Trojan generic [Résolu]

slt,



Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit

Bonjour et merci
Désolée, je suis une vraie blonde néophyte......mais je fais de mon mieux : est-ce ça ?


Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 28 GB (28%) free of 100 GB
Total RAM: 2046 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:30:40, on 18/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\dieh.exe
C:\WINDOWS\system32\nefnby.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Mes documents\windows-kb890830-v2.10.exe virus.exe
d:\0822e4ce68e486d5cf\mrtstub.exe
C:\WINDOWS\system32\MRT.exe
C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Mes documents\WindowsXP-KB958644-x86-FRA.exe
d:\9300d5f9d45f07e095a930a9\update\update.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Mes documents\RSIT.exe trojan.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Nathalie.exe
C:\WINDOWS\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows UDP Control Center] msnmsgrss.exe
O4 - HKLM\..\Run: [Windows Layer] nefnby.exe
O4 - HKLM\..\Run: [PromoReg] C:\WINDOWS\system32\dieh.exe
O4 - HKLM\..\Run: [12886094] C:\Documents and Settings\All Users.WINDOWS\Application Data\12886094\12886094.exe
O4 - HKLM\..\Run: [92896086] C:\Documents and Settings\All Users.WINDOWS\Application Data\92896086\92896086.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\RunServices: [Windows Layer] nefnby.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Windows Layer] nefnby.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrvR) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: MYS Mutex Algorithm Service - Unknown owner - C:\WINDOWS\system\mysmas.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: Composant de commande centrale Trend Micro (SfCtlCom) - Unknown owner - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

c'est bon :)





Télécharge et install UsbFix de C_XX & Chiquitine29

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

# Double clic sur le raccourci UsbFix présent sur ton bureau .

# Choisis l'option 1 ( Recherche )

# Laisse travailler l'outil.

# Ensuite post le rapport UsbFix.txt qui apparaitra.

# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

# Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

et comment je branche tout ça sans les ouvrir ?

# User : Nathalie (Administrateurs) # NATHALIE-6C7D0C
# Update on 16/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 21:55:33 | 18/05/2009

# Intel(R) Pentium(R) 4 CPU 3.40GHz
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Enabled
# AV : avast! antivirus 4.8.1229 [VPS 090518-0] 4.8.1229 [ Enabled | Updated ]
# AV : Trend Micro Internet Security 17.0.1367 [ Enabled | Updated ]
# FW : Pare-feu personnel Trend Micro[ Enabled ]5.5

# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 97,65 Go (27,09 Go free) [SYSTEM] # NTFS
# D:\ # Disque fixe local # 135,22 Go (109,46 Go free) [DONNEES] # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque amovible

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\dieh.exe
C:\WINDOWS\system32\nefnby.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Registre # Startup ]

