Virus getcodec.gen

Résolu
bibi270 Messages postés 36 Statut Membre -  
bibi270 Messages postés 36 Statut Membre -
Bonjour,
mon ordinateur rame ,apparement j'ai attrapé un virus.Voici le rapport fait avec rsit.
Logfile of random's system information tool 1.06 (written by random/random)
Run by BEA ET PATRICK at 2009-09-20 18:48:17
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 12 GB (30%) free of 40 GB
Total RAM: 2047 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:48:37, on 20/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\BEA ET PATRICK\Bureau\RSIT.exe
C:\Program Files\trend micro\BEA ET PATRICK.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tropal.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tropal.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-1708537768-746137067-725345543-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'CLEMENT')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-1708537768-746137067-725345543-1005 Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\CLEMENT\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe (User 'CLEMENT')
O4 - S-1-5-21-1708537768-746137067-725345543-1005 User Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\CLEMENT\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe (User 'CLEMENT')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\FM2032.dll
O20 - Winlogon Notify: f09cf21e669 - C:\WINDOWS\System32\FM2032.dll
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 8442 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Maintenance en 1 clic.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2007-11-06 322880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-09-08 279944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-12-18 1878872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-09-08 279944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2003-05-29 790528]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-03 13529088]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.Exe /background []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Accélérateur de démarrage AutoCAD.lnk]
C:\PROGRA~1\FICHIE~1\AUTODE~1\ACSTAR~1.EXE [2006-03-05 11000]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\System32\FM2032.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\f09cf21e669]
C:\WINDOWS\System32\FM2032.dll [2009-09-17 123392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-08-24 133120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"D:\StubInstaller.exe"="D:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Windows Shell"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d870ede8-2738-11de-b886-000c6eeb8634}]
shell\Auto\command - AdobeR.exe e
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

======File associations======

.scr - open - "C:\WINDOWS\system32\NOTEPAD.EXE" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2009-09-20 18:48:17 ----D---- C:\rsit
2009-09-20 18:48:17 ----D---- C:\Program Files\trend micro
2009-09-20 18:21:44 ----D---- C:\Program Files\VS Revo Group
2009-09-18 21:04:30 ----ASH---- C:\WINDOWS\system32\8.tmp
2009-09-18 20:35:24 ----SHD---- C:\WINDOWS\system32\LocalService
2009-09-18 19:26:45 ----ASH---- C:\WINDOWS\system32\D.tmp
2009-09-18 14:30:46 ----D---- C:\Documents and Settings\BEA ET PATRICK\Application Data\Avira
2009-09-18 14:17:53 ----D---- C:\Program Files\Avira
2009-09-18 14:17:53 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-09-17 20:16:58 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-09-17 20:16:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-09-17 20:16:44 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-09-17 20:16:39 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-09-17 19:32:32 ----A---- C:\WINDOWS\GnuHashes.ini
2009-09-17 19:25:00 ----ASH---- C:\WINDOWS\system32\4E.tmp
2009-09-17 19:24:59 ----A---- C:\WINDOWS\system32\FM2032.dll
2009-09-17 16:28:32 ----A---- C:\WINDOWS\MegaManager.INI
2009-09-16 20:47:46 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-09-16 20:21:07 ----D---- C:\WINDOWS\Prefetch
2009-09-16 19:57:05 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$
2009-09-16 19:53:07 ----D---- C:\WINDOWS\l2schemas
2009-09-16 19:53:06 ----D---- C:\WINDOWS\system32\fr
2009-09-16 19:53:06 ----D---- C:\WINDOWS\system32\bits
2009-09-16 19:48:19 ----D---- C:\WINDOWS\network diagnostic
2009-09-16 19:44:29 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-09-16 15:35:41 ----D---- C:\Program Files\Guitar Pro 5
2009-09-11 11:47:27 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-09-11 11:46:46 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-09-11 11:46:44 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-09-06 10:21:38 ----N---- C:\WINDOWS\system32\wlanapi.dll
2009-09-06 10:21:36 ----N---- C:\WINDOWS\system32\verclsid.exe
2009-09-06 10:21:35 ----N---- C:\WINDOWS\system32\tspkg.dll
2009-09-06 10:21:35 ----N---- C:\WINDOWS\system32\tsgqec.dll
2009-09-06 10:21:31 ----N---- C:\WINDOWS\system32\setupn.exe
2009-09-06 10:21:30 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2009-09-06 10:21:30 ----N---- C:\WINDOWS\system32\rasqec.dll
2009-09-06 10:21:29 ----N---- C:\WINDOWS\system32\qutil.dll
2009-09-06 10:21:29 ----N---- C:\WINDOWS\system32\qcliprov.dll
2009-09-06 10:21:29 ----N---- C:\WINDOWS\system32\qagentrt.dll
2009-09-06 10:21:29 ----N---- C:\WINDOWS\system32\qagent.dll
2009-09-06 10:21:28 ----N---- C:\WINDOWS\system32\onex.dll
2009-09-06 10:21:25 ----N---- C:\WINDOWS\system32\napstat.exe
2009-09-06 10:21:25 ----N---- C:\WINDOWS\system32\napmontr.dll
2009-09-06 10:21:25 ----N---- C:\WINDOWS\system32\napipsec.dll
2009-09-06 10:21:24 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2009-09-06 10:21:24 ----N---- C:\WINDOWS\system32\mssha.dll
2009-09-06 10:21:19 ----N---- C:\WINDOWS\system32\mmcperf.exe
2009-09-06 10:21:19 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-09-06 10:21:19 ----N---- C:\WINDOWS\system32\mmcex.dll
2009-09-06 10:21:19 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-09-06 10:21:15 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2009-09-06 10:21:14 ----N---- C:\WINDOWS\system32\kmsvc.dll
2009-09-06 10:21:14 ----N---- C:\WINDOWS\system32\kbdpash.dll
2009-09-06 10:21:14 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2009-09-06 10:21:14 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2009-09-06 10:21:14 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2009-09-06 10:21:12 ----N---- C:\WINDOWS\system32\smtpapi.dll
2009-09-06 10:21:12 ----N---- C:\WINDOWS\system32\rwnh.dll
2009-09-06 10:21:09 ----A---- C:\WINDOWS\003300_.tmp
2009-09-06 10:21:08 ----N---- C:\WINDOWS\system32\eapsvc.dll
2009-09-06 10:21:08 ----N---- C:\WINDOWS\system32\eapqec.dll
2009-09-06 10:21:08 ----N---- C:\WINDOWS\system32\eappprxy.dll
2009-09-06 10:21:08 ----N---- C:\WINDOWS\system32\eapphost.dll
2009-09-06 10:21:08 ----N---- C:\WINDOWS\system32\eappgnui.dll
2009-09-06 10:21:08 ----N---- C:\WINDOWS\system32\eappcfg.dll
2009-09-06 10:21:08 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2009-09-06 10:21:08 ----N---- C:\WINDOWS\system32\eapolqec.dll
2009-09-06 10:21:07 ----N---- C:\WINDOWS\system32\dot3ui.dll
2009-09-06 10:21:07 ----N---- C:\WINDOWS\system32\dot3svc.dll
2009-09-06 10:21:07 ----N---- C:\WINDOWS\system32\dot3msm.dll
2009-09-06 10:21:07 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-09-06 10:21:07 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2009-09-06 10:21:07 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2009-09-06 10:21:07 ----N---- C:\WINDOWS\system32\dot3api.dll
2009-09-06 10:21:07 ----N---- C:\WINDOWS\system32\dimsroam.dll
2009-09-06 10:21:07 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2009-09-06 10:21:06 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2009-09-06 10:21:06 ----N---- C:\WINDOWS\system32\credssp.dll
2009-09-06 10:21:04 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2009-09-06 10:21:04 ----N---- C:\WINDOWS\system32\azroles.dll
2009-09-06 10:21:01 ----N---- C:\WINDOWS\system32\aaclient.dll
2009-09-03 17:34:24 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2009-09-02 20:53:10 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-09-02 20:52:39 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2009-08-29 21:23:22 ----D---- C:\Documents and Settings\BEA ET PATRICK\Application Data\AVS4YOU
2009-08-29 21:23:20 ----D---- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2009-08-29 21:22:27 ----D---- C:\Program Files\Fichiers communs\AVSMedia
2009-08-29 21:22:16 ----A---- C:\WINDOWS\system32\msxml3a.dll
2009-08-29 21:22:16 ----A---- C:\WINDOWS\system32\mfc70.dll
2009-08-29 21:22:15 ----D---- C:\Program Files\AVS4YOU
2009-08-29 20:51:02 ----D---- C:\Documents and Settings\BEA ET PATRICK\Application Data\VistaCodecs
2009-08-29 20:50:54 ----D---- C:\Program Files\VistaCodecPack
2009-08-29 20:49:57 ----D---- C:\Documents and Settings\All Users\Application Data\VistaCodecs
2009-08-29 18:42:14 ----D---- C:\Program Files\WinAVI Video Converter
2009-08-29 18:10:41 ----D---- C:\WINDOWS\Minidump
2009-08-27 11:17:20 ----A---- C:\WINDOWS\system32\hidserv.dll
2009-08-27 10:05:29 ----D---- C:\WINDOWS\system32\XPSViewer
2009-08-27 10:05:23 ----D---- C:\WINDOWS\system32\en-US
2009-08-27 10:05:16 ----D---- C:\Program Files\Reference Assemblies
2009-08-27 10:04:45 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-08-27 10:04:45 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-08-27 10:04:45 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-08-27 10:02:08 ----D---- C:\Program Files\MSXML 6.0
2009-08-26 22:21:35 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-26 22:20:42 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-26 22:18:55 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2009-08-26 22:16:14 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-08-26 22:16:01 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-08-26 22:09:13 ----A---- C:\WINDOWS\Recode.INI
2009-08-26 22:06:13 ----D---- C:\Documents and Settings\All Users\Application Data\Ahead
2009-08-25 11:47:01 ----N---- C:\WINDOWS\system32\RALMain.dll
2009-08-25 11:47:01 ----N---- C:\WINDOWS\system32\Ltrio13n.dll
2009-08-25 11:47:01 ----N---- C:\WINDOWS\system32\Ltr13n.dll
2009-08-25 11:47:01 ----N---- C:\WINDOWS\system32\DiskIO.dll
2009-08-25 11:47:00 ----N---- C:\WINDOWS\system32\vdrmux.dll
2009-08-25 11:47:00 ----N---- C:\WINDOWS\system32\vdrcodec.dll
2009-08-25 11:47:00 ----N---- C:\WINDOWS\system32\pclepim1.dll
2009-08-25 11:47:00 ----N---- C:\WINDOWS\system32\PCLEGetGuid.dll
2009-08-25 11:47:00 ----N---- C:\WINDOWS\system32\MMAviAx.dll
2009-08-25 11:47:00 ----N---- C:\WINDOWS\system32\MLPagAx.dll
2009-08-25 11:47:00 ----N---- C:\WINDOWS\system32\miroDV2Bmp.dll
2009-08-25 11:47:00 ----N---- C:\WINDOWS\system32\ltkrn13n.dll
2009-08-25 11:47:00 ----N---- C:\WINDOWS\system32\LTCLR13s.dll
2009-08-25 11:47:00 ----N---- C:\WINDOWS\system32\LTCLR13n.dll
2009-08-25 11:47:00 ----N---- C:\WINDOWS\system32\lfwmf13s.dll
2009-08-25 11:47:00 ----N---- C:\WINDOWS\system32\lftif13s.dll
2009-08-25 11:47:00 ----N---- C:\WINDOWS\system32\lftga13s.dll
2009-08-25 11:47:00 ----N---- C:\WINDOWS\system32\lfpct13s.dll
2009-08-25 11:47:00 ----N---- C:\WINDOWS\system32\LFJ2K13s.dll
2009-08-25 11:47:00 ----N---- C:\WINDOWS\system32\lffax13s.dll
2009-08-25 11:47:00 ----N---- C:\WINDOWS\system32\lffax13n.dll
2009-08-25 11:47:00 ----N---- C:\WINDOWS\system32\LFCMP13s.DLL
2009-08-25 11:47:00 ----N---- C:\WINDOWS\system32\lfbmp13s.dll
2009-08-25 11:47:00 ----N---- C:\WINDOWS\system32\langserv.dll
2009-08-25 11:47:00 ----N---- C:\WINDOWS\system32\Cachex.dll
2009-08-25 11:47:00 ----N---- C:\WINDOWS\system32\Aviprax.dll
2009-08-25 11:45:17 ----A---- C:\WINDOWS\unvise32.exe
2009-08-25 11:43:17 ----D---- C:\Program Files\Pinnacle

