High-Tech Santé Médecine Droit-Finances

Réalisation

vidéo numérique

Rechercher : dans
Par :

Virus TR/spy.Gen

Dernière réponse le 25 jan 2009 à 20:09:54 doussa, le 20 jan 2009 à 20:12:42 
 Signaler ce message aux modérateurs

Slt
je rencontre un probléme avec les virus et j'ai pas pu le résoudre j'utilise antivir comme antivirus et ad-Aware lorsque j'ai lancé l'analyse avec antivir il m'affiche que "c:\WINDOWS\system32\cryptdll.dll" est infecté par "TR/spy.Gen" j'utilise delete mais ce msg s'affiche tj et d'un grand nombre que je peut pas utiliser le pc normalement.
voulez vous m'aider merci

Configuration: Windows XP
Firefox 3.0.5

Posez votre question Répondre

1

jlpjlp, le 20 jan 2009 à 20:14:28

Slt

tu as le rapport antivir svp?


puis



Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit

   
Répondre à jlpjlp

2

doussa, le 20 jan 2009 à 20:52:30

Voici le rapport d'antivir:
Avira AntiVir Personal
Report file date: mardi 20 janvier 2009 18:56

Scanning for 1234460 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: VISI0N-4812C7C6

Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 18/11/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 18/11/2008 08:21:26
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36
ANTIVIR1.VDF : 7.1.1.113 2817536 Bytes 14/01/2009 15:41:51
ANTIVIR2.VDF : 7.1.1.148 440832 Bytes 20/01/2009 17:42:47
ANTIVIR3.VDF : 7.1.1.149 2048 Bytes 20/01/2009 17:42:48
Engineversion : 8.2.0.57
AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 10:05:56
AESCRIPT.DLL : 8.1.1.26 340347 Bytes 19/01/2009 15:45:00
AESCN.DLL : 8.1.1.5 123251 Bytes 07/11/2008 15:06:41
AERDL.DLL : 8.1.1.3 438645 Bytes 04/11/2008 13:58:38
AEPACK.DLL : 8.1.3.5 393588 Bytes 19/01/2009 15:44:55
AEOFFICE.DLL : 8.1.0.33 196987 Bytes 19/01/2009 15:44:38
AEHEUR.DLL : 8.1.0.84 1540471 Bytes 19/01/2009 15:44:31
AEHELP.DLL : 8.1.2.0 119159 Bytes 19/01/2009 15:43:35
AEGEN.DLL : 8.1.1.10 323957 Bytes 19/01/2009 15:43:28
AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 10:05:56
AECORE.DLL : 8.1.5.2 172405 Bytes 19/01/2009 15:43:12
AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 10:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 12:02:15
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mardi 20 janvier 2009 18:56

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'VisualToolTip.exe' - '1' Module(s) have been scanned
Scan process 'DLG.exe' - '1' Module(s) have been scanned
Scan process 'ggoppp.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'TaskSwitchXP.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'winampa.exe' - '1' Module(s) have been scanned
Scan process 'apdproxy.exe' - '1' Module(s) have been scanned
Scan process 'UnlockerAssistant.exe' - '1' Module(s) have been scanned
Scan process 'mmm.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'WgaTray.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
37 processes with 37 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
C:\WINDOWS\system32\cryptdll32.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] The file was deleted!

The registry was scanned ( '58' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\ARK1.tmp
[DETECTION] Is the TR/Spy.Gen Trojan
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] The file was deleted!
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Administrateur\Mes documents\LimeWire\Saved\abd 7alim - greatest hits.wma
[DETECTION] Is the TR/Dldr.WMA.Wimad.N.2 Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\Administrateur\Mes documents\LimeWire\Saved\abd 7alim.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was deleted!
C:\Documents and Settings\Administrateur\Mes documents\LimeWire\Saved\ayemi bik ilissa.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was deleted!
C:\Documents and Settings\Administrateur\Mes documents\LimeWire\Saved\charles aznavour.wma
[DETECTION] Is the TR/Dldr.WMA.Wimad.N.2 Trojan
[NOTE] The file was deleted!
C:\WINDOWS\system32\cryptdll32.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was deleted!
Begin scan in 'D:\'


End of the scan: mardi 20 janvier 2009 20:09
Used time: 1:13:34 Hour(s)

The scan has been done completely.

5382 Scanning directories
280511 Files were scanned
7 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
7 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
280502 Files not concerned
2217 Archives were scanned
4 Warnings
7 Notes
je vais faire ce que t'a demandé

   
Répondre à doussa

3

doussa, le 20 jan 2009 à 21:20:09

Voici le rapport log.txt
Logfile of random's system information tool 1.05 (written by random/random)
Run by Administrateur at 2009-01-20 20:54:49
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 12 GB (47%) free of 25 GB
Total RAM: 246 MB (5% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:12:17, on 20-01-2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\mmm.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\documents and settings\administrateur\local settings\application data\ggoppp.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\visualtooltips\VisualToolTip.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
C:\Program Files\trend micro\Administrateur.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\d88abfb919ee6005958­4a5427f9e72f7\update\update.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2095689
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
R3 - URLSearchHook: Eazel-FR Toolbar - {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - C:\Program Files\Eazel-FR\tbEaz0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Eazel-FR Toolbar - {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - C:\Program Files\Eazel-FR\tbEaz0.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Eazel-FR Toolbar - {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - C:\Program Files\Eazel-FR\tbEaz0.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [KelsPackSoft] C:\WINDOWS\system32\mmm.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [iexplore] C:\WINDOWS\iexplore.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [RocketDock] "%programfiles%\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [UberIcon] "%programfiles%\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ggoppp] "c:\documents and settings\administrateur\local settings\application data\ggoppp.exe" ggoppp
O4 - HKUS\S-1-5-19\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [RocketDock] "%programfiles%\RocketDock\RocketDock.exe" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [UberIcon] "%programfiles%\UberIcon\UberIcon Manager.exe" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nLite] %systemroot%\inf\nlite.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nLite] %systemroot%\inf\nlite.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - .DEFAULT User Startup: VisualToolTip.lnk = C:\Program Files\visualtooltips\VisualToolTip.exe (User 'Default user')
O4 - Startup: VisualToolTip.lnk = C:\Program Files\visualtooltips\VisualToolTip.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\System32\cryptdll32.dll,C:\WINDOWS\System32\dblstcht32.dll
O20 - Winlogon Notify: cc12cd7e517 - C:\WINDOWS\System32\cryptdll32.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
End of file - 9058 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2007-11-12 1377576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-15 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a8f9752d-e2b8-4e7a-86b5-499f4330e2fe}]
Eazel-FR Toolbar - C:\Program Files\Eazel-FR\tbEaz0.dll [2008-11-23 1784856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2006-09-27 544032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-15 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-15 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2006-09-27 544032]
{a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - Eazel-FR Toolbar - C:\Program Files\Eazel-FR\tbEaz0.dll [2008-11-23 1784856]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2006-08-14 98304]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2006-08-14 114688]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2006-08-14 94208]
"KelsPackSoft"=C:\WINDOWS\system32\mmm.exe [2005-07-05 828416]
"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2006-09-07 15872]
""= []
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2005-10-26 159744]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe [2005-06-23 57344]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2004-12-20 33792]
"iexplore"=C:\WINDOWS\iexplore.exe []
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TaskSwitchXP"=C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe [2006-08-05 62976]
"RocketDock"=C:\Program Files\RocketDock\RocketDock.exe [2006-05-14 344064]
"UberIcon"=C:\Program Files\UberIcon\UberIcon Manager.exe [2006-02-05 180224]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]
"ggoppp"=c:\documents and settings\administrateur\local settings\application data\ggoppp.exe [2009-01-15 221184]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage
VisualToolTip.lnk - C:\Program Files\visualtooltips\VisualToolTip.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\System32\cryptdll32.dll,C:\WINDOWS\System32\dblstcht32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cc12cd7e517]
C:\WINDOWS\System32\cryptdll32.dll [2009-01-20 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-08-14 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispCPL"=0
"NoDispAppearancePage"=0
"NoDispSettingsPage"=0
"NoDispScrSavPage"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"ForceClassicControlPanel"=1
"NoThemesTab"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceClassicControlPanel"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\wamp\Apache2\bin\httpd.exe"="C:\wamp\Apache2\bin\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\Administrateur\so7.exe"="C:\Documents and Settings\Administrateur\so7.exe:*:Enabled:so7"
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe:*:Enabled:Kaspersky Anti-Virus"
"C:\WINDOWS\system32\iexplore.exe"="C:\WINDOWS\system32\iexplore.exe:*:Enabled:Microsoft Internet Explorer"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9047b2f8-b61e-11dd-907c-001320b2d2f8}]
shell\AutoRun\command - F:\explorer.exe
shell\explore\command - F:\explorer.exe
shell\open\command - F:\explorer.exe


======File associations======

.bat - edit - C:\WINDOWS\system32\NOTEPAD2.EXE %1
.cmd - edit - C:\WINDOWS\system32\NOTEPAD2.EXE %1
.inf - open - C:\WINDOWS\system32\NOTEPAD2.EXE %1
.ini - open - C:\WINDOWS\system32\NOTEPAD2.EXE %1
.js - edit - C:\WINDOWS\system32\Notepad2.exe %1
.reg - edit - C:\WINDOWS\system32\NOTEPAD2.EXE %1
.txt - open - C:\WINDOWS\system32\NOTEPAD2.EXE %1
.vbs - edit - C:\WINDOWS\system32\Notepad2.exe %1