HKCU_Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
HKCU_Main: "Search Page"="http://www.google.com"
HKCU_Main: "Start Page"="go.microsoft.com/fwlink/?LinkId=69157"
HKCU_Main: "Start Page Redirect Cache"="http://fr.msn.com/?ocid=iehp"
HKCU_Main: "Start Page Redirect Cache AcceptLangs"="fr"
HKCU_Main: "Start Page Redirect Cache_TIMESTAMP"=hex:28,56,93,74,3b,d7,c9,01
HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"="Nathalie"
HKLM_logon: "AltDefaultUserName"="Nathalie"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: dla=C:\WINDOWS\system32\dla\tfswctrl.exe
HKLM_Run: UpdateManager="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
HKLM_Run: ATIPTA="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
HKLM_Run: CTHelper=CTHELPER.EXE
HKLM_Run: CTxfiHlp=CTXFIHLP.EXE
HKLM_Run: SoundMAXPnP=C:\Program Files\Analog Devices\Core\smax4pnp.exe
HKLM_Run: SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
HKLM_Run: EleFunAnimatedWallpaper=
HKLM_Run: fssui="C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
HKLM_Run: LVCOMSX=C:\WINDOWS\system32\LVCOMSX.EXE
HKLM_Run: LogitechVideoRepair=C:\Program Files\Logitech\Video\ISStart.exe
HKLM_Run: LogitechVideoTray=C:\Program Files\Logitech\Video\LogiTray.exe
HKLM_Run: UfSeAgnt.exe="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
HKLM_Run: HP Software Update=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
HKLM_Run: hpqSRMon=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
HKLM_Run: QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
HKLM_Run: iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
HKLM_Run: SecurDisc=C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
HKLM_Run: avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
HKLM_Run: Windows UDP Control Center=msnmsgrss.exe
HKLM_Run: Windows Layer=nefnby.exe
HKLM_Run: PromoReg=C:\WINDOWS\system32\dieh.exe
HKLM_Run: 12886094=C:\Documents and Settings\All Users.WINDOWS\Application Data\12886094\12886094.exe
HKLM_Run: 92896086=C:\Documents and Settings\All Users.WINDOWS\Application Data\92896086\92896086.exe
HKLM_Run: KernelFaultCheck=%systemroot%\system32\dumprep 0 -k
HKLM_Run: Ad-Watch=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
HKLM_Run: Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKLM_Run: Windows Defender="C:\Program Files\Windows Defender\MSASCui.exe" -hide
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKLM_Rserv: Windows Layer=nefnby.exe
HKCU_Run: CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
HKCU_Run: swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKCU_Run: OE=C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
HKCU_Run: msnmsgr="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
HKCU_Run: Windows Layer=nefnby.exe
HKCU_Run: SpybotSD TeaTimer=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

################## [ Fichiers # Dossiers infectieux ]

Found ! C:\WINDOWS\system32\drivers\sysdrv32.sys

################## [ Registre # Clés Run infectieuses ]

Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "PromoReg"
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "Windows UDP Control Center"
Found ! HKLM\SYSTEM\CurrentControlSet\Services\sysdrv32
Found ! HKLM\SYSTEM\ControlSet001\Services\sysdrv32
Found ! HKLM\SYSTEM\ControlSet002\Services\sysdrv32
Found ! HKLM\software\microsoft\security center\\ "AntiVirusOverride"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )

################## [ Registre # Mountpoints2 ]

HKCU\...\Explorer\MountPoints2\{6d8cc73c-01a0-11de-beb1-0011117a16b5}\Shell\Auto\Command
HKCU\...\Explorer\MountPoints2\{6d8cc73c-01a0-11de-beb1-0011117a16b5}\Shell\AutoRun\Command

################## [ ! Fin du rapport # UsbFix V3.021 ! ]

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir

# Double clic sur le raccourci UsbFix présent sur ton bureau

# choisis l'option 2 ( Suppression )

# Ton bureau disparaitra et le pc redémarrera .

# Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.

# Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .

# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )




puis



scanne avec
MalwareByte's Anti-Malware après mise a jour, en mode normal et vire ce qui est trouvé et colle le rapport

http://www.malekal.com/tutorial_MalwareBytes_AntiMalware.php




puis remets un rapport RSIT et dis tes soucis

a plus

re.......

# User : Nathalie (Administrateurs) # NATHALIE-6C7D0C
# Update on 16/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 23:59:04 | 18/05/2009

# Intel(R) Pentium(R) 4 CPU 3.40GHz
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Enabled
# AV : avast! antivirus 4.8.1229 [VPS 090518-0] 4.8.1229 [ Enabled | Updated ]
# AV : Trend Micro Internet Security 17.0.1367 [ Enabled | Updated ]
# FW : Pare-feu personnel Trend Micro[ Enabled ]5.5

# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 97,65 Go (28,07 Go free) [SYSTEM] # NTFS
# D:\ # Disque fixe local # 135,22 Go (110,84 Go free) [DONNEES] # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque amovible

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Fichiers # Dossiers infectieux ]


################## [ Registre # Clés Run infectieuses ]


################## [ Registre # Mountpoints2 ]


################## [ Listing des fichiers présent ]

