Hello,

peux-tu faire ceci stp ?

> Télécharge random's system information tool (RSIT) : http://images.malwareremoval.com/random/RSIT.exe
- Enregistre le programme sur ton bureau.
- Double clique sur RSIT.exe
- A l'écran "Disclaimer" choisis "1 months" dans le menu déroulant puis clique sur <continue>.
- Si HiJackThis n'est pas détecté sur ton PC, RSIT le téléchargera ; accepte alors la licence.
- Une fois le scanne terminé tu obtiendras un rapport log.txt. Poste le sur le forum.
NB : Il se peut que tu obtiennes un second rapport nommé info.txt. Dans ce cas poste le aussi mais dans un second message.


Merci
Formatage en cours...3% Veuillez patienter. Merci.

Salut,

Passe ton fichier infecté sur http://www.virustotal.com

Le info.txt

info.txt logfile of random's system information tool 1.06 2009-04-11 11:01:41

======Uninstall list======

-->I:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 I:\WINDOWS\INF\PCHealth.inf
1.0-->"I:\Program Files\A Vampyre Story Demo\unins000.exe"
7-Zip 4.60 beta-->"I:\Program Files\7-Zip\Uninstall.exe"
ABBYY FineReader 5.0 Sprint-->MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Adobe Flash Player 10 ActiveX-->I:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->I:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 6.0 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-000000000001}
Adobe Shockwave Player-->I:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE I:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Aleo SWF GIF Converter 1.3 Build2-->"I:\Program Files\Aleo Software\SWF GIF Converter\unins000.exe"
Architecte 3D Silver Advanced-->I:\PROGRA~1\ARCHIT~1\UNWISE.EXE I:\PROGRA~1\ARCHIT~1\INSTALL.LOG
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Astérix aux Jeux Olympiques-->"I:\Program Files\Atari\Asterix at the Olympic Games\Uninstall.exe"
Astérix Maxi-Délirium Démo encartée-->RunDll32 I:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "I:\Program Files\InstallShield Installation Information\{8E8CD14F-C62E-4F8C-841C-043F48C0486E}\setup.exe"
Astérix Maxi-Délirium-->RunDll32 I:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "I:\Program Files\InstallShield Installation Information\{09C8B025-F0C5-4EF2-BC4F-399269BDE0C8}\setup.exe"
ATI - Utilitaire de désinstallation du logiciel-->I:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI AVIVO Codecs-->MsiExec.exe /I{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}
ATI Catalyst Control Center-->RunDll32 I:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "I:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x336d
ATI Display Driver-->rundll32 I:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION-->RunDll32 I:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "I:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
ATI Parental Control & Encoder-->MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7}
ATI Problem Report Wizard-->MsiExec.exe /X{5DA6F06A-B389-407B-BF8C-1548767914D8}
avast! Antivirus-->I:\Program Files\Alwil Software\Avast4\aswRunDll.exe "I:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Big Fish Games Client-->I:\Program Files\bfgclient\Uninstall.exe
Caesar 3-->I:\WINDOWS\IsUn040c.exe -fC:\SIERRA\Caesar3\Uninst.isu
Call Of Atlantis-->"I:\Program Files\Call Of Atlantis bon\ReflexiveArcade\unins000.exe"
Call of Atlantis-->"I:\Program Files\Call of Atlantis\Uninstall.exe"
Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C}
CCleaner (remove only)-->"I:\Program Files\CCleaner\uninst.exe"
Chainz 2 Deluxe-->"I:\Program Files\Zylom Games\Chainz 2 Deluxe\GameInstaller.exe" --uninstall UnInstall.log
Chainz 2-->"I:\Program Files\Chainz 2\ReflexiveArcade\unins000.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
CloneCD-->"I:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="I:\Program Files\SlySoft\CloneCD"
Convertor 1.0-->"I:\Program Files\Convertor\unins000.exe"
Cortona3D Viewer-->MsiExec.exe /X{7D228E96-4124-4DDB-A4B3-C89FBCABC77F}
Didapages 1.1-->I:\Program Files\Didapages\uninst.exe
DivX-->I:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Download Accelerator Plus (DAP)-->I:\PROGRA~1\DAP\DAPREMOVE.EXE
Dream Chronicles 2: The Eternal Maze-->"I:\Program Files\Dream Chronicles 2 - The Eternal Maze\Uninstall.exe"
Droppix Recorder 2.x-->"I:\Program Files\Droppix\Droppix Recorder 2.x\unins000.exe"
DScaler 5 Mpeg Decoders-->"I:\Program Files\DScaler5\unins000.exe"
EVEREST Corporate Edition v4.60-->"C:\EVEREST Corporate Edition\unins000.exe"
FileZilla Client 3.1.6-->I:\Program Files\FileZilla FTP Client\uninstall.exe
FindyKill-->I:\Program Files\FindyKill\Uninstal.exe
Fire Department 2-->RunDll32 I:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "I:\Program Files\InstallShield Installation Information\{1DA8594C-2F14-4491-B155-2BF3A999622D}\setup.exe" -l0x40c Uninstall
Florensia-->I:\Program Files\InstallShield Installation Information\{69AB0E59-F19A-4BA2-BB51-B0A25B8B405A}\setup.exe -runfromtemp -l0x0009 -removeonly
G DATA AntiVirus-->MsiExec.exe /I{1EA84402-CD4F-4F19-AFED-C5C228259873}
GameSpy Arcade-->I:\PROGRA~1\GAMESP~1\UNWISE.EXE I:\PROGRA~1\GAMESP~1\INSTALL.LOG
GeoVid Flash Player-->"I:\Program Files\GeoVid\FlashPlayer\unins000.exe"
Gif2swf-->I:\WINDOWS\unvise32.exe I:\Program Files\Gif2swf\uninstal.log
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Earth-->MsiExec.exe /X{548EAC70-EE00-11DD-908C-005056806466}
GTA San Andreas-->RunDll32 I:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "I:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x40c -removeonly
High Definition Audio Driver Package - KB888111-->"I:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"I:\Program Files\trend micro\HijackThis.exe" /uninstall
Impossible Creatures 1.0.1-->MsiExec.exe /X{6B2B0D05-2B4A-4855-A47B-D69CD9E3CDD6}
Impossible Creatures-->"I:\Program Files\Microsoft Games\Impossible Creatures\UNINSTAL.EXE" /runtemp /addremove
Indeo® software-->I:\WINDOWS\IsUninst.exe -f"I:\Program Files\Intel\Indeo\Uninst.isu" -c"I:\Program Files\Intel\Indeo\SavedSystemFiles\indounin.dll"
Installation Windows Live-->I:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
K!TV-->I:\Program Files\K!TV\UninstKTV.exe
KnC-->RunDll32 I:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "I:\Program Files\InstallShield Installation Information\{71C554B9-79B7-4B5A-8AF0-C6E5CBE108CC}\setup.exe" -l0x40c -removeonly
Kyuubi-Barre 7-->"I:\Documents and Settings\YVES\Application Data\Kyuubi-Barre\unins000.exe"
