Regestre de base ne s'ouvre pas

voila rapport avira sans echec;mais quand je demare avec mode normal ,le conrol se lance nouveau, autre chose centre de sécurité declare ke avira peut etre pirimé


Avira AntiVir Personal
Date de création du fichier de rapport : jeudi 30 avril 2009 19:54

La recherche porte sur 1038808 souches de virus.

Détenteur de la licence :Avira AntiVir PersonalEdition Classic
Numéro de série : 0000149996-ADJIE-0001
Plateforme : Windows XP
Version de Windows :(Service Pack 2) [5.1.2600]
Mode Boot : Mode sans échec
Identifiant : Administrateur
Nom de l'ordinateur :UNICORNI-70B9B0

Informations de version :
BUILD.DAT : 8.2.0.52 16931 Bytes 02/12/2008 14:55:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 18/11/2008 08:21:00
AVSCAN.DLL : 8.1.4.1 49921 Bytes 21/07/2008 13:44:27
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:16
LUKERES.DLL : 8.1.4.0 13057 Bytes 04/07/2008 07:30:27
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36
ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 09/11/2008 16:57:13
ANTIVIR2.VDF : 7.1.0.89 221184 Bytes 16/11/2008 16:16:47
ANTIVIR3.VDF : 7.1.0.97 45056 Bytes 17/11/2008 16:38:59
Version du moteur: 8.2.0.31
AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 10:05:56
AESCRIPT.DLL : 8.1.1.15 332156 Bytes 11/11/2008 14:00:07
AESCN.DLL : 8.1.1.5 123251 Bytes 07/11/2008 15:06:41
AERDL.DLL : 8.1.1.3 438645 Bytes 04/11/2008 13:58:38
AEPACK.DLL : 8.1.3.4 393591 Bytes 11/11/2008 09:41:39
AEOFFICE.DLL : 8.1.0.30 196986 Bytes 07/11/2008 15:06:41
AEHEUR.DLL : 8.1.0.71 1487222 Bytes 07/11/2008 15:06:41
AEHELP.DLL : 8.1.1.3 119157 Bytes 07/11/2008 15:06:41
AEGEN.DLL : 8.1.1.0 319859 Bytes 07/11/2008 15:06:41
AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 10:05:56
AECORE.DLL : 8.1.4.1 172405 Bytes 07/11/2008 15:06:41
AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 10:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:02
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:27:58
AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 12:02:15
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:37
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:19
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:46
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:36
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:07
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 04/07/2008 07:23:16
RCTEXT.DLL : 8.0.52.1 86273 Bytes 17/07/2008 10:08:43

Configuration pour la recherche actuelle :
Nom de la tâche..................: Contrôle intégral du système
Fichier de configuration.........: c:\program files\avira\antivir personaledition classic\sysscan.avp
Documentation....................: bas
Action principale................: interactif
Action secondaire................: ignorer
Recherche sur les secteurs d'amorçage maître: marche
Recherche sur les secteurs d'amorçage: marche
Secteurs d'amorçage..............: C:, E:,
Recherche dans les programmes actifs: marche
Recherche en cours sur l'enregistrement: marche
Recherche de Rootkits............: arrêt
Fichier mode de recherche........: Tous les fichiers
Recherche sur les archives.......: marche
Limiter la profondeur de récursivité: 20
Archive Smart Extensions.........: marche
Heuristique de macrovirus........: marche
Heuristique fichier..............: moyen

Début de la recherche : jeudi 30 avril 2009 19:54

La recherche sur les processus démarrés commence :
Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés
Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'guard.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés
Processus de recherche 'services.exe' - '1' module(s) sont contrôlés
Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés
'12' processus ont été contrôlés avec '12' modules

La recherche sur les secteurs d'amorçage maître commence :
Secteur d'amorçage maître HD0
[INFO] Aucun virus trouvé !
Secteur d'amorçage maître HD1
[INFO] Aucun virus trouvé !

La recherche sur les secteurs d'amorçage commence :
Secteur d'amorçage 'C:\'
[INFO] Aucun virus trouvé !
Secteur d'amorçage 'E:\'
[INFO] Aucun virus trouvé !

La recherche sur les renvois aux fichiers exécutables (registre) commence.
Le registre a été contrôlé ( '66' fichiers).


La recherche sur les fichiers sélectionnés commence :

Recherche débutant dans 'C:\'
C:\pagefile.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
Recherche débutant dans 'E:\' <Nouveau nom>
E:\ancien\anti_virus\ks1.1.53trial_securitysuiteen.exe
[0] Type d'archive: CAB SFX (self extracting)
--> \doc\ks1.1_securitysuiteen.pdf
[AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée.
E:\ancien\essen\j2me\sun_java_wireless_toolkit-2_3-beta-windows.exe
[0] Type d'archive: CAB SFX (self extracting)
--> \Disk1\Setup.exe
[AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée.