======List of files/folders created in the last 1 months======

2009-01-20 20:55:24 ----D---- C:\Program Files\trend micro
2009-01-20 20:54:49 ----D---- C:\rsit
2009-01-20 14:22:36 ----ASH---- C:\WINDOWS\system32\249.tmp
2009-01-20 13:32:45 ----D---- C:\Program Files\Lavasoft
2009-01-20 13:32:42 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-01-20 13:31:43 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard
2009-01-19 16:33:58 ----D---- C:\Program Files\Avira
2009-01-19 16:33:58 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-01-19 16:30:14 ----D---- C:\Documents and Settings\Administrateur\Application Data\vlc
2009-01-19 16:28:07 ----D---- C:\Program Files\VideoLAN
2009-01-19 13:57:19 ----SHD---- C:\WINDOWS\system32\GroupPolicyManifest
2009-01-19 13:52:38 ----D---- C:\Program Files\Sunbelt Software
2009-01-17 21:46:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-01-17 21:45:41 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-01-17 21:44:16 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-01-17 21:42:09 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-01-17 21:40:57 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2009-01-17 21:37:09 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-01-17 21:36:16 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-01-17 21:35:13 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-01-17 21:34:15 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-01-17 21:29:15 ----HDC---- C:\WINDOWS\$NtUninstallKB926251$
2009-01-17 21:27:37 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-01-17 21:25:25 ----D---- C:\Program Files\MSXML 6.0
2009-01-17 21:25:05 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-01-17 21:15:14 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-01-17 21:13:23 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-01-17 21:00:19 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-01-17 20:58:53 ----D---- C:\WINDOWS\system32\appmgmt
2009-01-17 14:48:01 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-01-17 14:43:24 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2009-01-17 14:39:43 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-17 14:36:54 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-01-17 14:32:18 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-01-17 14:18:02 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-01-17 14:16:53 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-01-17 14:15:53 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-01-17 14:15:00 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-01-17 14:13:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-01-17 14:12:25 ----D---- C:\Program Files\MSXML 4.0
2009-01-17 14:06:19 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$
2009-01-17 13:58:56 ----A---- C:\WINDOWS\GnuHashes.ini
2009-01-15 20:44:37 ----D---- C:\Documents and Settings\Administrateur\Application Data\Google
2009-01-15 20:43:01 ----D---- C:\Program Files\Google
2009-01-15 20:34:32 ----D---- C:\Program Files\Conduit
2009-01-15 20:34:27 ----D---- C:\Program Files\Eazel-FR
2009-01-15 20:12:26 ----A---- C:\WINDOWS\system32\cryptdll32.dll
2009-01-15 20:12:26 ----A---- C:\ARK2.tmp
2009-01-15 19:54:27 ----D---- C:\WINDOWS\ie7updates
2009-01-15 19:43:40 ----D---- C:\Documents and Settings\Administrateur\Application Data\LimeWire
2009-01-15 19:41:45 ----D---- C:\WINDOWS\WBEM
2009-01-15 19:41:35 ----D---- C:\WINDOWS\system32\fr-fr
2009-01-15 19:38:11 ----HDC---- C:\WINDOWS\ie7
2009-01-15 19:35:49 ----A---- C:\WINDOWS\system32\javaws.exe
2009-01-15 19:35:49 ----A---- C:\WINDOWS\system32\javaw.exe
2009-01-15 19:35:49 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-01-15 19:35:48 ----A---- C:\WINDOWS\system32\java.exe
2009-01-15 19:33:32 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2009-01-15 19:30:22 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-01-15 19:30:20 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2009-01-15 19:28:27 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2009-01-15 19:27:30 ----N---- C:\WINDOWS\system32\xmllite.dll
2009-01-15 19:19:27 ----D---- C:\Documents and Settings\Administrateur\Application Data\Sun
2009-01-15 19:04:28 ----N---- C:\WINDOWS\system32\tzchange.exe
2009-01-15 19:02:37 ----D---- C:\Program Files\LimeWire
2009-01-15 17:34:13 ----D---- C:\Documents and Settings\Administrateur\Application Data\Mozilla
2009-01-15 17:33:56 ----D---- C:\Program Files\Mozilla Firefox
2009-01-15 16:57:10 ----D---- C:\Program Files\InternetGameBox

======List of files/folders modified in the last 1 months======

2009-01-20 21:12:34 ----D---- C:\WINDOWS\system32
2009-01-20 21:12:16 ----D---- C:\WINDOWS
2009-01-20 21:11:43 ----D---- C:\Temp
2009-01-20 21:11:32 ----D---- C:\WINDOWS\Temp
2009-01-20 20:55:24 ----RD---- C:\Program Files
2009-01-20 18:39:06 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-20 18:37:11 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-20 13:33:56 ----SHD---- C:\WINDOWS\Installer
2009-01-20 13:32:45 ----D---- C:\WINDOWS\system32\drivers
2009-01-20 13:31:43 ----D---- C:\Program Files\Fichiers communs
2009-01-19 20:27:36 ----HD---- C:\WINDOWS\inf
2009-01-19 20:27:35 ----D---- C:\WINDOWS\system32\CatRoot
2009-01-19 15:34:58 ----D---- C:\WINDOWS\Debug
2009-01-18 20:17:29 ----A---- C:\WINDOWS\winamp.ini
2009-01-17 21:48:20 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-01-17 21:46:25 ----D---- C:\WINDOWS\system32\DllCache
2009-01-17 21:46:23 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-17 21:29:18 ----D---- C:\Program Files\Windows Media Player
2009-01-17 20:48:02 ----D---- C:\Program Files\Rational
2009-01-17 20:47:45 ----RSD---- C:\WINDOWS\Fonts
2009-01-17 20:46:54 ----A---- C:\WINDOWS\vbaddin.ini
2009-01-17 20:35:16 ----D---- C:\Program Files\Winamp
2009-01-17 20:34:54 ----D---- C:\Program Files\EasyPHP 2.0b1
2009-01-17 20:34:14 ----D---- C:\JBuilder7
2009-01-17 20:31:12 ----D---- C:\wamp
2009-01-17 14:16:57 ----D---- C:\WINDOWS\WinSxS
2009-01-15 21:35:49 ----D---- C:\Program Files\Internet Explorer
2009-01-15 21:35:48 ----D---- C:\WINDOWS\Network Diagnostic
2009-01-15 21:35:48 ----D---- C:\WINDOWS\Help
2009-01-15 19:41:24 ----D---- C:\WINDOWS\Media
2009-01-15 19:33:21 ----D---- C:\Program Files\Java
2009-01-15 17:36:16 ----D---- C:\Documents and Settings\Administrateur\Application Data\Adobe
2009-01-09 17:35:30 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2006-09-26 40320]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2006-08-06 163328]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2006-09-26 138752]
R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-09-28 9600]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2006-08-14 1109568]
R3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-09-26 12288]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-11-16 1047816]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2006-09-26 31744]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-04-19 30080]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-07-06 58496]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-09-26 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S1 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2006-02-25 16877]
S3 bvrp_pci;bvrp_pci; \??\C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 K320bus;Sony Ericsson K320 driver (WDM); C:\WINDOWS\system32\DRIVERS\K320bus.sys [2006-08-18 61504]
S3 K320mdfl;Sony Ericsson K320 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\K320mdfl.sys [2006-08-18 9328]
S3 K320mdm;Sony Ericsson K320 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\K320mdm.sys [2006-08-18 97056]
S3 K320mgmt;Sony Ericsson K320 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\K320mgmt.sys [2006-08-18 88560]
S3 K320obex;Sony Ericsson K320 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\K320obex.sys [2006-08-18 86368]
S3 sfng32;Sonic Focus Plugin for Sigmatel HDA; C:\WINDOWS\system32\drivers\sfng32.sys [2006-08-23 41728]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-12-29 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2009-01-20 611664]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-15 152984]
R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2006-09-27 38912]
S3 WMConnectCDS;Service Windows Media Connect; C:\Program Files\Windows Media Connect 2\wmccds.exe [2005-10-06 856064]

-----------------EOF-----------------
rapport info.txt
Event Type: Informations
User:

Computer Name: VISI0N-4812C7C6
Event Code: 100
Message: MsnMsgr (604) Le moteur de base de données 5.01.2600.2780 est démarré.

Record Number: 307
Source Name: ESENT
Time Written: 20090115135536.000000+060
Event Type: Informations
User:

Computer Name: VISI0N-4812C7C6
Event Code: 12001
Message: The Messenger Sharing USN Journal Reader service started successfully.

Record Number: 306
Source Name: usnjsvc
Time Written: 20090115135533.000000+060
Event Type:
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Fichiers communs\Teleca Shared
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0403
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"KTD"=C:\WINDOWS\DriverPacks

-----------------EOF-----------------

   
Répondre à doussa

4

jlpjlp, le 20 jan 2009 à 22:51:04

Vire les cracks dans limwire

_________________


télécharge OTMoveIt
http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.

double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste instruction for items to be moved.
(attention bien mettre :files)



:processes
explorer.exe
:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersio­n\Run]
"iexplore"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cc12cd7e517]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
:files
C:\WINDOWS\iexplore.exe
C:\WINDOWS\System32\cryptdll32.dll
C:\WINDOWS\System32\dblstcht32.dll
:commands
[purity]
[emptytemp]
[start explorer]


clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.