Kyuubi-Game-->"I:\Documents and Settings\YVES\Application Data\Kyuubi-Game\unins000.exe"
Labtec WebCam-->MsiExec.exe /I{58E653BE-BD68-4D68-BB2E-3AE1B925AAD0}
Le géant du trafic-->I:\TGiant\UNWISE.EXE I:\TGiant\INSTALL.LOG
Le Maître de l'Olympe - Zeus.-->I:\WINDOWS\IsUn040c.exe -f"C:\Sierra\Le Maître de l' Olympe Zeus\Uninst.isu"
LEGO® Indiana Jones™-->I:\Program Files\InstallShield Installation Information\{A14C40E7-F7E5-498D-B8BD-A3EAE942EED0}\Setup.exe -runfromtemp -l0x040c
Lexmark X1100 Series-->I:\WINDOWS\system32\spool\drivers\w32x86\3\LXBKUN5C.EXE -dLexmark X1100 Series
LogMeIn-->MsiExec.exe /I{A83C6C34-3007-422A-9E56-A74996BCCDBD}
Ma-Config.com-->MsiExec.exe /X{560BD6E0-0BA6-43AF-B423-E1DF4D2EB3C3}
Magic Encyclopedia-->"I:\Program Files\Magic Encyclopedia\Uninstall.exe"
Magic Farm V1.0.0.9-->I:\Program Files\Magic Farm cracké\Uninstall.exe
ManyCam 2.4 (remove only)-->"I:\Program Files\ManyCam 2.4\uninstall.exe"
Marvel(TM) - Ultimate Alliance-->I:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{932FB3F3-594D-4600-ABFA-F2DE80A14214}
Marvell Miniport Driver-->I:\Program Files\Marvell\Miniport Driver\Uninst.exe
Messenger Plus! Live-->"I:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->I:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Age of Empires II-->"C:\Program Files\Microsoft Games\Age of Empires II\UNINSTAL.EXE" /runtemp /uninstall
Microsoft Search Enhancement Pack-->MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server Desktop Engine (PINNACLESYS)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{CC1DB186-550F-3CFE-A2A9-EBA5E5A34BC1}
Mozilla Firefox (3.0.8)-->I:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.21)-->I:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSN Image Text-->I:\Program Files\MSNImageText\Uninstal.exe
MSN Reaper-->"I:\Program Files\MSN Reaper\uninst.exe"
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Myst III Exile-->RunDll32 I:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "I:\Program Files\InstallShield Installation Information\{9F05B89E-2873-11D5-9E9D-0050DA1EA555}\setup.exe"
Myst l'Apogée-->I:\WINDOWS\IsUn040c.exe -f"c:\Program Files\Myst l'Apogée\MystMEUninst.isu"
NDSROM Player-->I:\Program Files\NDSROM Player\Uninstal.exe
Nero 7 Premium-->MsiExec.exe /X{98EFD8F0-08DE-48DB-B922-A2EBAB711036}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
No-IP.com DUC (remove only)-->"I:\Program Files\No-IP\DUC20.exe" -uninstall
NudgeMania 4.0 for Messenger-->I:\Program Files\NudgeMania\uninstall.exe
OCCT Perestroika 2.0.1-->"I:\Program Files\OCCT\unins000.exe"
oggcodecs-->MsiExec.exe /I{D65F0073-A820-4085-B997-A061171595A7}
OpenOffice.org 3.0-->MsiExec.exe /I{6860B340-530D-46B3-91F8-1AE1F70F7C33}
Outil de mise à jour Google-->"I:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Panda ActiveScan 2.0-->I:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PC Wizard 2008.1.871-->"I:\Program Files\PC Wizard 2008\unins000.exe"
PHANTASY STAR UNIVERSE Ambition of the Illuminus-->"C:\SEGA\phantasy star\PHANTASY STAR UNIVERSE Illuminus\uninst\unins000.exe"
Pharaon-->I:\WINDOWS\IsUn040c.exe -fC:\SIERRA\Pharaon\Uninst.isu
PhotoFiltre-->"I:\Program Files\PhotoFiltre\Uninst.exe"
Pinnacle DistanTV Server-->MsiExec.exe /X{7C7AC2D4-1077-45C8-826A-16445B5E0DB7}
Pinnacle TVCenter Pro-->"I:\Program Files\InstallShield Installation Information\{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}\Setup.exe"UNINSTALL /l0x040c -removeonly
PremierOpinion-->i:\program files\premieropinion\pmropn.exe -bootremove -uninst:PremierOpinion
PremiumSoft Navicat 8.0 Lite for MySQL-->"I:\Program Files\PremiumSoft\Navicat 8.0 Lite MySQL\unins000.exe"
Programme de gestion Camera de Logitech®-->"I:\Program Files\Fichiers communs\Labtec\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Project64 1.6-->MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
QuickTime-->I:\WINDOWS\unvise32qt.exe I:\WINDOWS\system32\QuickTime\Uninstall.log
Realtek High Definition Audio Driver-->RunDll32 I:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "I:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x40c -removeonly
Riven-->I:\WINDOWS\unin040c.exe -f"I:\Program Files\Riven\DeIsL1.isu"
RV House 0.91.3-->"I:\Program Files\RV House\unins000.exe"
Saqqarah-->"I:\Program Files\Zylom Games\Saqqarah\GameInstlr.exe" --uninstall UnInstall.log
SearchTheWeb-->MsiExec.exe /X{7B0A5C9F-9671-4C94-8F7C-22AC94B3416C}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SFR - Kit de connexion-->I:\Program Files\SFR\Kit\uninstall.exe
SimCity 4 Deluxe-->I:\Program Files\Maxis\SimCity 4 Deluxe\EAUninstall.exe
SpeedFan (remove only)-->"I:\Program Files\SpeedFan\uninstall.exe"
SQLyog Enterprise Trial 8.02 -->I:\Program Files\SQLyog Enterprise Trial\uninst.exe
Stronghold-->RunDll32 I:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "I:\Program Files\InstallShield Installation Information\{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}\setup.exe"
TerraExplorer-->I:\Program Files\Skyline\TerraExplorer\Setup.exe [OP]/U
The Panorama Factory V4 m32 Edition-->MsiExec.exe /I{CFE4E4E3-D3B1-473E-BAAF-73BD1CCEE110}
TightVNC 1.3.9-->"I:\Program Files\TightVNC\unins000.exe"
TomTom HOME 2.5.2.60-->I:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe
Utilitaires Sierra-->I:\Program Files\Sierra On-Line\sutil32.exe uninstall
VC_MergeModuleToMSI-->MsiExec.exe /I{900A92BA-19EF-4A34-86CF-7B6C85BDD971}
VDownloader 0.81-->"I:\Program Files\VDOWNLOADER\unins000.exe"
VideoLAN VLC media player 0.8.6b-->I:\Program Files\VideoLAN\VLC\uninstall.exe
WampServer 2.0-->"I:\wamp\unins000.exe"
WinAce Archiver-->"I:\Program Files\WinAce\SXUNINST.EXE" "I:\Program Files\WinAce\SXUNINST.INI"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353}
Windows Media Format Runtime-->"I:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
WinISO 5.3-->"I:\Program Files\WinISO\unins000.exe"
World of Warcraft-->I:\Program Files\Fichiers communs\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Worms Forts Under Siege-->MsiExec.exe /X{917E73C2-C7DA-4C12-9774-A6A2730BCAAB}
Wow Cartographe 1.09-->I:\Program Files\WowCartographe\uninst.exe
X Motor Racing Demo-->"I:\Program Files\XMotorRacingDemo\unins000.exe"
XnView 1.95.4-->"I:\Program Files\XnView\unins000.exe"
Zoo Tycoon 2-->"I:\Program Files\Microsoft Games\Zoo Tycoon 2\UNINSTAL.EXE" /runtemp /uninstall
Zylom Games Player Plugin-->"I:\Program Files\Zylom Games\UninstallPlugin.exe" --uninstall

