Virus or not virus

Lysiane -
jlpjlp Messages postés 52399 Statut Contributeur sécurité - 9 févr. 2010 à 16:50

Bonjour,

J'ai un probleme avec mon PC, il plante assez souvent, dernierement j'ai choppé un vers (bagle) et depuis quelques jours je n'ai meme plus internet. Enfin c'est vraiment la galere.

J'ai Windows XP, pour la config du pc et d'autre info, je n'en ai aucune idée.

J'ai effectué une analyse Hitjackthis ainsi qu'une avec RSIT, je ne sais pas laquelle sera la mieux alors je vous poste les deux.

Merci a celui ou celle qui poura m'aider.

Analyse HitjackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:50:49, on 03/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\tlntsvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Lysiane\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.neuf.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Win32] msnsrv.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Win32] msnsrv.exe (User 'Default user')
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/fr/scan8/oscan8.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} - http://f005.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} - https://asp.photoprintit.de/microsite/12765/defaults/activex/ips/IPSUploader4.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - http://www.leaderphoto.com/uploaders/aurigma_4_7_16/ImageUploader4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6AACCF4F-6748-4033-B798-72B78FAFD28D}: NameServer = 192.168.1.1
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

--
End of file - 7497 bytes

Analyse RSIT:

Fichier log.txt:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Lysiane at 2010-02-03 21:49:11
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 4 GB (20%) free of 20 GB
Total RAM: 1023 MB (53% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\PCConfidential.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-09-29 344064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATnotes.exe]
C:\Program Files\ATnotes\ATnotes.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2003-10-26 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cloneur Expert Monitor]
C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
RunDll32 cmicnfg.cpl,CMICtrlWnd []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gStart]
D:\gérald\nuvi 360t\gStart.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
C:\Program Files\Hewlett-Packard\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [2005-06-01 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe [2005-04-12 1383936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
C:\Program Files\Microsoft IntelliPoint\point32.exe [2004-06-03 204800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
C:\Program Files\Spyware Doctor\pctsTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
C:\WINDOWS\KHALMNPR.EXE [2004-10-21 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft (R) Windows TCP/IP Socket Driver]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msconfig38]
mssvcc.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2005-04-14 1957888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\secures23]
mssecure.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe /icon []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spooler SubSystem App]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\type32]
C:\Program Files\Microsoft IntelliType Pro\type32.exe [2004-06-03 172032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VPbubble]
C:\Program Files\Nosibay\VPbubble\launcher.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2010-01-23 777424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows File Migration Wizard]
HIMENSYST.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL 9.0 Icône AOL.lnk]
C:\Program Files\AOL 9.0\aoltray.exe -check []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BTTray.lnk]
C:\PROGRA~1\Belkin\LOGICI~1\BTTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Craft ROBO Status Supervisor.lnk]
C:\PROGRA~1\CRAFTR~1\CRSSUP~1.EXE [2006-07-14 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk]
C:\PROGRA~1\Logitech\SetPoint\KEM.exe [2004-10-28 581632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
C:\PROGRA~1\Google\GOOGLE~1\GOOGLE~1.EXE -systray -startup []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-09-29 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-10-18 200064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
WRLogonNTF.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-04-03 81616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
:\WINDOWS\system32\srrst

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\WINDOWS\Offline Web Pages\explorer.exe"="C:\WINDOWS\Offline Web Pages\explorer.exe:*:Enabled:Explorer"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Ubisoft\Scrabble2009\ScrabblePCR.exe"="C:\Program Files\Ubisoft\Scrabble2009\ScrabblePCR.exe:*:Enabled:ScrabblePCR"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\WINDOWS\Offline Web Pages\explorer.exe"="C:\WINDOWS\Offline Web Pages\explorer.exe:*:Enabled:Explorer"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Ubisoft\Scrabble2009\ScrabblePCR.exe"="C:\Program Files\Ubisoft\Scrabble2009\ScrabblePCR.exe:*:Enabled:ScrabblePCR"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16bf6bd4-39b4-11dc-a413-000c76596314}]
shell\AutoRun\command - H:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b91b9b6-5291-11de-a7ed-000c76596314}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b91b9b7-5291-11de-a7ed-000c76596314}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95b8f75e-b515-11da-a1a5-000c76596314}]
shell\AutoRun\command - q1alx.exe
shell\open\command - q1alx.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd033ee2-fa17-11dd-a778-000c76596314}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

