pc ralenti et instable sous xp Fermé

Question

Bonjour a tous.voila depuis quelques temps mon pc est lent (winndows xp sp3),pas de virus detecté avec antivir et pas de probleme avec malwarebytes.defragmentation reguliere avec jkdefrag et nettoyage avec ccleaner.j'ai donc chargé RSIT et vous poste les deux rapports en esperant que quelqu'un puisse m'aider.merci par avance

bluesbob · Answer

re bonjour et mes excuses voici les rapports que j'ai omis de joindre dans mon 1er message

Run by berot francois at 2009-07-04 19:35:04
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 53 GB (67%) free of 78 GB
Total RAM: 1023 MB (49% free)


======Scheduled tasks folder======

C:\WINDOWS	asks\AppleSoftwareUpdate.job
C:\WINDOWS	asks\Maintenance en 1 clic.job
C:\WINDOWS	asks\MP Scheduled Scan.job
C:\WINDOWS	asks\Vérifier les mises à jour de Windows Live Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}]
EoBho Class

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}]
EWPBrowseObject Class - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-04-18 34304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-19 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-06-22 329104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar4.dll [2007-01-20 2436160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-23 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-19 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-19 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar4.dll [2007-01-20 2436160]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar avec bloqueur de fenêtres pop-up - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006-04-18 552960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"IDSAVE"=C:\Program Files\ID_LOG_Save\ID_LOG_SAVE.EXE [2006-09-28 506475]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe [2008-06-12 266497]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe [2007-09-20 202024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-09-14 1603152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-10-26 652624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDSAVE]
C:\Program Files\ID_LOG_Save\ID_LOG_SAVE.EXE [2006-09-28 506475]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-03-30 267048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-09-20 1836328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe [2004-11-10 218240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-03 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg	hnotify]
C:\Program Files\Astase\UltraBackup\4.9\bin	htrayagent.exe [2008-02-08 1491456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VCSPlayer]
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe [2002-06-07 299008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
C:\PROGRA~1\Wanadoo\GestMaj.exe [2004-10-14 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
C:\PROGRA~1\Wanadoo\Watch.exe [2004-08-23 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\_BackupService]
C:\Program Files\Astase\UltraBackup\4.9\bin	bs.exe [2008-02-08 1671168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^NkbMonitor.exe.lnk]
C:\PROGRA~1\Nikon\PICTUR~1\NKBMON~1.EXE [2005-09-07 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
etwork
m]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
etwork
m.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
etwork\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=95000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\K-litePro\k-litepro.exe"="C:\Program Files\K-litePro\k-litepro.exe:*:Enabled:K-litePro Ultimate File Sharing"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\BMWgroup\ETKLokal\javaclient\j2re1.4.2_01\bin\java.exe"="C:\BMWgroup\ETKLokal\javaclient\j2re1.4.2_01\bin\java.exe:*:Enabled:java"
"C:\BMWgroup\ETKLokal\javaclient\ETK.exe"="C:\BMWgroup\ETKLokal\javaclient\ETK.exe:*:Enabled:ETK"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Nero\Nero8\Nero Home\NeroHome.exe"="C:\Program Files\Nero\Nero8\Nero Home\NeroHome.exe:*:Enabled:Nero Home"
"C:\Program Files\Maïdo Production\IziSpot 4\IziSpot.exe"="C:\Program Files\Maïdo Production\IziSpot 4\IziSpot.exe:*:Enabled:IziSpot"
"C:\WINDOWS\LMI122.tmp\lmi_rescue.exe"="C:\WINDOWS\LMI122.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0271732b-6440-11dd-9c7d-000c76304110}]
shell\Auto\command - AdobeR.exe e
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02717b07-6440-11dd-9c7d-000c76304110}]
shell\Auto\command - AdobeR.exe e
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d61db6d9-7232-11dc-ad80-000c76304110}]
shell\Auto\command - AdobeR.exe e
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e


======List of files/folders created in the last 1 months======

2009-07-04 19:35:04 ----D---- C:sit
2009-06-19 18:32:00 ----HD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\CanonBJ
2009-06-19 18:31:40 ----A---- C:\WINDOWS\system32\CNMLM97.DLL
2009-06-19 18:31:36 ----HD---- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2009-06-19 18:31:23 ----HD---- C:\Program Files\CanonBJ
2009-06-18 13:12:14 ----D---- C:\Documents and Settings\berot francois.AB-8F2C74A74387\Application Data\Avira
2009-06-18 11:12:24 ----A---- C:\WINDOWS\system32\avsda.dll
2009-06-18 11:12:22 ----D---- C:\Program Files\Avira
2009-06-18 11:12:22 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira

======List of files/folders modified in the last 1 months======

2009-07-04 19:35:20 ----D---- C:\Program Files\Trend Micro
2009-07-04 19:34:52 ----D---- C:\WINDOWS\Prefetch
2009-07-04 19:34:36 ----D---- C:\WINDOWS\Temp
2009-07-04 18:28:20 ----D---- C:\Program Files\Mozilla Firefox
2009-07-04 11:52:33 ----A---- C:\WINDOWS\NeroDigital.ini
2009-07-04 10:10:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-03 20:05:25 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-03 20:05:21 ----SD---- C:\WINDOWS\Tasks
2009-07-03 20:02:46 ----AD---- C:\WINDOWS
2009-07-01 14:34:20 ----D---- C:\Program Files\TuneUp Utilities 2007
2009-06-30 21:00:31 ----D---- C:\Documents and Settings\berot francois.AB-8F2C74A74387\Application Data\uTorrent
2009-06-29 21:49:10 ----D---- C:\Documents and Settings\berot francois.AB-8F2C74A74387\Application Data\U3
2009-06-28 12:14:10 ----D---- C:\WINDOWS\system32\drivers
2009-06-28 12:14:10 ----D---- C:\WINDOWS\system32
2009-06-27 22:05:50 ----SH---- C:\boot.ini
2009-06-27 22:05:49 ----A---- C:\WINDOWS\win.ini
2009-06-27 22:05:49 ----A---- C:\WINDOWS\system.ini
2009-06-23 18:48:41 ----D---- C:\Program Files\ARTIDEVIS_V4
2009-06-20 13:27:56 ----D---- C:\Documents and Settings
2009-06-19 18:33:48 ----HD---- C:\WINDOWS\inf
2009-06-19 18:33:45 ----D---- C:\Program Files\Canon
2009-06-19 18:31:23 ----RD---- C:\Program Files
2009-06-18 11:52:36 ----D---- C:\Program Files\SearchRelevant
2009-06-18 07:19:00 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-06-18 07:05:31 ----D---- C:\WINDOWS\Debug
2009-06-16 08:22:25 ----D---- C:\Documents and Settings\berot francois.AB-8F2C74A74387\Application Data\Azureus
2009-06-13 00:43:40 ----D---- C:\Program Files\JkDefrag
2009-06-12 23:11:21 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-06-12 23:11:08 ----D---- C:\WINDOWS\$hf_mig$
2009-06-12 23:08:30 ----D---- C:\WINDOWS\system32\fr-fr
2009-06-12 23:08:29 ----D---- C:\Program Files\Internet Explorer
2009-06-12 23:08:09 ----D---- C:\WINDOWS\ie7updates
2009-06-07 20:43:27 ----SHD---- C:\WINDOWS\Installer
2009-06-07 20:43:24 ----D---- C:\Config.Msi
2009-06-07 20:41:27 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-07 19:02:47 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41856]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-06-18 75096]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-05 12032]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2002-07-17 16512]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
R3 ALCXWDM;Service for Avance AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2002-09-17 941516]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgntflt.sys []
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS
ic1394.sys [2008-04-13 61824]
R3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S2 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Norton AntiVirus\SAVRTPEL.SYS []
S3 ASPI;Advanced SCSI Programming Interface Driver; \??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys []
S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\System32\Drivers\BrScnUsb.sys [2004-10-15 15295]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys [2004-08-04 126686]
S3 Mtlstrm;Mtlstrm; C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys [2004-08-04 1309184]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NAVENG;NAVENG; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20060812.004\NAVENG.SYS []
S3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20060812.004\NAVEX15.SYS []
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nm;Pilote du Moniteur réseau; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NtMtlFax;NtMtlFax; C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys [2004-08-04 180360]
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-09-13 47360]
S3 PID_0920;Logitech QuickCam Express(PID_0920); C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2003-09-04 152576]
S3 SAVRT;SAVRT; \??\C:\Program Files\Norton AntiVirus\SAVRT.SYS []
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 Slntamr;Smart Link 56K Modem Driver; C:\WINDOWS\system32\DRIVERS\slntamr.sys [2004-08-04 404990]
S3 SlNtHal;SlNtHal; C:\WINDOWS\system32\DRIVERS\Slnthal.sys [2004-08-04 95424]
S3 SlWdmSup;SlWdmSup; C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys [2004-08-04 13240]
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCDrv.sys []
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2007-07-03 80552]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2007-07-03 11944]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2007-07-03 106792]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 w200bus;Sony Ericsson W200 driver (WDM); C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 61504]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 9328]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 97056]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 88560]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 86368]
S3 w300bus;Sony Ericsson W300 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 60800]
S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 9264]
S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 96352]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirMailService;Avira AntiVir Premium MailGuard; C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe [2009-06-18 164097]
R2 AntiVirScheduler;Planificateur Avira AntiVir Premium; C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe [2009-06-18 68865]
R2 AntiVirService;Avira AntiVir Premium Guard; C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe [2009-06-18 151297]
R2 antivirwebservice;Avira AntiVir Premium WebGuard; C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE [2008-06-12 258305]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
R2 AVEService;Service d'assistance Avira AntiVir Premium MailGuard; C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2008-05-09 41217]
R2 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe [2002-04-12 57344]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe [2005-01-20 165488]
R2 FTRTSVC;France Telecom Routing Table Service; C:\WINDOWS\System32\FTRTSVC.exe [2004-08-23 40960]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-19 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2005-06-20 53248]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 853288]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-06-15 71096]
R2 SLService;SmartLinkService; C:\WINDOWS\system32\slserv.exe [2008-04-14 73796]
R2 thpassivesvc;Astase ThalliumBackup Client Background Service; C:\Program Files\Astase\UltraBackup\4.9\bin	hpassiveclientsvc.exe [2008-02-08 646144]
R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe [2005-01-20 79472]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;Service de l'iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe [2007-09-20 382248]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe [2004-07-21 173160]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-08-16 98672]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-08-23 261120]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 ThalliumServer;Astase ThalliumBackup Storage Service; C:\Program Files\Astase\UltraBackup\4.9\bin	bsd.exe [2008-02-08 1952256]