======Hosts File======

127.0.0.1 w3dserv.no-ip.org

======Security center information======

AV: avast! antivirus 4.8.1335 [VPS 090410-0]

======System event log======

Computer Name: FAMILLE
Event Code: 26
Message: Application popup : Sous-système MS-DOS 16 bits : I:\WINDOWS\system32\msupdte.exe
Le processeur NTVDM a rencontré une instruction non autorisée.
CS:0000 IP:0077 OP:f0 37 05 17 02 Choisissez 'Fermer' pour mettre fin à l'application.

Record Number: 5200
Source Name: Application Popup
Time Written: 20090222220540.000000+060
Event Type: Informations
User:

Computer Name: FAMILLE
Event Code: 3100
Message: Le pilote de l'édition Développeur IPv6 Microsoft a été démarré.

Record Number: 5199
Source Name: Tcpip6
Time Written: 20090222220532.000000+060
Event Type: Informations
User:

Computer Name: FAMILLE
Event Code: 6005
Message: Le service d'Enregistrement d'événement a démarré.

Record Number: 5198
Source Name: EventLog
Time Written: 20090222220514.000000+060
Event Type: Informations
User:

Computer Name: FAMILLE
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 2 Multiprocessor Free.

Record Number: 5197
Source Name: EventLog
Time Written: 20090222220514.000000+060
Event Type: Informations
User:

Computer Name: FAMILLE
Event Code: 6006
Message: Le service d'Enregistrement d'événement a été arrêté.

Record Number: 5196
Source Name: EventLog
Time Written: 20090222220411.000000+060
Event Type: Informations
User:

=====Application event log=====

Computer Name: LSD-D28238CDDBB
Event Code: 0
Message:
Record Number: 257
Source Name: PinnacleSys.MediaServer
Time Written: 20081206132905.000000+060
Event Type: erreur
User:

Computer Name: LSD-D28238CDDBB
Event Code: 0
Message:
Record Number: 256
Source Name: PinnacleSys.MediaServer
Time Written: 20081206132905.000000+060
Event Type: erreur
User:

Computer Name: LSD-D28238CDDBB
Event Code: 19011
Message:
Record Number: 255
Source Name: MSSQL$PINNACLESYS
Time Written: 20081206132857.000000+060
Event Type: Avertissement
User:

Computer Name: LSD-D28238CDDBB
Event Code: 105
Message: The service was started.

Record Number: 254
Source Name: ATI Smart
Time Written: 20081206132851.000000+060
Event Type: Informations
User:

Computer Name: LSD-D28238CDDBB
Event Code: 1517
Message: Windows a sauvegardé le Registre utilisateur LSD-D28238CDDBB\YVES alors qu'une application ou un service utilisait toujours le Registre pendant la fermeture de la session. La mémoire utilisée par le Registre de l'utilisateur n'a pas été libérée. le Registre sera déchargé lorsqu'il ne sera plus utilisé.


Cela est souvent causé par des services s'exécutant en tant que compte d'utilisateur, essayez de configurer les services pour s'exécuter dans le compte service réseau ou service local.

