Posez votre question Format imprimable Liste des forums Aidez-les Statistiques Rechercher Charte Forum Virus-Sécurité

VIRUS TRAVAILLEZ PLUS.COM

Dernière réponse le 12 jun 2009 à 20:16:32 ramito, le 12 jun 2009 à 18:59:07

Signaler ce message aux modérateurs

Bonjour,
Mon PC a été infecté par le virus travaillez plus.com

j'ai lancer hijack this est le resultat est :
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AOL 9.0a\aoltray.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AOL Compagnon\companion.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\7a1946fba2b8886ae6be37be6d51ae57\update\update.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Travaillez plus.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Au travail !Arrêtez de surfer!
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wscript.exe C:\WINDOWS\system32\antinul.vbe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKLM\..\Policies\Explorer\Run: [STANDARD] .vbe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0a\aoltray.exe
O4 - Global Startup: AOL Compagnon.lnk = C:\Program Files\AOL Compagnon\companion.exe
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart17.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

j'ai fixé les clés :
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Travaillez plus.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Au travail !Arrêtez de surfer!
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

mais elle réapparaissent a chaque fois j'ai lu dans d'autres sujets similaire qu'il faut telecharger SDfix mais je ne sais pas quoi en faire!!
toute aide sera précieuse merci!!

Configuration: Windows XP
Firefox 3.0.11

Posez votre question Répondre

jlpjlp, le 12 jun 2009 à 19:00:26

Slt,

Télécharge et installe UsbFix de C_XX & Chiquitine29

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

# Double clic sur le raccourci UsbFix présent sur ton bureau .

# Choisis l'option 1 ( Recherche )

# Laisse travailler l'outil.

# Ensuite post le rapport UsbFix.txt qui apparaitra.

# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

# Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

Répondre à jlpjlp

ramito, le 12 jun 2009 à 19:04:15

Voici le rapport de Usbfix,

############################## [ UsbFix V3.030 | Scan ]

# User : Administrateur (Administrateurs) # STANDARD
# Update on 12/06/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 19:02:52 | 12/06/2009

# Mobile AMD Sempron(tm) Processor 2800+
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.5512
# Windows Firewall Status : Enabled

# C:\ # Disque fixe local # 39,06 Go (11,96 Go free) # NTFS
# D:\ # Disque fixe local # 35,46 Go (35,39 Go free) # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque amovible # 1016,12 Mo (248 Mo free) # FAT32

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AOL 9.0a\aoltray.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\AOL Compagnon\companion.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe

################## [ Registre Startup ]

HKCU_Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
HKCU_Main: "Search Page"="http://www.google.com"
HKCU_Main: "Start Page"="Travaillez plus.com"
HKCU_Main: "Window Title"="Au travail !Arrˆtez de surfer!"
HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,C:\\WINDOWS\\system32\\wscript.exe C:\\WINDOWS\\system32\\antinul.vbe"
HKLM_logon: "DefaultUserName"="Administrateur"
HKLM_logon: "AltDefaultUserName"="Administrateur"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: SiSPower=Rundll32.exe SiSPower.dll,ModeAgent
HKLM_Run: SiS Windows KeyHook=C:\WINDOWS\system32\keyhook.exe
HKLM_Run: SynTPLpr=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
HKLM_Run: SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
HKLM_Run: HPDJ Taskbar Utility=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
HKLM_Run: MSPY2002=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
HKLM_Run: PHIME2002ASync=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
HKLM_Run: PHIME2002A=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
HKLM_Run: PinnacleDriverCheck=C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
HKLM_Run: AOLSAV=C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
HKLM_Run: AOLDialer=C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
HKLM_Run: AdobeVersionCue=C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
HKLM_Run: Sony Ericsson PC Suite="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
HKLM_Run: Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
HKLM_Run: avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
HKCU_Run: swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKCU_Run: Skype="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

################## [ Fichiers # Dossiers infectieux ]

Found ! C:\WINDOWS\system32\antinul.vbe
Found ! C:\WINDOWS\system32\setting.ini
F:\autorun.inf # -> fichier appelé : "F:\wscript.exe .\.vbs" ( absent ! )
Found ! F:\antinul.vbe
Found ! F:\autorun.inf

################## [ Registre # Clés Run infectieuses ]

Found ! HKLM\software\microsoft\security center "AntiVirusOverride" ( 0x1 )
Found ! HKCU\SOFTWARE\...\CurrentVersion\Policies\System "DisableRegistryTools" ( 0x1 )

################## [ Registre # Mountpoints2 ]

