pc virussé Résolu/Fermé

Question

Bonjour, Bonjour,j'ai un pc laptop hp depuis quelque jours j'étais bronché sur un réseau est depuis j'ai mon PC qui se plante souvent ,le bureau qui n'apparais pas et des fois le ventilateur tourne trop vite sans s'arrêter en resortant beaucoup de chaleur,j'ai même des sites que je ne peux plus y accéder comme le site officiel de kaspersky,impossible de faire des mises à jour,j'ai meme une liste dans la zone des sites sensibles qui est très longue et que je ne peux pas effacer,
j'ai besoin de votre aide je suis un débutant merci d'avance.

Configuration: Windows XP
Firefox 3.0.11

Utilisateur anonyme · Answer

Bonjour

Peux tu faire ceci?

1-	Télécharge et installe le logiciel HijackThis : 

ici https://www.commentcamarche.net/telecharger/ 159 hijackthis 
ou ici http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe 
ou ici https://www.clubic.com/telecharger-fiche17891-hijackthis.html 

-->Clique sur le setup pour lancer l'installation : laisse toi guider et ne modifie pas les paramètres d'installation . 
A la fin de l’installation, le programme se lance automatiquement : ferme le en cliquant sur la croix rouge. 
Au final, tu dois avoir un raccourci sur ton bureau et aussi un cheminement comme : 
"C:\ program files\Trend Micro\HijackThis\HijackThis.exe " . 

(Ne lance pas ce prg pour l'instant et fais la suite ... ) 


2- Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau. 

-> http://images.malwareremoval.com/random/RSIT.exe 

! Déconnecte toi et ferme toutes tes applications en cours ! 

Double-clique sur " RSIT.exe " pour le lancer. 

-> Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " . 

* Devant l'option "List files/folders created ..." , tu choisis : 2 months 

* clique ensuite sur " Continue " pour lancer l'analyse ... 


-> laisse faire le scan et ne touche pas au PC ... 


Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-notes). 

Poste le contenu de " log.txt " (c'est celui qui apparaît à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ... 

Important : poste un rapport, puis l'autre dans la réponse suivante ... 
Si tu essaies de poster les deux en même temps, cela risque d'être trop long pour le forum ... 
( Et si "log.txt" seul, ne passe pas non plus , fais le en 2 fois ... merci ... ) 

( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit ) 

             Merci

abderrahim2 · Answer

Logfile of random's system information tool 1.06 (written by random/random)
Run by utilisateur at 2009-06-25 20:47:54
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 34 GB (34%) free of 100 GB
Total RAM: 2039 MB (75% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:48:00, on 25/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\utilisateur\Bureau\RSIT.exe
E:\Outils\utilisateur.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?lang=en&cc=us&prodTypeId=321957&prodSeriesId=3442832&prodNameId=3442833&swEnvOID=1093&swLang=17&mode=2&taskId=135&swItem=ob-56416-1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Download with Rapget - C:\DOCUME~1\UTILIS~1\MESDOC~1\DOWNLO~1\COMPRE~1\RAPGET~1.FR_\RAPGET~1.FRB\rapget.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec IDM - C:\program files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\program files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\program files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