Fin de la recherche : jeudi 30 avril 2009 22:10
Temps nécessaire: 2:15:41 Heure(s)

La recherche a été effectuée intégralement

17011 Les répertoires ont été contrôlés
1323725 Des fichiers ont été contrôlés
0 Des virus ou programmes indésirables ont été trouvés
0 Des fichiers ont été classés comme suspects
0 Des fichiers ont été supprimés
0 Des virus ou programmes indésirables ont été réparés
0 Les fichiers ont été déplacés dans la quarantaine
0 Les fichiers ont été renommés
1 Impossible de contrôler des fichiers
1323724 Fichiers non infectés
8910 Les archives ont été contrôlées
3 Avertissements
0 Consignes

Malwarebytes' Anti-Malware 1.36
Version de la base de données: 1945
Windows 5.1.2600 Service Pack 2

01/05/2009 01:21:28
mbam-log-2009-05-01 (01-21-28).txt

Type de recherche: Examen complet (C:\|E:\|)
Eléments examinés: 246789
Temps écoulé: 1 hour(s), 32 minute(s), 33 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2009-05-01 02:06:07
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 21 GB (55%) free of 38 GB
Total RAM: 510 MB (39% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:06, on 01/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\www\Apache2\bin\Apache.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\www\Apache2\bin\Apache.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
C:\Program Files\trend micro\Administrateur.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = https://www.menara.ma/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Menara
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/maconfig/MaConfig_3_1_2_1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{644FAE3A-EFF2-43EF-A59F-F8BB72CC3189}: NameServer = 62.251.229.223 62.251.229.237
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apache2 - Apache Software Foundation - C:\www\Apache2\bin\Apache.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

ok merci et bonne nuit moi aussi je vais allé a demain alors bonn nuit

remarque ya maintenant deux jour avec wintool boutton edit regedit,ouvre le registre, autre chose ,avira n'apparait pas sur barre de tache, ne se lance pas au demarage, et voire même le centre de securité windows declare que avira peut etre pirimé,
voila les rapport demandés ,en attendnt oad,que j'ai lancé apres choix de 6 et validation mais rien n'est affiché pour dire qu'il travail;
# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
#
127.0.0.1 localhost
................................................
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job moved successfully.
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job moved successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3d2f62b-df26-11dc-ad98-4d6564696130}\shell\AutoRun\command\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3d2f62b-df26-11dc-ad98-4d6564696130}\shell\explore\command\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3d2f62b-df26-11dc-ad98-4d6564696130}\shell\open\command\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeCall\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\swg deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Uniblue SpeedUpMyPC deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\RemoteControl deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TkBellExe deleted successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\R8TQ9FOM\opensearch[1].xml scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\JT4LSFBF\affich-12250682-regestre-de-base-ne-s-ouvre-pas[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\FGQ7FJOM\B41KCAOOS1GXCAM0T274CAUIVKP8CA47KWF8CAFCYNLWCAXNWLR0CAO795QRCAXB6ETYCAU4IWNDCAW3KMI8CA8Y0DY8CA9FVK6TCAIVVXKKCAKQ6OX1CAJO3894CA422BQJCA0DPC78CAEFUSU8.htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\FGQ7FJOM\EU1MCA60RD0BCACN8O8ICAP06TJCCAPMUNQCCA8ZXJIFCAOB1DRMCAN9JCFWCA5JFATBCATS1H5LCAPPN11ICANFK56MCA0O9G00CA03YBSBCA4PGHZSCAB9CKSFCAGYRWG1CAB6R35HCA2CDLPA.htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\6HYLXPKP\favicon[2].ico scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05012009_102119