======List of files/folders modified in the last 1 months======

2009-09-20 18:48:17 ----RD---- C:\Program Files
2009-09-20 18:42:25 ----D---- C:\Program Files\Mozilla Firefox
2009-09-20 18:36:21 ----D---- C:\WINDOWS\system32\Restore
2009-09-20 18:15:14 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-20 18:14:32 ----D---- C:\WINDOWS\Debug
2009-09-20 18:14:32 ----D---- C:\WINDOWS
2009-09-20 18:14:30 ----D---- C:\WINDOWS\Temp
2009-09-20 17:32:30 ----D---- C:\Documents and Settings\BEA ET PATRICK\Application Data\HPAppData
2009-09-20 17:09:44 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-20 12:23:40 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-09-20 11:53:09 ----HD---- C:\WINDOWS\inf
2009-09-18 21:04:30 ----D---- C:\WINDOWS\system32
2009-09-18 21:01:17 ----SHD---- C:\WINDOWS\Installer
2009-09-18 21:01:17 ----HD---- C:\Config.Msi
2009-09-18 14:18:14 ----D---- C:\WINDOWS\system32\drivers
2009-09-18 14:14:20 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-09-18 14:10:08 ----D---- C:\WINDOWS\WinSxS
2009-09-17 20:35:36 ----HD---- C:\Program Files\InstallShield Installation Information
2009-09-17 20:17:01 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-09-17 20:16:51 ----HD---- C:\WINDOWS\$hf_mig$
2009-09-17 20:16:47 ----D---- C:\WINDOWS\system32\CatRoot
2009-09-17 20:15:37 ----D---- C:\Documents and Settings\BEA ET PATRICK\Application Data\FrostWire
2009-09-17 19:11:27 ----D---- C:\Program Files\eMule
2009-09-17 15:50:29 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-09-17 15:46:04 ----D---- C:\WINDOWS\system32\wbem
2009-09-17 15:46:03 ----D---- C:\WINDOWS\AppPatch
2009-09-16 20:48:51 ----D---- C:\Program Files\Messenger
2009-09-16 20:47:14 ----D---- C:\Program Files\Outlook Express
2009-09-16 20:31:02 ----SHD---- C:\System Volume Information
2009-09-16 20:20:42 ----D---- C:\WINDOWS\system32\Setup
2009-09-16 20:20:40 ----RSD---- C:\WINDOWS\Fonts
2009-09-16 20:20:12 ----D---- C:\WINDOWS\security
2009-09-16 19:53:30 ----D---- C:\Program Files\Windows Media Player
2009-09-16 19:53:29 ----D---- C:\WINDOWS\Help
2009-09-16 19:53:22 ----D---- C:\WINDOWS\EHome
2009-09-16 19:53:20 ----D---- C:\WINDOWS\system32\inetsrv
2009-09-16 19:53:20 ----D---- C:\WINDOWS\ime
2009-09-16 19:53:08 ----D---- C:\WINDOWS\system32\usmt
2009-09-16 19:53:08 ----D---- C:\WINDOWS\system32\fr-FR
2009-09-16 19:53:07 ----D---- C:\Program Files\Internet Explorer
2009-09-16 19:53:06 ----D---- C:\WINDOWS\peernet
2009-09-16 19:53:06 ----D---- C:\Program Files\Movie Maker
2009-09-16 19:50:25 ----D---- C:\WINDOWS\system32\npp
2009-09-16 19:50:23 ----D---- C:\WINDOWS\msagent
2009-09-16 19:50:22 ----D---- C:\WINDOWS\srchasst
2009-09-16 19:50:21 ----D---- C:\Program Files\NetMeeting
2009-09-16 19:50:20 ----D---- C:\WINDOWS\system32\Com
2009-09-16 19:50:17 ----D---- C:\Program Files\Windows NT
2009-09-16 19:50:13 ----D---- C:\Program Files\Fichiers communs\System
2009-09-16 19:49:55 ----D---- C:\WINDOWS\system32\oobe
2009-09-16 19:49:52 ----D---- C:\WINDOWS\system
2009-09-16 19:47:06 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-09-12 09:31:28 ----D---- C:\WINDOWS\twain_32
2009-09-11 11:47:24 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-08-31 19:06:07 ----D---- C:\WINDOWS\Microsoft.NET
2009-08-30 18:52:34 ----D---- C:\Documents and Settings\BEA ET PATRICK\Application Data\dvdcss
2009-08-29 21:22:27 ----D---- C:\Program Files\Fichiers communs
2009-08-29 20:59:07 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2009-08-29 20:59:07 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-08-29 20:59:06 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-08-29 20:59:01 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-08-29 20:59:01 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-08-29 20:59:00 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-08-29 20:58:55 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-08-29 20:58:47 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2009-08-27 12:03:13 ----RSD---- C:\WINDOWS\assembly
2009-08-27 11:19:36 ----D---- C:\Documents and Settings\BEA ET PATRICK\Application Data\vlc
2009-08-27 10:05:25 ----D---- C:\Program Files\MSBuild
2009-08-27 10:05:00 ----D---- C:\WINDOWS\system32\spool
2009-08-27 10:03:15 ----D---- C:\WINDOWS\system32\mui
2009-08-26 22:17:31 ----D---- C:\Program Files\Windows Desktop Search
2009-08-26 22:16:23 ----D---- C:\WINDOWS\ServicePackFiles

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2003-10-29 28560]
R1 incdrm;InCD EasyWrite Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2003-08-21 25520]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-09-18 28520]
R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-04-24 12032]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-08-26 55656]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-03-13 100224]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 EL2000;3Com 3C2000x EtherLink XL Adapter; C:\WINDOWS\System32\DRIVERS\EL2K_XP.sys [2003-07-17 147328]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2003-04-24 12288]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-03 6554496]
R3 pfc;PADUS ASPI SHELL; C:\WINDOWS\system32\drivers\pfc.sys [2002-06-13 14604]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-06-02 578304]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 usbvideo;Périphérique vidéo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2003-10-29 88400]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-11-01 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-11-01 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-11-01 21568]
S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2002-09-20 235100]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirMailService;Avira AntiVir MailGuard; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [2009-09-18 194817]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-09-18 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-09-18 185089]
R2 AntiVirWebService;Avira AntiVir WebGuard; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2009-09-18 434945]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 hpqddsvc;Service HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2003-10-29 790580]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-03 159812]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2009-01-30 603904]
R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe [2009-02-15 77944]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-01-30 360192]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
Que faire pour eliminer ce probleme
Merci
Configuration: Windows XP
Firefox 3.0.14

16 réponses

  1. benurrr Messages postés 9766 Statut Contributeur sécurité 107
     
    salut

    Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
    https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cpVobGk5bHnxrhQ4yaoEUDJvOYNnEGyYjgqHZz5GqZLfutR3fMFPlsC3-CGIilfupPAguYATNyua3csodN_frdMK8sSzUpit10Yac-QJCOkMqJKkbdKcP6ySs8trWPgoNVIq4TGGWCe6o0txXQv-ZueJF9vZzw3RXsGwFYIqN2lvF2LPdQzS8mE1d5kWOVOz6EMzQuE5-lClSJM869uq3oc7-t7yg%3D%3D&attredirects=3

    * Lance l'installation du programme en exécutant le fichier téléchargé.
    * Double-clique maintenant sur le raccourci de Toolbar-S&D.
    * Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
    * Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
    * Poste le rapport généré. (C:\TB.txt)
    0
  2. bibi270 Messages postés 36 Statut Membre
     
    -----------\\ ToolBar S&D 1.2.9 XP/Vista

    Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 2.60GHz )
    BIOS : BIOS Date: 08/20/03 12:57:55 Ver: 08.00.09
    USER : BEA ET PATRICK ( Administrator )
    BOOT : Normal boot
    Antivirus : AntiVir Desktop 9.0.1.32 (Activated)
    A:\ (USB)
    C:\ (Local Disk) - NTFS - Total:39 Go (Free:12 Go)
    D:\ (Local Disk) - NTFS - Total:75 Go (Free:70 Go)
    E:\ (CD or DVD)
    F:\ (CD or DVD)

    "C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
    Option : [1] ( 20/09/2009|19:28 )

    -----------\\ Recherche de Fichiers / Dossiers ...

    C:\Program Files\AskBarDis
    C:\Program Files\AskBarDis\bar
    C:\Program Files\AskBarDis\PopSwatter
    C:\Program Files\AskBarDis\unins000.dat
    C:\Program Files\AskBarDis\unins000.exe
    C:\Program Files\AskBarDis\bar\bin
    C:\Program Files\AskBarDis\bar\Cache
    C:\Program Files\AskBarDis\bar\History
    C:\Program Files\AskBarDis\bar\Settings
    C:\Program Files\AskBarDis\bar\bin\askBar.dll
    C:\Program Files\AskBarDis\bar\bin\askPopStp.dll
    C:\Program Files\AskBarDis\bar\bin\psvince.dll
    C:\Program Files\AskBarDis\bar\Cache\00018613.bin
    C:\Program Files\AskBarDis\bar\Cache\000189BC.bin
    C:\Program Files\AskBarDis\bar\Cache\00018B53.bin
    C:\Program Files\AskBarDis\bar\Cache\00018CE9.bin
    C:\Program Files\AskBarDis\bar\Cache\00018E70.bin
    C:\Program Files\AskBarDis\bar\Cache\00018FE7.bin
    C:\Program Files\AskBarDis\bar\Cache\00463227
    C:\Program Files\AskBarDis\bar\Cache\0101972D
    C:\Program Files\AskBarDis\bar\Cache\files.ini
    C:\Program Files\AskBarDis\bar\History\search
    C:\Program Files\AskBarDis\bar\Settings\config.dat
    C:\Program Files\AskBarDis\bar\Settings\config.dat.bak
    C:\Program Files\AskBarDis\bar\Settings\prevcfg.htm
    C:\Program Files\AskBarDis\PopSwatter\History
    C:\Program Files\AskBarDis\PopSwatter\History\allowed
    C:\Program Files\AskBarDis\PopSwatter\History\notallow

    -----------\\ Extensions

    (BEA ET PATRICK) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user
    (BEA ET PATRICK) - {40a1f5d7-afc2-498f-b264-02668d616ff6} => megamanager
    (BEA ET PATRICK) - {6e454792-2f36-46d3-bb20-4be949b6fb8a} => ecouter-la-radio
    (BEA ET PATRICK) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar

    (LAURA) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user

    (ROMANE) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
    "Start Page"="http://www.tropal.net/"
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Search Bar"="https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
    "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Start Page"="http://www.tropal.net/"

    --------------------\\ Recherche d'autres infections

    --------------------\\ Cracks & Keygens ..