______________


c'est quoi le disque F?


_________________
Télécharge RavAntivirus d'Evosla :
http://www.evosla.com/compteur.php?soft=rav_antivirus

# Si tu as une clé USB, disque dur externe, etc, branche-les sans les ouvrir avant de lancer ce FIX
# Fais un clic droit sur le fichier .ZIP > Extraire sur > le Bureau
# Doucle-clique sur >> RAV.exe << afin de lancer l'outil.
# Une fois RAV ANTIVIRUS lancé, laisse-le réagir , il scanne automatiquement tout les lecteurs (disques fixes et amovibles)
# Si infection > un log s'établira, sinon le soft affichera (très rapide) ==>Votre Ordinateur est sain .
# Retire tes disques amovibles et redémarrez votre ordinateur.
# Poste le rapport, si infection!






remets ensuite un rapport RSIT

a plus

   
Répondre à jlpjlp

5

doussa86, le 21 jan 2009 à 17:50:38

Voici le rapport OTMoveIT
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersio­­n\Run not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLS deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cc12cd7e517\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui\\ deleted successfully.
========== FILES ==========
File/Folder C:\WINDOWS\iexplore.exe not found.
LoadLibrary failed for C:\WINDOWS\System32\cryptdll32.dll
C:\WINDOWS\System32\cryptdll32.dll NOT unregistered.
C:\WINDOWS\System32\cryptdll32.dll moved successfully.
File/Folder C:\WINDOWS\System32\dblstcht32.dll not found.
========== COMMANDS ==========
File delete failed. C:\Temp\etilqs_ozwtDmGigq1iZKBBnpRw scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5c0.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\i6w2nqvt.default\Cache\_CACHE_­001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\i6w2nqvt.default\Cache\_CACHE_­002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\i6w2nqvt.default\Cache\_CACHE_­003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\i6w2nqvt.default\Cache\_CACHE_­MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\i6w2nqvt.default\urlclassifier­3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\i6w2nqvt.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01212009_172954

   
Répondre à doussa86

6

jlpjlp, le 21 jan 2009 à 18:04:13

Ok fais la suite

   
Répondre à jlpjlp

7

doussa86, le 21 jan 2009 à 18:54:16

J'ai lancé Rav et il scan encore
ca fait plusque 45 mn et il n'a pas terminé cé normal ca

   
Répondre à doussa86

8

jlpjlp, le 21 jan 2009 à 19:18:55

Arrete

   
Répondre à jlpjlp

9

doussa86, le 21 jan 2009 à 19:40:52

J'ai relancé rsit voila le rapport
Logfile of random's system information tool 1.05 (written by random/random)
Run by Administrateur at 2009-01-21 19:37:28
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 11 GB (43%) free of 25 GB
Total RAM: 246 MB (16% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:38:01, on 21-01-2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\mmm.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\documents and settings\administrateur\local settings\application data\suuim.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\visualtooltips\VisualToolTip.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
C:\Program Files\trend micro\Administrateur.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2095689
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
R3 - URLSearchHook: Eazel-FR Toolbar - {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - C:\Program Files\Eazel-FR\tbEaz0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Eazel-FR Toolbar - {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - C:\Program Files\Eazel-FR\tbEaz0.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Eazel-FR Toolbar - {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - C:\Program Files\Eazel-FR\tbEaz0.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [KelsPackSoft] C:\WINDOWS\system32\mmm.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [iexplore] C:\WINDOWS\iexplore.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [RocketDock] "%programfiles%\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [UberIcon] "%programfiles%\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [suuim] "c:\documents and settings\administrateur\local settings\application data\suuim.exe" suuim
O4 - HKUS\S-1-5-19\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [RocketDock] "%programfiles%\RocketDock\RocketDock.exe" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [UberIcon] "%programfiles%\UberIcon\UberIcon Manager.exe" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nLite] %systemroot%\inf\nlite.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nLite] %systemroot%\inf\nlite.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - .DEFAULT User Startup: VisualToolTip.lnk = C:\Program Files\visualtooltips\VisualToolTip.exe (User 'Default user')
O4 - Startup: VisualToolTip.lnk = C:\Program Files\visualtooltips\VisualToolTip.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: cc12cd7e517 - C:\WINDOWS\System32\cryptdll32.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
End of file - 9038 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2007-11-12 1377576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-15 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a8f9752d-e2b8-4e7a-86b5-499f4330e2fe}]
Eazel-FR Toolbar - C:\Program Files\Eazel-FR\tbEaz0.dll [2008-11-23 1784856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2006-09-27 544032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-15 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-15 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2006-09-27 544032]
{a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - Eazel-FR Toolbar - C:\Program Files\Eazel-FR\tbEaz0.dll [2008-11-23 1784856]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2006-08-14 98304]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2006-08-14 114688]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2006-08-14 94208]
"KelsPackSoft"=C:\WINDOWS\system32\mmm.exe [2005-07-05 828416]
"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2006-09-07 15872]
""= []
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2005-10-26 159744]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe [2005-06-23 57344]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2004-12-20 33792]
"iexplore"=C:\WINDOWS\iexplore.exe []
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TaskSwitchXP"=C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe [2006-08-05 62976]
"RocketDock"=C:\Program Files\RocketDock\RocketDock.exe [2006-05-14 344064]
"UberIcon"=C:\Program Files\UberIcon\UberIcon Manager.exe [2006-02-05 180224]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]
"suuim"=c:\documents and settings\administrateur\local settings\application data\suuim.exe [2009-01-21 287232]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage
VisualToolTip.lnk - C:\Program Files\visualtooltips\VisualToolTip.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cc12cd7e517]
C:\WINDOWS\System32\cryptdll32.dll [2009-01-21 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispCPL"=0
"NoDispAppearancePage"=0
"NoDispSettingsPage"=0
"NoDispScrSavPage"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"ForceClassicControlPanel"=1
"NoThemesTab"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceClassicControlPanel"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\wamp\Apache2\bin\httpd.exe"="C:\wamp\Apache2\bin\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\Administrateur\so7.exe"="C:\Documents and Settings\Administrateur\so7.exe:*:Enabled:so7"
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe:*:Enabled:Kaspersky Anti-Virus"
"C:\WINDOWS\system32\iexplore.exe"="C:\WINDOWS\system32\iexplore.exe:*:Enabled:Microsoft Internet Explorer"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9047b2f8-b61e-11dd-907c-001320b2d2f8}]
shell\AutoRun\command - F:\explorer.exe
shell\explore\command - F:\explorer.exe
shell\open\command - F:\explorer.exe


======File associations======

.bat - edit - C:\WINDOWS\system32\NOTEPAD2.EXE %1
.cmd - edit - C:\WINDOWS\system32\NOTEPAD2.EXE %1
.inf - open - C:\WINDOWS\system32\NOTEPAD2.EXE %1
.ini - open - C:\WINDOWS\system32\NOTEPAD2.EXE %1
.js - edit - C:\WINDOWS\system32\Notepad2.exe %1
.reg - edit - C:\WINDOWS\system32\NOTEPAD2.EXE %1
.txt - open - C:\WINDOWS\system32\NOTEPAD2.EXE %1
.vbs - edit - C:\WINDOWS\system32\Notepad2.exe %1

======List of files/folders created in the last 1 months======

2009-01-21 17:29:54 ----D---- C:\_OTMoveIt
2009-01-20 20:55:24 ----D---- C:\Program Files\trend micro
2009-01-20 20:54:49 ----D---- C:\rsit
2009-01-20 14:22:36 ----ASH---- C:\WINDOWS\system32\249.tmp
2009-01-20 13:32:45 ----D---- C:\Program Files\Lavasoft
2009-01-20 13:32:42 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-01-20 13:31:43 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard
2009-01-19 16:33:58 ----D---- C:\Program Files\Avira
2009-01-19 16:33:58 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-01-19 16:30:14 ----D---- C:\Documents and Settings\Administrateur\Application Data\vlc
2009-01-19 16:28:07 ----D---- C:\Program Files\VideoLAN
2009-01-19 13:52:38 ----D---- C:\Program Files\Sunbelt Software
2009-01-17 21:46:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-01-17 21:45:41 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-01-17 21:44:16 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-01-17 21:42:09 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-01-17 21:40:57 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2009-01-17 21:37:09 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-01-17 21:36:16 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-01-17 21:35:13 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-01-17 21:34:15 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-01-17 21:29:15 ----HDC---- C:\WINDOWS\$NtUninstallKB926251$
2009-01-17 21:27:37 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-01-17 21:25:25 ----D---- C:\Program Files\MSXML 6.0
2009-01-17 21:25:05 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-01-17 21:15:14 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-01-17 21:13:23 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-01-17 21:00:19 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-01-17 20:58:53 ----D---- C:\WINDOWS\system32\appmgmt
2009-01-17 14:48:01 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-01-17 14:43:24 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2009-01-17 14:39:43 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-17 14:36:54 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-01-17 14:32:18 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-01-17 14:18:02 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-01-17 14:16:53 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-01-17 14:15:53 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-01-17 14:15:00 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-01-17 14:13:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-01-17 14:12:25 ----D---- C:\Program Files\MSXML 4.0
2009-01-17 14:06:19 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$
2009-01-17 13:58:56 ----A---- C:\WINDOWS\GnuHashes.ini
2009-01-15 20:44:37 ----D---- C:\Documents and Settings\Administrateur\Application Data\Google
2009-01-15 20:43:01 ----D---- C:\Program Files\Google
2009-01-15 20:34:32 ----D---- C:\Program Files\Conduit
2009-01-15 20:34:27 ----D---- C:\Program Files\Eazel-FR
2009-01-15 20:12:26 ----A---- C:\WINDOWS\system32\cryptdll32.dll
2009-01-15 19:54:27 ----D---- C:\WINDOWS\ie7updates
2009-01-15 19:43:40 ----D---- C:\Documents and Settings\Administrateur\Application Data\LimeWire
2009-01-15 19:41:45 ----D---- C:\WINDOWS\WBEM
2009-01-15 19:41:35 ----D---- C:\WINDOWS\system32\fr-fr
2009-01-15 19:38:11 ----HDC---- C:\WINDOWS\ie7
2009-01-15 19:35:49 ----A---- C:\WINDOWS\system32\javaws.exe
2009-01-15 19:35:49 ----A---- C:\WINDOWS\system32\javaw.exe
2009-01-15 19:35:49 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-01-15 19:35:48 ----A---- C:\WINDOWS\system32\java.exe
2009-01-15 19:33:32 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2009-01-15 19:30:22 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-01-15 19:30:20 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2009-01-15 19:28:27 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2009-01-15 19:27:30 ----N---- C:\WINDOWS\system32\xmllite.dll
2009-01-15 19:19:27 ----D---- C:\Documents and Settings\Administrateur\Application Data\Sun
2009-01-15 19:04:28 ----N---- C:\WINDOWS\system32\tzchange.exe
2009-01-15 19:02:37 ----D---- C:\Program Files\LimeWire
2009-01-15 17:34:13 ----D---- C:\Documents and Settings\Administrateur\Application Data\Mozilla
2009-01-15 17:33:56 ----D---- C:\Program Files\Mozilla Firefox
2009-01-15 16:57:10 ----D---- C:\Program Files\InternetGameBox