HKCU\...\Explorer\MountPoints2\{13718ed8-1d35-11de-b4e0-00038a000015}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{13718eda-1d35-11de-b4e0-00038a000015}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{13718eda-1d35-11de-b4e0-00038a000015}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{2d178156-3e2f-11de-b520-00038a000015}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{2d178156-3e2f-11de-b520-00038a000015}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{2ee83f80-afef-11dd-b44b-00038a000015}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{2ee83f80-afef-11dd-b44b-00038a000015}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{3074ccbd-9aaf-11dc-b334-00030d25aea0}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{3074ccbd-9aaf-11dc-b334-00030d25aea0}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{30d05250-ffd8-11dc-b3c4-00038a000015}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{30d05250-ffd8-11dc-b3c4-00038a000015}\Shell\explore\Command
HKCU\...\Explorer\MountPoints2\{30d05250-ffd8-11dc-b3c4-00038a000015}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{433b06d2-fc40-11dd-b4b2-00038a000015}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{433b06d2-fc40-11dd-b4b2-00038a000015}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{435f6e69-8174-11dd-b40c-00038a000015}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{4ce844c4-3c7d-11de-b51c-00038a000015}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{4ce844c4-3c7d-11de-b51c-00038a000015}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{4ce844c6-3c7d-11de-b51c-00038a000015}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{4ce844c7-3c7d-11de-b51c-00038a000015}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{4ce844c7-3c7d-11de-b51c-00038a000015}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{4eb5d01c-25e6-11de-b4f2-00038a000015}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{4eb5d01c-25e6-11de-b4f2-00038a000015}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{588cc3c2-2059-11dd-b3ec-00038a000015}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{588cc3c2-2059-11dd-b3ec-00038a000015}\Shell\explore\Command
HKCU\...\Explorer\MountPoints2\{588cc3c2-2059-11dd-b3ec-00038a000015}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{6626fdf3-db36-11dd-b485-00038a000015}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{6626fdf3-db36-11dd-b485-00038a000015}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{67c5408e-e61b-11dd-b491-00038a000015}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{67c5408e-e61b-11dd-b491-00038a000015}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{73baadac-43bd-11de-b526-00038a000015}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{73baadac-43bd-11de-b526-00038a000015}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{7b52e7ba-15c8-11dd-b3e3-00038a000015}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{7b52e7ba-15c8-11dd-b3e3-00038a000015}\Shell\explore\Command
HKCU\...\Explorer\MountPoints2\{7b52e7ba-15c8-11dd-b3e3-00038a000015}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{88e646de-2db8-11de-b503-00038a000015}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{88e646df-2db8-11de-b503-00038a000015}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{88e646df-2db8-11de-b503-00038a000015}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{88e646e0-2db8-11de-b503-00038a000015}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{88e646e0-2db8-11de-b503-00038a000015}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{8b6a648b-df90-11dc-b390-00038a000015}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{9422bc71-1d0b-11de-b4df-00038a000015}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{9422bc71-1d0b-11de-b4df-00038a000015}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{9422bc72-1d0b-11de-b4df-00038a000015}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{9422bc72-1d0b-11de-b4df-00038a000015}\Shell\explore\Command
HKCU\...\Explorer\MountPoints2\{9422bc72-1d0b-11de-b4df-00038a000015}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{9a79396f-282d-11de-b4f5-00038a000015}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{9a79396f-282d-11de-b4f5-00038a000015}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{a223e9eb-46a8-11de-b528-00038a000015}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{a223e9ec-46a8-11de-b528-00038a000015}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{a223e9ec-46a8-11de-b528-00038a000015}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{a223e9ef-46a8-11de-b528-00038a000015}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{a223e9ef-46a8-11de-b528-00038a000015}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{ab3c45c2-2e8e-11de-b504-00038a000015}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{ab3c45c2-2e8e-11de-b504-00038a000015}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{c2377e18-2a9c-11de-b4fd-00038a000015}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{c2377e18-2a9c-11de-b4fd-00038a000015}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{ce8e80ee-e190-11dd-b48c-00038a000015}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{d3533844-0a23-11dd-b3d0-00038a000015}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{d3533844-0a23-11dd-b3d0-00038a000015}\Shell\explore\Command
HKCU\...\Explorer\MountPoints2\{d3533844-0a23-11dd-b3d0-00038a000015}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{d6b48965-0fb7-11de-b4d9-00038a000015}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{d6b48965-0fb7-11de-b4d9-00038a000015}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{ec37103b-1609-11dd-b3e6-00038a000015}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{ec37103b-1609-11dd-b3e6-00038a000015}\Shell\explore\Command
HKCU\...\Explorer\MountPoints2\{ec37103b-1609-11dd-b3e6-00038a000015}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{eecfba56-cc20-11dd-b47b-00038a000015}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{eecfba56-cc20-11dd-b47b-00038a000015}\Shell\open\Command

################## [ ! Fin du rapport # UsbFix V3.030 ! ]

Répondre à ramito

jlpjlp, le 12 jun 2009 à 19:16:37

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir

# Double clic sur le raccourci UsbFix présent sur ton bureau

# choisis l'option 2 ( Suppression )

# Ton bureau disparaitra et le pc redémarrera .

# Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.

# Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .

# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

_______________________

Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit

Répondre à jlpjlp

ramito, le 12 jun 2009 à 19:42:15

Voici le rapport USBfix après la réparation:

############################## [ UsbFix V3.030 | Cleaning ]

# User : Administrateur (Administrateurs) # STANDARD
# Update on 12/06/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 19:30:20 | 12/06/2009

# Mobile AMD Sempron(tm) Processor 2800+
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 6.0.2900.5512
# Windows Firewall Status : Enabled
# AV : avast! antivirus 4.8.1335 [VPS 090611-0] 4.8.1335 [ Enabled | Updated ]

# C:\ # Disque fixe local # 39,06 Go (11,87 Go free) # NTFS
# D:\ # Disque fixe local # 35,46 Go (35,39 Go free) # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque amovible # 1016,12 Mo (247,98 Mo free) # FAT32

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Fichiers # Dossiers infectieux ]

(!) Not Deleted ! C:\WINDOWS\system32\antinul.vbe
Deleted ! C:\WINDOWS\system32\setting.ini
F:\autorun.inf # -> fichier appelé : "F:\wscript.exe .\.vbs" ( absent ! )
Deleted ! F:\antinul.vbe
Deleted ! F:\autorun.inf

################## [ Registre # Clés Run infectieuses ]

# HKLM\software\microsoft\security center\\ "AntiVirusOverride" # -> Reset sucessfully !
# HKCU\SOFTWARE\...\CurrentVersion\Policies\System\\ "DisableRegistryTools" # -> Reset sucessfully !

################## [ Registre # Mountpoints2 ]

Deleted ! HKCU\...\Explorer\MountPoints2\{13718ed8-1d35-11de-b4e0-00038a000015}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{13718eda-1d35-11de-b4e0-00038a000015}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{2d178156-3e2f-11de-b520-00038a000015}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{2ee83f80-afef-11dd-b44b-00038a000015}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{30d05250-ffd8-11dc-b3c4-00038a000015}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{433b06d2-fc40-11dd-b4b2-00038a000015}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{435f6e69-8174-11dd-b40c-00038a000015}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{4ce844c4-3c7d-11de-b51c-00038a000015}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{4ce844c6-3c7d-11de-b51c-00038a000015}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{4ce844c7-3c7d-11de-b51c-00038a000015}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{4eb5d01c-25e6-11de-b4f2-00038a000015}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{588cc3c2-2059-11dd-b3ec-00038a000015}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{6626fdf3-db36-11dd-b485-00038a000015}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{67c5408e-e61b-11dd-b491-00038a000015}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{73baadac-43bd-11de-b526-00038a000015}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{7b52e7ba-15c8-11dd-b3e3-00038a000015}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{88e646de-2db8-11de-b503-00038a000015}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{88e646df-2db8-11de-b503-00038a000015}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{88e646e0-2db8-11de-b503-00038a000015}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{8b6a648b-df90-11dc-b390-00038a000015}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{9422bc71-1d0b-11de-b4df-00038a000015}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{9422bc72-1d0b-11de-b4df-00038a000015}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{9a79396f-282d-11de-b4f5-00038a000015}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{a223e9eb-46a8-11de-b528-00038a000015}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{a223e9ec-46a8-11de-b528-00038a000015}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{a223e9ef-46a8-11de-b528-00038a000015}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{ab3c45c2-2e8e-11de-b504-00038a000015}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{c2377e18-2a9c-11de-b4fd-00038a000015}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{ce8e80ee-e190-11dd-b48c-00038a000015}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{d3533844-0a23-11dd-b3d0-00038a000015}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{d6b48965-0fb7-11de-b4d9-00038a000015}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{ec37103b-1609-11dd-b3e6-00038a000015}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{eecfba56-cc20-11dd-b47b-00038a000015}\Shell\AutoRun\Command

################## [ Listing des fichiers présent ]