Record Number: 253
Source Name: Userenv
Time Written: 20081206132725.000000+060
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;I:\Program Files\ATI Technologies\ATI.ACE\Core-Static;I:\Program Files\Microsoft SQL Server\80\Tools\Binn\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 6 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=0602
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"DEVMGR_SHOW_DETAILS"=1

-----------------EOF-----------------

Bonjour Alsyia,

Comment vas-tu ?

Alors,
fais ceci stp :
> Télécharge ComboFix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe (par sUBs) sur ton Bureau.
Déconnecte toi du net et désactive ton antivirus pour que Combofix puisse s'exécuter normalement.
- Double clique combofix.exe puis accepte le contrat de licence.
- Si Combofix ne trouve pas de console de récupération système d'installée alors accepte son installation.
- A la fin de l'installation de la console de récupération Combofix va te proposer de lancer une recherche de nuisibles. Clique alors sur <Oui>.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer la machine.
- Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
PS2 : Il peut s'avérer que le rapport soit trop long pour être publié totalement. Dans ce cas utilise ce service http://www.cijoint.fr pour me l'envoyer (dépose le fichier puis poste le lien sur le forum).


Bon courage.

A+ Formatage en cours...3% Veuillez patienter. Merci.

DBisous` Wreck this mess...

Reçus :)
tu piques (poke) avec ta barbe ! Wreck this mess...

Un vrai pokeman je dirais Wreck this mess...

Fofoforme :) Wreck this mess...

Joyeuse Paques !

ComboFix 09-04-04.01 - YVES 2009-04-11 19:16:53.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.2047.1355 [GMT 2:00]
Lancé depuis: d:\utilitaires\combofix\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090410-0] *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\InfoSat.txt
D:\install.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-03-11 au 2009-04-11 ))))))))))))))))))))))))))))))))))))
.