    C:\DOCUME~1\BEAETP~1\Application Data\FrostWire\.AppSpecialShare\Guitar.Pro.5.0 full +crack.rar.torrent
    C:\DOCUME~1\BEAETP~1\Application Data\FrostWire\.AppSpecialShare\Guitar.Pro.5.0 full +crack.rar.torrent.bak

    1 - "C:\ToolBar SD\TB_1.txt" - 20/09/2009|19:44 - Option : [1]

    -----------\\ Fin du rapport a 19:44:02,96
    0
  3. benurrr Messages postés 9766 Statut Contributeur sécurité 107
     
    relance ToolBar S&D et choisie l'option 2 suppression
    0
  4. bibi270 Messages postés 36 Statut Membre
     
    J'ai relance et fait suppession.Je t'envoie le rapport.Pour moi il y a encore quelque chose car mon routeur alice n'arrete pas de clignoter en eth comme si je me servais tout le temps de internet.

    -----------\\ ToolBar S&D 1.2.9 XP/Vista

    Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 2.60GHz )
    BIOS : BIOS Date: 08/20/03 12:57:55 Ver: 08.00.09
    USER : BEA ET PATRICK ( Administrator )
    BOOT : Normal boot
    Antivirus : AntiVir Desktop 9.0.1.32 (Activated)
    A:\ (USB)
    C:\ (Local Disk) - NTFS - Total:39 Go (Free:12 Go)
    D:\ (Local Disk) - NTFS - Total:75 Go (Free:70 Go)
    E:\ (CD or DVD)
    F:\ (CD or DVD)

    "C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
    Option : [2] ( 21/09/2009| 9:09 )

    -----------\\ SUPPRESSION

    Supprime! - C:\Program Files\AskBarDis\bar
    Supprime! - C:\Program Files\AskBarDis\PopSwatter
    Supprime! - C:\Program Files\AskBarDis\unins000.dat
    Supprime! - C:\Program Files\AskBarDis\unins000.exe
    Supprime! - C:\Program Files\AskBarDis

    -----------\\ Recherche de Fichiers / Dossiers ...

    -----------\\ Extensions

    (BEA ET PATRICK) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user
    (BEA ET PATRICK) - {40a1f5d7-afc2-498f-b264-02668d616ff6} => megamanager
    (BEA ET PATRICK) - {6e454792-2f36-46d3-bb20-4be949b6fb8a} => ecouter-la-radio
    (BEA ET PATRICK) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar

    (LAURA) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user

    (ROMANE) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
    "Start Page"="http://www.tropal.net/"
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Search Bar"="https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
    "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Start Page"="https://www.msn.com/fr-fr/"

    --------------------\\ Recherche d'autres infections

    --------------------\\ Cracks & Keygens ..

    C:\DOCUME~1\BEAETP~1\Application Data\FrostWire\.AppSpecialShare\Guitar.Pro.5.0 full +crack.rar.torrent
    C:\DOCUME~1\BEAETP~1\Application Data\FrostWire\.AppSpecialShare\Guitar.Pro.5.0 full +crack.rar.torrent.bak

    1 - "C:\ToolBar SD\TB_1.txt" - 20/09/2009|19:44 - Option : [1]
    2 - "C:\ToolBar SD\TB_2.txt" - 21/09/2009| 9:30 - Option : [2]

    -----------\\ Fin du rapport a 9:30:36,81

    Que faire.Merci
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. benurrr Messages postés 9766 Statut Contributeur sécurité 107
     
    salut

    oui il reste quelque truc

    Telecharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    -> Double clique combofix.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    Avant d'utiliser ComboFix :

    -> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

    -> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

    Une fois fait, sur ton bureau double-clic sur Combofix.exe.

    - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    -Attention Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes. risque de figer l'ordi

    - En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

    -> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    -> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

    !\ Ne touche à rien tant que le scan n'est pas terminé. /!\ : risque de figer l'ordi (plantage complet)

    ::Si combofix detecte quelque chose et de demande a redemarer tu accepte
    0
    1. bibi270 Messages postés 36 Statut Membre
       
      ComboFix 09-09-20.01 - BEA ET PATRICK 21/09/2009 11:41:05.1.2 - NTFSx86
      Microsoft Windows XP Professionnel 5.1.2600.1.1252.33.1036.18.2047.1455 [GMT 2:00]
      Lancé depuis: C:\Documents and Settings\BEA ET PATRICK\Bureau\ComboFix.exe
      AV: AntiVir Desktop *On-access scanning enabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\DOCUME~1\BEAETP~1\LOCALS~1\Temp\35.tmp
      C:\Documents and Settings\BEA ET PATRICK\Application Data\020000005ad4d2ae669C.manifest
      C:\Documents and Settings\BEA ET PATRICK\Application Data\020000005ad4d2ae669O.manifest
      C:\Documents and Settings\BEA ET PATRICK\Application Data\020000005ad4d2ae669P.manifest
      C:\Documents and Settings\BEA ET PATRICK\Application Data\020000005ad4d2ae669S.manifest
      C:\Documents and Settings\BEA ET PATRICK\Local Settings\Temp\35.tmp
      C:\Documents and Settings\CLEMENT\Application Data\020000005ad4d2ae669C.manifest
      C:\Documents and Settings\CLEMENT\Application Data\020000005ad4d2ae669O.manifest
      C:\Documents and Settings\CLEMENT\Application Data\020000005ad4d2ae669P.manifest
      C:\Documents and Settings\CLEMENT\Application Data\020000005ad4d2ae669S.manifest
      C:\Documents and Settings\CLEMENT\Cookies\clement@managerzone.bbgames[2].txt
      C:\Documents and Settings\LAURA\Application Data\020000005ad4d2ae669C.manifest
      C:\Documents and Settings\LAURA\Application Data\020000005ad4d2ae669O.manifest
      C:\Documents and Settings\LAURA\Application Data\020000005ad4d2ae669P.manifest
      C:\Documents and Settings\LAURA\Application Data\020000005ad4d2ae669S.manifest
      C:\WINDOWS\GnuHashes.ini
      C:\WINDOWS\Installer\3749c6.msi
      C:\WINDOWS\system32\8.tmp
      C:\WINDOWS\system32\D.tmp
      C:\WINDOWS\system32\GroupPolicy000.dat
      C:\WINDOWS\system32\LocalService\293.crack.zip
      C:\WINDOWS\system32\LocalService\293.crack.zip.kwd
      C:\WINDOWS\system32\LocalService\294.keygen.zip
      C:\WINDOWS\system32\LocalService\294.keygen.zip.kwd
      C:\WINDOWS\system32\LocalService\295.serial.zip
      C:\WINDOWS\system32\LocalService\295.serial.zip.kwd
      C:\WINDOWS\system32\LocalService\296.setup.zip
      C:\WINDOWS\system32\LocalService\296.setup.zip.kwd
      C:\WINDOWS\system32\LocalService\301.music.au.kwd
      C:\WINDOWS\system32\LocalService\302.music2.au.kwd
      C:\WINDOWS\system32\LocalService\303.music3.au.kwd
      C:\WINDOWS\system32\LocalService\304.music4.au.kwd

      C:\WINDOWS\system32\qmgr.dll . . . est infecté!!

      .
      ((((((((((((((((((((((((((((( Fichiers créés du 2009-08-21 au 2009-09-21 ))))))))))))))))))))))))))))))))))))
      .

      2009-09-21 08:52:59 . 2003-04-24 12:00:00 29184 -c--a-w- C:\WINDOWS\system32\dllcache\lmmib2.dll
      2009-09-21 08:51:59 . 2002-05-14 10:08:54 20536 -c--a-w- C:\WINDOWS\system32\dllcache\shtml.dll
      2009-09-21 08:49:54 . 2003-04-24 12:00:00 106562 -c--a-w- C:\WINDOWS\system32\dllcache\srchctls.dll
      2009-09-21 08:47:54 . 2003-04-24 12:00:00 275968 -c--a-w- C:\WINDOWS\system32\dllcache\pinball.exe
      2009-09-21 08:45:51 . 2002-08-28 23:32:28 5888 ----a-w- C:\WINDOWS\system32\drivers\splitter.sys
      2009-09-21 08:45:42 . 2001-08-17 19:59:58 50048 ----a-w- C:\WINDOWS\system32\drivers\DMusic.sys
      2009-09-21 08:32:09 . 2002-08-29 09:23:30 57728 ----a-w- C:\WINDOWS\system32\drivers\redbook.sys
      2009-09-21 08:31:47 . 2009-09-21 08:31:56 0 d-----w- C:\WINDOWS\NV908920.TMP
      2009-09-21 08:30:36 . 2001-08-23 15:47:06 4096 ----a-w- C:\WINDOWS\system32\ksuser.dll
      2009-09-21 08:30:08 . 2002-08-29 09:45:22 38024 ----a-w- C:\WINDOWS\system32\drivers\termdd.sys
      2009-09-21 08:30:07 . 2002-08-28 23:06:36 182400 ----a-w- C:\WINDOWS\system32\drivers\rdpdr.sys
      2009-09-20 17:18:57 . 2009-09-21 07:30:36 0 d-----w- C:\ToolBar SD
      2009-09-20 16:48:17 . 2009-09-20 16:48:39 0 d-----w- C:\rsit
      2009-09-20 16:48:17 . 2009-09-20 16:48:37 0 d-----w- C:\Program Files\trend micro
      2009-09-20 16:21:44 . 2009-09-20 16:21:44 0 d-----w- C:\Program Files\VS Revo Group
      2009-09-18 19:01:44 . 2009-09-18 19:01:44 0 d-----w- C:\Documents and Settings\CLEMENT\Local Settings\Application Data\HP
      2009-09-18 18:35:24 . 2009-09-21 09:50:36 0 d-sh--w- C:\WINDOWS\system32\LocalService
      2009-09-18 12:30:46 . 2009-09-18 12:30:47 0 d-----w- C:\Documents and Settings\BEA ET PATRICK\Application Data\Avira
      2009-09-18 12:17:58 . 2009-03-30 08:32:47 96104 ----a-w- C:\WINDOWS\system32\drivers\avipbb.sys
      2009-09-18 12:17:58 . 2009-02-13 10:28:39 22360 ----a-w- C:\WINDOWS\system32\drivers\avgntmgr.sys
      2009-09-18 12:17:58 . 2009-02-13 10:17:49 45416 ----a-w- C:\WINDOWS\system32\drivers\avgntdd.sys
      2009-09-18 12:17:53 . 2009-09-18 12:18:23 0 d-----w- C:\Documents and Settings\All Users\Application Data\Avira
      2009-09-18 12:17:53 . 2009-09-18 12:17:53 0 d-----w- C:\Program Files\Avira
      2009-09-17 17:24:59 . 2009-09-17 17:24:59 123392 ----a-w- C:\WINDOWS\system32\FM2032.dll
      2009-09-16 17:53:07 . 2009-09-16 17:53:07 0 d-----w- C:\WINDOWS\l2schemas
      2009-09-16 17:53:06 . 2009-09-16 17:53:06 0 d-----w- C:\WINDOWS\system32\fr
      2009-09-16 17:53:06 . 2009-09-16 17:53:06 0 d-----w- C:\WINDOWS\system32\bits
      2009-09-16 13:35:41 . 2009-09-16 13:35:45 0 d-----w- C:\Program Files\Guitar Pro 5
      2009-09-05 17:45:23 . 2009-09-05 17:45:23 0 d-----w- C:\Documents and Settings\LAURA\Local Settings\Application Data\Microsoft Help
      2009-09-05 15:32:53 . 2009-09-18 17:27:17 0 d-----w- C:\Documents and Settings\LAURA\Tracing
      2009-09-03 15:34:33 . 2009-09-03 15:34:33 0 d-----w- C:\WINDOWS\system32\drivers\umdf
      2009-08-29 19:23:22 . 2009-08-29 19:23:22 0 d-----w- C:\Documents and Settings\BEA ET PATRICK\Application Data\AVS4YOU
      2009-08-29 19:23:20 . 2009-08-29 19:23:20 0 d-----w- C:\Documents and Settings\All Users\Application Data\AVS4YOU
      2009-08-29 19:22:27 . 2009-09-03 15:35:36 0 d-----w- C:\Program Files\Fichiers communs\AVSMedia
      2009-08-29 19:22:16 . 2008-08-13 09:22:42 974848 ----a-w- C:\WINDOWS\system32\mfc70.dll
      2009-08-29 19:22:16 . 2008-08-13 09:22:40 24576 ----a-w- C:\WINDOWS\system32\msxml3a.dll
      2009-08-29 19:22:15 . 2009-09-03 15:35:42 0 d-----w- C:\Program Files\AVS4YOU
      2009-08-29 18:51:02 . 2009-08-29 18:51:02 0 d-----w- C:\Documents and Settings\BEA ET PATRICK\Application Data\VistaCodecs
      2009-08-29 18:50:54 . 2009-08-29 18:51:03 0 d-----w- C:\Program Files\VistaCodecPack
      2009-08-29 18:49:57 . 2009-08-29 18:51:02 0 d-----w- C:\Documents and Settings\All Users\Application Data\VistaCodecs
      2009-08-29 16:42:20 . 2009-08-29 16:42:20 0 d-----w- C:\Documents and Settings\BEA ET PATRICK\Local Settings\Application Data\WinAVI
      2009-08-29 16:42:14 . 2009-08-29 17:10:10 0 d-----w- C:\Program Files\WinAVI Video Converter
      2009-08-29 16:09:59 . 2009-08-29 16:09:59 70144 ----a-w- C:\WINDOWS\system32\drivers\qrppcqbwqwkutoic.sys
      2009-08-27 09:16:46 . 2002-08-28 23:32:32 56832 ----a-w- C:\WINDOWS\system32\drivers\usbaudio.sys
      2009-08-27 08:05:29 . 2009-08-27 08:05:29 0 d-----w- C:\WINDOWS\system32\XPSViewer
      2009-08-27 08:05:16 . 2009-08-27 08:05:16 0 d-----w- C:\Program Files\Reference Assemblies
      2009-08-27 08:04:45 . 2008-07-06 12:06:10 575488 ------w- C:\WINDOWS\system32\xpsshhdr.dll
      2009-08-27 08:04:45 . 2008-07-06 12:06:10 1676288 ------w- C:\WINDOWS\system32\xpssvcs.dll
      2009-08-27 08:04:45 . 2008-07-06 12:06:10 117760 ------w- C:\WINDOWS\system32\prntvpt.dll
      2009-08-27 08:02:08 . 2009-08-27 08:02:08 0 d-----w- C:\Program Files\MSXML 6.0
      2009-08-26 20:06:13 . 2009-08-26 20:06:13 0 d-----w- C:\Documents and Settings\All Users\Application Data\Ahead
      2009-08-25 09:45:17 . 1999-12-17 07:13:04 86016 ----a-w- C:\WINDOWS\unvise32.exe
      2009-08-25 09:43:54 . 2002-06-13 13:08:46 14604 ----a-w- C:\WINDOWS\system32\drivers\pfc.sys
      2009-08-25 09:43:17 . 2009-08-25 09:44:14 0 d-----w- C:\Program Files\Pinnacle