======List of files/folders created in the last 1 months======

2010-02-03 21:49:11 ----D---- C:\rsit
2010-02-01 21:20:42 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-01-30 15:41:10 ----A---- C:\Log.txt
2010-01-30 12:03:33 ----D---- C:\WINDOWS\IIS Temporary Compressed Files
2010-01-30 12:03:07 ----D---- C:\WINDOWS\system32\Cache
2010-01-30 12:02:58 ----A---- C:\WINDOWS\system32\snprfdll.dll
2010-01-30 12:02:58 ----A---- C:\WINDOWS\system32\smtpctrs.ini
2010-01-30 12:02:58 ----A---- C:\WINDOWS\system32\smtpctrs.dll
2010-01-30 12:02:58 ----A---- C:\WINDOWS\system32\regtrace.exe
2010-01-30 12:02:58 ----A---- C:\WINDOWS\system32\ntfsdrct.ini
2010-01-30 12:02:58 ----A---- C:\WINDOWS\system32\fcachdll.dll
2010-01-30 12:02:58 ----A---- C:\WINDOWS\system32\adsiisex.dll
2010-01-30 12:02:39 ----A---- C:\WINDOWS\system32\w3ctrs.ini
2010-01-30 12:02:38 ----A---- C:\WINDOWS\system32\w3svapi.dll
2010-01-30 12:02:38 ----A---- C:\WINDOWS\system32\w3ctrs.dll
2010-01-30 12:02:37 ----A---- C:\WINDOWS\system32\axperf.ini
2010-01-30 12:02:37 ----A---- C:\WINDOWS\system32\aspperf.dll
2010-01-30 12:02:36 ----A---- C:\WINDOWS\system32\iisrstap.dll
2010-01-30 12:02:36 ----A---- C:\WINDOWS\system32\iisreset.exe
2010-01-30 12:02:35 ----A---- C:\WINDOWS\system32\wamregps.dll
2010-01-30 12:02:35 ----A---- C:\WINDOWS\system32\infoctrs.ini
2010-01-30 12:02:35 ----A---- C:\WINDOWS\system32\inetsloc.dll
2010-01-30 12:02:35 ----A---- C:\WINDOWS\system32\iismui.dll
2010-01-30 12:02:35 ----A---- C:\WINDOWS\system32\ftpsapi2.dll
2010-01-30 12:02:34 ----A---- C:\WINDOWS\system32\infoctrs.dll
2010-01-30 12:02:34 ----A---- C:\WINDOWS\system32\convlog.exe
2010-01-30 12:02:34 ----A---- C:\WINDOWS\system32\admxprox.dll
2010-01-30 12:00:56 ----D---- C:\Inetpub
2010-01-30 11:44:39 ----D---- C:\Program Files\Trend Micro
2010-01-30 10:16:14 ----D---- C:\SCRABBLE.99
2010-01-30 10:16:14 ----D---- C:\Program Files\PC SCRABBLE 99
2010-01-30 10:16:13 ----D---- C:\Program Files\Alwil Software
2010-01-30 10:14:58 ----DC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-30 10:14:43 ----DC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-13 19:28:12 ----D---- C:\Documents and Settings\All Users\Application Data\Scrabble2009
2010-01-13 19:22:49 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2010-01-13 19:22:49 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2010-01-13 19:22:41 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2010-01-13 19:22:40 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2010-01-13 19:22:40 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2010-01-13 19:22:39 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2010-01-13 19:22:39 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2010-01-13 19:22:38 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2010-01-13 19:22:37 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2010-01-13 19:22:36 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2010-01-13 19:22:36 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2010-01-13 19:22:34 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2010-01-13 19:21:06 ----D---- C:\Program Files\Ubisoft
2010-01-13 18:10:21 ----D---- C:\directx
2010-01-12 18:45:19 ----D---- C:\Program Files\PopCap Games adventures