2009-04-11 19:19 . 2009-04-11 19:19 <REP> d--hs---- i:\windows\system32\dllcache
2009-04-11 11:01 . 2009-04-11 11:01 <REP> d-------- I:\rsit
2009-04-11 11:01 . 2009-04-11 11:01 <REP> d-------- i:\program files\trend micro
2009-04-07 11:31 . 2009-04-07 11:44 <REP> d-------- i:\program files\Project64 1.6
2009-04-06 13:16 . 2009-04-06 13:30 <REP> d-------- i:\program files\WowCartographe
2009-04-06 10:59 . 2009-04-06 10:59 <REP> d-------- i:\program files\Smoky City Design
2009-04-04 15:02 . 2009-04-05 09:12 <REP> d-------- i:\program files\PremierOpinion
2009-04-04 15:01 . 2009-04-04 15:01 <REP> d-------- i:\program files\NudgeMania
2009-04-04 09:38 . 2009-04-11 19:20 54,156 --ah----- i:\windows\QTFont.qfn
2009-04-04 09:38 . 2009-04-04 09:38 1,409 --a------ i:\windows\QTFont.for
2009-04-03 17:25 . 2009-04-03 17:25 <REP> d-------- i:\windows\system32\QuickTime
2009-04-03 17:25 . 2009-04-03 17:25 <REP> d-------- i:\program files\QuickTime
2009-04-03 17:24 . 2009-04-03 17:24 0 --a------ i:\windows\PowerReg.dat
2009-04-03 17:22 . 2009-04-03 17:22 <REP> d-------- i:\program files\Ubi Soft
2009-04-03 13:14 . 2009-04-03 13:14 27 --a------ i:\windows\ic.ini
2009-04-02 19:23 . 2009-04-02 19:23 <REP> d-------- i:\program files\Passware
2009-04-01 18:12 . 2009-04-01 18:12 <REP> d-------- i:\documents and settings\YVES\Application Data\KyuubiGame
2009-04-01 18:12 . 2009-04-01 18:12 <REP> d-------- i:\documents and settings\YVES\Application Data\Kyuubi-Game
2009-04-01 18:12 . 2009-04-01 18:12 <REP> d-------- i:\documents and settings\YVES\.kyuubigamesc
2009-04-01 18:10 . 2009-04-01 18:10 <REP> d-------- i:\documents and settings\YVES\Application Data\KyuubiBarre
2009-04-01 18:10 . 2009-04-01 18:10 <REP> d-------- i:\documents and settings\YVES\Application Data\Kyuubi-Barre
2009-04-01 18:10 . 2009-04-01 18:10 <REP> d-------- i:\documents and settings\YVES\.kyuubibarrec
2009-04-01 18:10 . 2006-12-29 04:51 45,056 --a------ i:\windows\system32\jniwrap.dll
2009-04-01 18:10 . 2008-04-04 10:19 293 --a------ i:\windows\system32\jniwrap.lic
2009-04-01 18:10 . 2008-04-04 10:19 292 --a------ i:\windows\system32\jexplorer.lic
2009-04-01 18:10 . 2008-04-04 10:19 289 --a------ i:\windows\system32\comfyj.lic
2009-04-01 17:57 . 2009-04-01 17:57 <REP> d-------- i:\program files\ManyCam 2.4
2009-04-01 17:57 . 2009-04-01 17:57 <REP> d-------- i:\documents and settings\YVES\Application Data\ManyCam
2009-04-01 17:41 . 2002-12-11 15:16 384,512 --a------ i:\windows\system32\mp4sdmod.dll
2009-04-01 17:41 . 2002-12-11 19:12 316,040 --a------ i:\windows\system32\mp43dmod.dll
2009-04-01 17:40 . 2009-04-01 17:40 <REP> d-------- i:\program files\Logitech
2009-04-01 17:40 . 2004-01-21 03:26 360,448 --a------ i:\windows\system32\LVUI2RC.dll
2009-04-01 17:40 . 2004-01-21 03:14 271,360 --a------ i:\windows\system32\drivers\LV302AV.SYS
2009-04-01 17:40 . 2004-01-21 03:25 172,032 --a------ i:\windows\system32\lvcodec2.dll
2009-04-01 17:40 . 2004-01-21 03:24 135,214 --a------ i:\windows\system32\LVComS.exe
2009-04-01 17:40 . 2004-01-21 03:26 122,880 --a------ i:\windows\system32\LVUI2.dll
2009-04-01 17:40 . 2004-01-21 03:28 86,016 --a------ i:\windows\system32\lvcoinst.dll
2009-04-01 17:40 . 2004-01-21 03:24 57,344 --a------ i:\windows\system32\LVComC.dll
2009-04-01 17:40 . 2004-01-21 02:51 17,191 --a------ i:\windows\system32\lvcoinst.ini
2009-04-01 17:40 . 2004-01-21 03:16 12,080 --a------ i:\windows\system32\drivers\LVUSBSta.sys
2009-04-01 17:40 . 2004-01-21 03:14 5,915 --a------ i:\windows\system32\drivers\lv302af.sys
2009-04-01 17:39 . 2009-04-01 17:39 <REP> d-------- i:\program files\Fichiers communs\Labtec
2009-04-01 17:39 . 2009-04-01 17:39 256 --a------ i:\windows\_delis32.ini
2009-04-01 16:07 . 2009-04-03 07:36 <REP> d-------- i:\program files\FlashGet
2009-03-28 16:01 . 2009-03-28 16:01 <REP> d-------- i:\documents and settings\YVES\Application Data\Babylon
2009-03-28 16:01 . 2009-03-28 16:01 <REP> d-------- i:\documents and settings\All Users\Application Data\Babylon
2009-03-28 15:04 . 2004-08-04 00:07 59,264 --a------ i:\windows\system32\drivers\USBAUDIO.sys
2009-03-28 15:03 . 2004-08-04 00:08 31,616 --a------ i:\windows\system32\drivers\usbccgp.sys
2009-03-27 15:36 . 2009-03-27 15:36 754 --a------ i:\windows\WORDPAD.INI
2009-03-25 17:36 . 2009-04-11 16:10 <REP> d-------- i:\documents and settings\YVES\Application Data\XnView
2009-03-22 14:39 . 2009-03-22 14:39 <REP> d-------- i:\program files\Gif2swf
2009-03-22 14:39 . 1999-12-17 10:13 86,016 --a------ i:\windows\unvise32.exe
2009-03-22 12:50 . 2009-03-22 12:50 <REP> d-------- i:\program files\Aleo Software
2009-03-22 12:50 . 2009-03-22 12:50 <REP> d-------- i:\documents and settings\YVES\Application Data\Aleo Software
2009-03-22 12:36 . 2009-03-22 12:36 <REP> d-------- i:\program files\Convertor
2009-03-17 14:43 . 2009-03-17 14:43 <REP> d-------- I:\~QTWTMP.TMP
2009-03-16 20:33 . 2009-03-16 20:33 <REP> d-------- i:\documents and settings\All Users\Application Data\QuickTime
2009-03-16 20:28 . 2009-03-30 21:43 381 --a------ i:\windows\QTW.ini
2009-03-16 20:23 . 2009-03-30 21:44 <REP> d-------- i:\program files\Riven
2009-03-16 20:17 . 2009-03-16 20:17 <REP> d-------- i:\windows\BBSTORE
2009-03-16 20:08 . 2009-03-17 14:44 824 --a------ i:\windows\QT$INST$.~32
2009-03-16 20:08 . 2009-03-17 14:43 30 --a------ i:\windows\RESULT.QTW
2009-03-16 10:12 . 2009-03-16 10:12 <REP> d-------- i:\program files\Apowersoft
2009-03-16 10:12 . 2009-03-16 10:12 <REP> d-------- i:\documents and settings\All Users\Application Data\Apowersoft
2009-03-15 14:57 . 2009-03-15 14:57 <REP> d-------- i:\documents and settings\YVES\Application Data\Microsoft Games
2009-03-15 14:57 . 2009-03-15 14:57 <REP> d-------- i:\documents and settings\All Users\Application Data\Microsoft Games
2009-03-14 19:59 . 2009-03-14 19:59 <REP> d-------- i:\program files\VDOWNLOADER
2009-03-12 09:53 . 2009-03-12 09:53 <REP> d-------- i:\documents and settings\All Users\Application Data\Messenger Plus!
2009-03-11 18:49 . 2009-03-11 18:49 <REP> d-------- i:\program files\MSNImageText
2009-03-11 18:47 . 2009-03-11 18:47 <REP> d-------- i:\program files\MSN Reaper
2009-03-11 14:51 . 2009-04-02 19:34 <REP> d-------- i:\program files\Messenger Plus! Live