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2009-09-21 09:50:35 . 2009-09-21 09:50:33 523264 --sha-w- C:\WINDOWS\system32\1.tmp
      2009-09-21 09:08:24 . 2009-01-17 15:08:30 0 d-----w- C:\Documents and Settings\BEA ET PATRICK\Application Data\HPAppData
      2009-09-21 09:02:10 . 2009-01-16 10:46:04 115184 ----a-w- C:\Documents and Settings\BEA ET PATRICK\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
      2009-09-21 08:59:57 . 2003-04-24 12:00:00 90268 ----a-w- C:\WINDOWS\system32\perfc00C.dat
      2009-09-21 08:59:57 . 2003-04-24 12:00:00 525742 ----a-w- C:\WINDOWS\system32\perfh00C.dat
      2009-09-21 08:48:25 . 2009-01-16 10:04:21 23032 ----a-w- C:\WINDOWS\system32\emptyregdb.dat
      2009-09-20 16:15:14 . 2009-01-17 14:46:58 0 d-----w- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2009-09-20 15:14:04 . 2009-01-27 16:32:17 0 d-----w- C:\Documents and Settings\CLEMENT\Application Data\HPAppData
      2009-09-18 19:01:33 . 2009-01-27 16:27:10 115184 ----a-w- C:\Documents and Settings\CLEMENT\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
      2009-09-18 17:27:13 . 2009-02-24 16:22:54 115184 ----a-w- C:\Documents and Settings\LAURA\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
      2009-09-18 12:14:20 . 2009-01-17 14:46:58 0 d-----w- C:\Program Files\Spybot - Search & Destroy
      2009-09-17 18:35:36 . 2009-01-16 10:14:38 0 d--h--w- C:\Program Files\InstallShield Installation Information
      2009-09-17 18:15:37 . 2009-03-17 17:18:29 0 d-----w- C:\Documents and Settings\BEA ET PATRICK\Application Data\FrostWire
      2009-09-17 17:25:01 . 2009-09-17 17:25:00 523264 --sha-w- C:\WINDOWS\system32\4E.tmp
      2009-09-17 17:11:27 . 2009-01-18 17:25:03 0 d-----w- C:\Program Files\eMule
      2009-09-11 09:47:24 . 2009-01-16 20:49:43 0 d-----w- C:\Documents and Settings\All Users\Application Data\Microsoft Help
      2009-09-05 17:45:47 . 2009-02-24 16:26:52 0 d-----w- C:\Documents and Settings\LAURA\Application Data\HPAppData
      2009-08-31 15:15:04 . 2009-01-27 16:59:23 0 d-----w- C:\Documents and Settings\ROMANE\Application Data\HPAppData
      2009-08-30 16:52:34 . 2009-03-21 09:57:03 0 d-----w- C:\Documents and Settings\BEA ET PATRICK\Application Data\dvdcss
      2009-08-27 12:21:32 . 2009-01-27 16:54:39 114784 ----a-w- C:\Documents and Settings\ROMANE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
      2009-08-27 09:19:36 . 2009-05-02 11:49:06 0 d-----w- C:\Documents and Settings\BEA ET PATRICK\Application Data\vlc
      2009-08-27 08:05:25 . 2009-01-16 20:53:48 0 d-----w- C:\Program Files\MSBuild
      2009-08-26 20:17:31 . 2009-02-13 14:01:15 0 d-----w- C:\Program Files\Windows Desktop Search
      2009-08-26 08:17:25 . 2009-04-29 15:04:53 55656 ----a-w- C:\WINDOWS\system32\drivers\avgntflt.sys
      2009-08-19 16:35:06 . 2009-06-05 16:54:03 0 d-----w- C:\Program Files\Windows Live
      2009-08-19 16:34:34 . 2009-08-19 16:34:34 0 d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
      2009-08-19 16:33:46 . 2009-01-28 09:17:44 0 d-----w- C:\Program Files\MSN Messenger
      2009-08-19 16:33:08 . 2009-08-19 16:33:08 0 d-----w- C:\Program Files\Microsoft
      2009-08-19 16:32:48 . 2009-08-19 16:32:48 0 d-----w- C:\Program Files\Windows Live SkyDrive
      2009-08-19 07:57:33 . 2009-06-05 16:54:03 0 d-----w- C:\Program Files\Messenger Plus! Live
      2009-08-07 18:17:31 . 2009-08-07 18:17:30 0 d-----w- C:\Program Files\Fichiers communs\DVDVIDEOSOFT
      2009-08-05 17:26:31 . 2009-08-05 17:26:31 0 d-----w- C:\Program Files\TechCity Solutions
      2009-08-05 17:26:23 . 2009-08-05 17:22:52 0 d-----w- C:\Program Files\Alice
      2009-07-26 14:44:56 . 2009-07-26 14:44:56 48448 ----a-w- C:\WINDOWS\system32\sirenacm.dll
      2009-07-12 10:21:50 . 2009-01-16 10:40:13 233472 ------w- C:\WINDOWS\system32\wmpdxm.dll
      2009-07-10 11:01:54 . 2009-07-10 11:01:54 307560 ----a-w- C:\WINDOWS\WLXPGSS.SCR
      2009-06-29 01:32:08 . 2009-06-29 01:32:08 85504 ----a-w- C:\WINDOWS\system32\ff_vfw.dll
      2009-06-26 15:45:50 . 2009-06-26 15:45:50 1035776 ----a-w- C:\WINDOWS\system32\VSFilter.dll
      2009-03-19 18:26:29 . 2009-03-19 18:26:28 56 --sh--r- C:\WINDOWS\system32\7B17252C37.sys
      2009-03-19 18:26:29 . 2009-03-19 18:26:28 1682 --sha-w- C:\WINDOWS\system32\KGyGaAvL.sys
      .

      ------- Sigcheck -------

      [-] 2008-04-14 02:34:29 . 02DA31AB433A6C1110A736C85701DECA . 13824 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\wscntfy.exe
      [-] 2008-04-14 02:34:29 . 02DA31AB433A6C1110A736C85701DECA . 13824 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\wscntfy.exe

      [-] 2008-04-14 02:33:52 . F92A87FDDA0C11C8604FBC2B864FA726 . 129024 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\xmlprov.dll
      [-] 2008-04-14 02:33:52 . F92A87FDDA0C11C8604FBC2B864FA726 . 129024 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\xmlprov.dll

      [-] 2008-04-13 18:53:34 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\ip6fw.sys
      [-] 2008-04-13 18:53:34 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\drivers\ip6fw.sys

      [-] 2008-04-14 02:33:32 . AA370F0D5B900E13D40E9CB834B5DA10 . 52736 . . [9.0.1.56] . . C:\WINDOWS\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\mspmsnsv.dll
      [-] 2006-08-24 20:30:20 . 482069CDA24AA0E94B1351E30EB3D01F . 27648 . . [11.0.5705.5043] . . C:\WINDOWS\system32\mspmsnsv.dll
      [-] 2004-08-19 15:09:34 . 535D54D2AF721A3497F058CAA2C63447 . 52736 . . [9.0.1.56] . . C:\WINDOWS\$NtUninstallWMFDist11$\mspmsnsv.dll
      .
      ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 15:07:20 2260480]
      "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 14:44:52 3883856]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 15:28:32 790528]
      "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 04:46:00 13529088]
      "avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 11:08:11 209153]
      "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-03 04:46:00 86016]
      "nwiz"="nwiz.exe" - C:\WINDOWS\system32\nwiz.exe [2008-05-03 04:46:00 1630208]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2003-04-24 12:00:00 13312]

      C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
      HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
      "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 20:41:34 304128]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\f09cf21e669]
      2009-09-17 17:24:59 123392 ----a-w- C:\WINDOWS\system32\FM2032.dll

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Accélérateur de démarrage AutoCAD.lnk]
      path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Accélérateur de démarrage AutoCAD.lnk
      backup=C:\WINDOWS\pss\Accélérateur de démarrage AutoCAD.lnkCommon Startup

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
      "Rainlendar2"=C:\Program Files\Rainlendar2\Rainlendar2.exe
      "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
      "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
      "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      "hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
      "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
      "SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe"
      "InCD"=C:\Program Files\Ahead\InCD\InCD.exe
      "NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      "nwiz"=nwiz.exe /install
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      "AliceSAV"=C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
      "C:\\Program Files\\iTunes\\iTunes.exe"=
      "D:\\StubInstaller.exe"=
      "C:\\Program Files\\Messenger\\msmsgs.exe"=
      "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
      "C:\\Program Files\\eMule\\emule.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "C:\\WINDOWS\\system32\\dpvsetup.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "4662:TCP"= 4662:TCP:emule entrant
      "4672:UDP"= 4672:UDP:emule sortant