Files moved on Reboot...
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\R8TQ9FOM\opensearch[1].xml moved successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\JT4LSFBF\affich-12250682-regestre-de-base-ne-s-ouvre-pas[1].htm moved successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\FGQ7FJOM\B41KCAOOS1GXCAM0T274CAUIVKP8CA47KWF8CAFCYNLWCAXNWLR0CAO795QRCAXB6ETYCAU4IWNDCAW3KMI8CA8Y0DY8CA9FVK6TCAIVVXKKCAKQ6OX1CAJO3894CA422BQJCA0DPC78CAEFUSU8.htm moved successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\FGQ7FJOM\EU1MCA60RD0BCACN8O8ICAP06TJCCAPMUNQCCA8ZXJIFCAOB1DRMCAN9JCFWCA5JFATBCATS1H5LCAPPN11ICANFK56MCA0O9G00CA03YBSBCA4PGHZSCAB9CKSFCAGYRWG1CAB6R35HCA2CDLPA.htm moved successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\6HYLXPKP\favicon[2].ico moved successfully.
...............................................................................................
Fichier slootniw01.dll reçu le 2009.05.01 12:36:27 (CET)Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.05.01 -
AhnLab-V3 5.0.0.2 2009.05.01 -
AntiVir 7.9.0.160 2009.04.30 -
Antiy-AVL 2.0.3.1 2009.04.30 -
Authentium 5.1.2.4 2009.04.30 -
Avast 4.8.1335.0 2009.04.30 -
AVG 8.5.0.327 2009.05.01 -
BitDefender 7.2 2009.05.01 -
CAT-QuickHeal 10.00 2009.04.30 -
ClamAV 0.94.1 2009.05.01 -
Comodo 1141 2009.04.29 -
DrWeb 4.44.0.09170 2009.05.01 -
eSafe 7.0.17.0 2009.04.30 -
eTrust-Vet 31.6.6484 2009.04.30 -
F-Prot 4.4.4.56 2009.04.30 -
F-Secure 8.0.14470.0 2009.05.01 -
Fortinet 3.117.0.0 2009.05.01 -
GData 19 2009.05.01 -
Ikarus T3.1.1.49.0 2009.05.01 -
K7AntiVirus 7.10.720 2009.04.30 -
Kaspersky 7.0.0.125 2009.05.01 -
McAfee 5601 2009.04.30 -
McAfee+Artemis 5601 2009.04.30 -
McAfee-GW-Edition 6.7.6 2009.04.30 -
Microsoft 1.4602 2009.05.01 -
NOD32 4048 2009.05.01 -
Norman 6.01.05 2009.04.30 -
nProtect 2009.1.8.0 2009.05.01 -
Panda 10.0.0.14 2009.05.01 -
PCTools 4.4.2.0 2009.04.30 -
Prevx1 3.0 2009.05.01 -
Rising 21.27.41.00 2009.05.01 -
Sophos 4.41.0 2009.05.01 -
Sunbelt 3.2.1858.2 2009.05.01 -
Symantec 1.4.4.12 2009.05.01 -
TheHacker 6.3.4.1.317 2009.04.30 -
TrendMicro 8.950.0.1092 2009.05.01 -
VBA32 3.12.10.4 2009.05.01 -
ViRobot 2009.5.1.1717 2009.05.01 -
VirusBuster 4.6.5.0 2009.04.30 -

Information additionnelle
File size: 28 bytes
MD5...: 8b929b44cb17467be63b264abf917900
SHA1..: 80deb371c93a0b19afd5d352c66ad180574db8a4
SHA256: 393929d1aaedc2b97ac49ed4cabd806c6b25af982a9d357b91fc62842382e5f0
SHA512: 5240e4c5083995c01b0ffabe16eb366242cb62b306b8094bc737996318a4cadb<BR>e146b98b919a3c35ff3a4000a5fa6e920306b8cdb0a10d17dd31875d2a097d8b
ssdeep: 3:ZsEoviEYA:ZnovYA<BR>
PEiD..: -
TrID..: File type identification<BR>Generic INI configuration (100.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set<BR>-

Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.05.01 -
AhnLab-V3 5.0.0.2 2009.05.01 -
AntiVir 7.9.0.160 2009.04.30 -
Antiy-AVL 2.0.3.1 2009.04.30 -
Authentium 5.1.2.4 2009.04.30 -
Avast 4.8.1335.0 2009.04.30 -
AVG 8.5.0.327 2009.05.01 -
BitDefender 7.2 2009.05.01 -
CAT-QuickHeal 10.00 2009.04.30 -
ClamAV 0.94.1 2009.05.01 -
Comodo 1141 2009.04.29 -
DrWeb 4.44.0.09170 2009.05.01 -
eSafe 7.0.17.0 2009.04.30 -
eTrust-Vet 31.6.6484 2009.04.30 -
F-Prot 4.4.4.56 2009.04.30 -
F-Secure 8.0.14470.0 2009.05.01 -
Fortinet 3.117.0.0 2009.05.01 -
GData 19 2009.05.01 -
Ikarus T3.1.1.49.0 2009.05.01 -
K7AntiVirus 7.10.720 2009.04.30 -
Kaspersky 7.0.0.125 2009.05.01 -
McAfee 5601 2009.04.30 -
McAfee+Artemis 5601 2009.04.30 -
McAfee-GW-Edition 6.7.6 2009.04.30 -
Microsoft 1.4602 2009.05.01 -
NOD32 4048 2009.05.01 -
Norman 6.01.05 2009.04.30 -
nProtect 2009.1.8.0 2009.05.01 -
Panda 10.0.0.14 2009.05.01 -
PCTools 4.4.2.0 2009.04.30 -
Prevx1 3.0 2009.05.01 -
Rising 21.27.41.00 2009.05.01 -
Sophos 4.41.0 2009.05.01 -
Sunbelt 3.2.1858.2 2009.05.01 -
Symantec 1.4.4.12 2009.05.01 -
TheHacker 6.3.4.1.317 2009.04.30 -
TrendMicro 8.950.0.1092 2009.05.01 -
VBA32 3.12.10.4 2009.05.01 -
ViRobot 2009.5.1.1717 2009.05.01 -
VirusBuster 4.6.5.0 2009.04.30 -