-----------------EOF-----------------

archet9 · Answer

Hello bluesbob,

 Télécharge FindyKill sur ton bureau : 

http://sd-1.archive-host.com/membres/up/127028005715545653/FindyKill.exe 

! Déconnecte toi et ferme toutes applications en cours ! 

• Double clique sur "FindyKill.exe" pour lancer l'installation et laisse les paramètres d'instalation par défaut . 

• Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) 

• Double-clique sur le raccourci FindyKill qui est sur ton bureau pour lancer l'outil . 

• Au menu principal choisis l'option " F " pour français et tape sur [entrée] . 

• Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée] 

? Laisse travailler l'outil et ne touche à rien ... 

--> Poste le rapport qui apparait à la fin , sur le forum ... 

( le rapport est sauvegardé aussi sous C:\FindyKill.txt ) 
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller ) 

• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. 
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. 
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus. 

a+

bluesbob · Answer

merci d'avoir repondu,voici le rapport

############################## | FindyKill V6.002 |

# User : berot francois (Administrateurs) # AB-8F2C74A74387
# Update on 03/07/09 by Chiquitine29 & C_XX
# Start at: 20:48:32 | 04/07/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html

# AMD Athlon(tm) XP 2600+
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.11
# Windows Firewall Status : Enabled
# AV : Avira AntiVir PersonalEdition 8.0.1.30 [ Enabled | Updated ]
# AV : avast! antivirus 4.8.1296 [VPS 090704-0] 4.8.1296 [ (!) Disabled | Updated ]

# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 76,33 Go (51,4 Go free) [Nouveau nom] # NTFS
# D:\ # Disque CD-ROM # 6,67 Mo (0 Mo free) [U3 System] # CDFS
# E:\ # Disque amovible
# F:\ # Disque amovible
# G:\ # Disque amovible
# H:\ # Disque CD-ROM
# I:\ # Disque CD-ROM
# J:\ # Disque fixe local # 74,53 Go (52,42 Go free) [dd externe] # NTFS
# K:\ # Disque amovible
# L:\ # Disque amovible # 7,47 Go (7,32 Go free) # FAT32

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Astase\UltraBackup\4.9\bin	hpassiveclientsvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\berot francois.AB-8F2C74A74387\Application Data\U3\2845220F2380815D\LaunchPad.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## | Registre Startup |