      R2 AntiVirMailService;Avira AntiVir MailGuard;C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [18/09/2009 14:17:56 194817]
      R2 AntiVirSchedulerService;Avira AntiVir Planificateur;C:\Program Files\Avira\AntiVir Desktop\sched.exe [18/09/2009 14:17:58 108289]
      R2 AntiVirWebService;Avira AntiVir WebGuard;C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe [18/09/2009 14:17:56 434945]
      R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;C:\WINDOWS\system32\TUProgSt.exe [30/01/2009 12:23:31 603904]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
      hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
      .
      Contenu du dossier 'Tâches planifiées'

      2009-09-16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34:12 . 2008-07-30 11:34:12]

      2009-09-21 C:\WINDOWS\Tasks\Maintenance en 1 clic.job
      - C:\Program Files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-12 14:04:34 . 2008-12-12 14:04:34]
      .
      .
      ------- Examen supplémentaire -------
      .
      uStart Page = hxxp://www.tropal.net/
      mWindow Title =
      uInternet Settings,ProxyOverride = *.local
      IE: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
      IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
      LSP: C:\Program Files\Avira\AntiVir Desktop\avsda.dll
      FF - ProfilePath - C:\Documents and Settings\BEA ET PATRICK\Application Data\Mozilla\Firefox\Profiles\h0pfpcdl.default\
      FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2088315&SearchSource=3&q={searchTerms}
      FF - prefs.js: browser.search.selectedEngine - ecouter-la-radio Customized Web Search
      FF - prefs.js: browser.startup.homepage - hxxp://www.aliceadsl.fr/
      FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2088315&SearchSource=2&q=
      FF - component: C:\Documents and Settings\BEA ET PATRICK\Application Data\Mozilla\Firefox\Profiles\h0pfpcdl.default\extensions\{6e454792-2f36-46d3-bb20-4be949b6fb8a}\components\FFExternalAlert.dll
      FF - plugin: C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
      FF - plugin: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
      FF - plugin: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
      FF - plugin: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
      FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
      .
      - - - - ORPHELINS SUPPRIMES - - - -

      WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
      AddRemove-Ask Toolbar_is1 - C:\Program Files\AskBarDis\unins000.exe

      Merci de ton aide
      0
  7. benurrr Messages postés 9766 Statut Contributeur sécurité 107
     
    tu peut me reposter un rapport Rsit
    0
    1. bibi270 Messages postés 36 Statut Membre
       
      Logfile of random's system information tool 1.06 (written by random/random)
      Run by BEA ET PATRICK at 2009-09-21 21:47:07
      Microsoft Windows XP Professionnel Service Pack 1
      System drive C: has 14 GB (36%) free of 40 GB
      Total RAM: 2047 MB (70% free)

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 21:47:22, on 21/09/2009
      Platform: Windows XP SP1 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Avira\AntiVir Desktop\sched.exe
      C:\Program Files\Avira\AntiVir Desktop\avguard.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Ahead\InCD\InCDsrv.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\TUProgSt.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
      C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
      C:\WINDOWS\System32\RUNDLL32.EXE
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
      C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\WINDOWS\System32\ctfmon.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Documents and Settings\BEA ET PATRICK\Bureau\RSIT.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
      C:\Program Files\trend micro\BEA ET PATRICK.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tropal.net/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
      O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
      O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
      O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
      O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
      O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
      O20 - Winlogon Notify: f09cf21e669 - C:\WINDOWS\System32\FM2032.dll
      O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
      O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
      O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
      O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
      O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
      O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
      O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
      O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
      0
  8. benurrr Messages postés 9766 Statut Contributeur sécurité 107
     
    télécharge malwarbyte http://www.malwarebytes.org/mbam/program/mbam-setup.exe

    a l'installation vérifie que mise a jour et lancer programme et scan complet sont bien cocher


    Une fois a jour, le programme va se lancer; clic sur l´onglet paramètre, et coche la case : "Arrêter internet explorer pendant la suppression".

    A la fin du scan clique sur Afficher les résultats

    Suppression des éléments détectés >>>> clique sur Supprimer la sélection ou supprimer tout
    S'il t'es demandé de redémarrer >>> clique sur "Yes"


    Et tu poste le rapport générer
    0
    1. bibi270 Messages postés 36 Statut Membre
       
      Malwarebytes' Anti-Malware 1.41
      Version de la base de données: 2838
      Windows 5.1.2600 Service Pack 1

      22/09/2009 10:19:15
      mbam-log-2009-09-22 (10-19-15).txt

      Type de recherche: Examen complet (C:\|D:\|)
      Eléments examinés: 192007
      Temps écoulé: 33 minute(s), 29 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 2
      Clé(s) du Registre infectée(s): 1
      Valeur(s) du Registre infectée(s): 0
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 1
      Fichier(s) infecté(s): 26

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      C:\WINDOWS\system32\FM2032.dll (Trojan.Tracur) -> Delete on reboot.
      C:\WINDOWS\system32\1.tmp (Worm.P2P) -> Delete on reboot.

      Clé(s) du Registre infectée(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\f09cf21e669 (Trojan.Tracur) -> Quarantined and deleted successfully.

      Valeur(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      C:\WINDOWS\system32\LocalService (Worm.Archive) -> Quarantined and deleted successfully.

      Fichier(s) infecté(s):
      C:\WINDOWS\system32\FM2032.dll (Trojan.Tracur) -> Delete on reboot.
      C:\WINDOWS\system32\1.tmp (Worm.P2P) -> Delete on reboot.
      C:\Qoobox\Quarantine\C\DOCUME~1\BEAETP~1\LOCALS~1\Temp\35.tmp.vir (Trojan.Dropper) -> Quarantined and deleted successfully.
      C:\Qoobox\Quarantine\C\WINDOWS\system32\8.tmp.vir (Worm.P2P) -> Quarantined and deleted successfully.
      C:\Qoobox\Quarantine\C\WINDOWS\system32\D.tmp.vir (Worm.P2P) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\2.tmp (Worm.P2P) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\4E.tmp (Worm.P2P) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\LocalService\2.tmp (Worm.Archive) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\LocalService\293.crack.zip (Worm.Archive) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\LocalService\293.crack.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\LocalService\294.keygen.zip (Worm.Archive) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\LocalService\294.keygen.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\LocalService\295.serial.zip (Worm.Archive) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\LocalService\295.serial.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\LocalService\296.setup.zip (Worm.Archive) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\LocalService\296.setup.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\LocalService\301.music.au (Worm.Archive) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\LocalService\301.music.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\LocalService\302.music2.au (Worm.Archive) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\LocalService\302.music2.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\LocalService\303.music3.au (Worm.Archive) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\LocalService\303.music3.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\LocalService\304.music4.au (Worm.Archive) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\LocalService\304.music4.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\GroupPolicy000.dat (Malware.Trace) -> Quarantined and deleted successfully.
      C:\WINDOWS\GnuHashes.ini (Malware.Trace) -> Quarantined and deleted successfully.
      0
  9. benurrr Messages postés 9766 Statut Contributeur sécurité 107
     
    Salut,

    Télécharge et installe UsbFix de C_XX & Chiquitine29 :

    http://sd-1.archive-host.com/membres/up/127028005715545653/UsbFix.exe

    Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d’avoir été infectés sans les ouvrir !

    * Double clique sur UsbFix.exe présent sur le bureau.

    Tape F pour français , et pressez enter pour valider

    Dans le second menu qui apparait

    * Choisis l’option 1 (Recherche)

    * Laisse travailler l’outil.cela peut prendre plusieurs minutes, soit patient
    * Ensuite poste l’intégralité du rapport UsbFix.txt qui apparaîtra.

    Notes :
    - Le rapport UsbFix.txt est sauvegardé a la racine du disque. (C:\UsbFix.txt)

    (CTRL+A Pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller sur le forum).

    - "Process.exe", une composante de l’outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s’agit pas d’un virus, mais d’un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d’où l’alerte émise par ces antivirus.
    0
    1. bibi270 Messages postés 36 Statut Membre
       
      ############################## | UsbFix V6.036 |

      User : BEA ET PATRICK (Administrateurs) # BIBLOCQU-GRMNFP
      Update on 21/09/2009 by Chiquitine29, C_XX & Chimay8
      Start at: 10:45:22 | 23/09/2009
      Website : http://pagesperso-orange.fr/NosTools/index.html

      Intel(R) Pentium(R) 4 CPU 2.60GHz
      Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
      Internet Explorer 6.0.2900.2180
      Windows Firewall Status : Enabled
      AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]

      A:\ -> Lecteur de disquettes 3 ½ pouces
      C:\ -> Disque fixe local # 39,07 Go (9,56 Go free) # NTFS
      D:\ -> Disque fixe local # 75,42 Go (70,88 Go free) [D] # NTFS
      E:\ -> Disque CD-ROM
      F:\ -> Disque CD-ROM
      G:\ -> Disque amovible # 1,88 Go (765,95 Mo free) # FAT32

      ############################## | Processus actifs |

      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Avira\AntiVir Desktop\sched.exe
      C:\Program Files\Avira\AntiVir Desktop\avguard.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Ahead\InCD\InCDsrv.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\TUProgSt.exe
      C:\WINDOWS\system32\SearchIndexer.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
      C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
      C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\System32\alg.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\WINDOWS\System32\wbem\wmiprvse.exe
      C:\WINDOWS\SoftwareDistribution\Download\fb7e4e3914021d8e9d80ac8f418fa4bb\update\update.exe

      ################## | Fichiers # Dossiers infectieux |


      ################## | Registre # Clés Run infectieuses |

      [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools"
      [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"
      [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"

      ################## | Registre # Mountpoints2 |


      ################## | ! Fin du rapport # UsbFix V6.036 ! |


      Le routeur ne clignote plus.J'ai l'impression de retrouver mon pc d'avant.

