF1-8E72-4D1E-BDA4-B76DEF156D45} /l1036
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SP2 de compatibilité descendante du client Windows Rights Management-->MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Spyware Terminator-->"C:\Program Files\Spyware Terminator\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TuneUp Utilities 2006-->MsiExec.exe /I{868D7896-99D4-4513-BC62-2B3AD3E24926}
USB2.0 VGA WebCam-->C:\WINDOWS\StkUnist.exe
VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Live Sync-->MsiExec.exe /X{9C5EB781-0D37-44B8-9A58-77B3E4BF5F5E}
Windows Presentation Foundation Language Pack (FRA)-->MsiExec.exe /X{6901DD22-527A-41EF-9059-E81FEDE9E494}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation FR Language Pack-->MsiExec.exe /I{B84C141C-9A13-44BE-9A69-301D7B11D836}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
ZoneAlarm Pro-->d:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

Securitycenter WMI appears to be broken

======System event log======

Computer Name: WINXPCRA-B3127B
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Service de découvertes SSDP.

Record Number: 1424
Source Name: Service Control Manager
Time Written: 20090324112259.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: WINXPCRA-B3127B
Event Code: 7036
Message: Le service Service de la passerelle de la couche Application est entré dans l'état : en cours d'exécution.

Record Number: 1423
Source Name: Service Control Manager
Time Written: 20090324112259.000000+060
Event Type: Informations
User:

Computer Name: WINXPCRA-B3127B
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Service de la passerelle de la couche Application.

Record Number: 1422
Source Name: Service Control Manager
Time Written: 20090324112259.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: WINXPCRA-B3127B
Event Code: 7036
Message: Le service NLA (Network Location Awareness) est entré dans l'état : en cours d'exécution.

Record Number: 1421
Source Name: Service Control Manager
Time Written: 20090324112259.000000+060
Event Type: Informations
User:

Computer Name: WINXPCRA-B3127B
Event Code: 7036
Message: Le service Compatibilité avec le Changement rapide d'utilisateur est entré dans l'état : en cours d'exécution.

Record Number: 1420
Source Name: Service Control Manager
Time Written: 20090324112259.000000+060
Event Type: Informations
User:

=====Application event log=====

Computer Name: WINXPCRA-B3127B
Event Code: 11309
Message: Produit : Vampire - The Masquerade Bloodlines -- Erreur 1309. Erreur lors de la lecture du fichier E:\Setup\Data\Vampire\sound\area\special\taxi\automobile.mp3. Erreur système 3. Vérifiez que ce fichier existe et que vous êtes autorisé à y accéder.

Record Number: 970
Source Name: MsiInstaller
Time Written: 20090401100320.000000+120
Event Type: erreur
User: WINXPCRA-B3127B\Administrateur

Computer Name: WINXPCRA-B3127B
Event Code: 11309
Message: Produit : Vampire - The Masquerade Bloodlines -- Erreur 1309. Erreur lors de la lecture du fichier E:\Setup\Data\Vampire\sound\area\santa_monica\santa monica main bg.mp3. Erreur système 3. Vérifiez que ce fichier existe et que vous êtes autorisé à y accéder.

Record Number: 969
Source Name: MsiInstaller
Time Written: 20090401100319.000000+120
Event Type: erreur
User: WINXPCRA-B3127B\Administrateur

Computer Name: WINXPCRA-B3127B
Event Code: 11309
Message: Produit : Vampire - The Masquerade Bloodlines -- Erreur 1309. Erreur lors de la lecture du fichier E:\Setup\Data\Vampire\sound\area\santa_monica\santa monica main bg.mp3. Erreur système 3. Vérifiez que ce fichier existe et que vous êtes autorisé à y accéder.

Record Number: 968
Source Name: MsiInstaller
Time Written: 20090401100317.000000+120
Event Type: erreur
User: WINXPCRA-B3127B\Administrateur

Computer Name: WINXPCRA-B3127B
Event Code: 11309
Message: Produit : Vampire - The Masquerade Bloodlines -- Erreur 1309. Erreur lors de la lecture du fichier E:\Setup\Data\Vampire\sound\area\santa_monica\santa monica main bg.mp3. Erreur système 3. Vérifiez que ce fichier existe et que vous êtes autorisé à y accéder.

Record Number: 967
Source Name: MsiInstaller
Time Written: 20090401100316.000000+120
Event Type: erreur
User: WINXPCRA-B3127B\Administrateur

Computer Name: WINXPCRA-B3127B
Event Code: 11309
Message: Produit : Vampire - The Masquerade Bloodlines -- Erreur 1309. Erreur lors de la lecture du fichier E:\Setup\Data\Vampire\sound\area\santa_monica\santa monica main bg.mp3. Erreur système 3. Vérifiez que ce fichier existe et que vous êtes autorisé à y accéder.

Record Number: 966
Source Name: MsiInstaller
Time Written: 20090401100316.000000+120
Event Type: erreur
User: WINXPCRA-B3127B\Administrateur

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"tvdumpflags"=8

-----------------EOF-----------------

| Alerter

Répondre à micose

Destrio5

9 Mai 2009 23:24:01

Désinstalle J2SE Runtime Environment 5.0 Update 11.

Le PC va bien ?

| Alerter

Répondre à Destrio5

micose

9 Mai 2009 23:27:18

beh ecoutes il tourne normalement oui j'ai plus aucun soucis !

merci a toi ô grand magicien du laptop !

| Alerter

Répondre à micose

Destrio5

9 Mai 2009 23:33:43

1/

Désinstalle HijackThis.

Télécharge ToolsCleaner2 sur ton Bureau.

Double-clique sur ToolsCleaner2.exe pour le lancer.

Clique sur Recherche et laisse le scan agir.

Clique sur Suppression pour finaliser.

Tu peux, si tu le souhaites, te servir des Options Facultatives.

Clique sur Quitter pour obtenir le rapport.

Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

2/

Télécharge et installe CCleaner Slim.

Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....

Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.

Ensuite, choisis Registre, puis Chercher des erreurs. Une fois terminé, répare toutes les erreurs (Sauvegarde la base de registre).

3/

Il est nécessaire de désactiver puis réactiver la restauration système pour la purger.

==Prévention==

Je te conseille de remplacer Avast par Antivir.

Conserve MBAM. Il te servira à scanner les fichiers douteux en complément de l'antivirus et scanne le disque dur régulièrement.

Comme navigateur, utilise plutôt Mozilla Firefox qu'Internet Explorer. Néanmoins, mets à jour Internet Explorer : Lien

Vérifie que les mises à jour automatiques sont bien activées (Menu Démarrer, clique droit sur Poste de travail, onglet Mises à jour automatiques).

Par rapport au P2P : Lien

Voici un dossier complet (A lire avec Adobe Reader ou Foxit Reader) : Lien

==Problème résolu ?==

Si tu estimes que ton problème est résolu :

---> Ajoute maintenant [Résolu] au titre. Pour cela :

Clique, dans ton premier message, sur le bouton Editer