HKCU_Main:   "Local Page"="C:\WINDOWS\system32\blank.htm" 
HKCU_Main:   "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF" 
HKCU_Main:   "Start Page"="https://www.google.fr/?gws_rd=ssl" 
HKCU_Main:   "Window Title"="NetLibre - L'esprit libre" 
HKLM_logon:  "Userinit"="C:\WINDOWS\system32\userinit.exe," 
HKLM_logon:  "DefaultUserName"="berot francois" 
HKLM_logon:  "AltDefaultUserName"="berot francois" 
HKLM_logon:  "LegalNoticeCaption"="" 
HKLM_logon:  "LegalNoticeText"="" 
HKLM_Run:    Windows Defender="C:\Program Files\Windows Defender\MSASCui.exe" -hide 
HKLM_Run:    IDSAVE=C:\Program Files\ID_LOG_Save\ID_LOG_SAVE.EXE 
HKLM_Run:    avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 
HKLM_Run:    avgnt="C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min 
HKLM_Run:    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun\OptionalComponents= 
HKCU_Run:    ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe  

################## | Fichiers # Dossiers infectieux |


################## | C:\Documents and Settings\berot francois.AB-8F2C74A74387\Temporary Internet Files |


################## | All Drives ... |

Présent ! C:\Delme.bat  
Présent ! D:\autorun.inf  

################## | Registre # Clés Run infectieuses |

Présent ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options	askmgr.exe    

################## | Registre # Mountpoints2 |

HKCU\...\Explorer\MountPoints2\{0271732b-6440-11dd-9c7d-000c76304110}\Shell\Auto\Command  
HKCU\...\Explorer\MountPoints2\{0271732b-6440-11dd-9c7d-000c76304110}\Shell\AutoRun\Command  
HKCU\...\Explorer\MountPoints2\{02717b07-6440-11dd-9c7d-000c76304110}\Shell\Auto\Command  
HKCU\...\Explorer\MountPoints2\{02717b07-6440-11dd-9c7d-000c76304110}\Shell\AutoRun\Command  
HKCU\...\Explorer\MountPoints2\{740470e1-bad8-11dd-9025-0014d114aa25}\Shell\AutoRun\Command  
HKCU\...\Explorer\MountPoints2\{d61db6d9-7232-11dc-ad80-000c76304110}\Shell\Auto\Command  
HKCU\...\Explorer\MountPoints2\{d61db6d9-7232-11dc-ad80-000c76304110}\Shell\AutoRun\Command  

################## | Etat / Services / Informations |

bluesbob · Answer

je remet le rapport car pas complet

############################## | FindyKill V6.002 |

# User : berot francois (Administrateurs) # AB-8F2C74A74387
# Update on 03/07/09 by Chiquitine29 & C_XX
# Start at: 20:48:32 | 04/07/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html

# AMD Athlon(tm) XP 2600+
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.11
# Windows Firewall Status : Enabled
# AV : Avira AntiVir PersonalEdition 8.0.1.30 [ Enabled | Updated ]
# AV : avast! antivirus 4.8.1296 [VPS 090704-0] 4.8.1296 [ (!) Disabled | Updated ]

# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 76,33 Go (51,4 Go free) [Nouveau nom] # NTFS
# D:\ # Disque CD-ROM # 6,67 Mo (0 Mo free) [U3 System] # CDFS
# E:\ # Disque amovible
# F:\ # Disque amovible
# G:\ # Disque amovible
# H:\ # Disque CD-ROM
# I:\ # Disque CD-ROM
# J:\ # Disque fixe local # 74,53 Go (52,42 Go free) [dd externe] # NTFS
# K:\ # Disque amovible
# L:\ # Disque amovible # 7,47 Go (7,32 Go free) # FAT32

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Astase\UltraBackup\4.9\bin	hpassiveclientsvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\berot francois.AB-8F2C74A74387\Application Data\U3\2845220F2380815D\LaunchPad.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## | Registre Startup |

HKCU_Main:   "Local Page"="C:\WINDOWS\system32\blank.htm" 
HKCU_Main:   "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF" 
HKCU_Main:   "Start Page"="https://www.google.fr/?gws_rd=ssl" 
HKCU_Main:   "Window Title"="NetLibre - L'esprit libre" 
HKLM_logon:  "Userinit"="C:\WINDOWS\system32\userinit.exe," 
HKLM_logon:  "DefaultUserName"="berot francois" 
HKLM_logon:  "AltDefaultUserName"="berot francois" 
HKLM_logon:  "LegalNoticeCaption"="" 
HKLM_logon:  "LegalNoticeText"="" 
HKLM_Run:    Windows Defender="C:\Program Files\Windows Defender\MSASCui.exe" -hide 
HKLM_Run:    IDSAVE=C:\Program Files\ID_LOG_Save\ID_LOG_SAVE.EXE 
HKLM_Run:    avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 
HKLM_Run:    avgnt="C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min 
HKLM_Run:    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun\OptionalComponents= 
HKCU_Run:    ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe  