======List of files/folders modified in the last 1 months======

2010-02-03 21:49:17 ----D---- C:\WINDOWS\Prefetch
2010-02-03 21:07:47 ----D---- C:\WINDOWS\system32\inetsrv
2010-02-03 20:53:01 ----D---- C:\WINDOWS\Temp
2010-02-02 22:58:11 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-01 21:24:40 ----D---- C:\WINDOWS
2010-02-01 21:21:14 ----D---- C:\WINDOWS\system32\drivers
2010-02-01 21:21:12 ----D---- C:\WINDOWS\system32
2010-02-01 20:29:40 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-01 19:50:19 ----D---- C:\WINDOWS\Registration
2010-02-01 18:12:17 ----D---- C:\WINDOWS\Debug
2010-02-01 18:08:27 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-01 12:50:50 ----SHD---- C:\WINDOWS\CSC
2010-02-01 12:47:44 ----AD---- C:\Program Files
2010-01-30 15:00:08 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-01-30 15:00:02 ----HD---- C:\WINDOWS\inf
2010-01-30 13:26:27 ----D---- C:\WINDOWS\system32\ias
2010-01-30 13:26:22 ----AC---- C:\WINDOWS\ModemLog_Câble de communication entre deux ordinateurs.txt
2010-01-30 13:26:22 ----AC---- C:\WINDOWS\ModemLog_Câble de communication entre deux ordinateurs #2.txt
2010-01-30 12:26:29 ----D---- C:\WINDOWS\ie8updates
2010-01-30 12:17:30 ----D---- C:\WINDOWS\security
2010-01-30 12:16:09 ----HD---- C:\Config.Msi
2010-01-30 12:16:08 ----SHD---- C:\WINDOWS\Installer
2010-01-30 12:16:08 ----D---- C:\Program Files\Fichiers communs
2010-01-30 12:14:55 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-30 12:14:54 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-30 12:14:48 ----D---- C:\Program Files\Internet Explorer
2010-01-30 12:13:48 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-30 12:01:02 ----D---- C:\WINDOWS\Help
2010-01-30 11:58:41 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-01-30 11:58:19 ----D---- C:\Garmin
2010-01-30 10:25:28 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-30 10:17:37 ----D---- C:\WINDOWS\system32\config
2010-01-30 10:17:08 ----D---- C:\WINDOWS\system32\wbem
2010-01-30 10:16:41 ----D---- C:\WINDOWS\AppPatch
2010-01-30 10:15:39 ----D---- C:\WINDOWS\BDOSCAN8
2010-01-30 09:56:53 ----D---- C:\WINDOWS\network diagnostic
2010-01-30 03:00:37 ----SD---- C:\WINDOWS\Tasks
2010-01-29 21:02:06 ----D---- C:\images
2010-01-24 14:46:05 ----AC---- C:\WINDOWS\NeroDigital.ini
2010-01-23 12:16:15 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-01-23 11:37:57 ----SHD---- C:\System Volume Information
2010-01-23 11:37:57 ----D---- C:\WINDOWS\system32\Restore
2010-01-23 09:40:04 ----D---- C:\WINDOWS\WinSxS
2010-01-23 09:13:13 ----RSD---- C:\WINDOWS\Fonts
2010-01-23 09:09:26 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2010-01-23 09:04:17 ----D---- C:\Program Files\Windows Media Player
2010-01-22 13:17:58 ----D---- C:\Program Files\MSN Messenger
2010-01-22 13:16:32 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2010-01-13 19:22:43 ----D---- C:\WINDOWS\Microsoft.NET
2010-01-13 19:22:24 ----D---- C:\WINDOWS\system32\DirectX
2010-01-09 10:19:39 ----ASH---- C:\boot.ini
2010-01-09 10:19:39 ----A---- C:\WINDOWS\win.ini
2010-01-09 10:19:39 ----A---- C:\WINDOWS\system.ini
2010-01-05 01:17:46 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-04 01:40:34 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-14 41856]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-04-12 29056]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-01-03 5632]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\System32\drivers\CdaC15BA.SYS []
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2003-09-15 9728]
R2 Par1284;Par1284; \??\C:\Program Files\Cutting Master 2 for CraftROBO 1.10\Program\Par1284.sys []
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-09-29 800256]
R3 bcm4sbxp;MSI/Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys [2004-10-11 45056]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2004-04-23 818496]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2004-10-21 24671]
R3 LHidUsbK;Logitech SetPoint USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys [2004-10-21 38691]
