Posez votre question Format imprimable Liste des forums Aidez-les Statistiques Rechercher Charte Forum Virus-Sécurité

Restriction en vigueur

Dernière réponse le 21 avr 2009 à 10:18:51 antoinelaw, le 20 avr 2009 à 04:39:00

Signaler ce message aux modérateurs

Bonjour tout le monde, J'ai un petit problème avec mon PC.

- Dans mon menu démarrer, Je ne peux plus accéder à l'onglet "Exécuter "...
-Je ne peux faire une restauration système... (message1)
-Mes applications se lancent moins vite...
-Dans poste de travail, sous le menu "outil", je ne vois plus le sous menu "option des dossiers"
-J'essaie de lancer "Entreprise Manager" de SQL Server 2000... (message1)
-J'essaie d'ouvrir un répertoire sur le "C:\" à partir de ma barre d'adresse...( Message2)

*Message1: "cette opération a été annulée en raison de restrictions en vigueur sur cet ordinateur. Contacter votre administrateur système."

*Message2:"L'accès à la ressource C:\le_repertoire_a_ouvrir n'est plus autorisé"

je soupçonne un virus qui se présente sous forme de répertoire portant le nom de "nomUtilisateur_Fichier" et dont le contenu est le même que celui de "MesDocuments" . Chaque fois que je plug ma Clé USB et que je fait un scan, si mon compte utilisateur est "toto" mon Avast le détecte avec ce rapport:
Nom du fichier: toto_Fichier.exe
Nom du logiciel malveillant: Win32:Delf-JJX[Wrm]
Type e logiciel malveillant: Virus/Ver

Quand je scan "MesDocuments" je trouve comme virus "MesDocoments.exe".

Je les supprime mais c'est le même scénario au prochain démarrage (pour "mesDocuments.exe") ou au prochain plug (pour la clé USB avec "NomUtilisateur.exe").

1000 merci ! , pour tous ceux qui m'accorderont un peu de leur temps...

Configuration: Centrino Windows XP SP3
Firefox 3.0.9

Meilleures réponses pour « Restriction en vigueur » dans :

Operation annulée restriction vigueur (lien) Voir

Restriction en vigueur sur cet ordinateur Voir

Restriction outlook sur mail (Résolu) Voir

Lire tous les formats vidéo, les MP3 et les DVD VoirPar défaut, le support des DVD et certains formats vidéo est inactif dans Ubuntu (pour des raisons légales). Mais il est très facile de les activer. Pour Ubuntu 7.10 1. Tapez: sudo aptitude install linux-restricted-modules ubuntu-restricted...

Problème de lan server sur Counterstrike VoirProblème Comment jouer sur une partie privée à distance, sans que l'interface n'affich :"lan servers are restricted to local clients" Solution Cela se déroule en 2 temps. Utiliser la console développeur (commande du jeu) Soit vous avez déjà...

Restriction en vigueur de cet ordinateur (Résolu) Voir

Restrictions en vigueur sur cet ordinateur... Voir

[Restriction en vigueur] Voir

SQL - Restriction VoirExpression des restrictions Une restriction consiste à sélectionner les lignes satisfaisant à une condition logique effectuée sur leurs attributs. En SQL, les restrictions s'expriment à l'aide de la clause WHERE suivie d'une condition logique...

Posez votre question Répondre

Chiquitine29, le 20 avr 2009 à 04:51:39

Salut ,

Télécharge random's system information tool (RSIT) et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions).

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt @+

Répondre à Chiquitine29

antoinelaw, le 20 avr 2009 à 05:19:35

Logfile of random's system information tool 1.06 (written by random/random)
Run by Tony at 2009-04-20 03:27:19
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 15 GB (39%) free of 40 GB
Total RAM: 495 MB (22% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:27:36, on 20/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Borland\InterBase\bin\ibguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\PROGRA~1\Bandoo\Bandoo.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Borland\InterBase\bin\ibserver.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Launchy\Launchy.exe
C:\Documents and Settings\Tony\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlservr.exe
C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe
C:\Documents and Settings\Tony\Bureau\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Tony.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Programme d'assistance de Microsoft Web Test Recorder 9.0 - {E31CE47F-C268-41ba-897B-B415E613947D} - c:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO90.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [NT_Authority] C:\Documents and Settings\Tony\Application Data\smss.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dos Optimizer.pif = ?
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Download Video on This Page - C:\Program Files\Tomato\YouTube Video Downloader\IEPage.html
O8 - Extra context menu item: Download Video This Links To - C:\Program Files\Tomato\YouTube Video Downloader\IELink.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Download Video - {11F19C45-9675-488A-A8E0-8E8234DC245D} - C:\Program Files\Tomato\YouTube Video Downloader\IEPage.html
O9 - Extra 'Tools' menuitem: Download Video on This Page - {11F19C45-9675-488A-A8E0-8E8234DC245D} - C:\Program Files\Tomato\YouTube Video Downloader\IEPage.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: c:\progra~1\bandoo\bndhook.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bandoo Coordinator - Discordia Limited - C:\PROGRA~1\Bandoo\Bandoo.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibserver.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Tony/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.gif
End of file - 9076 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Maintenance en 1 clic.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2009-01-02 365960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-26 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E31CE47F-C268-41ba-897B-B415E613947D}]
Programme d'assistance de Microsoft Web Test Recorder 9.0 - c:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO90.dll [2007-11-09 64088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-02-26 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2009-01-02 365960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-07-19 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-07-19 77824]
"SMSERIAL"=C:\WINDOWS\sm56hlpr.exe [2005-08-12 552960]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-02-12 262401]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-09-21 86016]
"AlcWzrd"=C:\WINDOWS\ALCWZRD.EXE [2005-09-21 2807808]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"=C:\Program Files\SuperCopier2\SuperCopier2.exe [2006-07-07 1052672]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"NT_Authority"=C:\Documents and Settings\Tony\Application Data\smss.exe [2008-08-13 509952]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Launchy.lnk - C:\Program Files\Launchy\Launchy.exe
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Documents and Settings\Tony\Menu Démarrer\Programmes\Démarrage
Dos Optimizer.pif

