Ordinateur tres lent et internet expl bloque

salut

télécharge

http://www.malwarebytes.org/mbam/program/mbam-setup.exe

a l'installation vérifie que mise a jour et lancer programme et scan complet sont bien cocher

Une fois a jour, le programme va se lancer; clic sur l´onglet paramètre, et coche la case : "Arrêter internet explorer pendant la suppression".

A la fin du scan clique sur Afficher les résultats

Vérifier si tout est coché et clic Supprimer la sélection

S'il t'es demandé de redémarrer >>> clique sur "Yes"

Et tu poste le rapport générer

Merci de ton aide,

alors voila j ai fait ce que tu m as dit ( c'était tres tres long... je ne sais pas si ca vient de mon ordi qui rame ou parce que j ai beaucoup de fichiers??)
Enfin voila le rapport, apparement il n a pas trouvé grand chose:

Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3823
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

04/03/2010 18:33:52
mbam-log-2010-03-04 (18-33-52).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 236566
Temps écoulé: 4 hour(s), 17 minute(s), 14 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Merci encore
Pat

Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent(car il est detecté a tort comme infection)

Télécharge et installe List&Kill'em et enregistre le sur ton bureau

http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem_Install.exe


Branche clés usb , disques durs externes , mp3 , mp4 , etc..

double clique ( clic droit "exécuter en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation

coche la case "créer une icône sur le bureau"

une fois terminée , clic sur "terminer" et le programme se lancera seul

choisis la langue puis choisis l'option 1 = Mode Recherche

laisse travailler l'outil

à l'apparition de la fenêtre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.

un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , mais ne le supprime pas pour l instant, le scan n'est pas fini.

Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'écran "COMPLETED"

Merci
Alors voila le rapport demandé:

List'em by g3n-h@ckm@n 1.2.8.5

User : MU (Administrateurs)
Update on 03/03/2010 by g3n-h@ckm@n ::::: 18.30
Start at: 20:49:00 | 04/03/2010
Contact : http://www.commentcamarche.net/forum/forum-7-virus-securite

Intel(R) Celeron(R) M CPU 430 @ 1.73GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : Avira AntiVir PersonalEdition 8.0.1.30 [ (!) Disabled | Updated ]
FW : Norton Internet Worm Protection[ (!) Disabled ]2006

C:\ -> Disque fixe local | 55,89 Go (8,63 Go free) [H06564FRP01] | NTFS
D:\ -> Disque CD-ROM

Boot: Normal


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SkyTel.EXE
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\thpsrv.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\Program Files\Fichiers communs\Aladdin Shared\eToken\etCoreMgr.exe
C:\Program Files\Fichiers communs\Aladdin Shared\eToken\StoreSyncExe.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\UltimateZip\uzqkst.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\List_Kill'em\List_Kill'em.scr
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\MU\Local Settings\Temp\17.tmp\pv.exe