======List of files/folders modified in the last 1 months======

2009-01-21 19:37:33 ----D---- C:\Temp
2009-01-21 19:37:32 ----D---- C:\WINDOWS\Temp
2009-01-21 19:32:44 ----D---- C:\WINDOWS\system32
2009-01-21 19:31:26 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-21 19:28:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-21 17:10:13 ----D---- C:\WINDOWS\system32\CatRoot
2009-01-21 17:10:10 ----HD---- C:\WINDOWS\inf
2009-01-21 16:41:56 ----D---- C:\WINDOWS
2009-01-20 22:10:26 ----SHD---- C:\WINDOWS\Installer
2009-01-20 22:10:22 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-01-20 22:09:29 ----A---- C:\WINDOWS\win.ini
2009-01-20 22:07:24 ----D---- C:\WINDOWS\WinSxS
2009-01-20 22:07:20 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2009-01-20 20:55:24 ----RD---- C:\Program Files
2009-01-20 13:32:45 ----D---- C:\WINDOWS\system32\drivers
2009-01-20 13:31:43 ----D---- C:\Program Files\Fichiers communs
2009-01-19 15:34:58 ----D---- C:\WINDOWS\Debug
2009-01-18 20:17:29 ----A---- C:\WINDOWS\winamp.ini
2009-01-17 21:46:25 ----D---- C:\WINDOWS\system32\DllCache
2009-01-17 21:46:23 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-17 21:29:18 ----D---- C:\Program Files\Windows Media Player
2009-01-17 20:48:02 ----D---- C:\Program Files\Rational
2009-01-17 20:47:45 ----RSD---- C:\WINDOWS\Fonts
2009-01-17 20:46:54 ----A---- C:\WINDOWS\vbaddin.ini
2009-01-17 20:35:16 ----D---- C:\Program Files\Winamp
2009-01-17 20:34:54 ----D---- C:\Program Files\EasyPHP 2.0b1
2009-01-17 20:34:14 ----D---- C:\JBuilder7
2009-01-17 20:31:12 ----D---- C:\wamp
2009-01-15 21:35:49 ----D---- C:\Program Files\Internet Explorer
2009-01-15 21:35:48 ----D---- C:\WINDOWS\Network Diagnostic
2009-01-15 21:35:48 ----D---- C:\WINDOWS\Help
2009-01-15 19:41:24 ----D---- C:\WINDOWS\Media
2009-01-15 19:33:21 ----D---- C:\Program Files\Java
2009-01-15 17:36:16 ----D---- C:\Documents and Settings\Administrateur\Application Data\Adobe
2009-01-09 17:35:30 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2006-09-26 40320]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2006-08-06 163328]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2006-09-26 138752]
R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-09-28 9600]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2006-08-14 1109568]
R3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-09-26 12288]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-11-16 1047816]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2006-09-26 31744]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-04-19 30080]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-07-06 58496]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-09-26 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S1 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2006-02-25 16877]
S3 bvrp_pci;bvrp_pci; \??\C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 K320bus;Sony Ericsson K320 driver (WDM); C:\WINDOWS\system32\DRIVERS\K320bus.sys [2006-08-18 61504]
S3 K320mdfl;Sony Ericsson K320 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\K320mdfl.sys [2006-08-18 9328]
S3 K320mdm;Sony Ericsson K320 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\K320mdm.sys [2006-08-18 97056]
S3 K320mgmt;Sony Ericsson K320 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\K320mgmt.sys [2006-08-18 88560]
S3 K320obex;Sony Ericsson K320 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\K320obex.sys [2006-08-18 86368]
S3 sfng32;Sonic Focus Plugin for Sigmatel HDA; C:\WINDOWS\system32\drivers\sfng32.sys [2006-08-23 41728]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-12-29 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2009-01-20 611664]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-15 152984]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2006-09-27 38912]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMConnectCDS;Service Windows Media Connect; C:\Program Files\Windows Media Connect 2\wmccds.exe [2005-10-06 856064]

-----------------EOF-----------------

   
Répondre à doussa86

10

jlpjlp, le 21 jan 2009 à 19:57:19

C'est quoi le disque F?

___________________


vire ce qui est dans moved files en allant dans poste de travail puis C puis otmovit

____________________


télécharger sur le bureau
Navilog.zip
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

= Double-Clic navilog1.zip
= Extraire tout sur le bureau
= Double-Clic navilog1 qui est sur le bureau
= Appuyer sur une touche jusqu' arriver aux options
= Choisir option 1

un rapport : fixnavi.txt dans C : va se creer
le copier/coller dans ton prochain message.

   
Répondre à jlpjlp

11

doussa86, le 21 jan 2009 à 20:07:30

Jne sé pa c quoi disque F je n'ai que C et D et E

   
Répondre à doussa86

12

jlpjlp, le 21 jan 2009 à 20:13:06

Ok fais la suite

   
Répondre à jlpjlp

13

doussa86, le 21 jan 2009 à 20:24:21

Je trouve navilog.exe et non pa navilog.zip

   
Répondre à doussa86

14

jlpjlp, le 21 jan 2009 à 20:46:51

Tu clique dessus

   
Répondre à jlpjlp

15

doussa86, le 21 jan 2009 à 21:15:05

Voici le rapport
earch Navipromo version 3.7.1 commencé le Wed 01/21/2009 à 21:09:58.67

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 02.01.2009 à 19h00 par IL-MAFIOSO

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A03
USER : Administrateur ( Administrator )
BOOT : Normal boot

Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Not Activated)


C:\ (Local Disk) - NTFS - Total:24 Go (Free:10 Go)
D:\ (Local Disk) - NTFS - Total:50 Go (Free:47 Go)
E:\ (CD or DVD)


Recherche executé en mode normal

*** Recherche Programmes installés ***

Favorit
InternetGameBox

*** Recherche dossiers dans "C:\WINDOWS" ***


*** Recherche dossiers dans "C:\Program Files" ***

...\InternetGameBox trouvé !

*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***

...\InternetGameBox trouvé !

*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Administrateur\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Administrateur\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Administrateur\menudm~1\progra~1" ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\Administrateur\locals~1\applic~1" *



*** Recherche fichiers ***


c:\docume~1\alluse~1\bureau\InternetGameBox.lnk trouvé !

*** Recherche clés spécifiques dans le Registre ***
!! Les clés trouvées ne sont pas forcément infectées !!


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"suuim"="\"c:\\documents and settings\\administrateur\\local settings\\application data\\suuim.exe\" suuim"


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :


* Dans "C:\Documents and Settings\Administrateur\locals~1\applic~1" :

suuim.exe trouvé !
suuim.dat trouvé !
suuim_nav.dat trouvé !
suuim_navps.dat trouvé !

3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche autres dossiers et fichiers connus :



*** Analyse terminée le Wed 01/21/2009 à 21:14:28.95 ***

   
Répondre à doussa86

16

jlpjlp, le 21 jan 2009 à 21:16:31

= Lance navilog1
= Cette fois-ci choisi l'option 2
= Navilog va faire le nettoyage.. patient jusqu'à ce qui soit marqué *** Nettoyage Termine le ..... ***
= Un rapport va être génrer sur ton C:\ qui sera en option 2
Note: le bureau disparaît

= colle le contenu du rapport de navilog (qui est en option2)


PS:Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "exécuter"
Tape explorer et valide. Celà te fera apparaitre ton bureau.