      Merci
      0
  10. benurrr Messages postés 9766 Statut Contributeur sécurité 107
     
    Relance usbfix et choisie l'option 2 suppression

    poste le rapport générer
    0
    1. bibi270 Messages postés 36 Statut Membre
       
      ############################## | UsbFix V6.036 |

      User : BEA ET PATRICK (Administrateurs) # BIBLOCQU-GRMNFP
      Update on 21/09/2009 by Chiquitine29, C_XX & Chimay8
      Start at: 11:11:40 | 24/09/2009
      Website : http://pagesperso-orange.fr/NosTools/index.html

      Intel(R) Pentium(R) 4 CPU 2.60GHz
      Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
      Internet Explorer 6.0.2900.2180
      Windows Firewall Status : Enabled
      AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]

      A:\ -> Lecteur de disquettes 3 ½ pouces
      C:\ -> Disque fixe local # 39,07 Go (9,33 Go free) # NTFS
      D:\ -> Disque fixe local # 75,42 Go (70,88 Go free) [D] # NTFS
      E:\ -> Disque CD-ROM
      F:\ -> Disque CD-ROM
      G:\ -> Disque amovible # 1,88 Go (765,95 Mo free) # FAT32

      ############################## | Processus actifs |

      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\logonui.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Avira\AntiVir Desktop\sched.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Avira\AntiVir Desktop\avguard.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Ahead\InCD\InCDsrv.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\userinit.exe
      C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\TUProgSt.exe
      C:\WINDOWS\system32\SearchIndexer.exe
      C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
      C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
      C:\WINDOWS\system32\wbem\wmiprvse.exe

      ################## | Fichiers # Dossiers infectieux |


      ################## | Registre # Clés Run infectieuses |

      Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools"
      Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"

      ################## | Registre # Mountpoints2 |


      ################## | Listing des fichiers présent |

      [16/01/2009 12:07|--a------|0] C:\AUTOEXEC.BAT
      [21/09/2009 10:46|--a------|212] C:\Boot.bak
      [22/09/2009 10:36|-rahs----|282] C:\boot.ini
      [24/04/2003 14:00|-rahs----|4952] C:\Bootfont.bin
      [29/08/2002 01:06|--a------|249136] C:\cmldr
      [16/01/2009 12:07|--a------|0] C:\CONFIG.SYS
      [16/01/2009 12:07|-rahs----|0] C:\IO.SYS
      [16/01/2009 12:07|-rahs----|0] C:\MSDOS.SYS
      [22/09/2009 10:31|-rahs----|47564] C:\NTDETECT.COM
      [22/09/2009 10:31|-rahs----|251712] C:\ntldr
      [29/02/2004 17:44|--a------|52576] C:\orange.bmp
      [?|?|?] C:\pagefile.sys
      [17/04/2009 20:43|--ah-----|268] C:\sqmdata00.sqm
      [18/04/2009 09:53|--ah-----|268] C:\sqmdata01.sqm
      [18/04/2009 11:52|--ah-----|268] C:\sqmdata02.sqm
      [18/04/2009 21:01|--ah-----|268] C:\sqmdata03.sqm
      [19/04/2009 16:39|--ah-----|268] C:\sqmdata04.sqm
      [19/04/2009 19:34|--ah-----|268] C:\sqmdata05.sqm
      [19/04/2009 21:35|--ah-----|268] C:\sqmdata06.sqm
      [20/04/2009 13:08|--ah-----|268] C:\sqmdata07.sqm
      [23/04/2009 22:36|--ah-----|268] C:\sqmdata08.sqm
      [24/04/2009 21:02|--ah-----|268] C:\sqmdata09.sqm
      [08/06/2009 17:22|--ah-----|268] C:\sqmdata10.sqm
      [05/07/2009 13:29|--ah-----|268] C:\sqmdata11.sqm
      [25/03/2009 14:31|--ah-----|268] C:\sqmdata12.sqm
      [25/03/2009 21:13|--ah-----|268] C:\sqmdata13.sqm
      [26/03/2009 12:22|--ah-----|268] C:\sqmdata14.sqm
      [27/03/2009 09:17|--ah-----|268] C:\sqmdata15.sqm
      [27/03/2009 12:17|--ah-----|268] C:\sqmdata16.sqm
      [30/03/2009 18:46|--ah-----|268] C:\sqmdata17.sqm
      [16/04/2009 21:28|--ah-----|268] C:\sqmdata18.sqm
      [17/04/2009 16:06|--ah-----|268] C:\sqmdata19.sqm
      [17/04/2009 20:43|--ah-----|244] C:\sqmnoopt00.sqm
      [18/04/2009 09:53|--ah-----|244] C:\sqmnoopt01.sqm
      [18/04/2009 11:52|--ah-----|244] C:\sqmnoopt02.sqm
      [18/04/2009 21:01|--ah-----|244] C:\sqmnoopt03.sqm
      [19/04/2009 16:39|--ah-----|244] C:\sqmnoopt04.sqm
      [19/04/2009 19:34|--ah-----|244] C:\sqmnoopt05.sqm
      [19/04/2009 21:35|--ah-----|244] C:\sqmnoopt06.sqm
      [20/04/2009 13:08|--ah-----|244] C:\sqmnoopt07.sqm
      [23/04/2009 22:36|--ah-----|244] C:\sqmnoopt08.sqm
      [24/04/2009 21:02|--ah-----|244] C:\sqmnoopt09.sqm
      [08/06/2009 17:22|--ah-----|244] C:\sqmnoopt10.sqm
      [05/07/2009 13:29|--ah-----|244] C:\sqmnoopt11.sqm
      [25/03/2009 14:31|--ah-----|244] C:\sqmnoopt12.sqm
      [25/03/2009 21:13|--ah-----|244] C:\sqmnoopt13.sqm
      [26/03/2009 12:22|--ah-----|244] C:\sqmnoopt14.sqm
      [27/03/2009 09:17|--ah-----|244] C:\sqmnoopt15.sqm
      [27/03/2009 12:17|--ah-----|244] C:\sqmnoopt16.sqm
      [30/03/2009 18:46|--ah-----|244] C:\sqmnoopt17.sqm
      [16/04/2009 21:28|--ah-----|244] C:\sqmnoopt18.sqm
      [17/04/2009 16:06|--ah-----|244] C:\sqmnoopt19.sqm
      [21/09/2009 09:30|--a------|2709] C:\TB.txt
      [18/01/2009 18:44|--a------|594] C:\updatedatfix.log
      [24/09/2009 11:14|--a------|5246] C:\UsbFix.txt
      [15/01/2009 12:29|--a------|2715] D:\adresse email.txt
      [17/02/2009 10:36|--a------|7995676] D:\HONDAFX25.pdf
      [30/01/2007 11:01|--a------|25600] D:\modele lettre tourneur.doc
      [31/10/2005 17:56|--a------|700416] D:\StubInstaller.exe
      [13/06/2009 11:39|--a------|0] G:\rw1.tmp
      [19/09/2009 10:26|--a------|847938] G:\Money Sauvegarder d1.mbf
      [05/07/2009 11:47|--a------|0] G:\rw2.tmp
      [10/07/2009 11:59|--a------|0] G:\rw3.tmp
      [01/08/2009 12:27|--a------|0] G:\rw4.tmp
      [01/08/2009 19:03|--a------|0] G:\rw5.tmp
      [29/08/2009 09:05|--a------|0] G:\rw6.tmp
      [06/09/2009 11:11|--a------|0] G:\rw7.tmp
      [19/09/2009 10:26|--a------|0] G:\rw8.tmp

      ################## | Vaccination |

      # C:\autorun.inf -> Folder created by UsbFix.
      # D:\autorun.inf -> Folder created by UsbFix.
      # G:\autorun.inf -> Folder created by UsbFix.

      ################## | ! Fin du rapport # UsbFix V6.036 ! |
      0
  11. benurrr Messages postés 9766 Statut Contributeur sécurité 107
     
    bonjour

    /!\ Manip crée spécialement pour cet utilisateur , ne pas reproduire chez soi ... /!\

    Ouvre le Bloc-Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)

    Copie ce texte ( en gras )d'une traite ( CTRL+C pour copier ) puis colle-le ( CTRL+V dans le bloc-note )

    File::
    C:\WINDOWS\System32\4E.tmp
    C:\WINDOWS\SET70.tmp
    C:\WINDOWS\NV908920.TMP
    C:\WINDOWS\SET32.tmp
    C:\WINDOWS\System32\CF7883.exe
    C:\WINDOWS\System32\2.tmp
    C:\WINDOWS\System32\1.tmp
    C:\WINDOWS\System32\FM2032.dll


    Sauvegarde ce fichier sur ton bureau sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

    http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

    Cela va relancer Combofix,

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

    S'il n'y a pas de rédémarrage, poste quand même les rapports.

    0
    1. bibi270
       
      Logfile of random's system information tool 1.06 (written by random/random)
      Run by BEA ET PATRICK at 2009-09-25 15:57:22
      Microsoft Windows XP Professionnel Service Pack 3
      System drive C: has 9 GB (21%) free of 40 GB
      Total RAM: 2047 MB (78% free)

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 15:57:33, on 25/09/2009
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Avira\AntiVir Desktop\sched.exe
      C:\Program Files\Avira\AntiVir Desktop\avguard.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Ahead\InCD\InCDsrv.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\TUProgSt.exe
      C:\WINDOWS\system32\SearchIndexer.exe
      C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
      C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
      C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
      C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
      C:\WINDOWS\explorer.exe
      C:\Documents and Settings\BEA ET PATRICK\Bureau\RSIT.exe
      C:\Program Files\trend micro\BEA ET PATRICK.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
      O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
      O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
      O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
      O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
      O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
      O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
      O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
      O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
      O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
      O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
      O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
      0
    2. bibi270
       
      ComboFix 09-09-24.01 - BEA ET PATRICK 25/09/2009 16:04.3.2 - NTFSx86
      Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2047.1584 [GMT 2:00]
      Lancé depuis: c:\documents and settings\BEA ET PATRICK\Bureau\ComboFix.exe
      Commutateurs utilisés :: c:\documents and settings\BEA ET PATRICK\Bureau\CFScript.txt..txt
      AV: AntiVir Desktop *On-access scanning disabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}

      FILE ::
      "c:\windows\NV908920.TMP"
      "c:\windows\SET32.tmp"
      "c:\windows\SET70.tmp"
      "c:\windows\System32\1.tmp"
      "c:\windows\System32\2.tmp"
      "c:\windows\System32\4E.tmp"
      "c:\windows\System32\CF7883.exe"
      "c:\windows\System32\FM2032.dll"
      .

      ((((((((((((((((((((((((((((( Fichiers créés du 2009-08-25 au 2009-09-25 ))))))))))))))))))))))))))))))))))))
      .