[18/05/2009 23:56|--a------|668] - C:\aaw7boot.log
[17/05/2009 17:22|--a------|145959] - C:\abaca.exe
[03/04/2008 16:17|--a------|0] - C:\AUTOEXEC.BAT
[06/05/2009 12:43|---hs----|216] - C:\boot.ini
[14/04/2008 14:00|-rahs----|4952] - C:\Bootfont.bin
[06/01/2009 22:11|--a------|74] - C:\CMLoader.log
[03/04/2008 16:17|--a------|0] - C:\CONFIG.SYS
[01/01/2009 22:59|--a------|345373] - C:\CTSUFile.txt
[17/05/2009 23:26|--a------|2056] - C:\elast.exe
[31/12/2008 01:13|--a------|16] - C:\h.txt
[12/07/2008 14:20|--a------|164] - C:\install.dat
[03/04/2008 16:17|-rahs----|0] - C:\IO.SYS
[17/05/2009 17:21|--a------|77312] - C:\lats.exe
[12/05/2008 00:31|--a------|4639] - C:\MP4debug.log
[03/04/2008 16:17|-rahs----|0] - C:\MSDOS.SYS
[14/04/2008 14:00|-rahs----|47564] - C:\NTDETECT.COM
[14/04/2008 14:00|-rahs----|252240] - C:\ntldr
[?|?|?] - C:\pagefile.sys
[20/09/2008 14:42|--ah-----|268] - C:\sqmdata00.sqm
[12/11/2008 18:20|--ah-----|268] - C:\sqmdata01.sqm
[26/11/2008 21:10|--ah-----|232] - C:\sqmdata02.sqm
[20/09/2008 14:42|--ah-----|244] - C:\sqmnoopt00.sqm
[12/11/2008 18:20|--ah-----|244] - C:\sqmnoopt01.sqm
[26/11/2008 21:10|--ah-----|244] - C:\sqmnoopt02.sqm
[31/10/2005 17:56|--a------|700416] - C:\StubInstaller.exe
[01/03/2009 17:49|--a------|0] - C:\Tech_Vista.log
[17/05/2009 16:33|--a------|5489] - C:\tra.exe
[19/05/2009 00:01|--a------|4376] - C:\UsbFix.txt

################## [ Vaccination ]

# C:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# D:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.

################## [ Cracks / Keygens / Serials ]

# -> Nothing found !

################## [ ! Fin du rapport # UsbFix V3.021 ! ]

Version de la base de données: 2149
Windows 5.1.2600 Service Pack 3

19/05/2009 01:52:22
mbam-log-2009-05-19 (01-52-22).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 330901
Temps écoulé: 1 hour(s), 26 minute(s), 37 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 5
Fichier(s) infecté(s): 13

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemSecurity2009 (Rogue.Systemsecurity) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MYS Mutex Algorithm Service (Backdoor.IRCBot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MYS Mutex Algorithm Service (Backdoor.IRCBot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MYS Mutex Algorithm Service (Backdoor.IRCBot) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12886094 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\92896086 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\Windows Layer (Backdoor.Bot) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Documents and Settings\All Users.WINDOWS\Application Data\12886094 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\92896086 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Program Files\BrowsingEnhancer (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect (Rogue.Multiple) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Documents and Settings\All Users.WINDOWS\Application Data\12886094\12886094.exe (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\12886094\12886094.glu (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\12886094\pc12886094cnf (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\12886094\pc12886094ins (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\92896086\92896086.exe (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1AEC70C8-C43B-47EA-AE64-ED132540020F}\RP11\A0009947.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\BrowsingEnhancer\BrowsingEnhancer.dat (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully.
C:\Program Files\BrowsingEnhancer\pcre3.dll (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully.
C:\Program Files\BrowsingEnhancer\uninstall.exe (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Bureau\System Security 2009.lnk (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nathalie\Bureau\BitDownload Downloads.lnk (Trojan.Lop) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nefnby.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\msnmsgrss.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

############################## [ UsbFix V3.021 # Scan ]