abderrahim2 · Answer

info.txt logfile of random's system information tool 1.06 2009-06-25 20:48:03

======Uninstall list======

-->C:\Program Files\Fichiers communs\Real\Update_OB1puninst.exe RealNetworks|RealPlayer|6.0
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ãæÓæÚÉ ÇáÍÏíË ÇáäÈæí ÇáÔÑíÝ-->C:\Program Files\Mawsoaat Hadeeth\Uninstal.exe
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.8 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70800000002}
Agere Systems HDA Modem-->agrsmdel
Analyseur et SDK MSXML 4.0 SP2-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
AxCrypt (Désinstaller uniquement)-->"C:\Program Files\Axon Data\AxCrypt\AxCryptU.exe"
Carte réseau local sans fil 802.11 Broadcom-->"C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11\Driver"
ÇáÞÑÂä ÇáßÑíã-->"C:\Program Files\ÇáÞÑÂä ÇáßÑíã\unins000.exe"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Freez FLV to AVI/MPEG/WMV Converter-->"C:\Program Files\Smallvideosoft\Freez FLV to AVI MPEG WMV Converter\unins000.exe"
GOM Player-->"C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_BDA1448D3D255554.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
HijackThis 2.0.2-->"E:\Outils\HijackThis.exe" /uninstall
HP Quick Launch Buttons 6.40 F1-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\Setup.exe -runfromtemp -l0x040c -removeonly uninst
Huawei SmartAX MT810-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}\Setup.exe" -l0x40c -L0x40c
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
Intel(R) PRO Network Connections Drivers-->Prounstl.exe
Internet Download Manager-->C:\Program Files\Internet Download Manager\Uninstall.exe
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Kaspersky Internet Security 7.0-->MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
Kaspersky Internet Security 7.0-->MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
L&H Power Translator Pro 7.0-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\LHSP\L&H Power Translator Pro\Uninst.isu" -c"C:\Program Files\LHSP\L&H Power Translator Pro\Uninstall.dll"
Language Games-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B359BDC-5EDE-42FA-BBEC-87BAD80C84C0}\setup.exe" -l0x9  -removeonly
Larousse Expression-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBC55378-F255-4BF9-AA64-496AD831E6DB}\SETUP.EXE" -l0x40c 
LeTraducteur-->C:\WINDOWS\ST4UNST.EXE -n "C:\Language\Fran-Ang.5-2\ST4UNST.LOG" 
Macromedia Flash Player 8-->MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
mobile PhoneTools-->C:\Program Files\InstallShield Installation Information\{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}\mpt.exe -runfromtemp -l0x040c -removeonly
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 6 Ultra Edition-->C:\Program Files\Ahead
ero\uninstall\UNNERO.exe /UNINSTALL
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Petit Larousse 2007-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1444B13F-B744-4624-9695-D9E6471817B1}\Setup.exe" -l0x40c 
Pro Evolution Soccer 6-->C:\Program Files\ArisTo\Pro Evolution Soccer\Uninstall.exe
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB1puninst.exe RealNetworks|RealPlayer|6.0
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Skype 2.5-->"C:\Program Files\Skype\Phone\unins000.exe"
SoundMAX-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe" -l0x40c  -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
VideoLAN VLC media player 0.8.6a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Yahoo! Install Manager-->C:\WINDOWS\system32egsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Toolbar avec bloqueur de fenêtres pop-up-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

======Hosts File======

127.0.0.1 localhost
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com

======Security center information======

AV: Kaspersky Internet Security (outdated)
FW: Kaspersky Internet Security

======System event log======

Computer Name: COMPAQ6720S
Event Code: 7036
Message: Le service HTTP SSL est entré dans l'état : en cours d'exécution.

Record Number: 15565
Source Name: Service Control Manager
Time Written: 20090611141754.000000+060
Event Type: Informations
User: 

Computer Name: COMPAQ6720S
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service HTTP SSL.

Record Number: 15564
Source Name: Service Control Manager
Time Written: 20090611141754.000000+060
Event Type: Informations
User: AUTORITE NT\SERVICE LOCAL

Computer Name: COMPAQ6720S
Event Code: 7036
Message: Le service Hôte de périphérique universel Plug-and-Play est entré dans l'état : en cours d'exécution.

Record Number: 15563
Source Name: Service Control Manager
Time Written: 20090611141754.000000+060
Event Type: Informations
User: 

Computer Name: COMPAQ6720S
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Hôte de périphérique universel Plug-and-Play.

Record Number: 15562
Source Name: Service Control Manager
Time Written: 20090611141753.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: COMPAQ6720S
Event Code: 7036
Message: Le service Gestionnaire de connexion automatique d'accès distant est entré dans l'état : en cours d'exécution.

Record Number: 15561
Source Name: Service Control Manager
Time Written: 20090611141753.000000+060
Event Type: Informations
User: 

=====Application event log=====

Computer Name: COMPAQ6720S
Event Code: 1801
Message: Le service Centre de sécurité Windows s'est arrêté.

Record Number: 1013
Source Name: SecurityCenter
Time Written: 20090208145805.000000+060
Event Type: Informations
User: 

Computer Name: COMPAQ6720S
Event Code: 1000
Message: Application défaillante lsass.exe, version 5.1.2600.5512, module défaillant kernel32.dll, version 5.1.2600.5512, adresse de défaillance 0x00105fc4.

Record Number: 1012
Source Name: Application Error
Time Written: 20090208145136.000000+060
Event Type: erreur
User: 

Computer Name: COMPAQ6720S
Event Code: 1000
Message: Les compteurs de performances pour le service WmiApRpl (WmiApRpl) ont été chargés.
Les données d'enregistrement contiennent les nouvelles valeurs d'index
assignées à ce service.

Record Number: 1011
Source Name: LoadPerf
Time Written: 20090208143436.000000+060
Event Type: Informations
User: 

Computer Name: COMPAQ6720S
Event Code: 1001
Message: Les compteurs de performances pour le service WmiApRpl (WmiApRpl) ont été supprimés.
Les données d'enregistrement contiennent les nouvelles valeurs du dernier compteur système
et les dernières entrées du registre d'aide.