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\progra~1\bandoo\bndhook.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-07-19 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-05-09 52224]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"DisallowRun"=1
"NoFolderOptions"=1
"NoRun"=1
"NoFind"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\wamp\Apache2\bin\httpd.exe"="C:\wamp\Apache2\bin\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c75cae0-e3a7-11dd-9e6d-0013ce912e9a}]
shell\AutoRun\command - H:\abk.bat
shell\explore\command - H:\abk.bat
shell\open\command - H:\abk.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f2997f6-dc0f-11dd-9e65-0013ce912e9a}]
shell\AutoRun\command - G:\RECYCLER\S-1-6-21-6129016431-0312943124-490191164-4243\fileview.exe
shell\open\command - G:\RECYCLER\S-1-6-21-6129016431-0312943124-490191164-4243\fileview.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f299813-dc0f-11dd-9e65-0013ce912e9a}]
shell\AutoRun\command - G:\RECYCLER\S-1-6-21-6129016431-0312943124-490191164-4243\fileview.exe
shell\open\command - G:\RECYCLER\S-1-6-21-6129016431-0312943124-490191164-4243\fileview.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb6b11c9-c456-11dd-9e44-0013ce912e9a}]
shell\AutoRun\command - G:\ncyrf.bat
shell\explore\command - G:\ncyrf.bat
shell\open\command - G:\ncyrf.bat