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-11 17:20 --------- d---a-w i:\documents and settings\All Users\Application Data\TEMP
2009-04-11 15:34 --------- d-----w i:\program files\Mozilla Thunderbird
2009-04-11 08:19 --------- d-----w i:\program files\LogMeIn
2009-04-10 08:08 --------- d-----w i:\program files\Lexmark X1100 Series
2009-04-04 11:52 --------- d-----w i:\documents and settings\YVES\Application Data\FileZilla
2009-04-03 20:25 --------- d-----w i:\documents and settings\YVES\Application Data\uTorrent
2009-04-03 15:24 --------- d--h--w i:\program files\InstallShield Installation Information
2009-04-03 14:12 --------- d-----w i:\program files\uTorrent
2009-04-03 10:09 --------- d-----w i:\program files\Microsoft Games
2009-04-01 20:05 --------- d-----w i:\documents and settings\YVES\Application Data\AdobeUM
2009-04-01 12:14 --------- d-----w i:\program files\PFConfig
2009-03-25 19:36 --------- d-----w i:\program files\ma-config.com
2009-03-25 19:36 --------- d-----w i:\documents and settings\All Users\Application Data\ma-config.com
2009-03-25 12:19 --------- d-----w i:\program files\Didapages
2009-03-22 07:59 --------- d-----w i:\documents and settings\All Users\Application Data\Google Updater
2009-03-10 17:08 --------- d-----w i:\documents and settings\All Users\Application Data\LogMeIn
2009-03-08 19:25 --------- d-----w i:\program files\GameSpy Arcade
2009-03-08 19:25 --------- d-----w i:\program files\Cooking Academy
2009-03-07 09:31 --------- d-----w i:\documents and settings\YVES\Application Data\SQLyog
2009-03-03 18:09 --------- d-----w i:\program files\Fichiers communs\ParallelGraphics
2009-03-02 20:19 --------- d-----w i:\program files\Architecte_3D_Silver_Advanced
2009-03-02 15:51 --------- d-----w i:\program files\DAEMON Tools
2009-03-02 15:48 682,232 ----a-w i:\windows\system32\drivers\sptd.sys
2009-03-02 15:01 --------- d-----w i:\program files\Atari
2009-03-02 14:04 --------- d-----w i:\program files\FindyKill
2009-03-01 16:22 --------- d-----w i:\program files\Windows Live
2009-03-01 16:22 --------- d-----w i:\program files\Microsoft Silverlight
2009-03-01 16:21 --------- d-----w i:\program files\Microsoft Sync Framework
2009-03-01 08:25 --------- d-----w i:\program files\Intel
2009-03-01 08:25 --------- d-----w i:\program files\directx
2009-02-27 17:21 --------- d-----w i:\program files\Windows Live SkyDrive
2009-02-27 17:21 --------- d-----w i:\program files\Microsoft
2009-02-27 17:16 --------- d-----w i:\program files\Fichiers communs\Windows Live
2009-02-27 14:54 --------- d-----w i:\program files\SQLyog Enterprise Trial
2009-02-27 14:52 --------- d-----w i:\documents and settings\All Users\Application Data\Webyog
2009-02-25 17:49 --------- d-----w i:\program files\PremiumSoft
2009-02-25 16:37 --------- d-----w i:\program files\No-IP
2009-02-24 20:33 --------- d-----w i:\program files\K!TV
2009-02-23 20:44 --------- d-----w i:\program files\Alwil Software
2009-02-23 17:55 --------- d-----w i:\program files\FreeCell Light
2009-02-23 15:01 57,867 ----a-w I:\mdelk.exe
2009-02-23 13:21 --------- d-----w i:\documents and settings\All Users\Application Data\G DATA
2009-02-23 13:16 68,296 ----a-w i:\windows\system32\drivers\GRD.sys
2009-02-23 13:13 --------- d-----w i:\program files\G DATA
2009-02-23 13:13 --------- d-----w i:\program files\Fichiers communs\G DATA
2009-02-23 09:45 --------- d-----w i:\program files\Panda Security
2009-02-23 07:44 --------- d-----w i:\program files\CCleaner
2009-02-23 07:37 --------- d-----w i:\program files\Iminent
2009-02-16 11:03 --------- d-----w i:\program files\PhotoFiltre
2009-02-15 21:05 --------- d-----w i:\program files\Pinnacle
2009-02-15 21:05 --------- d-----w i:\program files\MSXML 4.0
2009-02-15 20:57 --------- d-----w i:\documents and settings\All Users\Application Data\Pinnacle
2009-02-15 18:25 --------- d-----w i:\program files\Google
2009-02-13 17:44 --------- d-----w i:\program files\Zylom Games
2009-02-13 17:41 --------- d-----w i:\documents and settings\YVES\Application Data\Ancient Quest of Saqqarah__bfg
2009-02-13 17:36 --------- d-----w i:\documents and settings\YVES\Application Data\Saqqarah
2009-02-13 12:19 --------- d-----w i:\documents and settings\YVES\Application Data\Ancient Quest of Saqqarah__gamehouse
2009-02-13 12:11 --------- d-----w i:\documents and settings\YVES\Application Data\Zylom
2002-07-01 14:13 224 --sha-w i:\documents and settings\YVES\Application Data\maildriver32.dat
.

------- Sigcheck -------

2005-06-28 19:56 359808 77c0c5e7d6cfe2052b8cf28b8722f528 i:\windows\system32\drivers\tcpip.sys

2005-03-02 20:13 2181632 3e2a0a4a0c0b19fc113618a9562a3b2a i:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2005-03-02 20:08 2181376 63729dd0f2aae36cc52b89c05505146c i:\windows\Driver Cache\i386\ntoskrnl.exe
2005-06-16 00:00 2321152 bebb29fbd9c14448a7bc12204a362d9e i:\windows\system32\ntoskrnl.exe

2005-06-16 00:01 1036288 cc5b99af6247175a151b0cc4e71c7f58 i:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="i:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"msnmsgr"="i:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"DAEMON Tools"="i:\program files\DAEMON Tools\daemon.exe" [2007-04-04 165784]
"DownloadAccelerator"="i:\program files\DAP\DAP.EXE" [2008-12-18 3114496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lexmark X1100 Series"="i:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"SunJavaUpdateSched"="i:\program files\Java\jre6\bin\jusched.exe" [2008-12-20 136600]
"avast!"="i:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"LogMeIn GUI"="i:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-09-12 63048]
"LogitechVideoRepair"="i:\program files\Logitech\Video\ISStart.exe" [2004-02-12 188416]
"LogitechVideoTray"="i:\program files\Logitech\Video\LogiTray.exe" [2004-02-12 77824]
"QuickTime Task"="i:\program files\QuickTime\qttask.exe" [2009-04-03 77824]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-01 i:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="i:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"LSD_III"="i:\windows\LSD\end.cmd" [2005-07-14 2310]
"tscuninstall"="i:\windows\system32\tscupgrd.exe" [2004-08-19 44544]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-16 21:35 87352 i:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.enc"= ITIG726.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
--a------ 2008-12-18 17:56 3114496 i:\program files\DAP\DAP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\G DATA AntiVirus Trayapplication]
--a------ 2009-02-23 20:00 996424 i:\program files\G DATA\AntiVirus\AVKTray\AVKTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
--a------ 2008-12-09 12:12 234856 i:\program files\TomTom HOME 2\HOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"i:\\Program Files\\Metin2_France\\metin2.bin"=
"i:\\Program Files\\DAP\\DAP.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"i:\\Program Files\\7-Zip\\7zFM.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Program Files\\Team17 Software Ltd\\Worms Forts Under Siege\\WF.exe"=
"c:\\Program Files\\Monte Cristo\\Fire Department 2\\Fire.exe"=
"i:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"i:\\Program Files\\TightVNC\\WinVNC.exe"=
"i:\\Program Files\\EasyPHP 3.0\\mysql\\bin\\mysqld.exe"=
"i:\\Program Files\\uTorrent\\uTorrent.exe"=
"i:\\Program Files\\RV House\\rv_house.exe"=
"i:\\WINDOWS\\system32\\dplaysvr.exe"=
"i:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\everest 1\\config\\zaap\\test\\Launcher.exe"=
"i:\\WINDOWS\\system32\\LEXPPS.EXE"=
"i:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=
"d:\\BAZARCESLAS\\serv\\core\\core mangos 3.0.9 final\\realmd.exe"=
"d:\\BAZARCESLAS\\serv\\core\\core mangos 3.0.9 final\\mangosd.exe"=
"i:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"i:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"i:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"i:\\Program Files\\PremierOpinion\\pmropn.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"37756:TCP"= 37756:TCP:emule
"40812:UDP"= 40812:UDP:eemul