   
Répondre à jlpjlp

17

doussa86, le 21 jan 2009 à 22:32:42

J'ai lancer avec option 2 l'ordinateur s'est redémarré auto mais il bloqué au niveau de fermeture windows pendant + qune heure alors jl'est redémarrer manuellement voici le rapport que jlé trouvé
Clean Navipromo version 3.7.1 commencé le Wed 01/21/2009 à 21:21:03.62

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 02.01.2009 à 19h00 par IL-MAFIOSO

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A03
USER : Administrateur ( Administrator )
BOOT : Normal boot

Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)


C:\ (Local Disk) - NTFS - Total:24 Go (Free:10 Go)
D:\ (Local Disk) - NTFS - Total:50 Go (Free:47 Go)
E:\ (CD or DVD)


Mode suppression automatique
avec prise en charge résultats Catchme et GNS


Nettoyage exécuté au redémarrage de l'ordinateur


*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)


*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\WINDOWS\System32" *


* Suppression dans "C:\Documents and Settings\Administrateur\locals~1\applic~1" *



*** Suppression dossiers dans "C:\WINDOWS" ***


*** Suppression dossiers dans "C:\Program Files" ***

...\InternetGamebox ...suppression...
...\InternetGamebox supprimé !


*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***

...\InternetGamebox ...suppression...
...\InternetGamebox supprimé !


*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\Administrateur\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\Administrateur\locals~1\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\Administrateur\menudm~1\progra~1" ***



*** Suppression fichiers ***

c:\docume~1\alluse~1\bureau\InternetGameBox.lnk supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Administrateur\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans "C:\WINDOWS\system32" *



* Dans "C:\Documents and Settings\Administrateur\locals~1\applic~1" *


suuim.exe trouvé !
Copie suuim.exe réalisée avec succès !
suuim.exe supprimé !

suuim.dat trouvé !
Copie suuim.dat réalisée avec succès !
suuim.dat supprimé !

suuim_nav.dat trouvé !
Copie suuim_nav.dat réalisée avec succès !
suuim_nav.dat supprimé !

suuim_navps.dat trouvé !
Copie suuim_navps.dat réalisée avec succès !
suuim_navps.dat supprimé !


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltdt absent !

*** Recherche autres dossiers et fichiers connus ***



*** Nettoyage terminé le Wed 01/21/2009 à 22:16:55.20 ***

   
Répondre à doussa86

18

jlpjlp, le 22 jan 2009 à 11:27:06

Scan avec
MalwareByte's Anti-Malware après mise a jour, en mode normal et vire ce qui est trouvé et colle le rapport

http://www.malekal.com/tutorial_MalwareBytes_AntiMalware.php­

___________________
nettoie le registre avec recleaner


http://www.malekal.com/regcleaner.html

__________________
vire ce qui est en quarantaine dans malwarebyte et antivir puis remets un rapport RSIT et antivir

et dis tes soucis a plus

   
Répondre à jlpjlp

19

doussa86, le 22 jan 2009 à 20:31:48

Voici le rapport anti_malwere
Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1678
Windows 5.1.2600 Service Pack 2

22-01-2009 18:38:43
mbam-log-2009-01-22 (18-38-43).txt

Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 104685
Temps écoulé: 1 hour(s), 18 minute(s), 20 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\249.tmp (Trojan.Fraudtool) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Trojan.Agent) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\249.tmp (Trojan.Fraudtool) -> Delete on reboot.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.

   
Répondre à doussa86

20

jlpjlp, le 22 jan 2009 à 20:33:16

Ok redémarre pour finir le nettoyage puis fais la suite

   
Répondre à jlpjlp

21

doussa86, le 22 jan 2009 à 20:37:09

J'ai déja redémarrer et j'ai nétoyé les registres je vais maintenant lancé antivir et rsit

   
Répondre à doussa86

22

jlpjlp, le 22 jan 2009 à 20:48:36

Ok

   
Répondre à jlpjlp

23

doussa86, le 22 jan 2009 à 20:54:53

Raport rsit
Logfile of random's system information tool 1.05 (written by random/random)
Run by Administrateur at 2009-01-22 20:54:06
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 11 GB (43%) free of 25 GB
Total RAM: 246 MB (34% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:54:18, on 22-01-2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\mmm.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\visualtooltips\VisualToolTip.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\RegCleaner\RegCleanr.exe
C:\Program Files\RegCleaner\RegCleanr.exe
C:\Program Files\RegCleaner\RegCleanr.exe
C:\Program Files\RegCleaner\RegCleanr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\RegCleaner\RegCleanr.exe
C:\Program Files\RegCleaner\RegCleanr.exe
C:\Program Files\RegCleaner1\RegCleanr.exe
C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Administrateur.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2095689
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
R3 - URLSearchHook: Eazel-FR Toolbar - {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - C:\Program Files\Eazel-FR\tbEaz0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Eazel-FR Toolbar - {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - C:\Program Files\Eazel-FR\tbEaz0.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Eazel-FR Toolbar - {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - C:\Program Files\Eazel-FR\tbEaz0.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [KelsPackSoft] C:\WINDOWS\system32\mmm.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [RocketDock] "%programfiles%\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [UberIcon] "%programfiles%\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [RocketDock] "%programfiles%\RocketDock\RocketDock.exe" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [UberIcon] "%programfiles%\UberIcon\UberIcon Manager.exe" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nLite] %systemroot%\inf\nlite.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nLite] %systemroot%\inf\nlite.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - .DEFAULT User Startup: VisualToolTip.lnk = C:\Program Files\visualtooltips\VisualToolTip.exe (User 'Default user')
O4 - Startup: VisualToolTip.lnk = C:\Program Files\visualtooltips\VisualToolTip.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: cc12cd7e517 - C:\WINDOWS\System32\cryptdll32.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
End of file - 9263 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2007-11-12 1377576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-15 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a8f9752d-e2b8-4e7a-86b5-499f4330e2fe}]
Eazel-FR Toolbar - C:\Program Files\Eazel-FR\tbEaz0.dll [2008-11-23 1784856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2006-09-27 544032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-15 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-15 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2006-09-27 544032]
{a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - Eazel-FR Toolbar - C:\Program Files\Eazel-FR\tbEaz0.dll [2008-11-23 1784856]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2006-08-14 98304]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2006-08-14 114688]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2006-08-14 94208]
"KelsPackSoft"=C:\WINDOWS\system32\mmm.exe [2005-07-05 828416]
"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2006-09-07 15872]
""= []
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2005-10-26 159744]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe [2005-06-23 57344]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2004-12-20 33792]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TaskSwitchXP"=C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe [2006-08-05 62976]
"RocketDock"=C:\Program Files\RocketDock\RocketDock.exe [2006-05-14 344064]
"UberIcon"=C:\Program Files\UberIcon\UberIcon Manager.exe [2006-02-05 180224]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage
VisualToolTip.lnk - C:\Program Files\visualtooltips\VisualToolTip.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cc12cd7e517]
C:\WINDOWS\System32\cryptdll32.dll [2009-01-22 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispCPL"=0
"NoDispAppearancePage"=0
"NoDispSettingsPage"=0
"NoDispScrSavPage"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"ForceClassicControlPanel"=1
"NoThemesTab"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceClassicControlPanel"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\wamp\Apache2\bin\httpd.exe"="C:\wamp\Apache2\bin\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\Administrateur\so7.exe"="C:\Documents and Settings\Administrateur\so7.exe:*:Enabled:so7"
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe:*:Enabled:Kaspersky Anti-Virus"
"C:\WINDOWS\system32\iexplore.exe"="C:\WINDOWS\system32\iexplore.exe:*:Enabled:Microsoft Internet Explorer"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9047b2f8-b61e-11dd-907c-001320b2d2f8}]
shell\AutoRun\command - F:\explorer.exe
shell\explore\command - F:\explorer.exe
shell\open\command - F:\explorer.exe


======File associations======

.bat - edit - C:\WINDOWS\system32\NOTEPAD2.EXE %1
.cmd - edit - C:\WINDOWS\system32\NOTEPAD2.EXE %1
.inf - open - C:\WINDOWS\system32\NOTEPAD2.EXE %1
.ini - open - C:\WINDOWS\system32\NOTEPAD2.EXE %1
.js - edit - C:\WINDOWS\system32\Notepad2.exe %1
.reg - edit - C:\WINDOWS\system32\NOTEPAD2.EXE %1
.txt - open - C:\WINDOWS\system32\NOTEPAD2.EXE %1
.vbs - edit - C:\WINDOWS\system32\Notepad2.exe %1