R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2004-10-21 71535]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-28 12288]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-28 5888]
R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2005-04-12 99456]
S1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2005-04-12 28160]
S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14720]
S1 wzghui;wzghui; \??\C:\WINDOWS\system32\wzghui.sys []
S3 alcan5ln;Alcatel SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS); C:\WINDOWS\System32\DRIVERS\alcan5ln.sys [2002-06-06 36048]
S3 alcaudsl;Alcatel Speed Touch ADSL Modem ATM Transport; C:\WINDOWS\System32\DRIVERS\alcaudsl.sys [2002-06-25 743136]
S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\System32\DRIVERS\blueletaudio.sys [2004-10-19 20096]
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\System32\DRIVERS\btnetdrv.sys [2004-09-21 10804]
S3 btaudio;Périphérique audio Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2004-12-01 22488]
S3 BTDriver;Pilote de communications virtuelles Bluetooth; C:\WINDOWS\System32\DRIVERS\btport.sys []
S3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\System32\DRIVERS\vbtenum.sys [2004-09-21 11604]
S3 BTKRNL;Enumérateur de bus Bluetooth; C:\WINDOWS\System32\DRIVERS\btkrnl.sys []
S3 BTWDNDIS;Serveur d'accès au réseau local Bluetooth; C:\WINDOWS\System32\DRIVERS\btwdndis.sys []
S3 btwmodem;Modem Bluetooth; C:\WINDOWS\System32\DRIVERS\btwmodem.sys [2005-08-24 30189]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys []
S3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2003-10-19 25856]
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2004-09-29 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2004-09-29 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2003-03-09 21456]
S3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2004-10-21 54851]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2006-09-06 28256]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PALLADIA;Palladia 300/400 Usb Adsl Modem; C:\WINDOWS\System32\DRIVERS\usbiad.sys [2004-07-14 31547]
S3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys []
S3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\System32\DRIVERS\point32.sys [2004-06-03 20352]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SMCWGU(SMC);SMCWUSB-G 802.11g Wireless USB 2.0 Adapter(SMC); C:\WINDOWS\system32\DRIVERS\SMCWGU.sys [2005-12-16 408064]
S3 SQTECH905C;DualCamera; C:\WINDOWS\System32\Drivers\Capt905c.sys [2005-07-13 33890]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys []
S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys []
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys []
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 VComm;Virtual Serial port driver; C:\WINDOWS\System32\DRIVERS\VComm.sys [2004-10-19 61312]
S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2004-11-05 82148]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2003-12-22 104064]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\WINDOWS\System32\drivers\CDAC11BA.EXE [2005-10-27 54784]
R2 IISADMIN;Administration IIS; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872]
R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-04-12 869376]
R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872]
R2 W3SVC;Publication World Wide Web; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe []
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2004-09-29 516096]
S2 InCDsrvR;InCD Helper (read only); C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-04-12 869376]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 Boonty Games;Boonty Games; C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe []
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.exe [2004-09-29 69632]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2004-09-29 405504]
S4 WinDefend;Windows Defender Service; C:\Program Files\Windows Defender\MsMpEng.exe [2006-04-03 14032]