[17/11/2007 11:04|--a------|0] - C:\AUTOEXEC.BAT
[17/11/2007 10:57|---hs----|212] - C:\boot.ini
[28/09/2001 15:00|-rahs----|4952] - C:\Bootfont.bin
[07/03/2009 21:00|--a------|1951] - C:\Bug.txt
[17/11/2007 11:04|--a------|0] - C:\CONFIG.SYS
[17/11/2007 11:36|--a------|1257] - C:\FSC-DeskUpdate.txt
[17/11/2007 11:04|-rahs----|0] - C:\IO.SYS
[25/11/2007 09:38|--ah-----|1584] - C:\IPH.PH
[17/11/2007 11:04|-rahs----|0] - C:\MSDOS.SYS
[03/08/2004 23:38|-rahs----|47564] - C:\NTDETECT.COM
[12/06/2009 18:38|-rahs----|252240] - C:\ntldr
[?|?|?] - C:\pagefile.sys
[08/01/2009 23:44|--a------|225] - C:\Sans titre.stu
[12/06/2009 18:44|--a------|251225] - C:\scancode.txt
[30/11/2007 10:11|--a------|1277] - C:\temp.log
[12/06/2009 19:31|--a------|6566] - C:\UsbFix.txt
[11/06/2009 11:18|--a------|825856] - F:\Rap_11 juin.doc
[14/04/2009 21:12|--a------|2034710] - F:\bensaci_belkaid_scan07.pdf
[14/04/2009 20:54|--a------|438708] - F:\Bensaci_Belkaid_Ascaad.pdf
[31/05/2009 12:56|--a------|118272] - F:\article1symboles et architecture des id‚es mystiques.doc
[12/06/2009 19:08|-r-hs----|10000] - F:\.vbs
[12/06/2009 15:26|--a------|4640762] - F:\pr‚sentation journ‚e doct 2009.pptx

################## [ Vaccination ]

# C:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# D:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# F:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.

################## [ ! Fin du rapport # UsbFix V3.030 ! ]

______________________________________________________

et voici les deux autres rapports:

info.txt logfile of random's system information tool 1.06 2009-06-12 19:41:20

======Uninstall list======

-->MsiExec.exe /I{AC76BA86-1033-F400-7760-000000000001}
-->RunDll32 "C:\Program Files\Fichiers communs\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{416DFEDD-9F1B-4EFC-AF70-FCA891AE0251}\zidxp.exe"
-->RunDll32 "C:\Program Files\Fichiers communs\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}\setup.exe"
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{01958032-9877-4118-B87F-9EFA74B3F15F}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2C0DAEA5-826C-4A76-B176-56959B99D3F0}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe" -l0x40c -uninst
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x40c
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Creative Suite-->C:\PROGRA~1\INSTAL~1\{D52EC~1\setup.exe /Relaunched=yes /Uninstall /Relaunched=yes
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003}
Adobe SVG Viewer 3.0-->C:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Ahead Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
AOL (France)-->C:\Program Files\Fichiers communs\aolshare\Aolunins_fr.exe
AOL Auto-diagnostic-->C:\Program Files\TechCity Solutions\AOLSAV\uninstall.exe
AOL Coach Version 1.0(Build:20040229.1 fr)-->"C:\Program Files\Fichiers communs\aolshare\Coach\AolCInUn.exe" -lang="fr-fr"
AOL Toolbar-->"C:\Program Files\AOL Toolbar\UNWISE.EXE" /u "C:\Program Files\AOL Toolbar\INSTALL.LOG"
Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x40c
AutoCAD 2007 - English-->MsiExec.exe /I{5783F2D7-5001-0409-0002-0060B0CE6BBA}
Autodesk DWF Viewer-->C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove /q0
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
COM.HERA-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\COM_HERA\COMHERA\Uninst.isu"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Ecran de veille AOL Photos-->C:\Program Files\Fichiers communs\AOL\Screensaver\uninst_ygpss.exe
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_BDA1448D3D255554.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
hp deskjet 920c series (Supprimer uniquement)-->C:\Program Files\hp deskjet 920c series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=LPT1: -vproduct=920c -huninstall
iMove ActiveX Control-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\iMove\ActiveX Control\AXCTRL.isu"
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iPhoto Plus 4-->C:\WINDOWS\unin040c.exe -f"C:\WIN32APP\iPhoto Plus 4\DeIsL1.isu"
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
Maison 3D-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\TLC-Edusoft\Maison 3D\UninstMa3D.isu"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{A059DE09-1B49-4450-B340-7AE097EC3F04}
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Module de connectivité AOL-->C:\PROGRA~1\FICHIE~1\AOL\ACS\AcsUninstall.exe /c
Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
O2Micro MemoryCardBus Windows Driver-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{015D937D-9D52-45A4-BDAA-2413938C0564} /l1033
PDFCreator Toolbar-->"C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_8203.exe" _?=C:\Program Files\PDFCreator Toolbar
PDFCreator-->"C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_8203.exe" -hu _?=C:\Program Files\PDFCreator Toolbar
Pinnacle Hollywood FX for Studio-->C:\WINDOWS\unvise32.exe C:\Program Files\Pinnacle\Hollywood FX for Studio\5.5\uninstal.log
QuickTime Alternative 1.75-->"C:\Program Files\QuickTime Alternative\unins000.exe"
RealPlayer Basic-->C:\Program Files\Fichiers communs\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
SiS 900 PCI Fast Ethernet Adapter Driver-->C:\Progra~1\SiSLan\Uninst.exe
SiS VGA Utilities-->Rundll32 SiSInst.dll,Uninstall VGA,R,oem0.inf
SiSAGP driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC226AC9-0314-496C-BE6A-B6A132628466}\setup.exe" -l0x40c
Smart Link 56K Voice Modem-->C:\WINDOWS\Modio\SLAMR2KV\Setup.exe /Remove
SmartSound Quicktracks Plugin-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
Sony Ericsson PC Suite 1.20.173-->MsiExec.exe /I{C5ADA65A-7828-4D85-B071-ECC52B51F794}
Starware Toolbar Musique-->C:\Program Files\Starware370\Starware370Uninstall.exe
Studio 9-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E491AB7-4589-48CA-9CBB-874CB2788391}\Setup.exe" -l0x40c UNINSTALL
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
UsbFix-->C:\UsbFix\Uninstal.exe
VIA Audio Driver Setup Program-->RunDll32.exe UnAudioNT.dll,UninstallAudio C:\WINDOWS\IsUninst.exe -y-f"C:\PROGRA~1\VIAudioi\SBASetup\Uninst.isu"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