Record Number: 1010
Source Name: LoadPerf
Time Written: 20090208143436.000000+060
Event Type: Informations
User: 

Computer Name: COMPAQ6720S
Event Code: 1000
Message: Une erreur est survenue lors de la vérification par l'Assistant de l'actuelle licence de produit Windows. Code de l'erreur : 4 0x8009001d


Record Number: 1009
Source Name: Windows Product Activation
Time Written: 20090208142124.000000+060
Event Type: erreur
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

abderrahim2 · Answer

je n'arrive pas à télécharger usbfix.exe

abderrahim2 · Answer

meme à travers d'autres liens aidez moi SVP

abderrahim2 · Answer

SmitFraudFix v2.423

Rapport fait à 23:33:29,78, 26/06/2009
Executé à partir de C:\Documents and Settings\utilisateur\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\utilisateur\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\utilisateur


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\utilisateur\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\UTILIS~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
 

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,"

»»»»»»»»»»»»»»»»»»»»»»»» RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""




»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) 82562GT 10/100 Network Connection - Miniport d'ordonnancement de paquets

voila c'est fait


DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{79633231-6D87-4077-B3FA-9D8D0230723A}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{79633231-6D87-4077-B3FA-9D8D0230723A}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{79633231-6D87-4077-B3FA-9D8D0230723A}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

abderrahim2 · Answer

salut, j'ai essayé de télécharger usbfix.exe mais impossible,en m'indiquant sur une fenêtre:" une connexion existante a été  fermée par l'hôte ceci arrive normalement si l'application demandée sur le serveur a été fermée brusquement ou si l'hôte est redémarré ou encore si l'hôte a fait une coupure matérielle "
j'ai même essayé à travers d'autres liens mais toujours la même chose, merci

abderrahim2 · Answer

Salut,voila c'est fait:

http://www.cijoint.fr/cjlink.php?file=cj200906/cijsbbaRbv.txt

abderrahim2 · Answer

j'ai executé fixdwndp:le rapport est le suivant


Symantec W32.Downadup Removal Tool 1.1.0.7

W32.Downadup has not been found on your computer.

abderrahim2 · Answer

salut, c'est fait:


[ Rapport ToolsCleaner version 2.3.7 (par A.Rothstein & dj QUIOU) ]

--> Recherche: 

C:\Infosat.txt: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\utilisateur\Bureau\SmitFraudFix.exe: trouvé !
C:\Documents and Settings\utilisateur\Bureau\Rsit.exe: trouvé !
C:\Documents and Settings\utilisateur\Bureau\SmitFraudfix: trouvé !
C:\Program Files\UsbFix: trouvé !

---------------------------------
--> Suppression: 

C:\Documents and Settings\utilisateur\Bureau\SmitFraudFix.exe: supprimé !
C:\Infosat.txt: supprimé !
C:\Documents and Settings\utilisateur\Bureau\Rsit.exe: supprimé !
C:\Rsit: supprimé !
C:\Documents and Settings\utilisateur\Bureau\SmitFraudfix: supprimé !
C:\Program Files\UsbFix: supprimé !

Corbeille vidée!
Fichiers temporaires nettoyés !
Sauvegarde du registre crée !

abderrahim2 · Answer

salut,impossible de télécharger usbfix une fenetre s'ouvre: une connexion existante a été fermée par l'hôte ceci arrive normalement si l'application demandée sur le serveur a été fermée brusquement ou si l'hôte est redémarré ou encore si l'hôte a fait une coupure matérielle,merci.

abderrahim2 · Answer

j'ai utilisé le lien suivant : https://www.malekal.com/usbfix-supprimer-virus-usb/ 

mais toujours le même problème

abderrahim2 · Answer

voila c'est fait


Ok Loading BitDefender Engines
State 0 of m : 
Sleeping 3 seconds...
Found so far : 0x0 files/regs
Searching for Downadup file .... 
   - System folder 
   - Temporary folder 
   - Program Files 
   - Application Data 
Found so far : 0x0 files/regs
No Traces of Downadup Worm were found

abderrahim2 · Answer

c'est fait:

ComboFix 09-06-28.06 - utilisateur 29/06/2009 16:59.1 - NTFSx86
Microsoft Windows XP Professionnel  5.1.2600.3.1252.33.1036.18.2039.1597 [GMT 1:00]
Lancé depuis: c:\documents and settings\utilisateur\Bureau\Combo-Fix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\utilisateur\Application Data\.#
c:\documents and settings\utilisateur\Application Data\.#\MBX@578@3D37C8.###
c:\documents and settings\utilisateur\Application Data\.#\MBX@578@3D37D8.###
c:\documents and settings\utilisateur\Application Data\.#\MBX@578@3D37E8.###
c:\documents and settings\utilisateur\Application Data\inst.exe
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\OGACheckControl.dll
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32	mp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WgaLogon.dll
c:\windows\system32\WS2Fix.exe

.
(((((((((((((((((((((((((((((   Fichiers créés du 2009-05-28 au 2009-06-29  ))))))))))))))))))))))))))))))))))))
.