-----------------EOF-----------------

Fichier info.txt:

info.txt logfile of random's system information tool 1.06 2010-02-03 21:49:30

======Uninstall list======

-(/'|'\)- DivX 5.0.5 Pro Video Codec -(/'|'\)--->C:\WINDOWS\System32\rundll32.exe setupapi.dll,InstallHinfSection Remove_Mpeg_NT 132 C:\WINDOWS\INF\divx50.inf
-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\NuNInst.exe /UNINSTALL
-->C:\WINDOWS\unmrw.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNNMP.exe /UNINSTALL
-->C:\WINDOWS\UNNVEContent.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3ivx D4 4.0.4 (remove only)-->"C:\Program Files\3ivx\3ivx D4 4.0.4\uninstall.exe"
Adobe Acrobat 5.0-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
ATI - Utilitaire de désinstallation du logiciel-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Bookworm Adventures Deluxe 1.0.1.100-->C:\Program Files\PopCap Games adventures\Bookworm Adventures Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games adventures\Bookworm Adventures Deluxe\Install.log"
BookWorm-->"C:\Program Files\PopCap Games\BookWorm\Uninstall.exe" "C:\Program Files\PopCap Games\BookWorm\install.log"
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Chuzzle Deluxe 1.0-->C:\Program Files\PopCap Games\Chuzzle Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Chuzzle Deluxe\Install.log"
C-Media 3D Audio-->C:\WINDOWS\CMIUnInstall.exe
C-Media WDM Audio Driver-->C:\WINDOWS\system32\cmirmdrv.exe
Compel Adaptec WinASPI-->"C:\Program Files\WinASPI\unins000.exe"
Correctif pour Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Craft ROBO Controller-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97D52BC9-D904-413F-A0F7-E3EE4C95B623}\setup.exe" -l0x40c -uninst -removeonly
Craft ROBO Controller-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A4969B36-52D2-4624-A453-00DB6B7A18D8}\setup.exe" -l0x40c -uninst -removeonly
Cutting Master 2 for CraftROBO 1.10-->"C:\WINDOWS\IsUn040c.exe" -f"C:\Program Files\Cutting Master 2 for CraftROBO 1.10\Uninst.isu" -c"C:\Program Files\Cutting Master 2 for CraftROBO 1.10\Program\Uninstall.dll"
Direct Show Ogg Vorbis Filter (remove only)-->"C:\WINDOWS\System32\OggDSuninst.exe"
eMule-->"C:\Program Files\eMule\Uninstall.exe"
Extension HighMAT pour l'Assistant Graver un CD de Microsoft Windows XP-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
Garmin POI Loader-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{08E4AE58-748D-4983-9B8A-495E2341769F}\setup.exe" -l0x40c
Garmin POI Loader-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAD57DF8-1A63-43E0-9B7A-CC4040B730B8}\setup.exe" -l0x40c
HP Extended Capabilities 5.3-->C:\Program Files\Hewlett-Packard\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Photosmart 330,380,420,470,7800,8000,8200 Series-->C:\Program Files\Hewlett-Packard\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\setup\hpzscr01.exe -d MsiRollbackUninstaller -datfile hphscr08.dat
hp psc 1200 series-->MsiExec.exe /X{C900EF06-2E76-49C7-8DB0-41F629B21DC5}
Jasc Paint Shop Pro 9-->MsiExec.exe /I{F843C6A3-224D-4615-94F8-3C461BD9AEA0}
Kit d'installation-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C650676-CDDB-42C0-8D11-3EEB7F791F99}\setup.exe" -l0x40c -eth
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Logitech SetPoint-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x40c
Luxor 2 en-->"C:\Program Files\BoontyGames\Luxor 2\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Money-->C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! pour Windows XP-->MsiExec.exe /I{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Mise à jour pour Windows Internet Explorer 8 (KB971930)-->"C:\WINDOWS\ie8updates\KB971930-IE8\spuninst\spuninst.exe"
Mise à jour pour Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
MON UNIVERS CORAPHOTOS-->"C:\Program Files\CORA\MON UNIVERS CORAPHOTOS\uninstall.exe"
MS Access 97 SP2-->C:\Program Files\Microsoft Office\setup\setup.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nero Suite-->C:\Program Files\Fichiers communs\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
On2 VP3 Video for Windows Codec-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF59708F-60F4-11D5-866A-00A0D2183227}\Setup.exe" -l0x9
PC Inspector File Recovery-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}\Setup.exe" -l0x40c
PC Inspector smart recovery-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9A87D86-FDFD-418B-BF96-EF09320973B3}\Setup.exe" -l0x40c
PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
Photo et imagerie HP 2.0 - All-in-One Pilote-->MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
Photo et imagerie HP 2.0 - All-in-One-->MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
Photo et imagerie HP 2.0 - hp psc 1200 series-->C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
Photo-Objects 3 000 Premium Image Collection-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Hemera Photo-Objects 3 000\Uninst.isu"
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
ROBO Master-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FCCFF72-52AB-4204-9A24-8CFED3A81FF6}\setup.exe" -l0x9 -uninst -removeonly
ROBO Master-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44E8FA6E-931D-4755-82DA-DB93CE1F238C}\setup.exe" -l0x40c -uninst -removeonly
SafeCast Shared Components-->C:\Program Files\Fichiers communs\Macrovision Shared\SafeCast\Install\CDAC13BA.EXE /uninstall
Scrabble™ Interactive 2009 Edition-->"C:\Program Files\Ubisoft\Scrabble2009\unins000.exe"
SFR - Kit de connexion-->C:\Program Files\Neuf\Kit\uninstall.exe
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Super Collapse! III-->C:\WINDOWS\iun6002.exe "D:\Super Collapse! III\irunin.ini"
Text Express-->"C:\Program Files\Zylom Games\Text Express\Uninstall.exe" "C:\Program Files\Zylom Games\Text Express\install.log"
USB MODEM Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{042E2C9D-6647-4C5F-9CEF-387D72023128}\setup.exe" -l0x9 UNINSTALL
VideoLAN VLC media player 0.8.1-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Wallpaper SPZ-->"C:\WINDOWS\Wallpaper SPZ\uninstall.exe" "/U:C:\WINDOWS\Web\Wallpaper\Uninstall\uninstall.xml"
Windows Defender Signatures-->MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Defender-->MsiExec.exe /I{B2D7CE29-614A-4ACC-8BFE-009EB3A244C9}
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
XviD MPEG-4 Codec-->"C:\Program Files\XviD\UninstXviD.exe"
Yahtzee Deluxe-->"C:\Program Files\Zylom Games\Yahtzee Deluxe\GameInstlr.exe" --uninstall UnInstall.log
Zuma Deluxe RA-->C:\PROGRA~1\ZUMADE~1\UNWISE.EXE C:\PROGRA~1\ZUMADE~1\INSTALL.LOG
Zylom Games - Text Express Deluxe v1.4.0-->C:\WINDOWS\iun6002.exe "C:\Program Files\Zylom Games\Text Express Deluxe lyly2\Uninstall.ini"