=====HijackThis Backups=====

O4 - HKLM\..\Policies\Explorer\Run: [STANDARD] .vbe [2009-06-12]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Au travail !Arrêtez de surfer! [2009-06-12]
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 [2009-06-12]
O3 - Toolbar: (no name) - {1962c5bc-e475-465b-823b-133e711bceb9} - (no file) [2009-06-12]
O4 - HKUS\S-1-5-19\..\RunOnce: [nLite] %systemroot%\inf\nlite.cmd (User 'SERVICE LOCAL') [2009-06-12]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Travaillez plus.com [2009-06-12]
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-12]
O4 - HKUS\S-1-5-20\..\RunOnce: [nLite] %systemroot%\inf\nlite.cmd (User 'SERVICE RÉSEAU') [2009-06-12]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Travaillez plus.com [2009-06-12]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Au travail !Arrêtez de surfer! [2009-06-12]
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 [2009-06-12]

======Security center information======

AV: avast! antivirus 4.8.1335 [VPS 090611-0]

======System event log======

Computer Name: STANDARD
Event Code: 7
Message: Le périphérique \Device\CdRom0 comporte un bloc défectueux.

Record Number: 25523
Source Name: Cdrom
Time Written: 20090405201148.000000+120
Event Type: erreur
User:

Computer Name: STANDARD
Event Code: 7
Message: Le périphérique \Device\CdRom0 comporte un bloc défectueux.

Record Number: 25522
Source Name: Cdrom
Time Written: 20090405201148.000000+120
Event Type: erreur
User:

Computer Name: STANDARD
Event Code: 7
Message: Le périphérique \Device\CdRom0 comporte un bloc défectueux.

Record Number: 25521
Source Name: Cdrom
Time Written: 20090405201147.000000+120
Event Type: erreur
User:

Computer Name: STANDARD
Event Code: 7
Message: Le périphérique \Device\CdRom0 comporte un bloc défectueux.

Record Number: 25520
Source Name: Cdrom
Time Written: 20090405201146.000000+120
Event Type: erreur
User:

Computer Name: STANDARD
Event Code: 7
Message: Le périphérique \Device\CdRom0 comporte un bloc défectueux.

Record Number: 25519
Source Name: Cdrom
Time Written: 20090405201145.000000+120
Event Type: erreur
User:

=====Application event log=====

Computer Name: STANDARD
Event Code: 1000
Message: Les compteurs de performances pour le service WmiApRpl (WmiApRpl) ont été chargés.
Les données d'enregistrement contiennent les nouvelles valeurs d'index
assignées à ce service.

Record Number: 1482
Source Name: LoadPerf
Time Written: 20080430114142.000000+120
Event Type: Informations
User:

Computer Name: STANDARD
Event Code: 1001
Message: Les compteurs de performances pour le service WmiApRpl (WmiApRpl) ont été supprimés.
Les données d'enregistrement contiennent les nouvelles valeurs du dernier compteur système
et les dernières entrées du registre d'aide.

Record Number: 1481
Source Name: LoadPerf
Time Written: 20080430114140.000000+120
Event Type: Informations
User:

Computer Name: STANDARD
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.