2009-06-29 15:39 . 2009-06-29 15:41	--------	d-s---w-	C:\ComboFix
2009-06-28 23:14 . 2009-06-28 23:14	--------	d-----w-	c:\documents and settings\utilisateur\Application Data\Moyea
2009-06-28 23:14 . 2008-09-18 12:52	438272	----a-w-	c:\windows\system32\vp6vfw.dll
2009-06-28 23:14 . 2009-06-28 23:14	--------	d-----w-	c:\program files\Moyea
2009-06-28 23:05 . 2009-06-28 23:05	--------	d-----w-	C:	mpDownload
2009-06-28 22:49 . 2009-06-28 22:51	--------	d-----w-	c:\program files\Any Audio Converter
2009-06-28 22:11 . 2009-06-28 22:12	96047842	----a-w-	C:\Sauv.reg
2009-06-28 15:39 . 2009-06-28 15:39	--------	d-----w-	c:\documents and settings\utilisateur\Application Data\XericDesign
2009-06-28 00:29 . 2009-06-28 00:30	--------	d-----w-	c:\program files\QuickTime
2009-06-28 00:29 . 2009-06-28 00:29	--------	d-----w-	c:\documents and settings\All Users\Application Data\Apple Computer
2009-06-28 00:29 . 2009-06-28 00:29	--------	d-----w-	c:\documents and settings\utilisateur\Local Settings\Application Data\Apple
2009-06-28 00:29 . 2009-06-28 00:29	--------	d-----w-	c:\program files\Apple Software Update
2009-06-28 00:29 . 2009-06-28 00:29	--------	d-----w-	c:\documents and settings\All Users\Application Data\Apple
2009-06-28 00:29 . 2009-06-28 00:29	--------	d-----w-	c:\documents and settings\utilisateur\Local Settings\Application Data\Apple Computer
2009-06-28 00:12 . 2009-06-28 00:12	--------	d-----w-	c:\program files\XericDesign
2009-06-25 20:10 . 2009-06-25 20:10	95496	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\updateollback\AutoPatches\kav6\7.0.0.119\diffs.dll
2009-06-25 20:10 . 2009-06-25 20:10	673032	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\updateollback\AutoPatches\kav6\7.0.0.119\updater.dll
2009-06-25 20:10 . 2009-06-25 20:10	341256	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\updateollback\AutoPatches\kav6\7.0.0.119\ckahum.dll
2009-06-25 20:10 . 2009-06-25 20:10	186640	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\updateollback\AutoPatches\kav6\7.0.0.119\klif.sys
2009-06-25 20:10 . 2009-06-25 20:10	110360	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\updateollback\AutoPatches\kav6\7.0.0.119\X86\kl1.sys
2009-06-25 20:10 . 2009-06-25 20:10	112144	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files	emporaryFolder\AutoPatches\kav6\7.0.0.119\X86\kl1.sys
2009-06-25 20:10 . 2009-06-25 20:10	682512	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files	emporaryFolder\AutoPatches\kav6\7.0.0.119\updater.dll
2009-06-25 20:09 . 2009-06-25 20:09	194320	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files	emporaryFolder\AutoPatches\kav6\7.0.0.119\klif.sys
2009-06-25 20:09 . 2009-06-25 20:09	150032	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files	emporaryFolder\AutoPatches\kav6\7.0.0.119\diffs.dll
2009-06-25 20:09 . 2009-06-25 20:09	342544	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files	emporaryFolder\AutoPatches\kav6\7.0.0.119\ckahum.dll
2009-06-17 22:45 . 2009-05-19 13:06	99840	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP7\Bases\avpcure1.dll
2009-06-17 10:09 . 2009-06-17 22:47	94643	----a-w-	c:\windows\system32\drivers\klick.dat
2009-06-17 10:09 . 2009-06-17 22:47	105395	----a-w-	c:\windows\system32\drivers\klin.dat
2009-06-17 10:08 . 2009-06-17 10:08	--------	d-----w-	c:\program files\Kaspersky Lab
2009-06-17 10:08 . 2009-06-29 16:04	7635744	--sha-w-	c:\windows\system32\drivers\fidbox.dat
2009-06-17 10:08 . 2009-06-29 16:04	97056	--sha-w-	c:\windows\system32\drivers\fidbox2.dat
2009-06-02 16:59 . 2009-06-02 16:59	0	----a-w-	c:\windows\Infob.dat
2009-06-02 16:59 . 2009-06-02 16:59	0	----a-w-	c:\windows\Infoa.dat
2009-05-31 09:47 . 2009-05-31 09:47	--------	d-----w-	c:\program files\Fichiers communs\xing shared
2009-05-31 09:05 . 2009-05-31 09:05	390664	----a-w-	c:\documents and settings\utilisateur\Application Data\Real\RealPlayer\setup\AU_setup6.exe