# User : Nathalie (Administrateurs) # NATHALIE-6C7D0C
# Update on 16/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 01:57:44 | 19/05/2009

# Intel(R) Pentium(R) 4 CPU 3.40GHz
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Enabled
# AV : avast! antivirus 4.8.1229 [VPS 090518-0] 4.8.1229 [ Enabled | Updated ]
# AV : Trend Micro Internet Security 17.0.1367 [ Enabled | Updated ]
# FW : Pare-feu personnel Trend Micro[ Enabled ]5.5

# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 97,65 Go (27,93 Go free) [SYSTEM] # NTFS
# D:\ # Disque fixe local # 135,22 Go (110,84 Go free) [DONNEES] # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque amovible

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\WINDOWS\system32\ati2sgag.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Registre # Startup ]

HKCU_Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
HKCU_Main: "Search Page"="http://www.google.com"
HKCU_Main: "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
HKCU_Main: "Start Page Redirect Cache"="http://fr.msn.com/?ocid=iehp"
HKCU_Main: "Start Page Redirect Cache AcceptLangs"="fr"
HKCU_Main: "Start Page Redirect Cache_TIMESTAMP"=hex:28,56,93,74,3b,d7,c9,01
HKCU_Main: "Window Title"=""
HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"="Nathalie"
HKLM_logon: "AltDefaultUserName"="Nathalie"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: dla=C:\WINDOWS\system32\dla\tfswctrl.exe
HKLM_Run: UpdateManager="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
HKLM_Run: ATIPTA="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
HKLM_Run: CTHelper=CTHELPER.EXE
HKLM_Run: CTxfiHlp=CTXFIHLP.EXE
HKLM_Run: SoundMAXPnP=C:\Program Files\Analog Devices\Core\smax4pnp.exe
HKLM_Run: SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
HKLM_Run: EleFunAnimatedWallpaper=
HKLM_Run: fssui="C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
HKLM_Run: LVCOMSX=C:\WINDOWS\system32\LVCOMSX.EXE
HKLM_Run: LogitechVideoRepair=C:\Program Files\Logitech\Video\ISStart.exe
HKLM_Run: LogitechVideoTray=C:\Program Files\Logitech\Video\LogiTray.exe
HKLM_Run: UfSeAgnt.exe="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
HKLM_Run: HP Software Update=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
HKLM_Run: hpqSRMon=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
HKLM_Run: QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
HKLM_Run: iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
HKLM_Run: SecurDisc=C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
HKLM_Run: avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
HKLM_Run: Windows Layer=nefnby.exe
HKLM_Run: Ad-Watch=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
HKLM_Run: Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKLM_Run: Windows Defender="C:\Program Files\Windows Defender\MSASCui.exe" -hide
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
HKCU_Run: swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKCU_Run: OE=C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
HKCU_Run: msnmsgr="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
HKCU_Run: Windows Layer=nefnby.exe
HKCU_Run: SpybotSD TeaTimer=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

################## [ Fichiers # Dossiers infectieux ]


################## [ Registre # Clés Run infectieuses ]


################## [ Registre # Mountpoints2 ]


################## [ ! Fin du rapport # UsbFix V3.021 ! ]

Bonjour........

Hé bien la machine est apaisée.... (moi avec !), tout semble être rentré dans l'ordre....Un grand MERCI à mon Robin des bois de l'informatique....Vraiment !!!
Nathalie

vire ce qui est en quarantaine dans malwarebyte


_______________

analyse ce fichier sur virus total et colle le rapport: http://www.virustotal.com/fr/

C:\abaca.exe


_________________

remets un rapport RSIT pour verifier ton pc

Bonjour,

J'ai ouvert virus total....selectionné analyse qui s'est surligné en bleu, et depuis j'attends.....cela fait plus de 3 heures......Normal ????

Hé bien avant que je n'ai un flash de reflexion suite à la lenteur du truc, ça a pris du temps !!!!