Record Number: 1480
Source Name: SecurityCenter
Time Written: 20080430113637.000000+120
Event Type: Informations
User:

Computer Name: STANDARD
Event Code: 1
Message:
Record Number: 1479
Source Name: AVGEMS
Time Written: 20080430113637.000000+120
Event Type: Informations
User:

Computer Name: STANDARD
Event Code: 1
Message:
Record Number: 1478
Source Name: Avg7UpdSvc
Time Written: 20080430113636.000000+120
Event Type: Informations
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Fichiers communs\Teleca Shared
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 28 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=1c00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

et le deuxieme:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2009-06-12 19:41:05
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 13 GB (33%) free of 40 GB
Total RAM: 479 MB (28% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:41:16, on 12/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Administrateur.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0a\aoltray.exe
O4 - Global Startup: AOL Compagnon.lnk = C:\Program Files\AOL Compagnon\companion.exe
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart17.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
End of file - 8256 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-26 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}]
PDFCreator Toolbar Helper - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll [2007-11-27 757760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-26 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4982D40A-C53B-4615-B15B-B5B5E98D167C} - AOL Toolbar - C:\Program Files\AOL Toolbar\toolbar.dll [2004-03-22 385024]
{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - PDFCreator Toolbar - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll [2007-11-27 757760]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]
{2318C2B1-4965-11d4-9B18-009027A5CD4F}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"=SiSPower.dll,ModeAgent []
"SiS Windows KeyHook"=C:\WINDOWS\system32\keyhook.exe [2005-03-08 32768]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2004-05-07 98304]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2004-05-07 536576]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [2001-10-29 196608]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-03 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]
"PinnacleDriverCheck"=C:\WINDOWS\system32\PSDrvCheck.exe [2004-03-10 406016]
"AOLSAV"=C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe [2004-04-26 75776]
"AOLDialer"=C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe [2004-04-08 496752]
"AdobeVersionCue"=C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe [2003-10-22 1732608]
""= []
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2005-10-26 159744]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-11-28 68856]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized []
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
AOL 9.0 Icône AOL.lnk - C:\Program Files\AOL 9.0a\aoltray.exe
AOL Compagnon.lnk - C:\Program Files\AOL Compagnon\companion.exe
Assistant d'Acrobat.lnk - C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
AutoCAD Startup Accelerator.lnk - C:\Program Files\Fichiers communs\Autodesk Shared\acstart17.exe
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265088]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=FFFFFFFF
"NoFolderOptions"=0
"NoFind"=0
"NoRun"=0
"NoDrives"=0
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceClassicControlPanel"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0"
"C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL"
"C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\AOL 9.0a\waol.exe"="C:\Program Files\AOL 9.0a\waol.exe:*:Enabled:AOL 9.0a"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0"
"C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL"
"C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\AOL 9.0a\waol.exe"="C:\Program Files\AOL 9.0a\waol.exe:*:Enabled:AOL 9.0a"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.scr - open - "C:\WINDOWS\system32\NOTEPAD.EXE" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2009-06-12 19:41:05 ----D---- C:\rsit
2009-06-12 19:31:40 ----RASHD---- C:\autorun.inf
2009-06-12 19:30:07 ----A---- C:\UsbFix.txt
2009-06-12 19:14:10 ----D---- C:\WINDOWS\Prefetch
2009-06-12 19:13:59 ----D---- C:\Program Files\xerox
2009-06-12 19:13:58 ----D---- C:\WINDOWS\system32\xircom
2009-06-12 19:13:57 ----D---- C:\Program Files\netmeeting
2009-06-12 19:13:57 ----D---- C:\Program Files\microsoft frontpage
2009-06-12 19:10:28 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-06-12 19:01:56 ----D---- C:\UsbFix
2009-06-12 18:59:50 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2009-06-12 18:59:01 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-12 18:58:50 ----HDC---- C:\WINDOWS\$NtUninstallKB969897$
2009-06-12 18:58:38 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-12 18:58:18 ----HDC---- C:\WINDOWS\$NtUninstallKB963027$
2009-06-12 18:58:11 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-12 18:58:06 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-06-12 18:57:59 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-06-12 18:57:51 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2009-06-12 18:57:44 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-06-12 18:57:38 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-06-12 18:57:33 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-06-12 18:57:27 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-06-12 18:57:20 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-06-12 18:57:07 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2009-06-12 18:56:57 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-06-12 18:56:51 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2009-06-12 18:56:43 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-06-12 18:56:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-06-12 18:56:26 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-06-12 18:56:13 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-06-12 18:55:55 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2009-06-12 18:55:44 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-06-12 18:55:36 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-06-12 18:55:30 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-06-12 18:55:24 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-06-12 18:55:17 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-06-12 18:55:09 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-06-12 18:54:55 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-06-12 18:54:47 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-06-12 18:54:40 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-06-12 18:54:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-06-12 18:54:23 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-06-12 18:54:17 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-06-12 18:54:10 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-06-12 18:54:00 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-06-12 18:49:06 ----D---- C:\Program Files\Messenger
2009-06-12 18:48:22 ----D---- C:\WINDOWS\system32\fr-fr
2009-06-12 18:48:19 ----D---- C:\Program Files\msn
2009-06-12 18:48:17 ----D---- C:\WINDOWS\system32\fr
2009-06-12 18:48:17 ----D---- C:\WINDOWS\l2schemas
2009-06-12 18:48:16 ----D---- C:\WINDOWS\system32\bits
2009-06-12 18:44:09 ----D---- C:\WINDOWS\ServicePackFiles
2009-06-12 18:41:32 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-06-12 18:41:25 ----D---- C:\Program Files\Alwil Software
2009-06-12 18:39:18 ----D---- C:\WINDOWS\network diagnostic
2009-06-12 18:35:03 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-06-12 18:31:39 ----D---- C:\Documents and Settings\All Users\Application Data\Avg7
2009-06-12 17:41:09 ----D---- C:\Program Files\Trend Micro
2009-06-12 17:37:57 ----D---- C:\Program Files\CCleaner
2009-06-12 17:37:31 ----D---- C:\Documents and Settings\Administrateur\Application Data\Mozilla
2009-06-12 17:37:19 ----D---- C:\Program Files\Mozilla Firefox
2009-06-09 21:52:53 ----HDC---- C:\WINDOWS\$NtUninstallKB961501_0$
2009-06-09 21:52:32 ----HDC---- C:\WINDOWS\$NtUninstallKB969897_0$
2009-06-09 21:52:18 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-09 21:49:34 ----HDC---- C:\WINDOWS\$NtUninstallKB970238_0$
2009-06-09 21:49:19 ----HDC---- C:\WINDOWS\$NtUninstallKB968537_0$
2009-06-08 22:00:40 ----SHD---- C:\WINDOWS\ftpcache
2009-05-24 17:46:53 ----A---- C:\WINDOWS\system32\WING32.DLL
2009-05-24 17:46:44 ----D---- C:\coktel