Information additionnelle
File size: 28 bytes
MD5...: 8b929b44cb17467be63b264abf917900
SHA1..: 80deb371c93a0b19afd5d352c66ad180574db8a4
SHA256: 393929d1aaedc2b97ac49ed4cabd806c6b25af982a9d357b91fc62842382e5f0
SHA512: 5240e4c5083995c01b0ffabe16eb366242cb62b306b8094bc737996318a4cadb<BR>e146b98b919a3c35ff3a4000a5fa6e920306b8cdb0a10d17dd31875d2a097d8b
ssdeep: 3:ZsEoviEYA:ZnovYA<BR>
PEiD..: -
TrID..: File type identification<BR>Generic INI configuration (100.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set<BR>-
......................................................
Fichier iqvw32.sys reçu le 2009.05.01 12:42:31 (CET)Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.05.01 -
AhnLab-V3 5.0.0.2 2009.05.01 -
AntiVir 7.9.0.160 2009.04.30 -
Antiy-AVL 2.0.3.1 2009.04.30 -
Authentium 5.1.2.4 2009.04.30 -
Avast 4.8.1335.0 2009.04.30 -
AVG 8.5.0.327 2009.05.01 -
BitDefender 7.2 2009.05.01 -
CAT-QuickHeal 10.00 2009.04.30 -
ClamAV 0.94.1 2009.05.01 -
Comodo 1141 2009.04.29 -
DrWeb 4.44.0.09170 2009.05.01 -
eSafe 7.0.17.0 2009.04.30 -
eTrust-Vet 31.6.6484 2009.04.30 -
F-Prot 4.4.4.56 2009.04.30 -
F-Secure 8.0.14470.0 2009.05.01 -
Fortinet 3.117.0.0 2009.05.01 -
GData 19 2009.05.01 -
Ikarus T3.1.1.49.0 2009.05.01 -
K7AntiVirus 7.10.720 2009.04.30 -
Kaspersky 7.0.0.125 2009.05.01 -
McAfee 5601 2009.04.30 -
McAfee+Artemis 5601 2009.04.30 -
McAfee-GW-Edition 6.7.6 2009.04.30 -
Microsoft 1.4602 2009.05.01 -
NOD32 4048 2009.05.01 -
Norman 6.01.05 2009.04.30 -
nProtect 2009.1.8.0 2009.05.01 -
Panda 10.0.0.14 2009.05.01 -
PCTools 4.4.2.0 2009.04.30 -
Rising 21.27.41.00 2009.05.01 -
Sophos 4.41.0 2009.05.01 -
Sunbelt 3.2.1858.2 2009.05.01 -
Symantec 1.4.4.12 2009.05.01 -
TheHacker 6.3.4.1.317 2009.04.30 -
TrendMicro 8.950.0.1092 2009.05.01 -
ViRobot 2009.5.1.1717 2009.05.01 -
VirusBuster 4.6.5.0 2009.04.30 -

Information additionnelle
File size: 30816 bytes
MD5...: a467e1deb3bb2b57426c8a5993ba933e
SHA1..: 4a49a162949afa790a17f67b5c0d85bd5e5aa9e3
SHA256: b727ffbee51fab5a4de61888abf76cd0911c04ac3e60cc156778413c110c5e9c
SHA512: 84930da6f1846ade199e66474ff967b38e3cc031aa50d194d5751cdbe7cff440<BR>c513f600f92ad627dda5de4f8016f0ce816fddb461161687f3db00b02d91dbc1
ssdeep: 384:by6e1Hov262TjFaOLf4m4V5YlAw7kS/R7oHNq/unJIZYJLWd6jrZhb:L+oAJ<BR>Lf4mU5ykhJI0LAmjb<BR>
PEiD..: -
TrID..: File type identification<BR>Win32 Executable Generic (68.0%)<BR>Generic Win/DOS Executable (15.9%)<BR>DOS Executable Generic (15.9%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x3a8169<BR>timedatestamp.....: 0x47bcf87b (Thu Feb 21 04:05:15 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 6 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x323e 0x3400 6.47 9b99e2c6f6dde834f17080cbb9cdf1dd<BR>.rdata 0x5000 0x3ff 0x400 5.15 482e3f5b9bd7c1803b7b980688903657<BR>.data 0x6000 0x3a1e60 0x200 1.25 5efdf7cb8ab4c13c2198cf190ce6ca8e<BR>INIT 0x3a8000 0x746 0x800 5.74 b6e48b6169f2f0d6cb716378c62c25d0<BR>.rsrc 0x3a9000 0x3f8 0x400 3.40 9532cdfdc5c04bdb29b03f47553b22b7<BR>.reloc 0x3aa000 0x13c8 0x1400 1.51 fcd429890d1239c781d2afb95fa63d9c<BR><BR>( 2 imports ) <BR>> ntoskrnl.exe: WRITE_REGISTER_USHORT, WRITE_REGISTER_ULONG, ExAllocatePoolWithTag, ExFreePoolWithTag, MmGetPhysicalAddress, DbgPrint, sprintf, vsprintf, IoFreeMdl, MmMapLockedPages, MmBuildMdlForNonPagedPool, IoAllocateMdl, MmUnmapIoSpace, MmUnmapLockedPages, _aulldiv, MmAllocateContiguousMemory, _aullrem, MmFreeContiguousMemory, WRITE_REGISTER_UCHAR, ObfDereferenceObject, KeWaitForSingleObject, IofCallDriver, IoBuildSynchronousFsdRequest, KeInitializeEvent, ZwClose, RtlFreeAnsiString, strstr, RtlUnicodeStringToAnsiString, ZwEnumerateValueKey, ZwOpenKey, wcsncpy, IoGetDeviceObjectPointer, IoGetDeviceInterfaces, ObReferenceObjectByPointer, KeTickCount, KeBugCheckEx, READ_REGISTER_ULONG, READ_REGISTER_USHORT, READ_REGISTER_UCHAR, IofCompleteRequest, IoCreateDevice, IoCreateSymbolicLink, RtlInitUnicodeString, IoDeleteSymbolicLink, MmMapIoSpace, IoDeleteDevice<BR>> HAL.dll: KeQueryPerformanceCounter, KeStallExecutionProcessor, WRITE_PORT_ULONG, WRITE_PORT_USHORT, WRITE_PORT_UCHAR, READ_PORT_ULONG, READ_PORT_USHORT, READ_PORT_UCHAR, KeGetCurrentIrql<BR><BR>( 0 exports ) <BR>
PDFiD.: -
RDS...: NSRL Reference Data Set<BR>-
packers (Kaspersky): PE_Patch

Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.05.01 -
AhnLab-V3 5.0.0.2 2009.05.01 -
AntiVir 7.9.0.160 2009.04.30 -
Antiy-AVL 2.0.3.1 2009.04.30 -
Authentium 5.1.2.4 2009.04.30 -
Avast 4.8.1335.0 2009.04.30 -
AVG 8.5.0.327 2009.05.01 -
BitDefender 7.2 2009.05.01 -
CAT-QuickHeal 10.00 2009.04.30 -
ClamAV 0.94.1 2009.05.01 -
Comodo 1141 2009.04.29 -
DrWeb 4.44.0.09170 2009.05.01 -
eSafe 7.0.17.0 2009.04.30 -
eTrust-Vet 31.6.6484 2009.04.30 -
F-Prot 4.4.4.56 2009.04.30 -
F-Secure 8.0.14470.0 2009.05.01 -
Fortinet 3.117.0.0 2009.05.01 -
GData 19 2009.05.01 -
Ikarus T3.1.1.49.0 2009.05.01 -
K7AntiVirus 7.10.720 2009.04.30 -
Kaspersky 7.0.0.125 2009.05.01 -
McAfee 5601 2009.04.30 -
McAfee+Artemis 5601 2009.04.30 -
McAfee-GW-Edition 6.7.6 2009.04.30 -
Microsoft 1.4602 2009.05.01 -
NOD32 4048 2009.05.01 -
Norman 6.01.05 2009.04.30 -
nProtect 2009.1.8.0 2009.05.01 -
Panda 10.0.0.14 2009.05.01 -
PCTools 4.4.2.0 2009.04.30 -
Rising 21.27.41.00 2009.05.01 -
Sophos 4.41.0 2009.05.01 -
Sunbelt 3.2.1858.2 2009.05.01 -
Symantec 1.4.4.12 2009.05.01 -
TheHacker 6.3.4.1.317 2009.04.30 -
TrendMicro 8.950.0.1092 2009.05.01 -
ViRobot 2009.5.1.1717 2009.05.01 -
VirusBuster 4.6.5.0 2009.04.30 -