################## | Fichiers # Dossiers infectieux |


################## | C:\Documents and Settings\berot francois.AB-8F2C74A74387\Temporary Internet Files |


################## | All Drives ... |

Présent ! C:\Delme.bat  
Présent ! D:\autorun.inf  

################## | Registre # Clés Run infectieuses |

Présent ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options	askmgr.exe    

################## | Registre # Mountpoints2 |

HKCU\...\Explorer\MountPoints2\{0271732b-6440-11dd-9c7d-000c76304110}\Shell\Auto\Command  
HKCU\...\Explorer\MountPoints2\{0271732b-6440-11dd-9c7d-000c76304110}\Shell\AutoRun\Command  
HKCU\...\Explorer\MountPoints2\{02717b07-6440-11dd-9c7d-000c76304110}\Shell\Auto\Command  
HKCU\...\Explorer\MountPoints2\{02717b07-6440-11dd-9c7d-000c76304110}\Shell\AutoRun\Command  
HKCU\...\Explorer\MountPoints2\{740470e1-bad8-11dd-9025-0014d114aa25}\Shell\AutoRun\Command  
HKCU\...\Explorer\MountPoints2\{d61db6d9-7232-11dc-ad80-000c76304110}\Shell\Auto\Command  
HKCU\...\Explorer\MountPoints2\{d61db6d9-7232-11dc-ad80-000c76304110}\Shell\AutoRun\Command  

################## | Etat / Services / Informations |

# Affichage des fichiers cachés : OK
 
# Mode sans echec : OK

# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 ) 
# EapHost -> Start = 3 ( Good = 2 | Bad = 4 ) 
# Ip6Fw -> Start = 3 ( Good = 2 | Bad = 4 ) 
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 ) 
# windefend -> Start = 2 ( Good = 2 | Bad = 4 ) 
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 ) 
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 ) 

################## | Cracks / Keygens / Serials |

"C:\Documents and Settings\berot francois.AB-8F2C74A74387\Mes documents\Downloads\ciel compta 2009\KeyGen.exe"  
20/03/2009 12:13 |Size 132608 |Crc32 08c1ea6c |Md5 27d9684a4448cc72cae6a0bc02b5e506

archet9 · Answer

Branches tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d avoir été infectés sans les ouvrir

# Double clic sur le raccourci Findykill présent sur ton bureau

# choisis l'option 2 ( Suppression )

# Ton bureau disparaitra et le pc redémarrera .

# Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.

# Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .

# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

a+ 


--

bluesbob · Answer

bon voila le rapport.j'ai eu quelques soucis:le pc n'a pas voulu redemarrer il a fallu que je debranche un cle usb.quand il a redemarre je n'avais plus aucune icone sur le bureau.nouveau redemarrage et la cela fonctionne mais tres lent.bon voici le rapport,j'espere que ca va etre interpretabable.encore merci

############################## | FindyKill V6.002 |

# User : berot francois (Administrateurs) # AB-8F2C74A74387
# Update on 03/07/09 by Chiquitine29 & C_XX
# Start at: 21:27:10 | 04/07/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html

# AMD Athlon(tm) XP 2600+
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.11
# Windows Firewall Status : Enabled
# AV : Avira AntiVir PersonalEdition 8.0.1.30 [ Enabled | Updated ]
# AV : avast! antivirus 4.8.1296 [VPS 090704-0] 4.8.1296 [ Enabled | Updated ]

# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 76,33 Go (51,4 Go free) [Nouveau nom] # NTFS
# E:\ # Disque amovible
# F:\ # Disque amovible
# G:\ # Disque amovible
# H:\ # Disque CD-ROM
# I:\ # Disque CD-ROM
# J:\ # Disque fixe local # 74,53 Go (52,42 Go free) [dd externe] # NTFS
# K:\ # Disque amovible

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Astase\UltraBackup\4.9\bin	hpassiveclientsvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe

################## | Fichiers # Dossiers infectieux |


################## | C:\Documents and Settings\berot francois.AB-8F2C74A74387\Temporary Internet Files |