======File associations======

.reg - open - "regedit.exe" "%1"
.txt - open - Notepad.exe %1

======List of files/folders created in the last 1 months======

2009-04-20 03:24:18 ----A---- C:\Documents and Settings\Tony\Application Data\Forum CCM - édition du message - Mozilla Firefox.exe
2009-04-20 03:22:48 ----A---- C:\Documents and Settings\Tony\Application Data\log - Bloc-notes.exe
2009-04-20 03:15:49 ----D---- C:\Program Files\trend micro
2009-04-20 03:15:44 ----DC---- C:\rsit
2009-04-20 03:12:18 ----A---- C:\Documents and Settings\Tony\Application Data\Restriction en vigueur - Mozilla Firefox.exe
2009-04-20 02:58:08 ----A---- C:\Documents and Settings\Tony\Application Data\Lecteur Windows Media.exe
2009-04-20 02:47:11 ----A---- C:\Documents and Settings\Tony\Application Data\Restriction d'accès (Résolu) - Mozilla Firefox.exe
2009-04-20 02:45:41 ----A---- C:\Documents and Settings\Tony\Application Data\retriction en vigueur - Recherche Google - Mozilla Firefox.exe
2009-04-20 02:39:41 ----A---- C:\Documents and Settings\Tony\Application Data\Confirmation d'ajout de message - Mozilla Firefox.exe
2009-04-20 01:48:37 ----A---- C:\Documents and Settings\Tony\Application Data\Profil de antoinelaw - Mozilla Firefox.exe
2009-04-20 01:47:07 ----A---- C:\Documents and Settings\Tony\Application Data\Forum d'assistance informatique - Mozilla Firefox.exe
2009-04-20 01:45:37 ----A---- C:\Documents and Settings\Tony\Application Data\Compte CommentCaMarche de antoinelaw - Mozilla Firefox.exe
2009-04-20 01:43:55 ----A---- C:\Documents and Settings\Tony\Application Data\Spam (4) - 'Yahoo! Mail' - Mozilla Firefox.exe
2009-04-20 01:40:55 ----A---- C:\Documents and Settings\Tony\Application Data\J'ai des virus - Mozilla Firefox.exe
2009-04-20 01:33:22 ----A---- C:\Documents and Settings\Tony\Application Data\[Restriction en vigueur] - Mozilla Firefox.exe
2009-04-20 01:28:52 ----A---- C:\Documents and Settings\Tony\Application Data\Inscription à CommentCaMarche.net - Mozilla Firefox.exe
2009-04-20 01:22:52 ----A---- C:\Documents and Settings\Tony\Application Data\virus+mesdocuments.exe+Contacter votre administrateur system - Recherche Google - Mozilla Firefox.exe
2009-04-20 01:16:52 ----A---- C:\Documents and Settings\Tony\Application Data\View Programs in Startup Group.exe
2009-04-20 01:15:21 ----A---- C:\Documents and Settings\Tony\Application Data\Anti-Virus and Trojan V7.00.exe
2009-04-20 01:12:21 ----A---- C:\Documents and Settings\Tony\Application Data\Laoav Explorer Version 1.5.exe
2009-04-20 01:10:51 ----A---- C:\Documents and Settings\Tony\Application Data\antivirus.exe
2009-04-20 01:01:51 ----A---- C:\WINDOWS\system32\PerfStringBackup.TMP
2009-04-20 00:57:30 ----A---- C:\WINDOWS\system32\insrepim.exe
2009-04-20 00:56:09 ----A---- C:\WINDOWS\system32\mdt2fw95.dll
2009-04-20 00:53:48 ----D---- C:\WINDOWS\LastGood
2009-04-20 00:52:50 ----RASH---- C:\Documents and Settings\Tony\Application Data\Type d'installation.exe
2009-04-20 00:51:20 ----RASH---- C:\Documents and Settings\Tony\Application Data\KEY - Bloc-notes.exe
2009-04-20 00:49:51 ----A---- C:\Documents and Settings\Tony\Application Data\Developer Edition.exe
2009-04-20 00:46:42 ----RASH---- C:\Documents and Settings\Tony\Application Data\Propriétés de Affichage.exe
2009-04-20 00:42:07 ----A---- C:\Documents and Settings\Tony\Application Data\smss.exe
2009-04-20 00:42:06 ----RASH---- C:\Documents and Settings\Tony\Application Data\svchost.exe
2009-04-20 00:42:01 ----RASH---- C:\Documents and Settings\Tony\Application Data\Application Data.exe
2009-04-20 00:34:50 ----A---- C:\Documents and Settings\Tony\Application Data\Mises à jour automatiques.exe
2009-04-20 00:33:20 ----A---- C:\Documents and Settings\Tony\Application Data\Suppression... (avec TuneUp Shredder).exe
2009-04-20 00:33:17 ----RASH---- C:\Documents and Settings\Tony\Application Data\Confirmer la suppression des fichiers avec TuneUp Shredder.exe
