Analyse de rapport RSIT

############################## | UsbFix V6.052 |

User : Administrateur (Administrateurs) # NOM-FB9B15D2723
Update on 13/11/2009 by Chiquitine29, C_XX & Chimay8
Start at: 15:36:05 | 14/11/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

AMD Athlon(tm) 64 Processor 3500+
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : AVG 0.0 [ (!) Disabled | (!) Outdated ]
AV : Microsoft Security Essentials 2.0.6212.0 [ Enabled | Updated ]
FW : PC Tools Firewall Plus[ Enabled ]6.0.0

C:\ -> Disque fixe local # 142,38 Go (101,92 Go free) [PRESARIO] # NTFS
D:\ -> Disque fixe local # 6,66 Go (1,25 Go free) [PRESARIO_RP] # FAT32
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible # 1,86 Go (1,63 Go free) # FAT

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe 940
C:\WINDOWS\system32\csrss.exe 1228
C:\WINDOWS\system32\winlogon.exe 1352
C:\WINDOWS\system32\services.exe 1492
C:\WINDOWS\system32\lsass.exe 1528
C:\WINDOWS\system32\nvsvc32.exe 1768
C:\WINDOWS\system32\svchost.exe 1860
C:\WINDOWS\system32\svchost.exe 1948
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe 264
C:\WINDOWS\System32\svchost.exe 296
C:\WINDOWS\system32\svchost.exe 580
C:\WINDOWS\system32\spoolsv.exe 1220
C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe 396
C:\Program Files\Lexmark 5600-6600 Series\lxduMsdMon.exe 712
C:\WINDOWS\system32\svchost.exe 752
C:\Program Files\Microsoft Security Essentials\msseces.exe 804
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe 812
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe 684
C:\WINDOWS\arservice.exe 1348
C:\WINDOWS\eHome\ehRecvr.exe 1364
C:\WINDOWS\eHome\ehSched.exe 472
C:\Program Files\Java\jre6\bin\jqs.exe 568
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe 1280
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxduserv.exe 1936
C:\WINDOWS\system32\lxducoms.exe 836
C:\Program Files\PC Tools Firewall Plus\FWService.exe 1452
C:\WINDOWS\system32\svchost.exe 1556
C:\WINDOWS\system32\svchost.exe 172
C:\WINDOWS\ehome\mcrdsvc.exe 2128
C:\WINDOWS\system32\dllhost.exe 2472
C:\WINDOWS\System32\alg.exe 2024
C:\WINDOWS\System32\svchost.exe 3528
C:\HP\KBD\KBD.EXE 2052
c:\windows\system\hpsysdrv.exe 304
C:\Program Files\Java\jre6\bin\jusched.exe 2652
C:\WINDOWS\system32\Drwtsn32.exe 3420
C:\WINDOWS\system32\Drwtsn32.exe 2948
C:\WINDOWS\explorer.exe 2988
C:\Program Files\Opera\opera.exe 2772
C:\WINDOWS\system32\wbem\wmiprvse.exe 3256

################## | Fichiers # Dossiers infectieux |

C:\comment.htt
D:\comment.htt

################## | Registre # Clés Run infectieuses |

[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"
[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"
[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoResolveSearch"

################## | Registre # Mountpoints2 |


################## | Suspect | https://www.virustotal.com/gui/ |


################## | Cracks / Keygens / Serials |


################## | ! Fin du rapport # UsbFix V6.052 ! |

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2009-11-14 19:05:28
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 104 GB (72%) free of 146 GB
Total RAM: 3006 MB (80% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:05:46, on 14/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxduserv.exe
C:\WINDOWS\system32\lxducoms.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Administrateur\Bureau\reparation et desinfection\ANALYSEUR DE RAPPORTS\RSIT.exe
C:\Program Files\Trend Micro\Administrateur.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [lxdumon.exe] "C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe"
O4 - HKLM\..\Run: [lxduamon] "C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe"
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: Anti-Autorun-inf.lnk = C:\Program Files\Prg Chris\Anti-Autorun.inf\Anti-Autorun.inf.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (qsax Control) - https://www.bitdefender.com/toolbox/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/fr/scan8/oscan8.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - https://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: lxduCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe
O23 - Service: lxdu_device - - C:\WINDOWS\system32\lxducoms.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe

impossible de faire la mise a jour il me dit initialyze failed et avant en dezippant error internal date seting

VOILA j ai suprimé J AI KASPERSKY VIRUS REMOVAL TOOL sur une clé usb ça peut le faire ?

desolé mais y a pas une autre solution ? le scan prend fin a minuit donc je l ai stoppé

JE TE PRESENTE MES EXCUSE J AVAI S LANCER UNE DISCUSSION DIMANCHE DERNIER ET VU QUE J AVAIS PAS DE REPONSE J en ai lancé une autre c une maladresse de ma part je m en excuse encore

impossible a telecharger 403 forbiden

impossible de le telecharger il me met erreur 403 forbiden

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=80dab6f8101211469535e24d1fdabb7d
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2009-11-16 10:26:37
# local_time=2009-11-16 11:26:37 (+0100, Paris, Madrid)
# country="France"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 64754 64754 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=5891 16776869 100 100 7791 13020172 0 0
# compatibility_mode=8192 67108863 100 0 4034 4034 0 0
# scanned=152349
# found=2
# cleaned=0
# scan_time=3343
C:\Documents and Settings\Administrateur\Bureau\reparation et desinfection\pca\pca.exe probably unknown NewHeur_PE virus 359087D9931FF0EF5693D4123246D600 I
C:\Program Files\Piratrax\uninstall.exe probably unknown NewHeur_PE virus 1DA5A9C6000F2F33867715929C1D9A52 I

grand merci super bonne journée