Information additionnelle
File size: 30816 bytes
MD5...: a467e1deb3bb2b57426c8a5993ba933e
SHA1..: 4a49a162949afa790a17f67b5c0d85bd5e5aa9e3
SHA256: b727ffbee51fab5a4de61888abf76cd0911c04ac3e60cc156778413c110c5e9c
SHA512: 84930da6f1846ade199e66474ff967b38e3cc031aa50d194d5751cdbe7cff440<BR>c513f600f92ad627dda5de4f8016f0ce816fddb461161687f3db00b02d91dbc1
ssdeep: 384:by6e1Hov262TjFaOLf4m4V5YlAw7kS/R7oHNq/unJIZYJLWd6jrZhb:L+oAJ<BR>Lf4mU5ykhJI0LAmjb<BR>
PEiD..: -
TrID..: File type identification<BR>Win32 Executable Generic (68.0%)<BR>Generic Win/DOS Executable (15.9%)<BR>DOS Executable Generic (15.9%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x3a8169<BR>timedatestamp.....: 0x47bcf87b (Thu Feb 21 04:05:15 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 6 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x323e 0x3400 6.47 9b99e2c6f6dde834f17080cbb9cdf1dd<BR>.rdata 0x5000 0x3ff 0x400 5.15 482e3f5b9bd7c1803b7b980688903657<BR>.data 0x6000 0x3a1e60 0x200 1.25 5efdf7cb8ab4c13c2198cf190ce6ca8e<BR>INIT 0x3a8000 0x746 0x800 5.74 b6e48b6169f2f0d6cb716378c62c25d0<BR>.rsrc 0x3a9000 0x3f8 0x400 3.40 9532cdfdc5c04bdb29b03f47553b22b7<BR>.reloc 0x3aa000 0x13c8 0x1400 1.51 fcd429890d1239c781d2afb95fa63d9c<BR><BR>( 2 imports ) <BR>> ntoskrnl.exe: WRITE_REGISTER_USHORT, WRITE_REGISTER_ULONG, ExAllocatePoolWithTag, ExFreePoolWithTag, MmGetPhysicalAddress, DbgPrint, sprintf, vsprintf, IoFreeMdl, MmMapLockedPages, MmBuildMdlForNonPagedPool, IoAllocateMdl, MmUnmapIoSpace, MmUnmapLockedPages, _aulldiv, MmAllocateContiguousMemory, _aullrem, MmFreeContiguousMemory, WRITE_REGISTER_UCHAR, ObfDereferenceObject, KeWaitForSingleObject, IofCallDriver, IoBuildSynchronousFsdRequest, KeInitializeEvent, ZwClose, RtlFreeAnsiString, strstr, RtlUnicodeStringToAnsiString, ZwEnumerateValueKey, ZwOpenKey, wcsncpy, IoGetDeviceObjectPointer, IoGetDeviceInterfaces, ObReferenceObjectByPointer, KeTickCount, KeBugCheckEx, READ_REGISTER_ULONG, READ_REGISTER_USHORT, READ_REGISTER_UCHAR, IofCompleteRequest, IoCreateDevice, IoCreateSymbolicLink, RtlInitUnicodeString, IoDeleteSymbolicLink, MmMapIoSpace, IoDeleteDevice<BR>> HAL.dll: KeQueryPerformanceCounter, KeStallExecutionProcessor, WRITE_PORT_ULONG, WRITE_PORT_USHORT, WRITE_PORT_UCHAR, READ_PORT_ULONG, READ_PORT_USHORT, READ_PORT_UCHAR, KeGetCurrentIrql<BR><BR>( 0 exports ) <BR>
PDFiD.: -
RDS...: NSRL Reference Data Set<BR>-
packers (Kaspersky): PE_Patch

j'attend l'affichage, mais toujours rien,des que j'ai validé rien n'est affiché, remarque que cmd ne fonction pas comme regedit ,et doa c 'est sur dos, (c'eat pas la raison ...

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2009-05-01 11:40:33
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 22 GB (57%) free of 38 GB
Total RAM: 510 MB (33% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:40, on 01/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\www\Apache2\bin\Apache.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\www\MySQL Server 5.0\bin\mysqld-nt.exe
C:\www\Apache2\bin\Apache.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
C:\Program Files\trend micro\Administrateur.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = https://www.menara.ma/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Menara
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/maconfig/MaConfig_3_1_2_1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{644FAE3A-EFF2-43EF-A59F-F8BB72CC3189}: NameServer = 62.251.229.223 62.251.229.237
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apache2 - Apache Software Foundation - C:\www\Apache2\bin\Apache.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MySQL - Unknown owner - C:\www\MySQL.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

il est deja la mais il fonction pas,alors je l'ai desinstallé et je reinstalle , c bon ,tu veux que je le lance(je pense qu 'il va pas fonctionner)

usbreg.vbs ne s'ouvre pas ,et bien non plus usbfix

merci chiquitinne ,alors durant lancemant de combofix ;il m'a demande le chargement de consol de recuperation de windows ,car il n'exeste pas sur ce pc, c ce ke j'ai fais, voila rapport


ComboFix 09-04-30.05 - Administrateur 01/05/2009 12:39.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.510.176 [GMT 1:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Outdated)

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\slootniw01.dll
c:\windows\system32\zip32.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-04-01 au 2009-05-01 ))))))))))))))))))))))))))))))))))))
.