2009-04-20 00:32:08 ----A---- C:\Documents and Settings\Tony\Application Data\Erreur.exe
2009-04-20 00:31:50 ----A---- C:\Documents and Settings\Tony\Application Data\INSTALL.exe
2009-04-20 00:26:42 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-20 00:25:57 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-20 00:22:47 ----RASH---- C:\Documents and Settings\Tony\Application Data\TuneUp RegistryCleaner.exe
2009-04-20 00:20:07 ----A---- C:\Documents and Settings\Tony\Application Data\TuneUp Utilities.exe
2009-04-20 00:19:46 ----RASH---- C:\Documents and Settings\Tony\Application Data\Menu automatique SQL Server.exe
2009-04-20 00:18:36 ----A---- C:\Documents and Settings\Tony\Application Data\Binn.exe
2009-04-20 00:13:46 ----RASH---- C:\Documents and Settings\Tony\Application Data\Panneau de configuration.exe
2009-04-20 00:12:59 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-20 00:11:05 ----A---- C:\Documents and Settings\Tony\Application Data\Bienvenue....exe
2009-04-20 00:10:45 ----RASH---- C:\Documents and Settings\Tony\Application Data\Installation.exe
2009-04-20 00:07:44 ----RASH---- C:\Documents and Settings\Tony\Application Data\Menu Démarrer.exe
2009-04-19 22:15:13 ----RASH---- C:\Documents and Settings\Tony\Application Data\Suppression des programmes de votre système.exe
2009-04-19 22:10:43 ----RASH---- C:\Documents and Settings\Tony\Application Data\Ajouter ou supprimer des programmes.exe
2009-04-19 22:06:26 ----A---- C:\Documents and Settings\Tony\Application Data\Mozilla Firefox.exe
2009-04-19 22:06:12 ----RASH---- C:\Documents and Settings\Tony\Application Data\Google - Mozilla Firefox.exe
2009-04-19 22:04:41 ----RASH---- C:\Documents and Settings\Tony\Application Data\Program Manager.exe
2009-04-19 22:01:40 ----RASH---- C:\Documents and Settings\Tony\Application Data\Analyseur de requêtes SQL.exe
2009-04-19 22:00:25 ----A---- C:\Documents and Settings\Tony\Application Data\Microsoft SQL Server.exe
2009-04-19 22:00:15 ----A---- C:\Documents and Settings\Tony\Application Data\Program Files.exe
2009-04-19 22:00:09 ----RASH---- C:\Documents and Settings\Tony\Application Data\Poste de travail.exe
2009-04-19 21:55:53 ----A---- C:\Documents and Settings\Tony\Application Data\Explorateur Windows.exe
2009-04-19 21:55:44 ----A---- C:\Documents and Settings\Tony\Application Data\Data.exe
2009-04-19 21:55:38 ----RASH---- C:\Documents and Settings\Tony\Application Data\MSSQL.exe
2009-04-19 21:52:50 ----A---- C:\Documents and Settings\Tony\Application Data\Confirmation de la suppression du fichier.exe
2009-04-19 21:51:19 ----A---- C:\Documents and Settings\Tony\Application Data\GAS1.exe
2009-04-19 21:48:06 ----RASH---- C:\Documents and Settings\Tony\Application Data\État de Connexion réseau sans fil.exe
2009-04-19 21:39:05 ----RASH---- C:\Documents and Settings\Tony\Application Data\avast! - Avertissement.exe
2009-04-19 21:09:10 ----A---- C:\Documents and Settings\Tony\Application Data\.exe
2009-04-19 20:42:01 ----RASH---- C:\Documents and Settings\Tony\Application Data\avast! Scanner rapide.exe
2009-04-17 23:14:36 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-17 23:11:20 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-17 23:10:14 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-10 13:01:59 ----D---- C:\Documents and Settings\All Users\Application Data\Bluetooth
2009-04-10 11:20:30 ----D---- C:\Program Files\IVT Corporation
2009-04-09 18:34:34 ----D---- C:\Program Files\AskBarDis
2009-04-09 18:29:16 ----D---- C:\Documents and Settings\Tony\Application Data\Paltalk
2009-04-09 17:50:33 ----D---- C:\Program Files\EtiketaGoGo
2009-04-09 17:15:40 ----D---- C:\Program Files\Dactylo
2009-04-08 09:52:10 ----D---- C:\Program Files\IIS Resources
2009-04-07 18:50:59 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2009-04-07 11:37:25 ----D---- C:\Documents and Settings\Tony\Application Data\U3