======Hosts File======

127.0.0.1 localhost
127.0.0.1 hityou.com
127.0.0.1 www.hityou.com
127.0.0.1 180searchassistant.com
127.0.0.1 www.180searchassistant.com
127.0.0.1 180solutions.com
127.0.0.1 www.180solutions.com
127.0.0.1 bis.180solutions.com
127.0.0.1 config.180solutions.com
127.0.0.1 cts.180solutions.com

======Security center information======

AV: avast! antivirus 4.8.1368 [VPS 091230-0] (outdated)

======System event log======

Computer Name: LYSIANE
Event Code: 6005
Message: Le service d'Enregistrement d'événement a démarré.

Record Number: 53563
Source Name: EventLog
Time Written: 20091228083547.000000+060
Event Type: Informations
User:

Computer Name: LYSIANE
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Uniprocessor Free.

Record Number: 53562
Source Name: EventLog
Time Written: 20091228083547.000000+060
Event Type: Informations
User:

Computer Name: LYSIANE
Event Code: 6006
Message: Le service d'Enregistrement d'événement a été arrêté.

Record Number: 53561
Source Name: EventLog
Time Written: 20091228021411.000000+060
Event Type: Informations
User:

Computer Name: LYSIANE
Event Code: 7036
Message: Le service Ati HotKey Poller est entré dans l'état : arrêté.

Record Number: 53560
Source Name: Service Control Manager
Time Written: 20091228021403.000000+060
Event Type: Informations
User:

Computer Name: LYSIANE
Event Code: 7036
Message: Le service Hôte de périphérique universel Plug-and-Play est entré dans l'état : en cours d'exécution.

Record Number: 53559
Source Name: Service Control Manager
Time Written: 20091227213132.000000+060
Event Type: Informations
User:

=====Application event log=====

Computer Name: LYSIANE
Event Code: 0
Message:
Record Number: 7618
Source Name: btwdins
Time Written: 20090705091457.000000+120
Event Type: Informations
User:

Computer Name: LYSIANE
Event Code: 105
Message: The service was started.

Record Number: 7617
Source Name: ATI Smart
Time Written: 20090705091455.000000+120
Event Type: Informations
User:

Computer Name: LYSIANE
Event Code: 4096
Message:
Record Number: 7616
Source Name: InCDsrvR
Time Written: 20090705091432.000000+120
Event Type: Informations
User:

Computer Name: LYSIANE
Event Code: 100
Message: The C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
Error user loading hive C:\Documents and Settings\Lysiane\ntuser.dat
Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus service was installed.

Record Number: 7615
Source Name: SNL HiveManager
Time Written: 20090704092106.000000+120
Event Type: Avertissement
User:

Computer Name: LYSIANE
Event Code: 1001
Message:
Record Number: 7614
Source Name: WgaSetup
Time Written: 20090704085251.000000+120
Event Type: Informations
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=0801
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

Voilà Merci encore pour votre aide.

Configuration: Windows XP Internet Explorer 8.0

Afficher la suite

A voir également:

Virus or not virus
Virus mcafee - Accueil - Piratage
Comment détruire un virus informatique - Guide
Powershell.exe virus - Guide
Impossible de terminer l'opération car le fichier contient un virus - Forum Virus
Faux message virus iphone ✓ - Forum Virus

5 réponses

Réponse 1 / 5

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041

si tu n'as pas accés au net:

lance un autre pc usbfix en branchant tous tes supports externes l'option 2 (nettoyage) car ton pc est infécté par les supports externes et le transfert de logiciel entrainera une infection dans les autres pc

puis télécharge findykill depuis un autre pc

puis transfere usbfix et findykill sur le pc infecté puis colle un rapport de nettoyage de usbfix suivi d'un rapport findykill option 1

rq: pour remettre ta connexion: https://www.commentcamarche.net/faq/24781-reparer-sa-connexion-suite-a-une-infection-ou-une-desinfection

Lysiane

Je comprend pas la premiere chose a effectuer.

Je lance un USBfix avex les sources de données externe sur le pc infecté? Ou alors sur un autre pc afin de desinfecté les sources de données externes?

Pour la seconde etape j'ai compris.