======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
TOSCDSPD REG_SZ C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
LDM REG_SZ C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
LogitechSoftwareUpdate REG_SZ "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
MsnMsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
H/PC Connection Agent REG_SZ "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
swg REG_SZ "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
SpybotSD TeaTimer REG_SZ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ATICCC REG_SZ "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
SkyTel REG_SZ SkyTel.EXE
00THotkey REG_SZ C:\WINDOWS\system32\00THotkey.exe
000StTHK REG_SZ 000StTHK.exe
Apoint REG_SZ C:\Program Files\Apoint2K\Apoint.exe
LtMoh REG_SZ C:\Program Files\ltmoh\Ltmoh.exe
AGRSMMSG REG_SZ AGRSMMSG.exe
TPSMain REG_SZ TPSMain.exe
TPSODDCtl REG_SZ TPSODDCtl.exe
ThpSrv REG_SZ thpsrv /logon
TFNF5 REG_SZ TFNF5.exe
SmoothView REG_SZ C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
TouchED REG_SZ C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
TOSDCR REG_SZ TOSDCR.EXE
TMESRV.EXE REG_SZ C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
TMERzCtl.EXE REG_SZ C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
NDSTray.exe REG_SZ NDSTray.exe
TFncKy REG_SZ TFncKy.exe
TosHKCW.exe REG_SZ "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
DLA REG_SZ C:\WINDOWS\System32\DLA\DLACTRLW.EXE
RTHDCPL REG_SZ RTHDCPL.EXE
Alcmtr REG_SZ ALCMTR.EXE
LVCOMSX REG_SZ C:\WINDOWS\system32\LVCOMSX.EXE
LogitechCameraAssistant REG_SZ C:\Program Files\Logitech\Video\CameraAssistant.exe
LogitechVideo[inspector] REG_SZ C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
LogitechCameraService(E) REG_SZ C:\WINDOWS\system32\ElkCtrl.exe /automation
CFSServ.exe REG_SZ CFSServ.exe -NoClient
MMTray REG_SZ "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
mmtask REG_SZ "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
avgnt REG_SZ "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
AOLSAV REG_SZ C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
eTCoreManager REG_SZ "C:\Program Files\Fichiers communs\Aladdin Shared\eToken\etCoreMgr.exe"
eTMonitor REG_SZ "C:\Program Files\Fichiers communs\Aladdin Shared\eToken\StoreSyncExe.exe"
EverioService REG_SZ "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
Autoconfigurateur WiFi SFR REG_SZ "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
Malwarebytes' Anti-Malware REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)

===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 145 (0x91)

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting REG_DWORD 1 (0x1)
NoCDBurning REG_DWORD 0 (0x0)

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell REG_DWORD 1 (0x1)
DefaultUserName REG_SZ MU
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD -1 (0xffffffff)
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 0 (0x0)
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 0 (0x0)
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0 (0x0)
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
ShowLogonOptions REG_DWORD 0 (0x0)
AltDefaultUserName REG_SZ MU
AltDefaultDomainName REG_SZ ADMINISTRATEUR
DefaultDomainName REG_SZ ADMINISTRATEUR
DefaultPassword REG_SZ
AutoAdminLogon REG_SZ

===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AtiExtEvent]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ

===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\MSN Messenger\msncall.exe REG_SZ C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe REG_SZ C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger
D:\BIN\WIN32\PLAYER.EXE REG_SZ D:\BIN\WIN32\PLAYER.EXE:*:Enabled:Macromedia Projector
C:\mcoinstall.exe REG_SZ C:\mcoinstall.exe:*:Enabled:mcoinstall
C:\Program Files\Real\RealPlayer\realplay.exe REG_SZ C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer
C:\Program Files\MSN Messenger\livecall.exe REG_SZ C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
C:\Documents and Settings\MU\Mes documents\emule\eMule.exe REG_SZ C:\Documents and Settings\MU\Mes documents\emule\eMule.exe:*:Enabled:eMule
C:\Program Files\Microsoft ActiveSync\rapimgr.exe REG_SZ C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
C:\Program Files\Microsoft ActiveSync\wcescomm.exe REG_SZ C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe REG_SZ C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
C:\EFORKWIN\W3dbsmgr.exe REG_SZ C:\EFORKWIN\W3dbsmgr.exe:*:Enabled:Database Service Manager
C:\TYPSoft FTP Server\ftpserv.exe REG_SZ C:\TYPSoft FTP Server\ftpserv.exe:*:Enabled:TYPSoft FTP Server
C:\Program Files\CyberLink\PCM4Everio\PCM4Everio.exe REG_SZ C:\Program Files\CyberLink\PCM4Everio\PCM4Everio.exe:*:Enabled:CyberLink PowerCinema NE for Everio
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe REG_SZ C:\Program Files\CyberLink\PCM4Everio\EverioService.exe:*:Enabled:CyberLink PowerCinema NE for Everio Resident Program
C:\Program Files\CyberLink\PowerDirector Express\PDX.exe REG_SZ C:\Program Files\CyberLink\PowerDirector Express\PDX.exe:*:Enabled:CyberLink PowerDirector Express
C:\Documents and Settings\MU\Mes documents\mcoview.exe REG_SZ C:\Documents and Settings\MU\Mes documents\mcoview.exe:*:Enabled:mcoview
C:\Program Files\Bonjour\mDNSResponder.exe REG_SZ C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
C:\Program Files\iTunes\iTunes.exe REG_SZ C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
C:\Program Files\Shareaza\Shareaza.exe REG_SZ C:\Program Files\Shareaza\Shareaza.exe:*:Enabled:Shareaza