======List of files/folders created in the last 1 months======

2009-01-22 19:56:27 ----D---- C:\Program Files\RegCleaner1
2009-01-22 19:03:27 ----D---- C:\Program Files\RegCleaner
2009-01-22 17:15:27 ----D---- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2009-01-22 17:15:13 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-22 17:15:12 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-21 22:22:30 ----SHD---- C:\WINDOWS\system32\GroupPolicyManifest
2009-01-21 21:21:03 ----A---- C:\cleannavi.txt
2009-01-21 21:09:58 ----A---- C:\fixnavi.txt
2009-01-21 21:07:30 ----D---- C:\Program Files\Navilog1
2009-01-21 17:29:54 ----D---- C:\_OTMoveIt
2009-01-20 20:55:24 ----D---- C:\Program Files\trend micro
2009-01-20 20:54:49 ----D---- C:\rsit
2009-01-20 13:32:45 ----D---- C:\Program Files\Lavasoft
2009-01-20 13:32:42 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-01-20 13:31:43 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard
2009-01-19 16:33:58 ----D---- C:\Program Files\Avira
2009-01-19 16:33:58 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-01-19 16:30:14 ----D---- C:\Documents and Settings\Administrateur\Application Data\vlc
2009-01-19 16:28:07 ----D---- C:\Program Files\VideoLAN
2009-01-19 13:52:38 ----D---- C:\Program Files\Sunbelt Software
2009-01-17 21:46:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-01-17 21:45:41 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-01-17 21:44:16 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-01-17 21:42:09 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-01-17 21:40:57 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2009-01-17 21:37:09 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-01-17 21:36:16 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-01-17 21:35:13 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-01-17 21:34:15 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-01-17 21:29:15 ----HDC---- C:\WINDOWS\$NtUninstallKB926251$
2009-01-17 21:27:37 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-01-17 21:25:25 ----D---- C:\Program Files\MSXML 6.0
2009-01-17 21:25:05 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-01-17 21:15:14 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-01-17 21:13:23 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-01-17 21:00:19 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-01-17 20:58:53 ----D---- C:\WINDOWS\system32\appmgmt
2009-01-17 14:48:01 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-01-17 14:43:24 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2009-01-17 14:39:43 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-17 14:36:54 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-01-17 14:32:18 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-01-17 14:18:02 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-01-17 14:16:53 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-01-17 14:15:53 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-01-17 14:15:00 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-01-17 14:13:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-01-17 14:12:25 ----D---- C:\Program Files\MSXML 4.0
2009-01-17 14:06:19 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$
2009-01-17 13:58:56 ----A---- C:\WINDOWS\GnuHashes.ini
2009-01-15 20:44:37 ----D---- C:\Documents and Settings\Administrateur\Application Data\Google
2009-01-15 20:43:01 ----D---- C:\Program Files\Google
2009-01-15 20:34:32 ----D---- C:\Program Files\Conduit
2009-01-15 20:34:27 ----D---- C:\Program Files\Eazel-FR
2009-01-15 20:12:26 ----A---- C:\WINDOWS\system32\cryptdll32.dll
2009-01-15 19:54:27 ----D---- C:\WINDOWS\ie7updates
2009-01-15 19:43:40 ----D---- C:\Documents and Settings\Administrateur\Application Data\LimeWire
2009-01-15 19:41:45 ----D---- C:\WINDOWS\WBEM
2009-01-15 19:41:35 ----D---- C:\WINDOWS\system32\fr-fr
2009-01-15 19:38:11 ----HDC---- C:\WINDOWS\ie7
2009-01-15 19:35:49 ----A---- C:\WINDOWS\system32\javaws.exe
2009-01-15 19:35:49 ----A---- C:\WINDOWS\system32\javaw.exe
2009-01-15 19:35:49 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-01-15 19:35:48 ----A---- C:\WINDOWS\system32\java.exe
2009-01-15 19:33:32 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2009-01-15 19:30:22 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-01-15 19:30:20 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2009-01-15 19:28:27 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2009-01-15 19:27:30 ----N---- C:\WINDOWS\system32\xmllite.dll
2009-01-15 19:19:27 ----D---- C:\Documents and Settings\Administrateur\Application Data\Sun
2009-01-15 19:04:28 ----N---- C:\WINDOWS\system32\tzchange.exe
2009-01-15 17:34:13 ----D---- C:\Documents and Settings\Administrateur\Application Data\Mozilla
2009-01-15 17:33:56 ----D---- C:\Program Files\Mozilla Firefox

======List of files/folders modified in the last 1 months======

2009-01-22 20:54:12 ----D---- C:\Temp
2009-01-22 20:15:44 ----D---- C:\WINDOWS\Temp
2009-01-22 19:56:27 ----RD---- C:\Program Files
2009-01-22 19:51:22 ----D---- C:\WINDOWS
2009-01-22 18:44:50 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-22 18:42:07 ----D---- C:\WINDOWS\system32\drivers
2009-01-22 18:42:07 ----D---- C:\WINDOWS\system32
2009-01-22 18:41:38 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-01-22 18:38:43 ----SHD---- C:\RECYCLER
2009-01-21 17:10:13 ----D---- C:\WINDOWS\system32\CatRoot
2009-01-21 17:10:10 ----HD---- C:\WINDOWS\inf
2009-01-20 22:10:26 ----SHD---- C:\WINDOWS\Installer
2009-01-20 22:10:22 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-01-20 22:09:29 ----A---- C:\WINDOWS\win.ini
2009-01-20 22:07:24 ----D---- C:\WINDOWS\WinSxS
2009-01-20 22:07:20 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2009-01-20 13:31:43 ----D---- C:\Program Files\Fichiers communs
2009-01-19 15:34:58 ----D---- C:\WINDOWS\Debug
2009-01-18 20:17:29 ----A---- C:\WINDOWS\winamp.ini
2009-01-17 21:46:25 ----D---- C:\WINDOWS\system32\DllCache
2009-01-17 21:46:23 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-17 21:29:18 ----D---- C:\Program Files\Windows Media Player
2009-01-17 20:48:02 ----D---- C:\Program Files\Rational
2009-01-17 20:47:45 ----RSD---- C:\WINDOWS\Fonts
2009-01-17 20:46:54 ----A---- C:\WINDOWS\vbaddin.ini
2009-01-17 20:35:16 ----D---- C:\Program Files\Winamp
2009-01-17 20:34:54 ----D---- C:\Program Files\EasyPHP 2.0b1
2009-01-17 20:34:14 ----D---- C:\JBuilder7
2009-01-17 20:31:12 ----D---- C:\wamp
2009-01-15 21:35:49 ----D---- C:\Program Files\Internet Explorer
2009-01-15 21:35:48 ----D---- C:\WINDOWS\Network Diagnostic
2009-01-15 21:35:48 ----D---- C:\WINDOWS\Help
2009-01-15 19:41:24 ----D---- C:\WINDOWS\Media
2009-01-15 19:33:21 ----D---- C:\Program Files\Java
2009-01-15 17:36:16 ----D---- C:\Documents and Settings\Administrateur\Application Data\Adobe
2009-01-09 17:35:30 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2006-09-26 40320]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2006-08-06 163328]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2006-09-26 138752]
R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-09-28 9600]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2006-08-14 1109568]
R3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-09-26 12288]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-11-16 1047816]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2006-09-26 31744]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-04-19 30080]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-07-06 58496]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-09-26 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S1 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2006-02-25 16877]
S3 bvrp_pci;bvrp_pci; \??\C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 catchme;catchme; \??\C:\Temp\catchme.sys []
S3 K320bus;Sony Ericsson K320 driver (WDM); C:\WINDOWS\system32\DRIVERS\K320bus.sys [2006-08-18 61504]
S3 K320mdfl;Sony Ericsson K320 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\K320mdfl.sys [2006-08-18 9328]
S3 K320mdm;Sony Ericsson K320 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\K320mdm.sys [2006-08-18 97056]
S3 K320mgmt;Sony Ericsson K320 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\K320mgmt.sys [2006-08-18 88560]
S3 K320obex;Sony Ericsson K320 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\K320obex.sys [2006-08-18 86368]
S3 sfng32;Sonic Focus Plugin for Sigmatel HDA; C:\WINDOWS\system32\drivers\sfng32.sys [2006-08-23 41728]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-12-29 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2009-01-20 611664]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-15 152984]
R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2006-09-27 38912]
S3 WMConnectCDS;Service Windows Media Connect; C:\Program Files\Windows Media Connect 2\wmccds.exe [2005-10-06 856064]

-----------------EOF-----------------

   
Répondre à doussa86

24

jlpjlp, le 22 jan 2009 à 20:57:50

Rsit est bon manque que antivir pour voir

   
Répondre à jlpjlp

26

doussa86, le 22 jan 2009 à 22:01:57

Avira AntiVir Personal
Report file date: jeudi 22 janvier 2009 20:56

Scanning for 1257460 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: VISI0N-4812C7C6

Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 18/11/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 18/11/2008 08:21:26
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36
ANTIVIR1.VDF : 7.1.1.113 2817536 Bytes 14/01/2009 15:41:51
ANTIVIR2.VDF : 7.1.1.148 440832 Bytes 20/01/2009 17:42:47
ANTIVIR3.VDF : 7.1.1.168 315904 Bytes 22/01/2009 16:57:16
Engineversion : 8.2.0.60
AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 10:05:56
AESCRIPT.DLL : 8.1.1.32 340347 Bytes 22/01/2009 16:57:55
AESCN.DLL : 8.1.1.5 123251 Bytes 07/11/2008 15:06:41
AERDL.DLL : 8.1.1.3 438645 Bytes 04/11/2008 13:58:38
AEPACK.DLL : 8.1.3.5 393588 Bytes 19/01/2009 15:44:55
AEOFFICE.DLL : 8.1.0.33 196987 Bytes 19/01/2009 15:44:38
AEHEUR.DLL : 8.1.0.86 1552759 Bytes 22/01/2009 16:57:49
AEHELP.DLL : 8.1.2.0 119159 Bytes 19/01/2009 15:43:35
AEGEN.DLL : 8.1.1.10 323957 Bytes 19/01/2009 15:43:28
AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 10:05:56
AECORE.DLL : 8.1.5.2 172405 Bytes 19/01/2009 15:43:12
AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 10:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 12:02:15
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: jeudi 22 janvier 2009 20:56

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'RegCleanr.exe' - '1' Module(s) have been scanned
Scan process 'RegCleanr.exe' - '1' Module(s) have been scanned
Scan process 'RegCleanr.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'RegCleanr.exe' - '1' Module(s) have been scanned
Scan process 'RegCleanr.exe' - '1' Module(s) have been scanned
Scan process 'RegCleanr.exe' - '1' Module(s) have been scanned
Scan process 'RegCleanr.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'epmworker.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'Generic.exe' - '1' Module(s) have been scanned
Scan process 'CapabilityManager.exe' - '1' Module(s) have been scanned
Scan process 'VisualToolTip.exe' - '1' Module(s) have been scanned
Scan process 'DLG.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'TaskSwitchXP.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'winampa.exe' - '1' Module(s) have been scanned
Scan process 'apdproxy.exe' - '1' Module(s) have been scanned
Scan process 'Application Launcher.exe' - '1' Module(s) have been scanned
Scan process 'UnlockerAssistant.exe' - '1' Module(s) have been scanned
Scan process 'mmm.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'WgaTray.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
47 processes with 47 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
C:\WINDOWS\system32\cryptdll32.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] The file was deleted!