Merci

Réponse 2 / 5

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041

tu lance usbfix avec l'option de suppression (2) sur le pc non infecté qui te sert à télécharger usbfix et findykill vu que sur l'ordi infecté tu n'as plus accés à internet

puis tu télécharge findykill

______________________

tu transfère ensuite depuis une clé ou un cd ... usbfix et findykill sur le PC INFECTE

et tu fais usbfix option 2 sur le pc infecté et tu mets le rapport

puis findykill option 1 ur le pc infecté et tu colle le rapport

Lysiane

bonjour,
j'ai fait comme tu m'as dit et je poste donc le rapport usbfix
je suis en cours de scan avec findykill et je poste le rapport dés que possible.
merci beaucoup pour ton aide.
a bientôt
Lysiane
############################## | UsbFix V6.091 |

User : Lysiane (Administrateurs) # LYSIANE
Update on 05/02/2010 by El Desaparecido , C_XX & Chimay8
Start at: 17:28:04 | 05/02/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

AMD Athlon(tm) XP 2400+
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : avast! antivirus 4.8.1368 [VPS 091230-0] 4.8.1368 [ Enabled | (!) Outdated ]

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local # 19,53 Go (3,77 Go free) [WINDOWS] # NTFS
D:\ -> Disque fixe local # 92,25 Go (35,52 Go free) [SAUVEGARDE] # NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque CD-ROM
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible
K:\ -> Disque amovible
L:\ -> Disque amovible

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\tlntsvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wscntfy.exe

################## | Elements infectieux |

Supprimé ! C:\log.txt
Supprimé ! C:\Recycler\S-1-5-21-1292428093-1788223648-725345543-1003
Supprimé ! D:\Recycler\S-1-5-21-1292428093-1788223648-725345543-1003

################## | Registre |

Supprimé ! [HKUS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Win32"
Supprimé ! [HKLM\software\microsoft\shared tools\msconfig\startupreg\Spooler SubSystem App]

################## | Mountpoints2 |

Supprimé ! HKCU\...\Explorer\MountPoints2\{16bf6bd4-39b4-11dc-a413-000c76596314}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{6b91b9b6-5291-11de-a7ed-000c76596314}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{6b91b9b7-5291-11de-a7ed-000c76596314}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{95b8f75e-b515-11da-a1a5-000c76596314}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{bd033ee2-fa17-11dd-a778-000c76596314}\Shell\AutoRun\Command

################## | Listing des fichiers présent |

[12/05/2008 21:53|--a------|2] C:\-1535201604
[05/05/2005 15:33|--a------|0] C:\AUTOEXEC.BAT
[14/12/2003 21:31|--a------|102196] C:\bass.dll
[27/12/2009 20:16|--a------|192] C:\BcBtRmv.log
[17/07/2006 11:53|---hs----|195] C:\BOOT.BAK
[09/01/2010 10:19|--ahs----|212] C:\boot.ini
[28/08/2001 13:00|-rahs----|4952] C:\Bootfont.bin
[21/11/2003 21:11|--ah-----|49] C:\Config.dat
[05/05/2005 15:33|--a------|0] C:\CONFIG.SYS
[03/01/2009 11:47|--a------|0] C:\conmgr.log
[14/12/2003 21:31|--a------|902] C:\contentbox.gif
[14/12/2003 21:31|--a------|1285] C:\contentbox_bottom.gif
[14/12/2003 21:31|--a------|1241] C:\contentbox_top.gif
[14/12/2003 21:31|--a------|53] C:\empty.gif
[14/12/2003 21:31|--a------|224] C:\feedback.htm
[14/12/2003 21:31|--a------|101] C:\fill.gif
[14/12/2003 21:31|--a------|38543] C:\gameart.jpg
[?|?|?] C:\hiberfil.sys
[14/12/2003 21:31|--a------|150] C:\horzline.gif
[02/02/2010 22:38|--a------|525] C:\hpfr3420.xml
[02/02/2010 22:38|--a------|395614] C:\hpfr3425.log
[05/05/2005 15:33|-rahs----|0] C:\IO.SYS
[14/12/2003 21:31|--a------|287] C:\launch.ini
[14/12/2003 21:31|--a------|91] C:\mainimage_bottom.gif
[14/12/2003 21:31|--a------|741] C:\mainimage_left.gif
[14/12/2003 21:31|--a------|115] C:\mainimage_right.gif
[14/12/2003 21:31|--a------|95] C:\mainimage_top.gif
[14/12/2003 21:31|--a------|279] C:\meter_bottom.gif
[14/12/2003 21:31|--a------|191] C:\meter_left.gif
[14/12/2003 21:31|--a------|146] C:\meter_lowerleft.gif
[14/12/2003 21:31|--a------|149] C:\meter_lowerright.gif
[14/12/2003 21:31|--a------|192] C:\meter_right.gif
[14/12/2003 21:31|--a------|263] C:\meter_top.gif
[14/12/2003 21:31|--a------|149] C:\meter_upperleft.gif
[14/12/2003 21:31|--a------|147] C:\meter_upperright.gif
[05/05/2005 15:33|-rahs----|0] C:\MSDOS.SYS
[22/08/2006 11:59|-rahs----|47564] C:\NTDETECT.COM
[27/12/2008 23:14|-rahs----|252240] C:\ntldr
[14/12/2003 21:31|--a------|285] C:\osd212.osd
[13/06/2007 18:05|--a------|43325] C:\playground.log
[14/12/2003 21:31|--a------|14190] C:\pregame.htm
[14/12/2003 21:31|--a------|6561] C:\racnotinstalled.htm
[14/12/2003 21:31|--a------|27957] C:\readme.html
[14/12/2003 21:31|--a------|210] C:\setup.ini
[14/12/2003 21:31|--a------|49] C:\spacer.gif
[14/12/2003 21:34|--a------|57] C:\status.js
[14/12/2003 21:32|--a------|27587] C:\theUninstallFile.txt
[26/12/2008 09:58|--ahs----|25600] C:\Thumbs.db
[05/02/2010 17:31|--a------|5524] C:\UsbFix.txt
[14/12/2003 21:31|--a------|333] C:\wrapper.ini
[11/07/2009 08:17|--ahs----|79] D:\desktop.ini
[22/01/2010 13:18|--a------|804] D:\Mes dossiers de partage.lnk
[28/12/2009 01:55|--a------|412] D:\spider.sav