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-29 16:02 . 2009-06-17 10:08	12188	--sha-w-	c:\windows\system32\drivers\fidbox2.idx
2009-06-29 16:02 . 2009-06-17 10:08	111572	--sha-w-	c:\windows\system32\drivers\fidbox.idx
2009-06-29 15:38 . 2008-12-07 16:15	--------	d-----w-	c:\documents and settings\utilisateur\Application Data\DMCache
2009-06-29 13:25 . 2008-12-07 13:53	--------	d-----w-	c:\documents and settings\utilisateur\Application Data\Skype
2009-06-29 11:40 . 2009-04-19 14:16	--------	d-----w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-06-28 17:37 . 2009-05-19 01:23	--------	d-----w-	c:\program files\Google
2009-06-25 20:10 . 2007-04-28 15:51	112144	----a-w-	c:\windows\system32\drivers\kl1.sys
2009-06-25 20:07 . 2008-04-14 12:00	74032	----a-w-	c:\windows\system32\perfc00C.dat
2009-06-25 20:07 . 2008-04-14 12:00	464466	----a-w-	c:\windows\system32\perfh00C.dat
2009-06-25 19:46 . 2009-02-09 14:44	--------	d-----w-	c:\program files	rend micro
2009-06-17 17:31 . 2009-05-07 19:12	--------	d-----w-	c:\program files\CCleaner
2009-06-14 17:58 . 2009-05-26 00:22	70	---ha-w-	C:\aaw7boot.cmd
2009-06-14 17:08 . 2008-12-10 18:38	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2009-06-07 17:52 . 2009-01-22 12:40	--------	d-----w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-06-07 15:50 . 2009-03-05 09:14	--------	d-----w-	c:\program files\Mawsoaat Hadeeth
2009-06-04 14:17 . 2008-12-07 09:54	84920	----a-w-	c:\documents and settings\utilisateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-31 09:47 . 2008-12-07 20:23	--------	d-----w-	c:\program files\Fichiers communs\Real
2009-05-31 09:47 . 2008-12-07 09:52	499712	----a-w-	c:\windows\system32\msvcp71.dll
2009-05-24 23:26 . 2009-05-24 23:15	--------	d-----w-	c:\documents and settings\utilisateur\Application Data\Vso
2009-05-24 23:26 . 2009-05-24 23:15	47360	----a-w-	c:\documents and settings\utilisateur\Application Data\pcouffin.sys
2009-05-24 23:26 . 2009-05-24 23:15	47360	----a-w-	c:\documents and settings\utilisateur\Application Data\pcouffin.sys
2009-05-24 23:15 . 2009-05-24 23:15	47360	----a-w-	c:\windows\system32\drivers\pcouffin.sys
2009-05-21 23:06 . 2008-12-07 10:48	--------	d--h--w-	c:\program files\InstallShield Installation Information
2009-05-19 01:33 . 2009-05-19 01:33	--------	d-----w-	c:\documents and settings\utilisateur\Application Data\GRETECH
2009-05-19 01:32 . 2009-05-14 01:19	--------	d-----w-	c:\program files\GRETECH
2009-05-18 15:44 . 2009-05-18 15:44	198064	----a-w-	c:\documents and settings\utilisateur\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
2009-05-18 15:44 . 2009-01-22 14:41	--------	d-----w-	c:\documents and settings\utilisateur\Application Data\IDM
2009-05-18 15:44 . 2009-01-22 14:41	--------	d-----w-	c:\program files\Internet Download Manager
2009-05-14 01:28 . 2009-05-14 01:28	--------	d-----w-	c:\program files\ÇáÞÑÂä ÇáßÑíã
2009-05-13 15:12 . 2009-05-13 15:12	--------	d-----w-	c:\documents and settings\All Users\Application Data\Trymedia
2009-05-11 12:37 . 2009-05-11 12:37	--------	d-----w-	c:\documents and settings\utilisateur\Application Data\BlackBean
2009-05-10 01:21 . 2009-05-10 01:21	107888	----a-w-	c:\windows\system32\CmdLineExt.dll
2009-05-07 15:33 . 2008-04-14 12:00	348672	----a-w-	c:\windows\system32\localspl.dll
2009-04-29 04:34 . 2008-04-14 12:00	670720	----a-w-	c:\windows\system32\wininet.dll
2009-04-29 04:34 . 2008-04-14 12:00	81920	----a-w-	c:\windows\system32\ieencode.dll
2009-04-19 19:50 . 2008-04-14 12:00	1847296	----a-w-	c:\windows\system32\win32k.sys
2009-04-15 14:53 . 2008-04-14 12:00	585216	----a-w-	c:\windows\system32pcrt4.dll
2009-04-11 17:16 . 2008-12-07 09:52	348160	----a-w-	c:\windows\system32\msvcr71.dll
2009-03-02 18:41 . 2009-03-02 17:00	2008	--sha-w-	c:\windows\system32\sys_drv.dat
.