======List of files/folders modified in the last 1 months======

2009-06-12 19:35:12 ----D---- C:\WINDOWS\Temp
2009-06-12 19:34:57 ----SHD---- C:\RECYCLER
2009-06-12 19:30:29 ----D---- C:\WINDOWS\system32
2009-06-12 19:30:11 ----D---- C:\WINDOWS
2009-06-12 19:30:08 ----D---- C:\WINDOWS\system32\CatRoot2
2009-06-12 19:29:25 ----D---- C:\WINDOWS\system32\config
2009-06-12 19:28:18 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-06-12 19:19:43 ----A---- C:\WINDOWS\win.ini
2009-06-12 19:19:23 ----D---- C:\Program Files\AOL 9.0a
2009-06-12 19:18:27 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-06-12 19:16:17 ----SHD---- C:\WINDOWS\Installer
2009-06-12 19:16:05 ----A---- C:\WINDOWS\OEWABLog.txt
2009-06-12 19:13:59 ----D---- C:\WINDOWS\system32\wbem
2009-06-12 19:13:59 ----D---- C:\Program Files
2009-06-12 19:13:58 ----D---- C:\WINDOWS\ime
2009-06-12 19:13:54 ----A---- C:\WINDOWS\setuplog.txt
2009-06-12 19:12:54 ----D---- C:\WINDOWS\system32\Setup
2009-06-12 19:12:54 ----D---- C:\WINDOWS\AppPatch
2009-06-12 19:12:51 ----RSD---- C:\WINDOWS\Fonts
2009-06-12 19:12:41 ----D---- C:\WINDOWS\system32\drivers
2009-06-12 19:10:29 ----D---- C:\WINDOWS\WinSxS
2009-06-12 19:10:27 ----HD---- C:\WINDOWS\inf
2009-06-12 19:10:23 ----D---- C:\WINDOWS\system32\DllCache
2009-06-12 19:10:19 ----D---- C:\WINDOWS\system32\CatRoot
2009-06-12 18:59:07 ----A---- C:\WINDOWS\imsins.BAK
2009-06-12 18:53:37 ----D---- C:\WINDOWS\security
2009-06-12 18:49:07 ----D---- C:\Program Files\Windows Media Player
2009-06-12 18:49:05 ----D---- C:\WINDOWS\Help
2009-06-12 18:48:51 ----D---- C:\WINDOWS\ehome
2009-06-12 18:48:49 ----D---- C:\WINDOWS\system32\inetsrv
2009-06-12 18:48:22 ----D---- C:\WINDOWS\system32\usmt
2009-06-12 18:48:19 ----D---- C:\Program Files\Internet Explorer
2009-06-12 18:48:16 ----D---- C:\WINDOWS\PeerNet
2009-06-12 18:48:16 ----D---- C:\Program Files\Movie Maker
2009-06-12 18:44:19 ----A---- C:\scancode.txt
2009-06-12 18:43:55 ----D---- C:\WINDOWS\system32\Restore
2009-06-12 18:43:55 ----D---- C:\WINDOWS\system32\npp
2009-06-12 18:43:54 ----D---- C:\WINDOWS\msagent
2009-06-12 18:43:52 ----D---- C:\WINDOWS\srchasst
2009-06-12 18:43:51 ----D---- C:\WINDOWS\system32\Com
2009-06-12 18:43:47 ----D---- C:\Program Files\Windows NT
2009-06-12 18:43:47 ----D---- C:\Program Files\Outlook Express
2009-06-12 18:43:41 ----D---- C:\Program Files\Fichiers communs\System
2009-06-12 18:43:12 ----D---- C:\WINDOWS\system32\oobe
2009-06-12 18:43:09 ----D---- C:\WINDOWS\system
2009-06-12 11:35:54 ----A---- C:\WINDOWS\ModemLog_Smart Link 56K Voice Modem.txt
2009-06-09 21:52:17 ----HD---- C:\WINDOWS\$hf_mig$
2009-06-08 22:25:24 ----A---- C:\WINDOWS\IE4 Error Log.txt
2009-06-01 18:51:12 ----A---- C:\WINDOWS\system32\MRT.exe
2009-05-30 21:13:42 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2009-05-22 11:16:08 ----SD---- C:\WINDOWS\Tasks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-08-11 43520]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2005-03-04 11776]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2007-11-24 8552]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ASAPIW2k;ASAPIW2K; C:\WINDOWS\system32\drivers\ASAPIW2k.sys [2004-03-10 11264]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 CONAN;CONAN; C:\WINDOWS\system32\drivers\o2mmb.sys [2004-02-12 191092]