======List of files/folders modified in the last 1 months======

2009-04-20 03:26:30 ----D---- C:\Program Files\Mozilla Firefox 3 Beta 4
2009-04-20 03:15:49 ----RD---- C:\Program Files
2009-04-20 01:15:46 ----HD---- C:\WINDOWS\inf
2009-04-20 01:15:24 ----D---- C:\WINDOWS\Temp
2009-04-20 01:14:54 ----D---- C:\WINDOWS\Prefetch
2009-04-20 01:02:26 ----D---- C:\WINDOWS
2009-04-20 01:01:51 ----D---- C:\WINDOWS\system32
2009-04-20 00:54:36 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2009-04-20 00:53:50 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-20 00:42:40 ----D---- C:\WINDOWS\system32\inetsrv
2009-04-20 00:38:09 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-20 00:36:28 ----D---- C:\WINDOWS\system32\wbem
2009-04-20 00:26:51 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-04-20 00:26:27 ----A---- C:\WINDOWS\imsins.BAK
2009-04-20 00:23:07 ----D---- C:\WINDOWS\system32\fr-fr
2009-04-20 00:23:06 ----D---- C:\Program Files\Internet Explorer
2009-04-20 00:22:05 ----D---- C:\WINDOWS\ie7updates
2009-04-20 00:12:31 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-20 00:12:09 ----SHD---- C:\WINDOWS\Installer
2009-04-20 00:12:07 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-04-18 10:40:00 ----D---- C:\WINDOWS\AppPatch
2009-04-16 09:26:11 ----D---- C:\WINDOWS\system32\CatRoot
2009-04-13 09:47:45 ----A---- C:\WINDOWS\NeroDigital.ini
2009-04-13 09:41:39 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-04-13 09:40:28 ----D---- C:\WINDOWS\system32\drivers
2009-04-12 10:53:07 ----D---- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2009-04-10 14:17:39 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-04-10 12:08:53 ----HD---- C:\Program Files\InstallShield Installation Information
2009-04-10 08:27:29 ----D---- C:\Program Files\Microsoft SQL Server
2009-04-10 08:15:41 ----RSD---- C:\WINDOWS\assembly
2009-04-10 08:15:41 ----D---- C:\WINDOWS\Microsoft.NET
2009-04-10 06:49:23 ----D---- C:\WINDOWS\Registration
2009-04-08 20:47:52 ----D---- C:\WINDOWS\system32\config
2009-04-08 20:45:57 ----D---- C:\MSS
2009-04-08 20:45:53 ----D---- C:\WINDOWS\system32\1033
2009-04-08 20:45:28 ----D---- C:\Program Files\Microsoft.NET
2009-04-08 20:35:18 ----D---- C:\WINDOWS\system32\Restore
2009-04-08 17:44:20 ----D---- C:\Program Files\Microsoft Visual Studio 8
2009-04-08 17:43:16 ----D---- C:\Program Files\Microsoft Office
2009-04-08 09:50:35 ----D---- C:\WINDOWS\Downloaded Installations
2009-04-08 03:44:55 ----SD---- C:\Documents and Settings\Tony\Application Data\Microsoft
2009-04-07 19:58:26 ----D---- C:\Program Files\Fichiers communs\InstallShield
2009-04-07 19:57:46 ----D---- C:\WINDOWS\twain_32
2009-04-07 19:04:27 ----A---- C:\WINDOWS\win.ini
2009-04-06 14:57:24 ----A---- C:\WINDOWS\system32\MRT.exe
2009-04-05 17:02:50 ----RD---- C:\WINDOWS\Web
2009-04-05 17:02:49 ----HD---- C:\WINDOWS\ShellNew
2009-04-05 17:02:22 ----D---- C:\Mes Sites Web
2009-04-05 17:02:21 ----D---- C:\wamp
2009-04-05 14:50:15 ----D---- C:\Program Files\Windows Media Player
2009-04-05 14:50:12 ----D---- C:\Program Files\Voice Trap
2009-04-05 14:49:49 ----D---- C:\Program Files\Messenger
2009-04-05 14:49:48 ----D---- C:\Program Files\Launchy
2009-04-05 14:49:47 ----D---- C:\Program Files\FlashGet
2009-04-05 14:49:45 ----D---- C:\Program Files\DivX
2009-04-03 05:45:21 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-03-21 14:07:58 ----A---- C:\WINDOWS\system32\kernel32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
R1 Asapi;Asapi; C:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 11264]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-03-04 79424]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40576]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
R2 hardlock;hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 Haspnt;Haspnt; \??\C:\WINDOWS\system32\drivers\Haspnt.sys []
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2005-05-31 20480]
R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2005-04-30 10804]
R3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys [2005-04-30 11860]
R3 CmBatt;Pilote d'adaptateur secteur Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-07-19 1049180]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-09-23 3966976]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2006-06-30 26752]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-28 5888]
R3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-13 20992]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2004-10-19 61312]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2005-03-25 82148]
R3 w29n51;Pilote de carte de connexion réseau Intel(R) PRO/Wireless 2200BG pour Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2005-09-12 3298432]
S1 FileDisk;FileDisk; C:\WINDOWS\system32\drivers\FileDisk.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2005-05-31 23000]
S3 CCDECODE;Décodeur sous-titre fearmé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 RimUsb;Appareil BlackBerry; C:\WINDOWS\System32\Drivers\RimUsb.sys []
S3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]
S3 s616bus;Sony Ericsson Device 616 driver (WDM); C:\WINDOWS\system32\DRIVERS\s616bus.sys [2007-04-03 83208]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SQTECH9080;MegaCam(PID_9080_00); C:\WINDOWS\System32\Drivers\Capt9080.sys []
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbvideo;Périphérique vidéo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 VSPerfDrv90;Performance Tools Driver 9.0; \??\C:\Program Files\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\VSPerfDrv90.sys []
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-04-11 82944]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-04-11 87808]
S4 mchInjDrv;mchInjDrv; \??\C:\DOCUME~1\Tony\LOCALS~1\Temp\mc21.tmp []
S4 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-03-07 68865]
R2 AntiVirService;Avira AntiVir Personal – Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-03-26 147201]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
R2 Bandoo Coordinator;Bandoo Coordinator; C:\PROGRA~1\Bandoo\Bandoo.exe [2009-02-18 1484736]
R2 BlueSoleil Hid Service;BlueSoleil Hid Service; C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe [2005-04-06 110592]
R2 IISADMIN;Administration IIS; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15872]
R2 InterBaseGuardian;InterBase Guardian; C:\Program Files\Borland\InterBase\bin\ibguard.exe [2006-08-22 32768]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-26 152984]
R2 MSSQLSERVER;MSSQLSERVER; C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlservr.exe [2000-08-23 7442493]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15872]
R2 W3SVC;Publication World Wide Web; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15872]
R2 x10nets;X10 Device Network Service; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [2001-11-12 20480]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
R3 InterBaseServer;InterBase Server; C:\Program Files\Borland\InterBase\bin\ibserver.exe [2006-08-22 1769472]
S2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe []
S2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2000-08-06 65602]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SQLSERVERAGENT;SQLSERVERAGENT; C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlagent.exe [2000-08-06 303170]
S3 wampapache;wampapache; c:\wamp\apache2\bin\httpd.exe [2007-01-10 20539]
S3 wampmysqld;wampmysqld; c:\wamp\mysql\bin\mysqld-nt.exe [2007-07-06 5730304]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-05-10 827392]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 msvsmon90;Visual Studio 2008 Remote Debugger; c:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2007-11-08 3004416]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