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\MSN Messenger\msncall.exe REG_SZ C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe REG_SZ C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger
C:\Program Files\MSN Messenger\livecall.exe REG_SZ C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
C:\Program Files\Microsoft ActiveSync\rapimgr.exe REG_SZ C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
C:\Program Files\Microsoft ActiveSync\wcescomm.exe REG_SZ C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe REG_SZ C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare

===============
ActivX controls
===============
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{0CCA191D-13A6-4E29-B746-314DEE697D83}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{166B1BCA-3F9C-11CF-8075-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{512663B9-A1FD-412E-9E4F-42B2B1DB189C}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6E5E167B-1566-4316-B27F-0DDAB3484CF7}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CE3409C4-9E26-4F8E-83E4-778498F9E7B4}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}

===============
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B508B3F1-A24A-32C0-B310-85786919EF28}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}

==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{53707962-6F74-2D53-2644-206D7942484F}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]

===
DNS
===

HKLM\SYSTEM\CCS\Services\Tcpip\..\{A08CFC50-C52A-4436-A625-2CD5BA77ADF6}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A08CFC50-C52A-4436-A625-2CD5BA77ADF6}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{A08CFC50-C52A-4436-A625-2CD5BA77ADF6}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ http://www.voila.fr/

========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Ndisuio : 0x3 ( OK = 3 )
SharedAccess : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )

=========
Atapi.sys
=========

%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Documents and Settings\MU\Local Settings\Temp\17.tmp
## C:\> hashdeep.exe C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\atapi.sys
##
96512,9f3a2f5aa6875c72bf062c712cfa2674,b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9,C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Documents and Settings\MU\Local Settings\Temp\17.tmp
## C:\> hashdeep.exe C:\WINDOWS\system32\drivers\atapi.sys
##
95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,C:\WINDOWS\system32\drivers\atapi.sys

Référence :
==========

Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C

=======
Drive :
=======

D‚fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

Rapport d'analyse
55,89 Go total, 8,63 Go libre (15%), 20% fragment‚ (fragmentation du fichier 40%)

Vous devriez d‚fragmenter ce volume.

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Present !! : C:\WINDOWS\~GLC0000.TMP
Present !! : C:\WINDOWS\~GLH0000.TMP
Present !! : C:\WINDOWS\~GLH0001.TMP
Present !! : C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
Present !! : C:\WINDOWS\System32\_*.dll
Present !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Present !! : C:\WINDOWS\System32\drivers\lvuvc.hs"
Present !! : C:\WINDOWS\xobglu16.dll
Present !! : C:\WINDOWS\xobglu32.dll
Present !! : C:\Documents and Settings\MU\Application Data\GDIPFONTCACHEV1.DAT
Present !! : C:\Documents and Settings\MU\Application Data\GDIPFONTCACHEV1.DAT
Present !! : C:\Documents and Settings\MU\LOCAL Settings\Temp\Perflib_Perfdata_1310.dat
Present !! : C:\Documents and Settings\MU\LOCAL Settings\Temp\Perflib_Perfdata_13b4.dat
Present !! : C:\Documents and Settings\MU\LOCAL Settings\Temp\Perflib_Perfdata_1e0.dat
Present !! : C:\Documents and Settings\MU\LOCAL Settings\Temp\Perflib_Perfdata_630.dat
Present !! : C:\Documents and Settings\MU\LOCAL Settings\Temp\Perflib_Perfdata_878.dat
Present !! : C:\Documents and Settings\MU\LOCAL Settings\Temp\Perflib_Perfdata_91c.dat
Present !! : C:\Documents and Settings\MU\LOCAL Settings\Temp\Perflib_Perfdata_a28.dat
Present !! : C:\Documents and Settings\MU\LOCAL Settings\Temp\Perflib_Perfdata_b40.dat
Present !! : C:\Documents and Settings\MU\LOCAL Settings\Temp\Perflib_Perfdata_d08.dat
Present !! : C:\Documents and Settings\MU\LOCAL Settings\Temp\catchme.dll