R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2004-06-21 78976]
R3 MbxStby;MbxStby; C:\WINDOWS\system32\drivers\MbxStby.sys [2004-01-28 6100]
R3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-09-28 12288]
R3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys [2004-12-16 221736]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2005-03-04 243200]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2002-07-10 32256]
R3 Slntamr;SmartLink AMR_PCI Driver; C:\WINDOWS\system32\DRIVERS\slntamr.sys [2004-12-16 548888]
R3 SlWdmSup;SlWdmSup; C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys [2004-12-16 39348]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-05-07 182688]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2004-07-23 159488]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
S3 61883;Pilote d'unité 61883; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Avc;Périphérique AVC; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 Mtlstrm;Mtlstrm; C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys [2004-12-16 1301704]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NtMtlFax;NtMtlFax; C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys [2004-12-16 167352]
S3 SiS300i;SiS300i; C:\WINDOWS\system32\DRIVERS\sis300ip.sys [2001-08-17 101760]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SlNtHal;SlNtHal; C:\WINDOWS\system32\DRIVERS\Slnthal.sys [2004-12-16 86512]
S3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys []
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe [2004-04-08 1135728]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 SLService;SmartLinkService; C:\WINDOWS\system32\slserv.exe [2004-12-16 45056]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S3 AdobeVersionCue;AdobeVersionCue; C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe [2003-10-22 61440]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe [2008-09-13 77944]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-27 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

Répondre à ramito

jlpjlp, le 12 jun 2009 à 20:16:32

Scan avec malwarebyte , fais un scan minutieux et colle le rapport obtenu et vire ce qui est trouvé:

http://www.malekal.com/tutorial_MalwareBytes_AntiMalware.php

_________________

mettre a jour internet explorer
pour XP
http://download.microsoft.com/...

pour VISTA:
http://download.microsoft.com/...

_____________

mettre à jour adobe reader puis supprimer les anciennes version via le panneau de configuration
http://www.adobe.com/fr/products/reader/

ou passer a un lecteur alternatif ce qui évitera les virus circulant via les PDF comme foxit reader (ne pas mettre les barres foxit, ask, ebay..)

http://www.commentcamarche.net/telecharger/telechargement 205 foxit reader

_____________

colle le rapport d'un scan en ligne
avec un des suivants:

bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://www.pandasoftware.fr/Activescan/Activescan.html

Kaspersky en ligne
http://webscanner.kaspersky.fr/

Répondre à jlpjlp

Posez votre question Répondre