################## | Vaccination |

# C:\autorun.inf -> Dossier créé par UsbFix .
# D:\autorun.inf -> Dossier créé par UsbFix .

################## | Upload |

Veuillez envoyer le fichier : C:\UsbFix_Upload_Me_LYSIANE.zip : https://www.ionos.fr/?affiliate_id=77097
Merci pour votre contribution .

################## | ! Fin du rapport # UsbFix V6.091 ! |

Lysiane

Réponse 3 / 5

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041

alors le reste?

lysiane

Bonjour, après un reset de ma neuf box, j'ai a nouveau internet, ce probleme est reglé.

Voilà le rapport, avec un peu de retard:

############################## | FindyKill V5.031 |

# User : Lysiane (Administrateurs) # LYSIANE
# Update on 03/02/2010 by El Desaparecido
# Start at: 17:35:02 | 05/02/2010
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Contact : FindyKill.Contact@gmail.com

# AMD Athlon(tm) XP 2400+
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Disabled
# AV : avast! antivirus 4.8.1368 [VPS 091230-0] 4.8.1368 [ Enabled | (!) Outdated ]

# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 19,53 Go (3,76 Go free) [WINDOWS] # NTFS
# D:\ # Disque fixe local # 92,25 Go (35,52 Go free) [SAUVEGARDE] # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque CD-ROM
# G:\ # Disque amovible # 15,06 Go (11,43 Go free) [LYLY USB] # FAT32
# H:\ # Disque amovible
# I:\ # Disque amovible
# J:\ # Disque amovible
# K:\ # Disque amovible
# L:\ # Disque amovible

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\tlntsvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## | C: |

################## | C:\WINDOWS |

################## | C:\WINDOWS\Prefetch |

################## | C:\WINDOWS\system32 |

################## | C:\WINDOWS\system32\drivers |

################## | C:\DOCUME~1\Lysiane\APPLIC~1 |

################## | Zip File ... |

Merci.

Réponse 4 / 5

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041

scan avec malwarebyte , fais un scan minutieux et colle le rapport obtenu et vire ce qui est trouvé:

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

______________________
colle un rapport d'un antivirus en ligne

lysiane

Bonjour,

Voici le rapport MB que j'ai effectué dimanche:

Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

07/02/2010 14:59:57
mbam-log-2010-02-07 (14-59-57).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 212120
Temps écoulé: 56 minute(s), 46 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Je te poste le rapport antivirus bientot.

Merci.

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 5 / 5

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041

Discussions similaires

Chrome://newtab

Softonic,est-ce un virus ?

Désinstaller Softonic

Erreur 0x800700E1

Virus dans filezilla

Discussions similaires

Newsletters