Fichier mopqyd.exe reçu le 2009.05.18 16:29:47 (CET)
Situation actuelle: terminé

Résultat: 3/40 (7.50%)
Formaté Impression des résultats Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.05.18 -
AhnLab-V3 5.0.0.2 2009.05.18 -
AntiVir 7.9.0.168 2009.05.18 -
Antiy-AVL 2.0.3.1 2009.05.18 -
Authentium 5.1.2.4 2009.05.17 -
Avast 4.8.1335.0 2009.05.17 -
AVG 8.5.0.336 2009.05.18 -
BitDefender 7.2 2009.05.18 -
CAT-QuickHeal 10.00 2009.05.15 -
ClamAV 0.94.1 2009.05.18 -
Comodo 1157 2009.05.08 -
DrWeb 5.0.0.12182 2009.05.18 -
eSafe 7.0.17.0 2009.05.18 -
eTrust-Vet 31.6.6508 2009.05.16 -
F-Prot 4.4.4.56 2009.05.17 -
F-Secure 8.0.14470.0 2009.05.18 -
Fortinet 3.117.0.0 2009.05.18 -
GData 19 2009.05.18 -
Ikarus T3.1.1.49.0 2009.05.18 -
K7AntiVirus 7.10.737 2009.05.16 -
Kaspersky 7.0.0.125 2009.05.18 -
McAfee 5618 2009.05.17 -
McAfee+Artemis 5618 2009.05.17 -
McAfee-GW-Edition 6.7.6 2009.05.18 -
Microsoft 1.4602 2009.05.18 VirTool:Win32/CeeInject.gen!Q
NOD32 4083 2009.05.18 a variant of Win32/Injector.OO
Norman 6.01.05 2009.05.16 -
nProtect 2009.1.8.0 2009.05.18 -
Panda 10.0.0.14 2009.05.18 -
PCTools 4.4.2.0 2009.05.18 -
Prevx 3.0 2009.05.18 Medium Risk Malware
Rising 21.30.04.00 2009.05.18 -
Sophos 4.41.0 2009.05.18 -
Sunbelt 3.2.1858.2 2009.05.17 -
Symantec 1.4.4.12 2009.05.18 -
TheHacker 6.3.4.1.326 2009.05.18 -
TrendMicro 8.950.0.1092 2009.05.18 -
VBA32 3.12.10.5 2009.05.18 -
ViRobot 2009.5.18.1739 2009.05.18 -
VirusBuster 4.6.5.0 2009.05.18 -
Information additionnelle
File size: 145959 bytes
MD5...: 0139a7026e76e6abe3803ec2af9d3c32
SHA1..: 4a0b5f5a78e33e44845fc264a025575b3ecc313a
SHA256: dd12d2b96c255447445ce7a898b9c6b598a1d19c06efd4d48d85fbe48344343a
SHA512: 6b74f9061ff4f523611c2f64f65364bdfff7553ee77d3948dd999a2fc91a5480
c6a54320748408da3c073d3417393b8e990e03181a5cbddc889eaad53913e8b1
ssdeep: 3072:D5hcEnHi4Zn7MWAxNIm1EJHiU/q8hzWhaN6SpRQTgjcKA8mNata:vcqHie1
m1EJHW8ViaLRXN+ga

PEiD..: -
TrID..: File type identification
Clipper DOS Executable (33.4%)
Generic Win/DOS Executable (33.2%)
DOS Executable Generic (33.1%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x22e1
timedatestamp.....: 0x4a100fd4 (Sun May 17 13:23:32 2009)
machinetype.......: 0x14c (I386)



( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x14fa 0x1600 5.91 d3961b54be108ba5898d1efb76522deb
.rdata 0x3000 0x140 0x200 2.98 16647c7f68b9c27fc22d6919e7d9aba5
.data 0x4000 0x325c 0x3200 5.96 97d6cc99213121182b2c0dcd3a985a48
.rsrc 0x8000 0x1090 0x1200 3.57 ce47a898cc96608babb9509da23b080a

( 2 imports )
> KERNEL32.dll: GlobalAlloc, GetProcAddress, GetModuleHandleA, LoadLibraryA, GetCommandLineA, GetTickCount
> MSVCRT.dll: realloc, strstr, srand, rand

( 0 exports )

PDFiD.: -
RDS...: NSRL Reference Data Set
-
http://info.prevx.com/...