2009-05-01 10:50 . 2009-05-01 10:50 -------- d-----w C:\UsbFix
2009-05-01 10:40 . 2009-05-01 10:40 -------- d-----w C:\rsit
2009-05-01 09:21 . 2009-05-01 09:21 -------- d-----w C:\_OTMoveIt
2009-05-01 00:53 . 2009-05-01 00:53 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-05-01 00:53 . 2009-05-01 00:53 -------- d-----w c:\program files\Avira
2009-04-30 22:42 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-30 22:42 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-30 22:42 . 2009-04-30 22:46 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-29 22:25 . 2009-04-30 17:42 -------- d-----w c:\program files\CodeStuff
2009-04-29 12:03 . 2009-04-29 12:03 -------- d-----w c:\documents and settings\Administrateur\Application Data\Malwarebytes
2009-04-29 12:03 . 2009-04-29 12:03 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-28 19:05 . 2009-04-29 19:24 -------- d-----w c:\documents and settings\ab\Tracing
2009-04-28 00:49 . 2009-04-28 00:49 -------- d-----w c:\documents and settings\LocalService\Menu Démarrer
2009-04-28 00:48 . 2009-04-28 19:15 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-04-27 23:33 . 2009-05-01 11:45 -------- d-----w c:\documents and settings\Administrateur\Tracing
2009-04-27 23:29 . 2009-04-27 23:29 -------- d-----w c:\program files\Microsoft Silverlight
2009-04-27 23:29 . 2009-04-27 23:29 -------- d-----w c:\program files\Microsoft Office Outlook Connector
2009-04-27 23:28 . 2009-02-06 17:08 55152 ----a-w c:\windows\system32\drivers\fssfltr_tdi.sys
2009-04-27 23:27 . 2009-04-27 23:27 -------- d-----w c:\program files\Microsoft Sync Framework
2009-04-27 23:24 . 2009-04-27 23:24 -------- d-----w c:\program files\Microsoft
2009-04-27 23:24 . 2009-04-27 23:24 -------- d-----w c:\program files\Windows Live SkyDrive
2009-04-27 22:00 . 2009-04-27 22:00 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-04-27 20:21 . 2009-04-27 20:21 -------- d-----w c:\documents and settings\ab\Local Settings\Application Data\WMTools Downloaded Files
2009-04-25 23:37 . 2009-04-27 18:11 -------- d-----w c:\program files\MSN Messenger
2009-04-20 11:36 . 2009-04-20 11:36 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-04-20 00:31 . 2009-04-20 00:33 -------- d-----w c:\documents and settings\Administrateur\Application Data\gtk-2.0
2009-04-20 00:29 . 2009-04-20 00:29 -------- d-----w c:\documents and settings\Administrateur\Application Data\Inkscape
2009-04-20 00:23 . 2009-04-20 00:28 -------- d-----w c:\program files\Inkscape
2009-04-19 22:12 . 2009-04-19 22:12 -------- d-----w c:\documents and settings\Administrateur\Local Settings\Application Data\Real
2009-04-19 22:11 . 2009-04-19 22:11 -------- d-----w c:\program files\Fichiers communs\xing shared
2009-04-19 22:04 . 2009-04-19 22:04 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-04-18 11:07 . 2009-04-18 11:07 -------- d-----w c:\program files\Free PDF to Word Doc Converter

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-01 10:40 . 2008-03-06 15:31 -------- d-----w c:\program files\Trend Micro
2009-05-01 10:00 . 2007-12-17 13:45 79304 ----a-w c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-30 17:15 . 2008-01-10 13:42 -------- d-----w c:\program files\Google
2009-04-28 19:04 . 2008-05-10 18:35 79304 ----a-w c:\documents and settings\ab\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-28 10:02 . 2008-03-05 22:39 -------- d-----w c:\program files\Uniblue
2009-04-27 23:30 . 2001-08-24 12:00 73368 ----a-w c:\windows\system32\perfc00C.dat
2009-04-27 23:30 . 2001-08-24 12:00 464806 ----a-w c:\windows\system32\perfh00C.dat
2009-04-27 23:30 . 2008-03-06 00:29 57042 ----a-w c:\windows\system32\perfc040.dat
2009-04-27 23:30 . 2008-03-06 00:29 429098 ----a-w c:\windows\system32\perfh040.dat
2009-04-27 23:29 . 2008-02-19 23:27 -------- d-----w c:\program files\Windows Live
2009-04-27 18:11 . 2008-01-15 14:28 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-19 22:11 . 2007-12-17 13:47 -------- d-----w c:\program files\Fichiers communs\Real
2009-04-19 22:10 . 2007-12-17 13:47 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-03-30 22:45 . 2009-03-28 17:26 -------- d-----w c:\program files\Foxit Software
2009-03-30 21:55 . 2009-03-30 21:55 -------- d-----w c:\program files\AskBarDis
2009-03-26 10:22 . 2009-03-26 10:22 -------- d-----w c:\program files\SomePDF
2009-03-26 09:39 . 2009-03-26 09:28 -------- d-----w c:\program files\VeryPDF PDF Editor Download Manager v1.0
2009-03-06 14:46 . 2004-08-03 22:54 286208 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:13 . 2004-08-03 22:54 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 17:10 . 2004-08-03 22:54 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-13 10:31 . 2009-04-28 18:01 55640 ----a-w c:\windows\system32\drivers\SET19.tmp
2009-02-09 14:17 . 2004-08-03 22:45 1846400 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:50 . 2004-08-04 00:48 2059776 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:50 . 2004-08-03 22:49 2182528 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 10:20 . 2004-08-03 22:54 730112 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:20 . 2004-08-03 22:54 399360 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:20 . 2004-08-03 22:54 685056 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:20 . 2004-08-03 22:54 739840 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:08 . 2004-08-03 22:55 111104 ----a-w c:\windows\system32\services.exe
2009-02-06 18:39 . 2009-02-06 18:39 308600 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 17:52 . 2009-02-06 17:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 16:54 . 2001-08-24 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 20:10 . 2004-08-03 22:54 55808 ----a-w c:\windows\system32\secur32.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-12 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"snpstd"="c:\windows\vsnpstd.exe" [2004-06-10 286720]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"Athan"="c:\program files\Athan\Athan.exe" [2008-08-18 1069056]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2007-04-16 577536]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
DSLMON.lnk - c:\program files\Menara\dslmon.exe [2008-1-7 839680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCpl"= 0 (0x0)
"DisableRegedit"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Monitor Apache Servers.lnk]
backup=c:\windows\pss\Monitor Apache Servers.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre1.5.0_02\\bin\\javaw.exe"=
"e:\\ancien\\tom_eclips_java_logiciel\\eclipse-SDK-3.3.1.1-win32\\eclipse\\eclipse.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Firebird\\Firebird_2_0\\bin\\fbserver.exe"=
"c:\\www\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\FileZilla\\FileZilla.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\Drivers\e4ldr.sys [2006-03-02 63555]
R3 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_0\bin\fbguard.exe [2007-09-03 81920]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_0\bin\fbserver.exe [2007-09-03 2002944]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
R4 Tomcat6;Apache Tomcat;c:\program files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe [2007-07-20 57344]
S2 ADSLAutoconnect;ADSLAutoconnect;c:\program files\ADSL Autoconnect\ADSL Autoconnect.exe [2008-01-07 446464]
S2 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]
S2 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\DRIVERS\e4usbaw.sys [2006-05-04 114616]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1E64BF9B-95A2-5C53-2627-5FEFF6CD0208}]
c:\windows\system32\Bifrost\server.exe s
.
Contenu du dossier 'Tâches planifiées'