------- Sigcheck -------

[-] 2008-12-06 15:36	1571840	33578A738C564B4F84D906EFD91025E5	c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-06-03 177456]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OBealsched.exe" [2009-05-31 198160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 218376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-04-14 101888]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
DSLMON.lnk - c:\program files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe [2009-2-16 946270]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Larousse Expression.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Larousse Expression.lnk
backup=c:\windows\pss\Larousse Expression.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"%windir%\system32\sessmgr.exe"=
"c:\Program Files\Messenger\msmsgs.exe"=
"c:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.325\French\setup.exe"=
"c:\Program Files\Windows Live\Messenger\wlcsdk.exe"=
"c:\Program Files\Windows Live\Messenger\msnmsgr.exe"=
"c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"=
"c:\Program Files\Skype\Phone\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9913:TCP"= 9913:TCP:aqmeakry

R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [07/12/2008 12:09 193840]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [04/04/2007 14:58 24344]
S2 evrddmizy;Center Update;c:\windows\system32\svchost.exe -k netsvcs [14/04/2008 13:00 14336]
S2 jlckglq;Task System;c:\windows\system32\svchost.exe -k netsvcs [14/04/2008 13:00 14336]
S3 adiusbae;USB ADSL LAN Adapter;c:\windows\system32\drivers\adiusbae.sys [16/02/2009 13:19 117289]
S3 ahzbzkuuy;ahzbzkuuy;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 attnlh;attnlh;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 axkveiogf;axkveiogf;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 ayboahm;ayboahm;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 cutlxmx;cutlxmx;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 dafcaxamt;dafcaxamt;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 dgljm;dgljm;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 dqztv;dqztv;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 fexxcye;fexxcye;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 frduruk;frduruk;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 fwbpw;fwbpw;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 gnlzuw;gnlzuw;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 gouez;gouez;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 guljzro;guljzro;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 gxpflvpf;gxpflvpf;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 jfgpmhbe;jfgpmhbe;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 jhnaiaz;jhnaiaz;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 kxcthd;kxcthd;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 kyoduxqcf;kyoduxqcf;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 llbegfliy;llbegfliy;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 lrjoedni;lrjoedni;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 lufqi;lufqi;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 lvkqgib;lvkqgib;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 lxjzgrbq;lxjzgrbq;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 miecf;miecf;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 nijox;nijox;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 olhzwcew;olhzwcew;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 olterr;olterr;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 omvtowyi;omvtowyi;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 pkosv;pkosv;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 przuwlpd;przuwlpd;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 qddbm;qddbm;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 qfcnr;qfcnr;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 qipjkon;qipjkon;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 qusciumee;qusciumee;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 rbolc;rbolc;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 rdaat;rdaat;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 rqhvyhqwr;rqhvyhqwr;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 skigaoo;skigaoo;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 stllvukk;stllvukk;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 tdqnskrvp;tdqnskrvp;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 tflirteit;tflirteit;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 tvrsx;tvrsx;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 uhcsmca;uhcsmca;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 utzfdv;utzfdv;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 vibftejas;vibftejas;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 vzridpyb;vzridpyb;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 wcafigsv;wcafigsv;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 xbuntsua;xbuntsua;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 xhscczquo;xhscczquo;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 xorslqk;xorslqk;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 xpknatlk;xpknatlk;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 xunwalxhk;xunwalxhk;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 xxsix;xxsix;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 yecfn;yecfn;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 yosganlr;yosganlr;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 ypnvsrjd;ypnvsrjd;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 zorgg;zorgg;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 zsaffw;zsaffw;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 zsexs;zsexs;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
evrddmizy
jlckglq
.
Contenu du dossier 'Tâches planifiées'

2009-06-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Examen supplémentaire -------
.
uInternet Connection Wizard,ShellNext = hxxp://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?lang=en&cc=us&prodTypeId=321957&prodSeriesId=3442832&prodNameId=3442833&swEnvOID=1093&swLang=17&mode=2&taskId=135&swItem=ob-56416-1
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download All Links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Download with Rapget - c:\docume~1\UTILIS~1\MESDOC~1\DOWNLO~1\COMPRE~1\RAPGET~1.FR_\RAPGET~1.FRBapget.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger le contenu de video FLV avec IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm
FF - ProfilePath - c:\documents and settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\oxei6klf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - MediaDICO
FF - prefs.js: browser.startup.homepage - hxxp://fr.yahoo.com/?fr=fptb-cclean
FF - component: c:\documents and settings\utilisateur\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components
prpbrowserrecordplugin.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-29 17:04
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ... 

Recherche d'éléments en démarrage automatique cachés ... 

Recherche de fichiers cachés ... 