############################## [ UsbFix V3.021 # Scan ]

# User : Nathalie (Administrateurs) # NATHALIE-6C7D0C
# Update on 16/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 16:19:25 | 19/05/2009

# Intel(R) Pentium(R) 4 CPU 3.40GHz
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Enabled
# AV : avast! antivirus 4.8.1229 [VPS 090518-0] 4.8.1229 [ Enabled | Updated ]
# AV : Trend Micro Internet Security 17.0.1367 [ Enabled | Updated ]
# FW : Pare-feu personnel Trend Micro[ Enabled ]5.5

# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 97,65 Go (27,95 Go free) [SYSTEM] # NTFS
# D:\ # Disque fixe local # 135,22 Go (110,84 Go free) [DONNEES] # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque amovible

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cujqgz.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Registre # Startup ]

HKCU_Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
HKCU_Main: "Search Page"="http://www.google.com"
HKCU_Main: "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
HKCU_Main: "Start Page Redirect Cache"="http://fr.msn.com/?ocid=iehp"
HKCU_Main: "Start Page Redirect Cache AcceptLangs"="fr"
HKCU_Main: "Start Page Redirect Cache_TIMESTAMP"=hex:28,56,93,74,3b,d7,c9,01
HKCU_Main: "Window Title"=""
HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"=""
HKLM_logon: "AltDefaultUserName"="Nathalie"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: dla=C:\WINDOWS\system32\dla\tfswctrl.exe
HKLM_Run: UpdateManager="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
HKLM_Run: ATIPTA="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
HKLM_Run: CTHelper=CTHELPER.EXE
HKLM_Run: CTxfiHlp=CTXFIHLP.EXE
HKLM_Run: SoundMAXPnP=C:\Program Files\Analog Devices\Core\smax4pnp.exe
HKLM_Run: SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
HKLM_Run: EleFunAnimatedWallpaper=
HKLM_Run: fssui="C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
HKLM_Run: LVCOMSX=C:\WINDOWS\system32\LVCOMSX.EXE
HKLM_Run: LogitechVideoRepair=C:\Program Files\Logitech\Video\ISStart.exe
HKLM_Run: LogitechVideoTray=C:\Program Files\Logitech\Video\LogiTray.exe
HKLM_Run: UfSeAgnt.exe="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
HKLM_Run: HP Software Update=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
HKLM_Run: hpqSRMon=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
HKLM_Run: QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
HKLM_Run: iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
HKLM_Run: SecurDisc=C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
HKLM_Run: avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
HKLM_Run: Windows Layer=cujqgz.exe
HKLM_Run: Ad-Watch=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
HKLM_Run: Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKLM_Run: Windows Defender="C:\Program Files\Windows Defender\MSASCui.exe" -hide
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKLM_Rserv: Windows Layer=cujqgz.exe
HKCU_Run: CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
HKCU_Run: swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKCU_Run: OE=C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
HKCU_Run: msnmsgr="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
HKCU_Run: Windows Layer=cujqgz.exe
HKCU_Run: SpybotSD TeaTimer=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

################## [ Fichiers # Dossiers infectieux ]


################## [ Registre # Clés Run infectieuses ]


################## [ Registre # Mountpoints2 ]


################## [ ! Fin du rapport # UsbFix V3.021 ! ]

J'ai refait un Malwarebytes. voici le rapport : (je l'ai viré !)


19/05/2009 17:55:35
mbam-log-2009-05-19 (17-55-35).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 316086
Temps écoulé: 1 hour(s), 25 minute(s), 46 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\Windows Layer (Backdoor.Bot) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\cujqgz.exe (Backdoor.Bot) -> Delete on reboot.

Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
http://eric.71.mespages.googlepages.com/ToolBarSD.exe

* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 2. Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)


_________________

télécharge OTMoveIt
http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.

double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste instruction for items to be moved.
(attention bien mettre :files)

:processes
explorer.exe
:files
C:\abaca.exe
C:\WINDOWS\system32\cujqgz.exe
:commands
[purity]
[emptytemp]
[start explorer]

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.


_______________________



Télécharge MSNFix de Laurent
http://sosvirus.changelog.fr/MSNFix.zip

Décompresse-le et double clic sur le fichier MSNFix.bat.
- Exécute l'option R.
--Si l'infection est détectée, exécute l'option N
- Sauvegarde ce rapport puis fais un copier/coller de ce rapport sur le forum.

Note :
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal
Sauvegarder et fermer le rapport pour que Windows termine de se lancer normalement.


envoyer le fichier [b] C:\DOCUME~1\florian\Bureau\Upload_Me.zip /b sur http://upload.changelog.fr pour faire evoluer msnfix


__________________


remets un rapport RSIT comme déjà demandé pour etre sur qu'il ne reste rien!!!

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 3.40GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A09
USER : Nathalie ( Administrator )
BOOT : Normal boot
Antivirus : Trend Micro Internet Security 17.0.1367 (Activated)
Firewall : Pare-feu personnel Trend Micro 5.5 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:97 Go (Free:42 Go)
D:\ (Local Disk) - NTFS - Total:135 Go (Free:110 Go)
E:\ (CD or DVD)
F:\ (USB)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 19/05/2009|22:24 )

-----------\\ SUPPRESSION

Supprime! - C:\WINDOWS\Prefetch\RUNDLL32.EXE-1F88488D.pf

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ Extensions

(Nathalie) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar

(pierre-elie) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search Page"="http://www.google.com"
"Start Page Redirect Cache"="http://fr.msn.com/?ocid=iehp"
"Url"="http://go.microsoft.com/fwlink/?LinkID=68928"
"Url"="http://go.microsoft.com/fwlink/?LinkID=68929"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.msn.com/"


--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\NATHAL~1.NAT\Mes documents\Ma musique\Gta Grand Theft Auto San Andreas Jeux Pc Complet Fr Avec Crack Cadeau Argent Juin 2005.iso



1 - "C:\ToolBar SD\TB_1.txt" - 19/05/2009|22:27 - Option : [2]

-----------\\ Fin du rapport a 22:27:09,71

ok fais le reste

et ceci a virer aussi:


C:\DOCUME~1\NATHAL~1.NAT\Mes documents\Ma musique\Gta Grand Theft Auto San Andreas Jeux Pc Complet Fr Avec Crack Cadeau Argent Juin 2005.iso

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\abaca.exe moved successfully.
File/Folder C:\WINDOWS\system32\cujqgz.exe not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\NATHAL~1.NAT\LOCALS~1\Temp\MessengerCache\5qy+mIxEJMZWhtVKUq7Ra9nD2FZw= scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\NATHAL~1.NAT\LOCALS~1\Temp\MessengerCache\k2Pd5D2aA6TaeUBcwkZ2+mdEA20= scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\NATHAL~1.NAT\LOCALS~1\Temp\MessengerCache\rLbfQrmlXH4Xh48XWlwZU2+ZoM0= scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\NATHAL~1.NAT\LOCALS~1\Temp\~DFC5C0.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\NATHAL~1.NAT\LOCALS~1\Temp\~DFC639.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\NATHAL~1.NAT\LOCALS~1\Temp\~DFCBD0.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\NATHAL~1.NAT\LOCALS~1\Temp\~DFCC44.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\NATHAL~1.NAT\LOCALS~1\Temp\~DFCD88.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\NATHAL~1.NAT\LOCALS~1\Temp\~DFCDFA.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Local Settings\Temporary Internet Files\Content.IE5\QHNINJ6V\home[1].aspx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Local Settings\Temporary Internet Files\Content.IE5\6H7ZOGYH\affich-12513420-trojan-generic[2].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Local Settings\Temporary Internet Files\Content.IE5\6H7ZOGYH\im[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Local Settings\Temporary Internet Files\Content.IE5\6H7ZOGYH\MsgrConfig[1].asmx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Local Settings\Temporary Internet Files\Content.IE5\2ENKSRA0\ADSAdClient31[2].txt scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Local Settings\Temporary Internet Files\Content.IE5\2ENKSRA0\default[2].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Local Settings\Temporary Internet Files\Content.IE5\2ENKSRA0\InboxLight[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Local Settings\Temporary Internet Files\Content.IE5\2ENKSRA0\MsgrConfig[1].asmx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Local Settings\Temporary Internet Files\Content.IE5\2ENKSRA0\mymsn[1].html scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Local Settings\Temporary Internet Files\Content.IE5\2ENKSRA0\ToastFull[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Local Settings\Temporary Internet Files\Content.IE5\2ENKSRA0\ToastMini[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_708.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_b04.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05192009_223004