R1 aswSP;avast! Self Protection;i:\windows\system32\drivers\aswSP.sys [2009-04-08 114768]
R1 GRD;G DATA Rootkit Detector Driver;i:\windows\system32\drivers\GRD.sys [2009-02-23 68296]
R2 aswFsBlk;aswFsBlk;i:\windows\system32\drivers\aswFsBlk.sys [2009-04-08 20560]
R2 LMIInfo;LogMeIn Kernel Information Provider;i:\program files\LogMeIn\x86\rainfo.sys [2007-09-12 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;i:\windows\system32\drivers\LMIRfsDriver.sys [2009-03-10 47640]
R2 SeaPort;SeaPort;i:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc --> RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [?]
R3 3xHybrid;Pinnacle PCTV 100i-110i-300i-310i-MCE;i:\windows\system32\drivers\3xHybrid.sys [2008-12-02 1121536]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;i:\windows\system32\drivers\ManyCam.sys [2008-01-14 21632]
S0 pavboot;pavboot;i:\windows\system32\drivers\pavboot.sys --> i:\windows\system32\drivers\pavboot.sys [?]
S2 gupdate1c98f9a83811942;Service Google Update (gupdate1c98f9a83811942);i:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 133104]
S3 Droppix Service;Droppix Service;i:\program files\Fichiers communs\Droppix\DxService.exe [2008-12-03 221184]
S3 maconfservice;Ma-Config Service;i:\program files\ma-config.com\maconfservice.exe [2009-03-15 216232]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f3b1086-c513-11dd-b74a-a624a08d4999}]
\Shell\AutoRun\command - K:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{467e6f41-e08b-11dd-b793-0019214c0161}]
\Shell\AutoRun\command - M:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4eaf1d58-d7fc-11dd-b784-0008d3300302}]
\Shell\AutoRun\command - L:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{905c2f36-fa74-11dd-b7be-0019214c0161}]
\Shell\AutoRun\command - L:\setupSNK.exe
.
Contenu du dossier 'Tâches planifiées'

2009-03-24 i:\windows\Tasks\Google Software Updater.job
- i:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 08:52]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{A6E9BAAF-53CD-4575-967B-2AF710A7D21F} - (no file)
HKCU-Run-PMCRemote - (no file)
MSConfigStartUp-Microsoft WinUpdate - i:\windows\system32\msupdte.exe


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://search.babylon.com/home
uSearchURL,(Default) = hxxp://www.google.fr/keyword/%s
IE: &Clean Traces - i:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - i:\program files\DAP\dapextie.htm
IE: Download &all with DAP - i:\program files\DAP\dapextie2.htm
Handler: skyline - {3a4f9195-65a8-11d5-85c1-0001023952c1} - i:\program files\Skyline\TerraExplorer\TerraExplorerX.dll
FF - ProfilePath - i:\documents and settings\YVES\Application Data\Mozilla\Firefox\Profiles\[u]0/u67baopd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - component: i:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
FF - component: i:\program files\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}\components\avkwebfilterff.dll
FF - component: i:\program files\PremierOpinion\components\pmxg.dll
FF - plugin: i:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: i:\documents and settings\YVES\Application Data\Mozilla\Firefox\Profiles\[u]0/u67baopd.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
FF - plugin: i:\documents and settings\YVES\Application Data\Mozilla\Firefox\Profiles\[u]0/u67baopd.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: i:\documents and settings\YVES\Application Data\Mozilla\Firefox\Profiles\[u]0/u67baopd.default\extensions\OberonGameHost@OberonGames.com\platform\WINNT_x86-msvc\plugins\npOberonGameHost.dll
FF - plugin: i:\program files\Fichiers communs\ParallelGraphics\Cortona\npCortona.dll
FF - plugin: i:\program files\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll
FF - plugin: i:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: i:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: i:\program files\Mozilla Firefox\plugins\npCortona.dll
FF - plugin: i:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-11 19:20:33
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-448539723-926492609-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E183DADE-E696-524A-E24A-36193F048FD8}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abhjmajeicebplkbbkhapliflcdeognakd"=hex:61,62,66,69,6c,6a,62,6b,6d,6c,6f,6d,
63,6e,70,70,64,6c,6b,63,64,61,6e,6f,65,68,65,70,6b,62,67,6a,6c,61,00,77
"bbhjmajeicebplkbbkabmjgabegcejekcgnh"=hex:61,62,61,69,6c,6b,65,64,6e,65,66,69,
66,6b,65,64,65,64,6d,6e,70,68,6f,68,61,6a,61,63,61,6f,70,6d,61,61,00,77