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ahzbzkuuy]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\attnlh]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\axkveiogf]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ayboahm]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cutlxmx]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dafcaxamt]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dgljm]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dqztv]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fexxcye]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\frduruk]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fwbpw]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gnlzuw]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gouez]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\guljzro]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gxpflvpf]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\jfgpmhbe]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\jhnaiaz]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kxcthd]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kyoduxqcf]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\llbegfliy]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lrjoedni]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lufqi]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lvkqgib]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lxjzgrbq]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\miecf]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services
ijox]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\olhzwcew]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\olterr]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\omvtowyi]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pkosv]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\przuwlpd]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qddbm]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qfcnr]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qipjkon]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qusciumee]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Servicesbolc]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Servicesdaat]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Servicesqhvyhqwr]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\skigaoo]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stllvukk]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services	dqnskrvp]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services	flirteit]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services	vrsx]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\uhcsmca]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\utzfdv]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vibftejas]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vzridpyb]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wcafigsv]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xbuntsua]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xhscczquo]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xorslqk]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xpknatlk]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xunwalxhk]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xxsix]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\yecfn]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\yosganlr]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ypnvsrjd]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\zorgg]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\zsaffw]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\zsexs]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\evrddmizy]
"ServiceDll"="c:\windows\system32\surjqims.dll"

abderrahim2 · Answer

j'ai trouvé un autre rapport le voila dans c\

2009-06-29 16:01:31 . 2009-06-29 16:01:31            9,591 ----a-w-  C:\Qoobox\Quarantine\Registry_backups	cpip.reg
2009-06-29 15:39:45 . 2009-06-29 15:41:20              102 ----a-w-  C:\Qoobox\Quarantine\catchme.log
2009-06-29 13:17:11 . 2007-05-27 04:17:32          676,224 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\OGACheckControl.dll.vir
2009-06-26 22:33:47 . 2009-06-26 22:33:47            1,796 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32	mp.reg.vir
2009-06-26 22:33:05 . 2008-12-12 00:57:43           78,336 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\Agent.OMZ.Fix.exe.vir
2009-06-26 22:33:05 . 2008-11-29 17:58:21           82,944 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\IEDFix.C.exe.vir
2009-06-26 22:33:05 . 2008-09-20 11:45:23           80,384 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\o4Patch.exe.vir
2009-06-26 22:33:05 . 2008-08-18 11:19:03           82,432 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\404Fix.exe.vir
2009-06-26 22:33:05 . 2008-10-01 14:51:40           87,552 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\VACFix.exe.vir
2009-06-26 22:33:05 . 2008-05-18 20:40:35           82,944 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\IEDFix.exe.vir
2009-06-26 22:33:05 . 2007-09-05 23:22:23          289,144 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\VCCLSID.exe.vir
2009-06-26 22:33:05 . 2009-06-02 10:17:27           75,776 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\WS2Fix.exe.vir
2009-06-26 22:33:05 . 2004-07-31 17:50:36           51,200 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\dumphive.exe.vir
2009-06-26 22:33:05 . 2006-04-27 16:49:30          288,417 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\SrchSTS.exe.vir
2009-06-26 22:33:05 . 2003-06-05 20:13:00           53,248 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\Process.exe.vir
2009-05-24 23:15:32 . 2009-05-24 23:26:04           87,608 ----a-w-  C:\Qoobox\Quarantine\C\Documents and Settings\utilisateur\Application Data\inst.exe.vir
2009-03-02 17:16:18 . 2009-03-02 17:16:18            2,048 ----atw-  C:\Qoobox\Quarantine\C\Documents and Settings\utilisateur\Application Data\.#\MBX@578@3D37C8.###.vir
2009-03-02 17:16:18 . 2009-03-02 17:16:18            2,048 ----atw-  C:\Qoobox\Quarantine\C\Documents and Settings\utilisateur\Application Data\.#\MBX@578@3D37E8.###.vir
2009-03-02 17:16:18 . 2009-03-02 17:16:18            2,048 ----atw-  C:\Qoobox\Quarantine\C\Documents and Settings\utilisateur\Application Data\.#\MBX@578@3D37D8.###.vir
2008-09-05 22:30:46 . 2007-03-15 17:17:00          183,808 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\WgaLogon.dll.vir