Répondre à antoinelaw

Chiquitine29, le 20 avr 2009 à 06:37:41

Re, sorry pour le retard ,

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
http://oldtimer.geekstogo.com/OTMoveIt3.exe

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant ci-dessous :

:processes
explorer.exe

:files
C:\Documents and Settings\Tony\Application Data\antivirus.exe
C:\Documents and Settings\Tony\Application Data\Forum CCM - édition du message - Mozilla Firefox.exe
C:\Documents and Settings\Tony\Application Data\log - Bloc-notes.exe
C:\Documents and Settings\Tony\Application Data\Restriction en vigueur - Mozilla Firefox.exe
C:\Documents and Settings\Tony\Application Data\Lecteur Windows Media.exe
C:\Documents and Settings\Tony\Application Data\Restriction d'accès (Résolu) - Mozilla Firefox.exe
C:\Documents and Settings\Tony\Application Data\retriction en vigueur - Recherche Google - Mozilla Firefox.exe
C:\Documents and Settings\Tony\Application Data\Confirmation d'ajout de message - Mozilla Firefox.exe
C:\Documents and Settings\Tony\Application Data\Profil de antoinelaw - Mozilla Firefox.exe
C:\Documents and Settings\Tony\Application Data\Forum d'assistance informatique - Mozilla Firefox.exe
C:\Documents and Settings\Tony\Application Data\Compte CommentCaMarche de antoinelaw - Mozilla Firefox.exe
C:\Documents and Settings\Tony\Application Data\Spam (4) - 'Yahoo! Mail' - Mozilla Firefox.exe
C:\Documents and Settings\Tony\Application Data\J'ai des virus - Mozilla Firefox.exe
C:\Documents and Settings\Tony\Application Data\[Restriction en vigueur] - Mozilla Firefox.exe
C:\Documents and Settings\Tony\Application Data\Inscription à CommentCaMarche.net - Mozilla Firefox.exe
C:\Documents and Settings\Tony\Application Data\virus+mesdocuments.exe+Contacter votre administrateur system - Recherche Google - Mozilla Firefox.exe
C:\Documents and Settings\Tony\Application Data\View Programs in Startup Group.exe
C:\Documents and Settings\Tony\Application Data\Anti-Virus and Trojan V7.00.exe
C:\Documents and Settings\Tony\Application Data\Laoav Explorer Version 1.5.exe
C:\Documents and Settings\Tony\Application Data\Type d'installation.exe
C:\Documents and Settings\Tony\Application Data\KEY - Bloc-notes.exe
C:\Documents and Settings\Tony\Application Data\Developer Edition.exe
C:\Documents and Settings\Tony\Application Data\Propriétés de Affichage.exe
C:\Documents and Settings\Tony\Application Data\smss.exe
C:\Documents and Settings\Tony\Application Data\svchost.exe
C:\Documents and Settings\Tony\Application Data\Application Data.exe
C:\Documents and Settings\Tony\Application Data\Mises à jour automatiques.exe
C:\Documents and Settings\Tony\Application Data\Suppression... (avec TuneUp Shredder).exe
C:\Documents and Settings\Tony\Application Data\Confirmer la suppression des fichiers avec TuneUp Shredder.exe
C:\Documents and Settings\Tony\Application Data\Erreur.exe
C:\Documents and Settings\Tony\Application Data\INSTALL.exe
C:\Documents and Settings\Tony\Application Data\Menu automatique SQL Server.exe
C:\Documents and Settings\Tony\Application Data\Binn.exe
C:\Documents and Settings\Tony\Application Data\Panneau de configuration.exe
C:\Documents and Settings\Tony\Application Data\Bienvenue....exe
C:\Documents and Settings\Tony\Application Data\Installation.exe
C:\Documents and Settings\Tony\Application Data\Menu Démarrer.exe
C:\Documents and Settings\Tony\Application Data\Suppression des programmes de votre système.exe
C:\Documents and Settings\Tony\Application Data\Ajouter ou supprimer des programmes.exe
C:\Documents and Settings\Tony\Application Data\Mozilla Firefox.exe
C:\Documents and Settings\Tony\Application Data\Google - Mozilla Firefox.exe
C:\Documents and Settings\Tony\Application Data\Program Manager.exe
C:\Documents and Settings\Tony\Application Data\Analyseur de requêtes SQL.exe
C:\Documents and Settings\Tony\Application Data\Microsoft SQL Server.exe
C:\Documents and Settings\Tony\Application Data\Program Files.exe
C:\Documents and Settings\Tony\Application Data\Poste de travail.exe
C:\Documents and Settings\Tony\Application Data\Explorateur Windows.exe
C:\Documents and Settings\Tony\Application Data\Data.exe
C:\Documents and Settings\Tony\Application Data\MSSQL.exe
C:\Documents and Settings\Tony\Application Data\Confirmation de la suppression du fichier.exe
C:\Documents and Settings\Tony\Application Data\GAS1.exe
C:\Documents and Settings\Tony\Application Data\État de Connexion réseau sans fil.exe
C:\Documents and Settings\Tony\Application Data\avast! - Avertissement.exe
C:\Documents and Settings\Tony\Application Data\.exe
C:\Documents and Settings\Tony\Application Data\avast! Scanner rapide.exe
G:\RECYCLER\S-1-6-21-6129016431-0312943124-490191164-4243\fileview.exe
G:\ncyrf.bat
H:\abk.bat