¤¤¤¤¤¤¤¤¤¤ Keys :

Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440}
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Present !! : HKCR\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d}

============

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-04 21:04:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

? [16580]
? [18000]
? [30692]

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000000
"TracesSuccessful"=dword:00000000
"LastTraceFailure"=dword:00000000

scanning hidden files ...


scan completed successfully
hidden processes: 3
hidden services: 0
hidden files: 0


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK


¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials





¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

End of scan : 21:52:02,07

Alors , tu penses que c'est grave ? Merci d'avance
Pat

▶ Relance List&Kill'em(soit en clic droit pour vista),avec le raccourci sur ton bureau.
mais cette fois-ci :

▶ choisis l'option 2 = Mode Suppression

laisse travailler l'outil.

en fin de scan un rapport s'ouvre

▶ colle le contenu dans ta réponse

ensuite :

▶ Relance List&Kill'em(soit en clic droit pour vista),avec le raccourci sur ton bureau.
mais cette fois-ci :

▶ choisis l'option 6 = Restore MBR

laisse travailler l'outil.

en fin de scan un rapport s'ouvre

▶ colle le contenu dans ta réponse

alors le 1° rapporet:

Kill'em by g3n-h@ckm@n 1.2.8.5

User : MU (Administrateurs)
Update on 03/03/2010 by g3n-h@ckm@n ::::: 18.30
Start at: 22:19:08 | 04/03/2010
Contact : http://www.commentcamarche.net/forum/forum-7-virus-securite

Intel(R) Celeron(R) M CPU 430 @ 1.73GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : Avira AntiVir PersonalEdition 8.0.1.30 [ Enabled | Updated ]
FW : Norton Internet Worm Protection[ (!) Disabled ]2006

C:\ -> Disque fixe local | 55,89 Go (8,62 Go free) [H06564FRP01] | NTFS
D:\ -> Disque CD-ROM


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SkyTel.EXE
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\thpsrv.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\Program Files\Fichiers communs\Aladdin Shared\eToken\etCoreMgr.exe
C:\Program Files\Fichiers communs\Aladdin Shared\eToken\StoreSyncExe.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\UltimateZip\uzqkst.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\List_Kill'em\List_Kill'em.scr
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\MU\Local Settings\Temp\48.tmp\pv.exe

Detections :
==========


¤¤¤¤¤¤¤¤¤¤ Files/folders :

Quarantined & Deleted !! : C:\WINDOWS\~GLC0000.TMP
Quarantined & Deleted !! : C:\WINDOWS\~GLH0000.TMP
Quarantined & Deleted !! : C:\WINDOWS\~GLH0001.TMP
Quarantined & Deleted !! : C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe

Quarantined & Deleted !! : C:\WINDOWS\System32\_psisdecd.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Quarantined & Deleted !! : C:\WINDOWS\System32\drivers\lvuvc.hs
Quarantined & Deleted !! : C:\WINDOWS\xobglu16.dll
Quarantined & Deleted !! : C:\WINDOWS\xobglu32.dll
Quarantined & Deleted !! : C:\Documents and Settings\MU\Application Data\GDIPFONTCACHEV1.DAT
Quarantined & Deleted !! : C:\Documents and Settings\MU\LOCAL Settings\Temp\Perflib_Perfdata_1310.dat
Quarantined & Deleted !! : C:\Documents and Settings\MU\LOCAL Settings\Temp\Perflib_Perfdata_13b4.dat
Quarantined & Deleted !! : C:\Documents and Settings\MU\LOCAL Settings\Temp\Perflib_Perfdata_1e0.dat
Quarantined & Deleted !! : C:\Documents and Settings\MU\LOCAL Settings\Temp\Perflib_Perfdata_630.dat
Quarantined & Deleted !! : C:\Documents and Settings\MU\LOCAL Settings\Temp\Perflib_Perfdata_878.dat
Quarantined & Deleted !! : C:\Documents and Settings\MU\LOCAL Settings\Temp\Perflib_Perfdata_91c.dat
Quarantined & Deleted !! : C:\Documents and Settings\MU\LOCAL Settings\Temp\Perflib_Perfdata_a28.dat
Quarantined & Deleted !! : C:\Documents and Settings\MU\LOCAL Settings\Temp\Perflib_Perfdata_b40.dat
Quarantined & Deleted !! : C:\Documents and Settings\MU\LOCAL Settings\Temp\Perflib_Perfdata_d08.dat
Deleted !! : C:\RECYCLER\S-1-5-21-1603951586-2850574897-1791980801-1005\Dc100.JPG
Deleted !! : C:\RECYCLER\S-1-5-21-1603951586-2850574897-1791980801-1005\Dc101.JPG
Deleted !! : C:\RECYCLER\S-1-5-21-1603951586-2850574897-1791980801-1005\Dc102.JPG
Deleted !! : C:\RECYCLER\S-1-5-21-1603951586-2850574897-1791980801-1005\Dc103.JPG
Deleted !! : C:\RECYCLER\S-1-5-21-1603951586-2850574897-1791980801-1005\Dc104.JPG
Deleted !! : C:\RECYCLER\S-1-5-21-1603951586-2850574897-1791980801-1005\Dc105.JPG
Deleted !! : C:\RECYCLER\S-1-5-21-1603951586-2850574897-1791980801-1005\Dc106.JPG
Deleted !! : C:\RECYCLER\S-1-5-21-1603951586-2850574897-1791980801-1005\Dc45.exe
Deleted !! : C:\RECYCLER\S-1-5-21-1603951586-2850574897-1791980801-1005\Dc46.JPG
Deleted !! : C:\RECYCLER\S-1-5-21-1603951586-2850574897-1791980801-1005\Dc47.JPG
Deleted !! : C:\RECYCLER\S-1-5-21-1603951586-2850574897-1791980801-1005\Dc48.JPG
Deleted !! : C:\RECYCLER\S-1-5-21-1603951586-2850574897-1791980801-1005\Dc49.JPG
Deleted !! : C:\RECYCLER\S-1-5-21-1603951586-2850574897-1791980801-1005\Dc50.JPG
Deleted !! : C:\RECYCLER\S-1-5-21-1603951586-2850574897-1791980801-1005\Dc51.JPG
Deleted !! : C:\RECYCLER\S-1-5-21-1603951586-2850574897-1791980801-1005\Dc52.JPG
Deleted !! : C:\RECYCLER\S-1-5-21-1603951586-2850574897-1791980801-1005\Dc53.JPG
Deleted !! : C:\RECYCLER\S-1-5-21-1603951586-2850574897-1791980801-1005\Dc54.JPG
Deleted !! : C:\RECYCLER\S-1-5-21-1603951586-2850574897-1791980801-1005\Dc55.JPG
Deleted !! : C:\RECYCLER\S-1-5-21-1603951586-2850574897-1791980801-1005\Dc56.JPG
Deleted !! : C:\RECYCLER\S-1-5-21-1603951586-2850574897-1791980801-1005\Dc57.JPG
Deleted !! : C:\RECYCLER\S-1-5-21-1603951586-2850574897-1791980801-1005\Dc58.JPG
Deleted !! : C:\RECYCLER\S-1-5-21-1603951586-2850574897-1791980801-1005\Dc59.JPG