      2009-09-25 13:17 . 2009-09-25 13:17 -------- d-----w- c:\windows\LastGood
      2009-09-23 08:45 . 2009-06-05 07:46 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll
      2009-09-23 08:44 . 2008-10-03 10:17 247326 -c----w- c:\windows\system32\dllcache\strmdll.dll
      2009-09-23 08:44 . 2009-09-24 09:14 -------- d-----w- C:\UsbFix
      2009-09-23 08:44 . 2008-05-01 14:31 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
      2009-09-23 08:43 . 2009-06-21 22:06 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
      2009-09-22 15:38 . 2009-09-22 15:38 -------- d-----w- c:\documents and settings\ROMANE\Application Data\Malwarebytes
      2009-09-22 13:24 . 2009-09-22 13:24 -------- d-----w- c:\documents and settings\CLEMENT\Application Data\Malwarebytes
      2009-09-22 08:35 . 2009-09-22 09:16 -------- d-----w- c:\windows\system32\wbem\Repository.001
      2009-09-22 05:33 . 2004-08-02 12:20 4569 ------w- c:\windows\system32\secupd.dat
      2009-09-21 20:44 . 2009-09-21 20:44 -------- d-----w- c:\documents and settings\BEA ET PATRICK\Application Data\Malwarebytes
      2009-09-21 20:44 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
      2009-09-21 20:44 . 2009-09-21 20:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
      2009-09-21 20:44 . 2009-09-21 20:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
      2009-09-21 20:44 . 2009-09-10 12:53 18520 ----a-w- c:\windows\system32\drivers\mbam.sys
      2009-09-21 20:06 . 2008-04-14 02:33 1097728 ----a-w- c:\windows\system32\esent.dll
      2009-09-21 19:54 . 2008-04-14 02:33 354304 ----a-w- c:\windows\system32\winhttp.dll
      2009-09-21 19:54 . 2008-04-14 02:33 18944 ----a-w- c:\windows\system32\qmgrprxy.dll
      2009-09-21 08:52 . 2003-04-24 12:00 70656 -c--a-w- c:\windows\system32\dllcache\korwbrkr.dll
      2009-09-21 08:51 . 2003-04-24 12:00 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe
      2009-09-21 08:51 . 2003-04-24 12:00 19968 -c--a-w- c:\windows\system32\dllcache\inetsloc.dll
      2009-09-21 08:51 . 2003-04-24 12:00 5632 -c--a-w- c:\windows\system32\dllcache\iisrstap.dll
      2009-09-21 08:51 . 2003-04-24 12:00 173056 -c--a-w- c:\windows\system32\dllcache\iisui.dll
      2009-09-21 08:51 . 2003-04-24 12:00 14848 -c--a-w- c:\windows\system32\dllcache\iisreset.exe
      2009-09-21 08:51 . 2003-04-24 12:00 6144 -c--a-w- c:\windows\system32\dllcache\ftpsapi2.dll
      2009-09-21 08:51 . 2008-04-13 18:46 19200 ----a-w- c:\windows\system32\drivers\wstcodec.sys
      2009-09-21 08:51 . 2008-04-13 18:39 5504 ----a-w- c:\windows\system32\drivers\mstee.sys
      2009-09-21 08:51 . 2008-04-13 18:46 17024 ----a-w- c:\windows\system32\drivers\ccdecode.sys
      2009-09-21 08:51 . 2008-04-13 18:46 85248 ----a-w- c:\windows\system32\drivers\nabtsfec.sys
      2009-09-21 08:47 . 2008-04-14 02:33 190464 ----a-w- c:\windows\system32\accwiz.exe
      2009-09-21 08:45 . 2008-04-13 18:45 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
      2009-09-21 08:45 . 2008-04-13 18:45 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
      2009-09-21 08:32 . 2008-04-14 01:57 58752 ----a-w- c:\windows\system32\drivers\redbook.sys
      2009-09-21 08:31 . 2009-09-21 08:31 -------- d-----w- c:\windows\NV908920.TMP
      2009-09-21 08:30 . 2008-04-14 02:33 4096 ----a-w- c:\windows\system32\ksuser.dll
      2009-09-21 08:30 . 2008-04-14 02:34 40840 ----a-w- c:\windows\system32\drivers\termdd.sys
      2009-09-21 08:30 . 2008-04-13 18:32 196224 ----a-w- c:\windows\system32\drivers\rdpdr.sys
      2009-09-21 08:28 . 2003-04-24 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
      2009-09-21 08:28 . 2003-04-24 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
      2009-09-21 08:28 . 2008-04-14 02:34 146944 ----a-w- c:\windows\system\winspool.drv
      2009-09-21 08:28 . 2008-04-14 02:33 76800 ----a-w- c:\windows\system32\storprop.dll
      2009-09-21 08:28 . 2008-04-13 18:54 11264 ----a-w- c:\windows\system32\drivers\irenum.sys
      2009-09-21 08:28 . 2003-04-24 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
      2009-09-21 08:28 . 2003-04-24 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
      2009-09-20 17:18 . 2009-09-21 07:30 -------- d-----w- C:\ToolBar SD
      2009-09-20 16:48 . 2009-09-25 13:57 -------- d-----w- c:\program files\trend micro
      2009-09-20 16:48 . 2009-09-20 16:48 -------- d-----w- C:\rsit
      2009-09-20 16:21 . 2009-09-20 16:21 -------- d-----w- c:\program files\VS Revo Group
      2009-09-18 19:01 . 2009-09-18 19:01 -------- d-----w- c:\documents and settings\CLEMENT\Local Settings\Application Data\HP
      2009-09-18 12:30 . 2009-09-18 12:30 -------- d-----w- c:\documents and settings\BEA ET PATRICK\Application Data\Avira
      2009-09-18 12:17 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
      2009-09-18 12:17 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
      2009-09-18 12:17 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
      2009-09-18 12:17 . 2009-09-18 12:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
      2009-09-18 12:17 . 2009-09-18 12:17 -------- d-----w- c:\program files\Avira
      2009-09-16 17:53 . 2009-09-16 17:53 -------- d-----w- c:\windows\l2schemas
      2009-09-16 17:53 . 2009-09-16 17:53 -------- d-----w- c:\windows\system32\fr
      2009-09-16 17:53 . 2009-09-16 17:53 -------- d-----w- c:\windows\system32\bits
      2009-09-16 13:35 . 2009-09-16 13:35 -------- d-----w- c:\program files\Guitar Pro 5
      2009-09-05 17:45 . 2009-09-05 17:45 -------- d-----w- c:\documents and settings\LAURA\Local Settings\Application Data\Microsoft Help
      2009-09-05 15:32 . 2009-09-18 17:27 -------- d-----w- c:\documents and settings\LAURA\Tracing
      2009-09-03 15:34 . 2009-09-03 15:34 -------- d-----w- c:\windows\system32\drivers\umdf
      2009-08-29 19:23 . 2009-08-29 19:23 -------- d-----w- c:\documents and settings\BEA ET PATRICK\Application Data\AVS4YOU
      2009-08-29 19:23 . 2009-08-29 19:23 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
      2009-08-29 19:22 . 2009-09-03 15:35 -------- d-----w- c:\program files\Fichiers communs\AVSMedia
      2009-08-29 19:22 . 2008-08-13 09:22 974848 ----a-w- c:\windows\system32\mfc70.dll
      2009-08-29 19:22 . 2008-08-13 09:22 24576 ----a-w- c:\windows\system32\msxml3a.dll
      2009-08-29 19:22 . 2009-09-03 15:35 -------- d-----w- c:\program files\AVS4YOU
      2009-08-29 18:51 . 2009-08-29 18:51 -------- d-----w- c:\documents and settings\BEA ET PATRICK\Application Data\VistaCodecs
      2009-08-29 18:50 . 2009-08-29 18:51 -------- d-----w- c:\program files\VistaCodecPack
      2009-08-29 18:49 . 2009-08-29 18:51 -------- d-----w- c:\documents and settings\All Users\Application Data\VistaCodecs
      2009-08-29 16:42 . 2009-08-29 16:42 -------- d-----w- c:\documents and settings\BEA ET PATRICK\Local Settings\Application Data\WinAVI
      2009-08-29 16:42 . 2009-08-29 17:10 -------- d-----w- c:\program files\WinAVI Video Converter
      2009-08-29 16:09 . 2009-08-29 16:09 70144 ----a-w- c:\windows\system32\drivers\qrppcqbwqwkutoic.sys
      2009-08-27 09:16 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\usbaudio.sys
      2009-08-27 08:05 . 2009-08-27 08:05 -------- d-----w- c:\windows\system32\XPSViewer
      2009-08-27 08:05 . 2009-08-27 08:05 -------- d-----w- c:\program files\Reference Assemblies
      2009-08-27 08:04 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
      2009-08-27 08:04 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
      2009-08-27 08:04 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
      2009-08-27 08:02 . 2009-08-27 08:02 -------- d-----w- c:\program files\MSXML 6.0
      2009-08-26 20:06 . 2009-08-26 20:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2009-09-25 14:02 . 2009-01-17 15:08 -------- d-----w- c:\documents and settings\BEA ET PATRICK\Application Data\HPAppData
      2009-09-25 13:19 . 2003-04-24 12:00 90268 ----a-w- c:\windows\system32\perfc00C.dat
      2009-09-25 13:19 . 2003-04-24 12:00 525742 ----a-w- c:\windows\system32\perfh00C.dat
      2009-09-23 13:50 . 2009-01-27 16:32 -------- d-----w- c:\documents and settings\CLEMENT\Application Data\HPAppData
      2009-09-22 15:38 . 2009-01-27 16:54 115184 ----a-w- c:\documents and settings\ROMANE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
      2009-09-21 15:18 . 2009-01-27 16:27 115184 ----a-w- c:\documents and settings\CLEMENT\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
      2009-09-21 09:02 . 2009-01-16 10:46 115184 ----a-w- c:\documents and settings\BEA ET PATRICK\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
      2009-09-21 08:48 . 2009-01-16 10:04 23032 ----a-w- c:\windows\system32\emptyregdb.dat
      2009-09-20 16:15 . 2009-01-17 14:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
      2009-09-18 17:27 . 2009-02-24 16:22 115184 ----a-w- c:\documents and settings\LAURA\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
      2009-09-18 12:14 . 2009-01-17 14:46 -------- d-----w- c:\program files\Spybot - Search & Destroy
      2009-09-17 18:35 . 2009-01-16 10:14 -------- d--h--w- c:\program files\InstallShield Installation Information
      2009-09-17 18:15 . 2009-03-17 17:18 -------- d-----w- c:\documents and settings\BEA ET PATRICK\Application Data\FrostWire
      2009-09-17 17:11 . 2009-01-18 17:25 -------- d-----w- c:\program files\eMule
      2009-09-11 09:47 . 2009-01-16 20:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
      2009-09-05 17:45 . 2009-02-24 16:26 -------- d-----w- c:\documents and settings\LAURA\Application Data\HPAppData
      2009-08-31 15:15 . 2009-01-27 16:59 -------- d-----w- c:\documents and settings\ROMANE\Application Data\HPAppData
      2009-08-30 16:52 . 2009-03-21 09:57 -------- d-----w- c:\documents and settings\BEA ET PATRICK\Application Data\dvdcss
      2009-08-27 09:19 . 2009-05-02 11:49 -------- d-----w- c:\documents and settings\BEA ET PATRICK\Application Data\vlc
      2009-08-27 08:05 . 2009-01-16 20:53 -------- d-----w- c:\program files\MSBuild
      2009-08-26 20:17 . 2009-02-13 14:01 -------- d-----w- c:\program files\Windows Desktop Search
      2009-08-26 08:17 . 2009-04-29 15:04 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
      2009-08-25 09:44 . 2009-08-25 09:43 -------- d-----w- c:\program files\Pinnacle
      2009-08-19 16:35 . 2009-06-05 16:54 -------- d-----w- c:\program files\Windows Live
      2009-08-19 16:34 . 2009-08-19 16:34 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
      2009-08-19 16:33 . 2009-01-28 09:17 -------- d-----w- c:\program files\MSN Messenger
      2009-08-19 16:33 . 2009-08-19 16:33 -------- d-----w- c:\program files\Microsoft
      2009-08-19 16:32 . 2009-08-19 16:32 -------- d-----w- c:\program files\Windows Live SkyDrive
      2009-08-19 07:57 . 2009-06-05 16:54 -------- d-----w- c:\program files\Messenger Plus! Live
      2009-08-07 18:17 . 2009-08-07 18:17 -------- d-----w- c:\program files\Fichiers communs\DVDVIDEOSOFT
      2009-08-05 17:26 . 2009-08-05 17:26 -------- d-----w- c:\program files\TechCity Solutions
      2009-08-05 17:26 . 2009-08-05 17:22 -------- d-----w- c:\program files\Alice
      2009-07-26 14:44 . 2009-07-26 14:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
      2009-07-17 18:56 . 2003-04-24 12:00 58880 ----a-w- c:\windows\system32\atl.dll
      2009-07-12 10:21 . 2009-01-16 10:40 233472 ------w- c:\windows\system32\wmpdxm.dll
      2009-07-10 11:01 . 2009-07-10 11:01 307560 ----a-w- c:\windows\WLXPGSS.SCR
      2009-06-29 01:32 . 2009-06-29 01:32 85504 ----a-w- c:\windows\system32\ff_vfw.dll
      2009-03-19 18:26 . 2009-03-19 18:26 56 --sh--r- c:\windows\system32\7B17252C37.sys
      2009-03-19 18:26 . 2009-03-19 18:26 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys
      .