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NT_Authority"=-

:commands
[emptytemp]
[reboot]

---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
@+

Répondre à Chiquitine29

antoinelaw, le 20 avr 2009 à 09:24:58

J'aimerai juste savoir si OtMoveIt3 ne va pas supprimera les répertoires et les exécutables se trouvant dans la liste...

Répondre à antoinelaw

antoinelaw, le 20 avr 2009 à 09:51:22

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\Documents and Settings\Tony\Application Data\antivirus.exe moved successfully.
C:\Documents and Settings\Tony\Application Data\Forum CCM - édition du message - Mozilla Firefox.exe moved successfully.
C:\Documents and Settings\Tony\Application Data\log - Bloc-notes.exe moved successfully.
C:\Documents and Settings\Tony\Application Data\Restriction en vigueur - Mozilla Firefox.exe moved successfully.
C:\Documents and Settings\Tony\Application Data\Lecteur Windows Media.exe moved successfully.
C:\Documents and Settings\Tony\Application Data\Restriction d'accès (Résolu) - Mozilla Firefox.exe moved successfully.
C:\Documents and Settings\Tony\Application Data\retriction en vigueur - Recherche Google - Mozilla Firefox.exe moved successfully.
C:\Documents and Settings\Tony\Application Data\Confirmation d'ajout de message - Mozilla Firefox.exe moved successfully.
File/Folder C:\Documents and Settings\Tony\Application Data\Profil de antoinelaw - Mozilla Firefox.exe not found.
C:\Documents and Settings\Tony\Application Data\Forum d'assistance informatique - Mozilla Firefox.exe moved successfully.
File/Folder C:\Documents and Settings\Tony\Application Data\Compte CommentCaMarche de antoinelaw - Mozilla Firefox.exe not found.
C:\Documents and Settings\Tony\Application Data\Spam (4) - 'Yahoo! Mail' - Mozilla Firefox.exe moved successfully.
C:\Documents and Settings\Tony\Application Data\J'ai des virus - Mozilla Firefox.exe moved successfully.
C:\Documents and Settings\Tony\Application Data\[Restriction en vigueur] - Mozilla Firefox.exe moved successfully.
C:\Documents and Settings\Tony\Application Data\Inscription à CommentCaMarche.net - Mozilla Firefox.exe moved successfully.
C:\Documents and Settings\Tony\Application Data\virus+mesdocuments.exe+Contacter votre administrateur system - Recherche Google - Mozilla Firefox.exe moved successfully.
C:\Documents and Settings\Tony\Application Data\View Programs in Startup Group.exe moved successfully.
C:\Documents and Settings\Tony\Application Data\Anti-Virus and Trojan V7.00.exe moved successfully.
C:\Documents and Settings\Tony\Application Data\Laoav Explorer Version 1.5.exe moved successfully.
C:\Documents and Settings\Tony\Application Data\Type d'installation.exe moved successfully.
File/Folder C:\Documents and Settings\Tony\Application Data\KEY - Bloc-notes.exe not found.
C:\Documents and Settings\Tony\Application Data\Developer Edition.exe moved successfully.
C:\Documents and Settings\Tony\Application Data\Propriétés de Affichage.exe moved successfully.
C:\Documents and Settings\Tony\Application Data\smss.exe moved successfully.
C:\Documents and Settings\Tony\Application Data\svchost.exe moved successfully.
C:\Documents and Settings\Tony\Application Data\Application Data.exe moved successfully.
C:\Documents and Settings\Tony\Application Data\Mises à jour automatiques.exe moved successfully.
C:\Documents and Settings\Tony\Application Data\Suppression... (avec TuneUp Shredder).exe moved successfully.
C:\Documents and Settings\Tony\Application Data\Confirmer la suppression des fichiers avec TuneUp Shredder.exe moved successfully.
C:\Documents and Settings\Tony\Application Data\Erreur.exe moved successfully.
C:\Documents and Settings\Tony\Application Data\INSTALL.exe moved successfully.
C:\Documents and Settings\Tony\Application Data\Menu automatique SQL Server.exe moved successfully.
C:\Documents and Settings\Tony\Application Data\Binn.exe moved successfully.
C:\Documents and Settings\Tony\Application Data\Panneau de configuration.exe moved successfully.
C:\Documents and Settings\Tony\Application Data\Bienvenue....exe moved successfully.
C:\Documents and Settings\Tony\Application Data\Installation.exe moved successfully.
C:\Documents and Settings\Tony\Application Data\Menu Démarrer.exe moved successfully.
C:\Documents and Settings\Tony\Application Data\Suppression des programmes de votre système.exe moved successfully.
C:\Documents and Settings\Tony\Application Data\Ajouter ou supprimer des programmes.exe moved successfully.
C:\Documents and Settings\Tony\Application Data\Mozilla Firefox.exe moved successfully.
C:\Documents and Settings\Tony\Application Data\Google - Mozilla Firefox.exe moved successfully.
C:\Documents and Settings\Tony\Application Data\Program Manager.exe moved successfully.
C:\Documents and Settings\Tony\Application Data\Analyseur de requêtes SQL.exe moved successfully.
C:\Documents and Settings\Tony\Application Data\Microsoft SQL Server.exe moved successfully.
C:\Documents and Settings\Tony\Application Data\Program Files.exe moved successfully.
C:\Documents and Settings\Tony\Application Data\Poste de travail.exe moved successfully.
C:\Documents and Settings\Tony\Application Data\Explorateur Windows.exe moved successfully.
C:\Documents and Settings\Tony\Application Data\Data.exe moved successfully.
C:\Documents and Settings\Tony\Application Data\MSSQL.exe moved successfully.
C:\Documents and Settings\Tony\Application Data\Confirmation de la suppression du fichier.exe moved successfully.
C:\Documents and Settings\Tony\Application Data\GAS1.exe moved successfully.
C:\Documents and Settings\Tony\Application Data\État de Connexion réseau sans fil.exe moved successfully.
C:\Documents and Settings\Tony\Application Data\avast! - Avertissement.exe moved successfully.
C:\Documents and Settings\Tony\Application Data\.exe moved successfully.
C:\Documents and Settings\Tony\Application Data\avast! Scanner rapide.exe moved successfully.
File/Folder G:\RECYCLER\S-1-6-21-6129016431-0312943124-490191164-4243\fileview.exe not found.
File/Folder G:\ncyrf.bat not found.
File/Folder H:\abk.bat not found.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\NT_Authority deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Tony\LOCALS~1\Temp\etilqs_uKNqFu9cjan8zDpTgcal scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Tony\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5b0.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_780.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_c44.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Tony\Local Settings\Application Data\Mozilla\Firefox\Profiles\0ap8ak95.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tony\Local Settings\Application Data\Mozilla\Firefox\Profiles\0ap8ak95.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tony\Local Settings\Application Data\Mozilla\Firefox\Profiles\0ap8ak95.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tony\Local Settings\Application Data\Mozilla\Firefox\Profiles\0ap8ak95.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tony\Local Settings\Application Data\Mozilla\Firefox\Profiles\0ap8ak95.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tony\Local Settings\Application Data\Mozilla\Firefox\Profiles\0ap8ak95.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04202009_073648

Files moved on Reboot...
File C:\DOCUME~1\Tony\LOCALS~1\Temp\etilqs_uKNqFu9cjan8zDpTgcal not found!
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_5b0.dat not found!
C:\WINDOWS\temp\Perflib_Perfdata_780.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_c44.dat not found!
C:\Documents and Settings\Tony\Local Settings\Application Data\Mozilla\Firefox\Profiles\0ap8ak95.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Tony\Local Settings\Application Data\Mozilla\Firefox\Profiles\0ap8ak95.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Tony\Local Settings\Application Data\Mozilla\Firefox\Profiles\0ap8ak95.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Tony\Local Settings\Application Data\Mozilla\Firefox\Profiles\0ap8ak95.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Tony\Local Settings\Application Data\Mozilla\Firefox\Profiles\0ap8ak95.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Tony\Local Settings\Application Data\Mozilla\Firefox\Profiles\0ap8ak95.default\XUL.mfl moved successfully.