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="i:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,5d,3b,89,ae,1d,
77,a4,e4,e2,63,26,f1,3f,c8,ff,68,1a,af,67,9d,96,93,c1,bb,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="i:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,8f,32,01,f5,41,
ee,c0,48,6a,9c,d6,61,af,45,84,18,f5,04,0a,af,6f,71,b6,e2,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="i:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,1d,91,e5,c0,3d,
33,31,c5,ff,7c,85,e0,43,d4,0e,fe,b9,ac,f6,e2,dd,63,e8,3b,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="i:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,ba,12,bf,52,33,
a0,c8,25,86,8c,21,01,be,91,eb,e7,41,42,c8,d2,f6,29,f8,3e,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="i:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,4d,ee,0c,85,b0,
9d,d7,10,f5,1d,4d,73,a8,13,5c,05,26,80,9e,4d,1d,a4,a3,89,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="i:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,90,22,b4,b3,fd,
df,95,2b,df,20,58,62,78,6b,cf,c8,12,49,92,89,8f,05,d2,bc,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="i:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,47,e3,de,57,e8,
d3,af,bb,fb,a7,78,e6,12,2f,9a,ea,51,43,d9,71,e6,0d,08,51,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="i:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,7e,9c,d7,f7,32,
ed,dd,aa,01,3a,48,fc,e8,04,4a,f1,af,8e,42,a5,5c,49,10,33,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="i:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,45,de,54,aa,7f,
d9,a8,cd,f6,0f,4e,58,98,5b,89,c9,c8,de,af,32,c3,00,0f,54,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="i:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,ae,69,b7,93,84,
fc,f8,c1,3d,ce,ea,26,2d,45,aa,78,c2,16,1f,17,b3,16,ac,b8,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="i:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,d7,8c,e0,77,ac,
8f,57,3e,2a,b7,cc,b5,b9,7f,41,e7,7a,87,4a,cd,ff,a5,af,83,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="i:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,37,8c,d6,1e,29,
47,a5,06,6c,43,2d,1e,aa,22,2f,9c,7e,81,be,25,20,cc,20,d3,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(968)
i:\windows\system32\Ati2evxx.dll
i:\windows\system32\LMIinit.dll
.
------------------------ Autres processus actifs ------------------------
.
i:\program files\Alwil Software\Avast4\aswUpdSv.exe
i:\program files\Alwil Software\Avast4\ashServ.exe
i:\windows\system32\LEXBCES.EXE
i:\windows\system32\LEXPPS.EXE
i:\windows\system32\netdde.exe
i:\windows\system32\dllhost.exe
i:\windows\system32\imapi.exe
i:\program files\Java\jre6\bin\jqs.exe
i:\program files\LogMeIn\x86\ramaint.exe
i:\program files\LogMeIn\x86\LogMeIn.exe
i:\program files\LogMeIn\x86\LMIGuardian.exe
i:\program files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
i:\windows\system32\rundll32.exe
i:\program files\Lexmark X1100 Series\lxbkbmon.exe
i:\program files\LogMeIn\x86\LMIGuardian.exe
i:\windows\system32\LVComS.exe
i:\program files\Alwil Software\Avast4\ashMaiSv.exe
i:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Heure de fin: 2009-04-11 19:23:16 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-04-11 17:23:13

Avant-CF: 8 500 862 976 octets libres
Après-CF: 8,439,902,208 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

406

Youpi, maintenant j'ai le droit a Spynet.dll et avast protection résidente ne s elance plus . A l'aide !!

Bonjour Alsyia,

Désolé mais avec ce week-end de Pâques je n'ai pas pu te répondre avant.

Alors on y va :
> Télécharge ATF Cleaner par Atribune sur ton bureau.
- Démarre ATF-Cleaner et coche la dernière case nommé 'select all'.
- Clique sur <Empty Selected> et au message "Done Cleaning" sur <Ok>
NB : Si tu utilises Firefox ou Opera :
- Clique sur Firefox ou Opera en haut puis choisis <Select All>.
- Clique sur le bouton <Empty Selected> (NB : Si tu veux conserver tes mots de passe sauvegardés alors clique sur <No> à l'invite).
- Clique sur <Main> pour revenir à menu principal
- Clique sur <Exit>, du menu prinicipal, pour quitter ATFcleaner.
NB : Si le prefetch est nettoyé le redémarrage du PC sera plus lent.



Puis,
> Lance Hijackthis : (lien de téléchargement si besoin est).
- Puis sélectionne <Do a system scan only>
- Coche les cases des lignes suivantes :

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) 
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) 
O2 - BHO: Iminent.LinkToContent - {A6E9BAAF-53CD-4575-967B-2AF710A7D21F} - (no file) 

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) 

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE     
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k 
O4 - HKCU\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\ctfmon.exe     
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')     
O4 - HKUS\S-1-5-19\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE LOCAL')     
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')     
O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE RÉSEAU')     
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')     
O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')     
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'Default user')     
O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')     

O20 - Winlogon Notify: PremierOpinion - i:\program files\premieropinion\pmls.dll 

KILLALL::
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"i:\\Program Files\\PremierOpinion\\pmropn.exe"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft WinUpdate] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PremierOpinion]      
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] 
"CTFMON.EXE"=-
"PMCRemote"=-     
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] 
"I:\Documents and Settings\YVES\Application Data\m\flec006.exe"=-
"I:\Program Files\PremierOpinion\pmropn.exe"=-
File::
i:\windows\_delis32.ini 
I:\~QTWTMP.TMP
I:\mdelk.exe     
i:\windows\system32\msupdte.exe 
I:\Documents and Settings\YVES\Application Data\m\flec006.exe
Folder::
i:\program files\PremierOpinion 
FileLook::
i:\windows\ic.ini     
Firefox::
FF - component: i:\program files\PremierOpinion\components\pmxg.dll 

Et où est le rapport Combo ?

Oui : passe ATFcleaner. Formatage en cours...3% Veuillez patienter. Merci.

Salut DllD,

- Plussoiement de ma part et si je pouvais en mettre 100, je ne me generais pas !

RRRrrrrrrhhhh !!!

- Bonne journée à toi !

..........

Un dernier détail , si j'ai fait des manip de mon côté , c'est parceque les virus , ca n'attends la fin des jours fériés.

Bonsoir :

zzêêêêêêêêêêennnnnn !!!!! G3и-н@¢км@и™©®

Zeeen alors que mon ordi est bourré de virus ? euh .. je veux bien essayer mais bon..

en étant un peu intelligent.