Files moved on Reboot...
C:\DOCUME~1\NATHAL~1.NAT\LOCALS~1\Temp\MessengerCache\5qy+mIxEJMZWhtVKUq7Ra9nD2FZw= moved successfully.
C:\DOCUME~1\NATHAL~1.NAT\LOCALS~1\Temp\MessengerCache\k2Pd5D2aA6TaeUBcwkZ2+mdEA20= moved successfully.
C:\DOCUME~1\NATHAL~1.NAT\LOCALS~1\Temp\MessengerCache\rLbfQrmlXH4Xh48XWlwZU2+ZoM0= moved successfully.
File C:\DOCUME~1\NATHAL~1.NAT\LOCALS~1\Temp\~DFC5C0.tmp not found!
File C:\DOCUME~1\NATHAL~1.NAT\LOCALS~1\Temp\~DFC639.tmp not found!
File C:\DOCUME~1\NATHAL~1.NAT\LOCALS~1\Temp\~DFCBD0.tmp not found!
File C:\DOCUME~1\NATHAL~1.NAT\LOCALS~1\Temp\~DFCC44.tmp not found!
File C:\DOCUME~1\NATHAL~1.NAT\LOCALS~1\Temp\~DFCD88.tmp not found!
File C:\DOCUME~1\NATHAL~1.NAT\LOCALS~1\Temp\~DFCDFA.tmp not found!
File C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Local Settings\Temporary Internet Files\Content.IE5\QHNINJ6V\home[1].aspx not found!
C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Local Settings\Temporary Internet Files\Content.IE5\6H7ZOGYH\affich-12513420-trojan-generic[2].htm moved successfully.
C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Local Settings\Temporary Internet Files\Content.IE5\6H7ZOGYH\im[1].htm moved successfully.
C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Local Settings\Temporary Internet Files\Content.IE5\6H7ZOGYH\MsgrConfig[1].asmx moved successfully.
C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Local Settings\Temporary Internet Files\Content.IE5\2ENKSRA0\ADSAdClient31[2].txt moved successfully.
C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Local Settings\Temporary Internet Files\Content.IE5\2ENKSRA0\default[2].htm moved successfully.
C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Local Settings\Temporary Internet Files\Content.IE5\2ENKSRA0\InboxLight[1].htm moved successfully.
C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Local Settings\Temporary Internet Files\Content.IE5\2ENKSRA0\MsgrConfig[1].asmx moved successfully.
File C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Local Settings\Temporary Internet Files\Content.IE5\2ENKSRA0\mymsn[1].html not found!
C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Local Settings\Temporary Internet Files\Content.IE5\2ENKSRA0\ToastFull[1].htm moved successfully.
C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Local Settings\Temporary Internet Files\Content.IE5\2ENKSRA0\ToastMini[1].htm moved successfully.
File C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
File C:\WINDOWS\temp\Perflib_Perfdata_708.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_b04.dat not found!

winchat.exe
WinFXDocObj.exe
winhlp32.exe
winlogon.exe
winmine.exe
winmsd.exe
winspool.exe
winver.exe