Répondre à antoinelaw

Chiquitine29, le 20 avr 2009 à 09:53:21

Telecharge et install UsbFix

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir

# Double clic sur le raccourci UsbFix présent sur ton bureau .

# Choisi l option 1 ( Recherche )

# Laisse travailler l outil.

# Ensuite post le rapport UsbFix.txt qui apparaitra.

# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

# Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
@+

Répondre à Chiquitine29

antoinelaw, le 20 avr 2009 à 12:03:52

############################## [ UsbFix V3.010 ]

# User : Tony (Administrateurs) # ANTOINE
# Update on 19/04/09 by C_XX & Chiquitine29
# Start at: 09:15:01 | 20/04/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/

# Intel(R) Pentium(R) M processor 1.70GHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Enabled
# AV : Avira AntiVir PersonalEdition 8.0.1.15 [ Enabled | (!) Outdated ]
# AV : avast! antivirus 4.8.1296 [VPS 090419-0] 4.8.1296 [ (!) Disabled | Updated ]

# C:\ # Disque fixe local # 39,06 Go (15,08 Go free) # NTFS
# D:\ # Disque fixe local # 19,53 Go (1,26 Go free) [SAUVEGARDE] # NTFS
# E:\ # Disque fixe local # 15,93 Go (15,85 Go free) [RECUPERATION] # NTFS
# F:\ # Disque CD-ROM
# G:\ # Disque amovible # 1,87 Go (1,87 Go free) [ANTOINEL] # FAT

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Borland\InterBase\bin\ibguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\PROGRA~1\Bandoo\Bandoo.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Borland\InterBase\bin\ibserver.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Tony\Application Data\svchost.exe
C:\Program Files\Launchy\Launchy.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Documents and Settings\Tony\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif
C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Registre # Startup ]

HKCU_Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
HKCU_Main: "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
HKCU_Main: "Start Page"="http://www.msn.fr/"
HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"="Tony"
HKLM_logon: "AltDefaultUserName"="Tony"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: igfxtray=C:\WINDOWS\system32\igfxtray.exe
HKLM_Run: igfxhkcmd=C:\WINDOWS\system32\hkcmd.exe
HKLM_Run: SMSERIAL=sm56hlpr.exe
HKLM_Run: Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
HKLM_Run: avgnt="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
HKLM_Run: avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
HKLM_Run: SoundMan=SOUNDMAN.EXE
HKLM_Run: AlcWzrd=ALCWZRD.EXE
HKLM_Run: Alcmtr=ALCMTR.EXE
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: SuperCopier2.exe=C:\Program Files\SuperCopier2\SuperCopier2.exe
HKCU_Run: ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
HKCU_Run: msnmsgr="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
HKCU_Run: NT_Authority=C:\Documents and Settings\Tony\Application Data\svchost.exe

################## [ Informations ]

# -> ( Value | Good = 0x0 Bad = 0x1 )

# HKCU\SOFTWARE\...\Policies\System "DisableRegedit" = (0x0)
# HKCU\SOFTWARE\...\Policies\System "DisableRegistryTools" = (0x0)
# HKCU\SOFTWARE\...\Policies\System "DisableTaskMgr" = (0x0)
# HKLM\SOFTWARE\...\Policies\System "DisableRegedit" = (0x0)
# HKLM\SOFTWARE\...\Policies\System "DisableRegistryTools" = (0x0)
# HKLM\SOFTWARE\...\Policies\System "DisableTaskMgr" = (0x0)

################## [ Fichiers # Dossiers infectieux ]

Found ! "C:\WINDOWS\system32\Sexy Girls.scr"

################## [ Registre # Clés Run infectieuses ]

# -> Not Found !

################## [ Registre # Mountpoints2 ]

HKCU\Software\Microsoft\....\MountPoints2\{5c75cae0-e3a7-11dd-9e6d-0013ce912e9a}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{5c75cae0-e3a7-11dd-9e6d-0013ce912e9a}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{5c75cae0-e3a7-11dd-9e6d-0013ce912e9a}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{9f2997f6-dc0f-11dd-9e65-0013ce912e9a}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{9f2997f6-dc0f-11dd-9e65-0013ce912e9a}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{9f299813-dc0f-11dd-9e65-0013ce912e9a}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{9f299813-dc0f-11dd-9e65-0013ce912e9a}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{fb6b11c9-c456-11dd-9e44-0013ce912e9a}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{fb6b11c9-c456-11dd-9e44-0013ce912e9a}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{fb6b11c9-c456-11dd-9e44-0013ce912e9a}\Shell\open\Command

################## [ ! Fin du rapport # UsbFix V3.010 ! ]

Répondre à antoinelaw

Chiquitine29, le 20 avr 2009 à 12:07:44

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir

# Double clic sur le raccourci UsbFix présent sur ton bureau

# choisi l option 2 ( Suppression )

# Ton bureau disparaitra et le pc redémarrera .

# Au redémarrage , UsbFix scannera ton pc , laisse travailler l outil.

# Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .

# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
@+

Répondre à Chiquitine29

antoinelaw, le 21 avr 2009 à 10:18:51

Très bien Chiquitine29 !
- "execute" est revenu dans le menu demarrer
-"Option des dossier" est aussi revenu
-Quand je fait ctrl+alt+suppr, taskmanager aussi apparait ce qui n'était pas le cas avant

Mais:

-Le message "restriction en vigueur....." demeurre pour l'instant
-quand j'ai fait Scan de mon system, "mesdocuments.exe" est detecté

j'ai éteind l'ordi pour le moment je vais le redemarrer pour voir s'il y a eu des changement. Je te dirais ce qu'il en est;
sinon je compte réparer le système pour voir si le message disparaitra.

j'ai improviser l'étape 3 de UsbFix

Répondre à antoinelaw

Posez votre question Répondre