################## | All Drives ... |

Supprimé ! C:\Delme.bat    

################## | Autres ... |


################## | Registre # Clés Run infectieuses |

Supprimé ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options	askmgr.exe    

################## | Registre # Mountpoints2 |

Supprimé ! HKCU\...\Explorer\MountPoints2\{0271732b-6440-11dd-9c7d-000c76304110}\Shell\Auto\Command  
Supprimé ! HKCU\...\Explorer\MountPoints2\{02717b07-6440-11dd-9c7d-000c76304110}\Shell\Auto\Command  
Supprimé ! HKCU\...\Explorer\MountPoints2\{740470e1-bad8-11dd-9025-0014d114aa25}\Shell\AutoRun\Command  
Supprimé ! HKCU\...\Explorer\MountPoints2\{d61db6d9-7232-11dc-ad80-000c76304110}\Shell\Auto\Command  

################## | Listing des fichiers présent |

[04/08/2006 12:28|--a------|0] - C:\AUTOEXEC.BAT
[16/08/2006 23:53|---------|12415495] - C:\AVG7QT.DAT
[09/10/2004 19:07|--a------|291] - C:\BOOT(2).INI
[09/10/2004 19:07|--a------|291] - C:\BOOT(3).INI
[09/10/2004 19:07|--a------|291] - C:\BOOT(4).INI
[09/10/2004 19:07|--a------|291] - C:\BOOT(5).INI
[27/06/2009 22:05|---hs----|297] - C:\boot.ini
[05/08/2004 14:00|-rahs----|4952] - C:\Bootfont.bin
[30/08/2002 11:00|--a------|249136] - C:\cmldr
[28/06/2009 15:41|--a------|74] - C:\CMLoader.log
[04/08/2006 12:28|--a------|0] - C:\CONFIG.SYS
[18/09/2004 18:32|--a------|5845] - C:\DWNLOG.TXT
[27/10/2006 12:32|--a------|19693] - C:\error.log
[04/07/2009 21:48|--a------|4480] - C:\FindyKill.txt
[?|?|?] - C:\hiberfil.sys
[09/08/2006 21:19|--a------|102580] - C:\Installer.log
[18/09/2004 21:10|--a------|0] - C:\IO.SYS
[18/09/2004 19:32|--a------|207] - C:\IPH.PH
[18/09/2004 18:32|--a------|5845] - C:\MCDLOG.TXT
[23/10/2005 19:38|--a------|831] - C:\MKDEMSG.LOG
[23/10/2005 19:37|--a------|1536] - C:\MKDEWE.TRN
[09/01/2005 18:54|--a------|327680] - C:\Moody.dll
[18/09/2004 21:10|--a------|0] - C:\MSDOS.SYS
[05/08/2004 14:00|-rahs----|47564] - C:\NTDETECT.COM
[24/08/2008 11:27|-rahs----|252240] - C:
tldr
[27/02/2005 16:52|--a------|274] - C:\out.rpk
[?|?|?] - C:\pagefile.sys
[10/11/2008 01:00|--a------|91] - C:\Setup.log
[19/08/2006 13:39|--ah-----|280] - C:\sqmdata00.sqm
[12/09/2007 20:07|--ah-----|268] - C:\sqmdata01.sqm
[12/09/2007 20:07|--ah-----|268] - C:\sqmdata02.sqm
[19/08/2006 13:39|--ah-----|244] - C:\sqmnoopt00.sqm
[12/09/2007 20:07|--ah-----|244] - C:\sqmnoopt01.sqm
[12/09/2007 20:07|--ah-----|244] - C:\sqmnoopt02.sqm
[18/02/2009 17:41|--a------|479] - C:	wacker.log
[04/12/2004 08:35|--a------|80] - C:\volumeid.zbx
[26/03/2007 23:32|--a------|8265216] - J:\bmwv67sp02fr.exe

archet9 · Answer

Ok....

Fais un scan avec cet antispyware :
Telecharges malwarebytes + tutoriel :  

-> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/ 

Tu l´installes; mets le a jour...(onglet mise a jour) 
Click maintenant sur l´onglet recherche et coche la case : "executer un examen rapide".
Puis click sur "rechercher".  
Laisses le scanner le pc... 
Si des elements on ete trouvés > click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "oui".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vue de le poster sur le forum.
Copies et colles le rapport stp.

***************

Colle ensuite un nouveau RSIT  


a+

Pc ralenti et instable sous xp

7 réponses