The registry was scanned ( '57' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\ARK34.tmp
[DETECTION] Is the TR/Spy.Gen Trojan
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] The file was deleted!
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\cryptdll32.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was deleted!
C:\WINDOWS\system32\GroupPolicyManifest\33.video.zip
[0] Archive type: ZIP
--> hardcore_porn.exe
[DETECTION] Is the TR/Dldr.Tracur.A.3 Trojan
[NOTE] The file was deleted!
C:\WINDOWS\system32\GroupPolicyManifest\34.setup.zip
[0] Archive type: ZIP
--> crack+keygen.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
--> setup.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was deleted!
C:\WINDOWS\system32\GroupPolicyManifest\35.unpack.zip
[0] Archive type: ZIP
--> self_extracting_archive.exe
[DETECTION] Is the TR/Dldr.Tracur.A Trojan
[NOTE] The file was deleted!
C:\WINDOWS\system32\GroupPolicyManifest\36.keygen.zip
[0] Archive type: ZIP
--> keygen.exe
[DETECTION] Is the TR/Drop.Agent.aob Trojan
--> setup.exe
[DETECTION] Is the TR/Drop.Agent.aob Trojan
[NOTE] The file was deleted!
C:\WINDOWS\system32\GroupPolicyManifest\37.serial.zip
[0] Archive type: ZIP
--> serial.exe
[DETECTION] Is the TR/Dldr.Tracur.A.1 Trojan
--> setup.exe
[DETECTION] Is the TR/Dldr.Tracur.A.2 Trojan
[NOTE] The file was deleted!
Begin scan in 'D:\'


End of the scan: jeudi 22 janvier 2009 21:40
Used time: 44:18 Minute(s)

The scan has been done completely.

5434 Scanning directories
276026 Files were scanned
11 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
8 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
276013 Files not concerned
2189 Archives were scanned
4 Warnings
8 Notes

   
Répondre à doussa86

27

jlpjlp, le 22 jan 2009 à 22:40:29

Télécharge OTMoveIt
http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.

double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste instruction for items to be moved.
(attention bien mettre :files)



:processes
explorer.exe
:files
C:\ARK34.tmp
C:\WINDOWS\system32\cryptdll32.dll
C:\WINDOWS\system32\GroupPolicyManifest\33.video.zip
C:\WINDOWS\system32\GroupPolicyManifest\34.setup.zip
C:\WINDOWS\system32\GroupPolicyManifest\35.unpack.zip
C:\WINDOWS\system32\GroupPolicyManifest\36.keygen.zip
C:\WINDOWS\system32\GroupPolicyManifest\37.serial.zip

:commands
[purity]
[emptytemp]
[start explorer]


clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.



_________________


télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.

[si je suspecte une infection bagle, j'ajoute :

sous le nom de antibagle. Fais le avant que le fichier ne soit enregistré sur le bureau]

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

http://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

   
Répondre à jlpjlp

28

doussa86, le 22 jan 2009 à 23:36:36

Rapport otmoveit
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder C:\ARK34.tmp not found.
LoadLibrary failed for C:\WINDOWS\system32\cryptdll32.dll
C:\WINDOWS\system32\cryptdll32.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\cryptdll32.dll scheduled to be moved on reboot.
File/Folder C:\WINDOWS\system32\GroupPolicyManifest\33.video.zip not found.
File/Folder C:\WINDOWS\system32\GroupPolicyManifest\34.setup.zip not found.
File/Folder C:\WINDOWS\system32\GroupPolicyManifest\35.unpack.zip not found.
File/Folder C:\WINDOWS\system32\GroupPolicyManifest\36.keygen.zip not found.
File/Folder C:\WINDOWS\system32\GroupPolicyManifest\37.serial.zip not found.
========== COMMANDS ==========
File delete failed. C:\Temp\etilqs_DU8JgBT1aEWUGdTwr15S scheduled to be deleted on reboot.
File delete failed. C:\Temp\~DF5380.tmp scheduled to be deleted on reboot.
File delete failed. C:\Temp\~DF53D3.tmp scheduled to be deleted on reboot.
File delete failed. C:\Temp\~DF664F.tmp scheduled to be deleted on reboot.
File delete failed. C:\Temp\~DF6659.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_19c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\i6w2nqvt.default\Cache\_CACHE_­001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\i6w2nqvt.default\Cache\_CACHE_­002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\i6w2nqvt.default\Cache\_CACHE_­003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\i6w2nqvt.default\Cache\_CACHE_­MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\i6w2nqvt.default\urlclassifier­3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\i6w2nqvt.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01222009_232846

   
Répondre à doussa86

29

jlpjlp, le 23 jan 2009 à 11:16:22

Télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.

[si je suspecte une infection bagle, j'ajoute :

sous le nom de antibagle. Fais le avant que le fichier ne soit enregistré sur le bureau]

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

http://www.bleepingcomputer.com/combofix/fr/comment-utiliser­-combofix

   
Répondre à jlpjlp

33

doussa86, le 23 jan 2009 à 15:17:57

Voici rapport combofix
ComboFix 09-01-21.04 - Administrateur 01/23/2009 12:57:44.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.246.62 [GMT 1:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrateur\Application Data\[u]0/u20000001e6d93b2517C.manifest
c:\documents and settings\Administrateur\Application Data\[u]0/u20000001e6d93b2517O.manifest
c:\documents and settings\Administrateur\Application Data\[u]0/u20000001e6d93b2517P.manifest
c:\documents and settings\Administrateur\Application Data\[u]0/u20000001e6d93b2517S.manifest
c:\windows\GnuHashes.ini
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\GroupPolicyManifest
c:\windows\system32\GroupPolicyManifest\32.crack.zip
c:\windows\system32\GroupPolicyManifest\32.crack.zip.kwd
c:\windows\system32\GroupPolicyManifest\33.video.zip.kwd
c:\windows\system32\GroupPolicyManifest\34.setup.zip.kwd
c:\windows\system32\GroupPolicyManifest\35.unpack.zip.kwd
c:\windows\system32\GroupPolicyManifest\36.keygen.zip.kwd
c:\windows\system32\GroupPolicyManifest\37.serial.zip.kwd
c:\windows\system32\GroupPolicyManifest\39.music.mp3.kwd
c:\windows\system32\GroupPolicyManifest\40.mpgvideo.mpg.kwd
c:\windows\system32\x64

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-23 au 2009-01-23 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans ce laps de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-22 19:54 --------- d-----w c:\program files\trend micro
2009-01-22 19:02 --------- d-----w c:\program files\RegCleaner
2009-01-22 18:56 --------- d-----w c:\program files\RegCleaner1
2009-01-22 16:15 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-22 16:15 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-22 16:15 --------- d-----w c:\documents and settings\Administrateur\Application Data\Malwarebytes
2009-01-21 21:16 --------- d-----w c:\program files\Navilog1
2009-01-20 21:10 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-20 12:34 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-20 12:32 --------- d-----w c:\program files\Lavasoft
2009-01-20 12:31 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2009-01-19 19:26 --------- d-----w c:\documents and settings\Administrateur\Application Data\LimeWire
2009-01-19 18:41 --------- d-----w c:\documents and settings\Administrateur\Application Data\vlc
2009-01-19 15:33 --------- d-----w c:\program files\Avira
2009-01-19 15:33 --------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-01-19 15:28 --------- d-----w c:\program files\VideoLAN
2009-01-19 15:06 --------- d-----w c:\program files\Eazel-FR
2009-01-19 12:52 --------- d-----w c:\program files\Sunbelt Software
2009-01-17 20:25 --------- d-----w c:\program files\MSXML 6.0
2009-01-17 19:48 --------- d-----w c:\program files\Rational
2009-01-17 19:35 --------- d-----w c:\program files\Winamp
2009-01-17 19:34 --------- d-----w c:\program files\EasyPHP 2.0b1
2009-01-17 16:42 19,741 ----a-w c:\documents and settings\Administrateur\upad33.exe
2009-01-17 13:12 --------- d-----w c:\program files\MSXML 4.0
2009-01-15 19:43 --------- d-----w c:\program files\Google
2009-01-15 19:34 --------- d-----w c:\program files\Conduit
2009-01-15 18:33 --------- d-----w c:\program files\Java
2009-01-14 15:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissar­my.sys
2009-01-14 15:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-12-11 17:23 --------- d-----w c:\documents and settings\Administrateur\Application Data\Rational
2008-12-11 10:24 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-11-29 19:24 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-11-27 16:26 --------- d-----w c:\program files\Kaspersky Lab
2008-10-13 15:32 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2006-09-30 15:27 472 ----a-w c:\program files\ro.reg
2007-02-25 11:06 122,880 --sha-r c:\windows\system32\blat.dll
2007-02-25 11:06 115,200 --sha-r c:\windows\system32\blat.exe
.