      ------- Sigcheck -------

      [7] 2008-04-14 02:33 . AA370F0D5B900E13D40E9CB834B5DA10 . 52736 . . [9.0.1.56] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\mspmsnsv.dll
      [7] 2008-04-14 02:33 . AA370F0D5B900E13D40E9CB834B5DA10 . 52736 . . [9.0.1.56] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\mspmsnsv.dll
      [7] 2008-04-14 02:33 . AA370F0D5B900E13D40E9CB834B5DA10 . 52736 . . [9.0.1.56] . . c:\windows\system32\dllcache\mspmsnsv.dll
      [-] 2006-08-24 20:30 . 482069CDA24AA0E94B1351E30EB3D01F . 27648 . . [11.0.5705.5043] . . c:\windows\system32\mspmsnsv.dll
      [7] 2004-08-19 15:09 . 535D54D2AF721A3497F058CAA2C63447 . 52736 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
      [7] 2004-08-19 15:09 . 535D54D2AF721A3497F058CAA2C63447 . 52736 . . [9.0.1.56] . . c:\windows\ServicePackFiles\i386\mspmsnsv.dll
      [7] 2004-08-19 15:09 . 535D54D2AF721A3497F058CAA2C63447 . 52736 . . [9.0.1.56] . . c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\mspmsnsv.dll
      .
      ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
      "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]
      "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
      "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
      "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
      "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
      "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
      "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-03 1630208]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

      c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
      HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
      "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Accélérateur de démarrage AutoCAD.lnk]
      path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Accélérateur de démarrage AutoCAD.lnk
      backup=c:\windows\pss\Accélérateur de démarrage AutoCAD.lnkCommon Startup

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
      "Rainlendar2"=c:\program files\Rainlendar2\Rainlendar2.exe
      "ctfmon.exe"=c:\windows\system32\ctfmon.exe
      "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
      "HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
      "hpqSRMon"=c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe
      "SoundMAX"="c:\program files\Analog Devices\SoundMAX\Smax4.exe" /tray
      "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
      "InCD"=c:\program files\Ahead\InCD\InCD.exe
      "NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
      "nwiz"=nwiz.exe /install
      "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
      "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      "AliceSAV"=c:\program files\TechCity Solutions\AliceSAV\AliceAgent.exe

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
      "c:\\Program Files\\iTunes\\iTunes.exe"=
      "d:\\StubInstaller.exe"=
      "c:\\Program Files\\Messenger\\msmsgs.exe"=
      "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
      "c:\\Program Files\\eMule\\emule.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "c:\\WINDOWS\\system32\\dpvsetup.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "4662:TCP"= 4662:TCP:emule entrant
      "4672:UDP"= 4672:UDP:emule sortant

      R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [18/09/2009 14:17 194817]
      R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [18/09/2009 14:17 108289]
      R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [18/09/2009 14:17 434945]
      R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [30/01/2009 12:23 603904]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
      hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
      .
      Contenu du dossier 'Tâches planifiées'

      2009-09-16 c:\windows\Tasks\AppleSoftwareUpdate.job
      - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

      2009-09-25 c:\windows\Tasks\Maintenance en 1 clic.job
      - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-12 14:04]
      .
      .
      ------- Examen supplémentaire -------
      .
      mWindow Title =
      uInternet Settings,ProxyOverride = *.local
      IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
      LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
      FF - ProfilePath - c:\documents and settings\BEA ET PATRICK\Application Data\Mozilla\Firefox\Profiles\h0pfpcdl.default\
      FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2088315&SearchSource=3&q={searchTerms}
      FF - prefs.js: browser.search.selectedEngine - ecouter-la-radio Customized Web Search
      FF - prefs.js: browser.startup.homepage - hxxp://www.aliceadsl.fr/
      FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2088315&SearchSource=2&q=
      FF - component: c:\documents and settings\BEA ET PATRICK\Application Data\Mozilla\Firefox\Profiles\h0pfpcdl.default\extensions\{6e454792-2f36-46d3-bb20-4be949b6fb8a}\components\FFExternalAlert.dll
      FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
      FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
      FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
      FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
      FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
      .

      **************************************************************************

      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2009-09-25 16:08
      Windows 5.1.2600 Service Pack 3 NTFS

      Recherche de processus cachés ...

      Recherche d'éléments en démarrage automatique cachés ...

      Recherche de fichiers cachés ...

      Scan terminé avec succès
      Fichiers cachés: 0

      **************************************************************************
      .
      --------------------- DLLs chargées dans les processus actifs ---------------------

      - - - - - - - > 'lsass.exe'(964)
      c:\program files\Avira\AntiVir Desktop\avsda.dll

      - - - - - - - > 'explorer.exe'(2384)
      c:\program files\Windows Desktop Search\deskbar.dll
      c:\program files\Windows Desktop Search\fr-fr\dbres.dll.mui
      c:\program files\Windows Desktop Search\dbres.dll
      c:\program files\Windows Desktop Search\wordwheel.dll
      c:\program files\Windows Desktop Search\fr-fr\msnlExtRes.dll.mui
      c:\program files\Windows Desktop Search\msnlExtRes.dll
      c:\windows\system32\eappprxy.dll
      c:\windows\system32\WPDShServiceObj.dll
      c:\windows\system32\PortableDeviceTypes.dll
      c:\windows\system32\PortableDeviceApi.dll
      .
      Heure de fin: 2009-09-25 16:10
      ComboFix-quarantined-files.txt 2009-09-25 14:10
      ComboFix2.txt 2009-09-25 13:51

      Avant-CF: 8 984 248 320 octets libres
      Après-CF: 8 969 519 104 octets libres

      Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,5
      281 --- E O F --- 2009-09-25 13:00
      0
  12. benurrr Messages postés 9766 Statut Contributeur sécurité 107
     
    salut

    le script n'a pas fonctionner en va faire autrement

    ---> Télécharge OTM sur ton Bureau :
    http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/

    Fais un clic droit sur OTM et choisis Exécuter en tant qu'administrateur.
    Copie le texte ci-dessous dans le cadre Paste Instructions for Items to be Moved, ensuite clic sur le bouton MoveIt! puis ferme OTM.

    :processes
    explorer.exe

    :files
    c:\windows\NV908920.TMP"
    c:\windows\SET32.tmp"
    c:\windows\SET70.tmp"
    c:\windows\System32\1.tmp"
    c:\windows\System32\2.tmp"
    c:\windows\System32\4E.tmp"
    c:\windows\System32\CF7883.exe"
    c:\windows\System32\FM2032.dll"

    :commands
    [emptytemp]
    [start explorer]
    [reboot]
    0
    1. bibi270
       
      ========== PROCESSES ==========
      No active process named explorer.exe was found!
      ========== FILES ==========
      Folder move failed. c:\windows\NV908920.TMP scheduled to be moved on reboot.
      File/Folder c:\windows\SET32.tmp" not found.
      File/Folder c:\windows\SET70.tmp" not found.
      File/Folder c:\windows\System32\1.tmp" not found.
      File/Folder c:\windows\System32\2.tmp" not found.
      File/Folder c:\windows\System32\4E.tmp" not found.
      File/Folder c:\windows\System32\CF7883.e not found.

      OTM by OldTimer - Version 3.0.0.6 log created on 09262009_085853
      0
  13. benurrr Messages postés 9766 Statut Contributeur sécurité 107
     
    salut

    un nouveau rapport rsit stp
    0
    1. bibi270
       
      Logfile of random's system information tool 1.06 (written by random/random)
      Run by BEA ET PATRICK at 2009-09-26 13:42:26
      Microsoft Windows XP Professionnel Service Pack 3
      System drive C: has 8 GB (20%) free of 40 GB
      Total RAM: 2047 MB (69% free)

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 13:42:37, on 26/09/2009
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v8.00 (8.00.6001.18702)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Avira\AntiVir Desktop\sched.exe
      C:\Program Files\Avira\AntiVir Desktop\avguard.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Ahead\InCD\InCDsrv.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\TUProgSt.exe
      C:\WINDOWS\system32\SearchIndexer.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
      C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
      C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Documents and Settings\BEA ET PATRICK\Bureau\RSIT.exe
      C:\Program Files\trend micro\BEA ET PATRICK.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = https://support.microsoft.com/en-US/topic/internet-explorer-downloads-d49e1f0d-571c-9a7b-d97e-be248806ca70
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
      O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
      O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
      O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
      O20 - Winlogon Notify: f09cf21e669 - C:\WINDOWS\
      O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
      O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
      O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
      O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
      O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
      O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
      O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
      O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
      0
  14. benurrr Messages postés 9766 Statut Contributeur sécurité 107
     
    salut

    pour nettoyer les fix qui ont servit

    Ferme toutes les applications en cours, puis télécharge ToolsCleaner2 sur ton Bureau.
    http://pc-system.fr/

    Double clique sur ToolsCleaner2.exe >
    puis Recherche
    et sur Suppression
    Note : ton bureau va disparaître, c'est normal. S'il n'apparaît pas à la fin du scan, fais la manip suivante :

    CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches.
    Puis rends toi à l'onglet "Processus". Clique en haut à gauche sur Fichiers et choisis "Exécuter"

    Tape explorer.exe et valide. Cela fera re-apparaître le Bureau

    tu poste le rapport générer après suppression
    0
    1. bibi270
       
      [ Rapport ToolsCleaner version 2.3.10 (par A.Rothstein & dj QUIOU) ]

      --> Recherche:

      C:\Documents and Settings\BEA ET PATRICK\Bureau\ComboFix.exe: trouvé !

      ---------------------------------
      --> Suppression:

      C:\Documents and Settings\BEA ET PATRICK\Bureau\ComboFix.exe: ERREUR DE SUPPRESSION !!

      C'est le resultat apres une deuxieme suppession car j"ai oublie de faire un copier coller au premeir rapport
      il m'indiquait tous les autres fixes supprimes.

      Excuses moi pour ce premier rapport
      0
  15. benurrr Messages postés 9766 Statut Contributeur sécurité 107
     
    c'est rien

    combofix et toolscleane tu les supprime avec un avec un clic droit et tu fait supprimer après avoir passer ccleaner et un redémarrage

    tu va télécharger Ccleaner https://www.ccleaner.com/ccleaner/download

    ouvre "Ccleaner" vas dans l'onglet "Option" puis "Avancé" puis décoches "Effacer uniquement les fichiers, du dossier temp de Windows, plus vieux que 48 heures."

    . Puis vas dans l'onglet "Nettoyeur" fais "Analyse" puis "Lancer le nettoyage".
    Puis vas dans l'onglet "Registre" puis fait "Chercher des erreurs" puis "Réparer les erreurs sélectionnée"
    . Tu refais tous ca 4-5 fois (le nettoyage et le registre).

    Puis reste dans "Ccleaner" puis va dans "Option" puis "Propriété" puis coches "Nettoyer automatiquement l'ordinateur au démarrage".

    içi mode d'emploi pour ccleaner

    https://www.malekal.com/tutoriel-ccleaner/
    0
    1. bibi270 Messages postés 36 Statut Membre
       
      NETTOYAGE COMPLET - (3.662 secs)
      ------------------------------------------------------------------------------------------
      0 bytes supprimés.
      ------------------------------------------------------------------------------------------
      0
  16. benurrr Messages postés 9766 Statut Contributeur sécurité 107
     
    ok

    je te propose de regarder cet article pour voir si sa t'intéresse moi je te le conseille

    https://sebsauvage.net/logiciels/firefox.html

    ----------après

    va ici pour faire un scan antivirus en ligne pour finaliser le nettoyage et de détecter si ta des faille de sécurité

    https://www.trendmicro.com/en_us/forHome/products/housecall.html
    0
    1. bibi270 Messages postés 36 Statut Membre
       
      HouseCall - Scan et nettoyage terminés

      HouseCall a détecté et supprimé des menaces potentielles de votre ordinateur. Veillez à exécuter HouseCall une fois par semaine pour protéger votre PC contre les virus et programmes malveillants.

      Je l'ai passé 2 fois car il avait trouvé quelque chose.
      A+
      0
  17. benurrr Messages postés 9766 Statut Contributeur sécurité 107
     
    salut

    bye bye
    0
    1. bibi270 Messages postés 36 Statut Membre
       
      encore mille fois merci et bonne continuation
      0