2009-05-01 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2007-12-17 09:04]
.
- - - - ORPHELINS SUPPRIMES - - - -

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)


.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
TCP: {644FAE3A-EFF2-43EF-A59F-F8BB72CC3189} = 62.251.229.223 62.251.229.237
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\2ozwcyt3.default\
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://fr.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
FF - component: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\2ozwcyt3.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\DivX\DivX Browser Plug-In\npdivx32.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-01 12:44
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(648)
c:\program files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
c:\windows\system32\browselc.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\www\Apache2\bin\Apache.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\www\MySQL Server 5.0\bin\mysqld-nt.exe
c:\www\Apache2\bin\Apache.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Windows Live\Toolbar\wltuser.exe
.
**************************************************************************
.
Heure de fin: 2009-05-01 12:49 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-05-01 11:49

Avant-CF: 22 888 067 072 octets libres
Après-CF: 23 720 996 864 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe

217 --- E O F --- 2009-04-16 14:38

merci infinement mesieurs,mainant cmd s'ouvre et aussi regestre, est ce apres que je telecharge sa depuis site microsofte,(console de recupertion de windows,qu 'est etait inexestat ,d'apes la detection de combofix)
mais bon voila rapport de toulbar sd

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.66GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A03
USER : Administrateur ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:37 Go (Free:22 Go)
D:\ (CD or DVD)
E:\ (Local Disk) - NTFS - Total:37 Go (Free:32 Go)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 01/05/2009|13:23 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\AskBarDis
C:\Program Files\AskBarDis\bar
C:\Program Files\AskBarDis\unins000.dat
C:\Program Files\AskBarDis\unins000.exe
C:\Program Files\AskBarDis\bar\bin
C:\Program Files\AskBarDis\bar\Settings
C:\Program Files\AskBarDis\bar\bin\askBar.dll
C:\Program Files\AskBarDis\bar\bin\askPopStp.dll
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\psvince.dll
C:\Program Files\AskBarDis\bar\Settings\config.dat
C:\Program Files\AskBarDis\bar\Settings\prevCfg2.htm
C:\WINDOWS\iun6002.exe

-----------\\ Extensions

(Administrateur) - {0b38152b-1b20-484d-a11f-5e04a9b0661f} => winamptoolbar
(Administrateur) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
(Administrateur) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar
(Administrateur) - {EEE6C361-6118-11DC-9C72-001320C79847} => sweetim-toolbar


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
"Url"="http://www.microsoft.com/athome/community/rss.xml"
"Url"="http://rss.msn.com/en-us/?feedoutput=rss&ocid=iehrs&unsub=true"
"Url"="http://www.microsoft.com/atwork/community/rss.xml"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"


--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\ADMINI~1\Mes documents\cours_ens\mathtype_5_2+keygen.exe
C:\DOCUME~1\ADMINI~1\Mes documents\math\crack-cabri+keygen
C:\DOCUME~1\ADMINI~1\Mes documents\math\crack-cabri+keygen\Dt.nfo
C:\DOCUME~1\ADMINI~1\Mes documents\math\crack-cabri+keygen\emark.txt
C:\DOCUME~1\ADMINI~1\Mes documents\math\crack-cabri+keygen\FILE_ID.DIZ
C:\DOCUME~1\ADMINI~1\Mes documents\math\crack-cabri+keygen\GEOPLAN&.EXE
C:\DOCUME~1\ADMINI~1\Mes documents\math\crack-cabri+keygen\Install_Cabri_II_Plus_Eval_1_2_5.exe



1 - "C:\ToolBar SD\TB_1.txt" - 01/05/2009|13:25 - Option : [1]

-----------\\ Fin du rapport a 13:25:04,07