------- Sigcheck -------

04/14/2008 03:34 AM 14336 e4bdf223cd75478bf44567b4d5c2634d c:\windows\SoftwareDistribu­tion\Download\7a1946fba2b8886ae6be37be6d51ae57\svchost.exe
08/03/2004 11:55 PM 14336 1bd6c2f707a275cb7c16fd99fe0f31ca c:\windows\system32\svchost­.exe

04/14/2008 03:33 AM 82432 fb836f9e62d82904c983ad21296a5d9c c:\windows\SoftwareDistribu­tion\Download\7a1946fba2b8886ae6be37be6d51ae57\ws2_32.dll
08/03/2004 11:54 PM 82944 bc41f51a39d3b255805fdb759b7814ae c:\windows\system32\ws2_32.­dll

04/13/2008 08:20 PM 182656 1df7f42665c94b825322fae71721130d c:\windows\SoftwareDistribu­tion\Download\7a1946fba2b8886ae6be37be6d51ae57\ndis.sys
08/03/2004 10:14 PM 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\system32\drivers­\ndis.sys

04/13/2008 07:53 PM 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\SoftwareDistribu­tion\Download\7a1946fba2b8886ae6be37be6d51ae57\ip6fw.sys
08/03/2004 10:00 PM 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\system32\drivers­\ip6fw.sys

09/29/2006 12:25 AM 1188352 a910a415c96884da209b975e3d4f83ee c:\windows\explorer.exe
04/14/2008 03:34 AM 1037824 f2317622d29f9ff0f88aeecd5f60f0dd c:\windows\SoftwareDistribu­tion\Download\7a1946fba2b8886ae6be37be6d51ae57\explorer.exe
06/13/2007 02:22 PM 1037312 d0288319660edcfed07c7e74c4ea38a5 c:\windows\SoftwareDistribu­tion\Download\aa7b28efbf5e224a2f6b995008501967\SP2GDR\explor­er.exe
06/13/2007 02:10 PM 1037312 b795475444d6d57a572c14b9e1a29839 c:\windows\SoftwareDistribu­tion\Download\aa7b28efbf5e224a2f6b995008501967\SP2QFE\explor­er.exe

04/14/2008 03:34 AM 109056 54cb50058851d95e56ec70d09f70857f c:\windows\SoftwareDistribu­tion\Download\7a1946fba2b8886ae6be37be6d51ae57\services.exe
08/03/2004 11:55 PM 108544 732e0b1abaace15d80ec19056b0a2af9 c:\windows\system32\service­s.exe

04/14/2008 03:34 AM 13312 91e6024d6d4dcdecdb36c43ecf9bbecb c:\windows\SoftwareDistribu­tion\Download\7a1946fba2b8886ae6be37be6d51ae57\lsass.exe
08/03/2004 11:54 PM 13312 9f3744a5c6f49291a7a685040a013399 c:\windows\system32\lsass.e­xe

04/14/2008 03:33 AM 15360 59dc5bb82e4c8e0b3eadcfdbc44ba6e4 c:\windows\SoftwareDistribu­tion\Download\7a1946fba2b8886ae6be37be6d51ae57\ctfmon.exe
08/03/2004 11:54 PM 15360 5584247b568c2e53934873f4b655fe6a c:\windows\system32\ctfmon.­exe

04/14/2008 03:34 AM 26624 e74ddb12188c2ff57a78624dbf7332fc c:\windows\SoftwareDistribu­tion\Download\7a1946fba2b8886ae6be37be6d51ae57\userinit.exe
08/03/2004 11:55 PM 25088 d6d65ea32b190401b57edb6706f29669 c:\windows\system32\userini­t.exe

04/14/2008 03:33 AM 17408 9f2c862e39bf8e8fc51c3f6a6bceb415 c:\windows\SoftwareDistribu­tion\Download\7a1946fba2b8886ae6be37be6d51ae57\powrprof.dll
08/03/2004 11:54 PM 17408 b02e4ddbe0e98f42f3b61292ddb3a104 c:\windows\system32\powrpro­f.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a8f9752d-e2b8-4e7a-86b5-499f4330e2fe}"= "c:\program files\Eazel-FR\tbEaz0.dll" [11/23/2008 11:03 PM 1784856]

[HKEY_CLASSES_ROOT\clsid\{a8f9752d-e2b8-4e7a-86b5-499f4330e2fe}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a8f9752d-e2b8-4e7a-86b5-499f4330e2fe}]
11/23/2008 11:03 PM 1784856 --a------ c:\program files\Eazel-FR\tbEaz0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a8f9752d-e2b8-4e7a-86b5-499f4330e2fe}"= "c:\program files\Eazel-FR\tbEaz0.dll" [11/23/2008 11:03 PM 1784856]

[HKEY_CLASSES_ROOT\clsid\{a8f9752d-e2b8-4e7a-86b5-499f4330e2fe}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A8F9752D-E2B8-4E7A-86B5-499F4330E2FE}"= "c:\program files\Eazel-FR\tbEaz0.dll" [11/23/2008 11:03 PM 1784856]

[HKEY_CLASSES_ROOT\clsid\{a8f9752d-e2b8-4e7a-86b5-499f4330e2fe}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TaskSwitchXP"="c:\program files\TaskSwitchXP\TaskSwitchXP.exe" [08/05/2006 01:29 AM 62976]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [05/14/2006 09:47 PM 344064]
"UberIcon"="c:\program files\UberIcon\UberIcon Manager.exe" [02/05/2006 01:20 PM 180224]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [08/03/2004 11:54 PM 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [01/19/2007 11:55 AM 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [08/14/2006 01:39 PM 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [08/14/2006 01:41 PM 114688]
"Persistence"="c:\windows\system32\igfxpers.exe" [08/14/2006 01:38 PM 94208]
"KelsPackSoft"="c:\windows\system32\mmm.exe" [07/05/2005 01:34 PM 828416]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [09/07/2006 10:19 AM 15872]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [10/26/2005 04:17 PM 159744]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [06/23/2005 07:33 PM 57344]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [12/20/2004 07:41 PM 33792]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [06/12/2008 01:28 PM 266497]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TaskSwitchXP"="c:\program files\TaskSwitchXP\TaskSwitchXP.exe" [08/05/2006 01:29 AM 62976]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [05/14/2006 09:47 PM 344064]
"UberIcon"="c:\program files\UberIcon\UberIcon Manager.exe" [02/05/2006 01:20 PM 180224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [08/03/2004 11:37 PM 44544]

c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
VisualToolTip.lnk - c:\program files\visualtooltips\VisualToolTip.exe [2008-05-27 319488]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-06-02 24576]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoThemesTab"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cc12cd7e517]
01/22/2009 11:55 PM 135168 c:\windows\system32\cryptdll32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

S3 K320bus;Sony Ericsson K320 driver (WDM);c:\windows\system32\drivers\K320bus.sys [2008-09-12 61504]
S3 K320mdfl;Sony Ericsson K320 USB WMC Modem Filter;c:\windows\system32\drivers\K320mdfl.sys [2008-09-12 9328]
S3 K320mdm;Sony Ericsson K320 USB WMC Modem Driver;c:\windows\system32\drivers\K320mdm.sys [2008-09-12 97056]
S3 K320mgmt;Sony Ericsson K320 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\K320mgmt.sys [2008-09-12 88560]
S3 K320obex;Sony Ericsson K320 USB WMC OBEX Interface;c:\windows\system32\drivers\K320obex.sys [2008-09-12 86368]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9047b2f8-b61e-11dd-907c-001320b2d2f8}]
\Shell\AutoRun\command - F:\explorer.exe
\Shell\explore\Command - F:\explorer.exe
\Shell\open\Command - F:\explorer.exe
.
Contenu du dossier 'Tâches planifiées'

2009-01-23 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [09/27/2006 04:39 PM]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2095689
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\i6w2nqvt.default\
.
.
------- Associations de fichier -------
.
inffile=c:\windows\system32\NOTEPAD2.EXE %1
inifile=c:\windows\system32\NOTEPAD2.EXE %1
txtfile=c:\windows\system32\NOTEPAD2.EXE %1
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-23 12:59:51
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(668)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\SHSVCS.dll
c:\windows\system32\sfc_os.dll
c:\windows\System32\cryptdll32.dll

- - - - - - - > 'lsass.exe'(724)
c:\windows\system32\setupapi.dll
c:\windows\system32\scecli.dll
.
Heure de fin: 01/23/2009 13:02:26
ComboFix-quarantined-files.txt 2009-01-23 12:02:22

Avant-CF: 11,075,596,288 octets libres
Après-CF: 11,064,750,080 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

224 --- E O F --- 2009-01-21 15:56:20



merci

   
Répondre à doussa86
43 réponses 12 Suivant
Posez votre question Répondre
Ils ont besoin de votre aide