abderrahim2 · Answer

c'est fait 


All processes killed
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Unable to set value : HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List\"9913:TCP"| - /E!
Registry value HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ahzbzkuuy\ImagePath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\System\ControlSet001\Services\attnlh\ImagePath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\System\ControlSet001\Services\axkveiogf\ImagePath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ayboahm\ImagePath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cutlxmx\ImagePath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dafcaxamt\ImagePath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dgljm\ImagePath deleted successfully.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dqztv\"ImagePath"|-" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fexxcye\ImagePath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\System\ControlSet001\Services\frduruk\ImagePath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fwbpw\ImagePath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gnlzuw\ImagePath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gouez\ImagePath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\System\ControlSet001\Services\guljzro\ImagePath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gxpflvpf\ImagePath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\System\ControlSet001\Services\jfgpmhbe\ImagePath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\System\ControlSet001\Services\jhnaiaz\ImagePath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kxcthd\ImagePath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kyoduxqcf\ImagePath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\System\ControlSet001\Services\llbegfliy\ImagePath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lrjoedni\ImagePath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lufqi\ImagePath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lvkqgib\ImagePath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lxjzgrbq\ImagePath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\System\ControlSet001\Services\miecf\ImagePath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\System\ControlSet001\Services
ijox\ImagePath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\System\ControlSet001\Services\olhzwcew\ImagePath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\System\ControlSet001\Services\olterr\ImagePath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\System\ControlSet001\Services\omvtowyi\ImagePath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pkosv\ImagePath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\System\ControlSet001\Services\przuwlpd\ImagePath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qddbm\ImagePath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qfcnr\ImagePath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qipjkon\ImagePath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qusciumee\ImagePath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\System\ControlSet001\Servicesbolc\ImagePath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\System\ControlSet001\Servicesdaat\ImagePath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\System\ControlSet001\Servicesqhvyhqwr\ImagePath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\System\ControlSet001\Services\skigaoo\ImagePath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stllvukk\ImagePath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\System\ControlSet001\Services	dqnskrvp\ImagePath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\System\ControlSet001\Services	flirteit\ImagePath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\System\ControlSet001\Services	vrsx\ImagePath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\System\ControlSet001\Services\uhcsmca\ImagePath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\System\ControlSet001\Services\utzfdv\ImagePath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vibftejas\ImagePath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vzridpyb\ImagePath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wcafigsv\ImagePath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xbuntsua\ImagePath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xhscczquo\ImagePath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xorslqk\ImagePath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xpknatlk\ImagePath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xunwalxhk\ImagePath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xxsix\ImagePath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\System\ControlSet001\Services\yecfn\ImagePath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\System\ControlSet001\Services\yosganlr\ImagePath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ypnvsrjd\ImagePath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\System\ControlSet001\Services\zorgg\ImagePath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\System\ControlSet001\Services\zsaffw\ImagePath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\System\ControlSet001\Services\zsexs\ImagePath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\System\ControlSet001\Services\evrddmizy\ServiceDll not found.
Registry value HKEY_LOCAL_MACHINE\System\ControlSet001\Services\jlckglq\ServiceDll not found.
========== FILES ==========
File/Folder c:\windows\system32\01.tmp not found.
File/Folder c:\windows\system32\surjqims.dll not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32835 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32835 bytes
 
User: utilisateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32956 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 72346710 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2351795 bytes
%systemroot%\System32 .tmp files removed: 3072 bytes
Windows Temp folder emptied: 0 bytes
 
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 71,34 mb
 
 
OTM by OldTimer - Version 3.0.0.2 log created on 06292009_174737

Files moved on Reboot...

Registry entries deleted on Reboot...

abderrahim2 · Answer

c'est bon j'ai supprimé 

evrddmizy
jlckglq

abderrahim2 · Answer

voila

Malwarebytes' Anti-Malware 1.38
Version de la base de données: 2297
Windows 5.1.2600 Service Pack 3

29/06/2009 20:05:51
mbam-log-2009-06-29 (20-05-51).txt

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|)
Eléments examinés: 162980
Temps écoulé: 46 minute(s), 23 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\documents and settings\utilisateur\Bureau\windows_xp__vista_activator\windows_xp__vista_activator\Vista.exe (Trojan.VB) -> Quarantined and deleted successfully.
c:\program files\saint-coran toolbar	bhelper.dll (Adware.Mostofate) -> Quarantined and deleted successfully.

abderrahim2 · Answer

pardon c'est quoi un Rsit stp ?je suis débutant merci

abderrahim2 · Answer

c'est bon je l'ai executé 

Logfile of random's system information tool 1.06 (written by random/random)
Run by utilisateur at 2009-06-29 20:55:30
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 34 GB (34%) free of 100 GB
Total RAM: 2039 MB (79% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:55:48, on 29/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Documents and Settings\utilisateur\Bureau\RSIT.exe
E:\Outils\utilisateur.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?lang=en&cc=us&prodTypeId=321957&prodSeriesId=3442832&prodNameId=3442833&swEnvOID=1093&swLang=17&mode=2&taskId=135&swItem=ob-56416-1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Download with Rapget - C:\DOCUME~1\UTILIS~1\MESDOC~1\DOWNLO~1\COMPRE~1\RAPGET~1.FR_\RAPGET~1.FRB\rapget.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec IDM - C:\program files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\program files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\program files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

Pc virussé

31 réponses

Newsletters