Deleted !! : C:\RECYCLER\S-1-5-21-1603951586-2850574897-1791980801-1005\Dc60.JPG
Deleted !! : C:\RECYCLER\S-1-5-21-1603951586-2850574897-1791980801-1005\Dc61.JPG
Deleted !! : C:\RECYCLER\S-1-5-21-1603951586-2850574897-1791980801-1005\Dc62.JPG
Deleted !! : C:\RECYCLER\S-1-5-21-1603951586-2850574897-1791980801-1005\Dc63.JPG
Deleted !! : C:\RECYCLER\S-1-5-21-1603951586-2850574897-1791980801-1005\Dc64.JPG
Deleted !! : C:\RECYCLER\S-1-5-21-1603951586-2850574897-1791980801-1005\Dc65.JPG
Deleted !! : C:\RECYCLER\S-1-5-21-1603951586-2850574897-1791980801-1005\Dc66.JPG
Deleted !! : C:\RECYCLER\S-1-5-21-1603951586-2850574897-1791980801-1005\Dc67.JPG
Deleted !! : C:\RECYCLER\S-1-5-21-1603951586-2850574897-1791980801-1005\Dc68.JPG
Deleted !! : C:\RECYCLER\S-1-5-21-1603951586-2850574897-1791980801-1005\Dc69.JPG
Deleted !! : C:\RECYCLER\S-1-5-21-1603951586-2850574897-1791980801-1005\Dc70.JPG
Deleted !! : C:\RECYCLER\S-1-5-21-1603951586-2850574897-1791980801-1005\Dc71.JPG
Deleted !! : C:\RECYCLER\S-1-5-21-1603951586-2850574897-1791980801-1005\Dc72.JPG
Deleted !! : C:\RECYCLER\S-1-5-21-1603951586-2850574897-1791980801-1005\Dc73.JPG
Deleted !! : C:\RECYCLER\S-1-5-21-1603951586-2850574897-1791980801-1005\Dc74.JPG
Deleted !! : C:\RECYCLER\S-1-5-21-1603951586-2850574897-1791980801-1005\Dc75.JPG
Deleted !! : C:\RECYCLER\S-1-5-21-1603951586-2850574897-1791980801-1005\Dc76.JPG
Deleted !! : C:\RECYCLER\S-1-5-21-1603951586-2850574897-1791980801-1005\Dc77.JPG
Deleted !! : C:\RECYCLER\S-1-5-21-1603951586-2850574897-1791980801-1005\Dc78.JPG
Deleted !! : C:\RECYCLER\S-1-5-21-1603951586-2850574897-1791980801-1005\Dc79.JPG
Deleted !! : C:\RECYCLER\S-1-5-21-1603951586-2850574897-1791980801-1005\Dc80.JPG
Deleted !! : C:\RECYCLER\S-1-5-21-1603951586-2850574897-1791980801-1005\Dc81.JPG
Deleted !! : C:\RECYCLER\S-1-5-21-1603951586-2850574897-1791980801-1005\Dc82.JPG
Deleted !! : C:\RECYCLER\S-1-5-21-1603951586-2850574897-1791980801-1005\Dc83.JPG
Deleted !! : C:\RECYCLER\S-1-5-21-1603951586-2850574897-1791980801-1005\Dc84.JPG
Deleted !! : C:\RECYCLER\S-1-5-21-1603951586-2850574897-1791980801-1005\Dc85.JPG
Deleted !! : C:\RECYCLER\S-1-5-21-1603951586-2850574897-1791980801-1005\Dc86.JPG
Deleted !! : C:\RECYCLER\S-1-5-21-1603951586-2850574897-1791980801-1005\Dc87.JPG
Deleted !! : C:\RECYCLER\S-1-5-21-1603951586-2850574897-1791980801-1005\Dc88.JPG
Deleted !! : C:\RECYCLER\S-1-5-21-1603951586-2850574897-1791980801-1005\Dc89.JPG
Deleted !! : C:\RECYCLER\S-1-5-21-1603951586-2850574897-1791980801-1005\Dc90.JPG
Deleted !! : C:\RECYCLER\S-1-5-21-1603951586-2850574897-1791980801-1005\Dc91.JPG
Deleted !! : C:\RECYCLER\S-1-5-21-1603951586-2850574897-1791980801-1005\Dc92.JPG
Deleted !! : C:\RECYCLER\S-1-5-21-1603951586-2850574897-1791980801-1005\Dc93.JPG
Deleted !! : C:\RECYCLER\S-1-5-21-1603951586-2850574897-1791980801-1005\Dc94.JPG
Deleted !! : C:\RECYCLER\S-1-5-21-1603951586-2850574897-1791980801-1005\Dc95.JPG
Deleted !! : C:\RECYCLER\S-1-5-21-1603951586-2850574897-1791980801-1005\Dc96.JPG
Deleted !! : C:\RECYCLER\S-1-5-21-1603951586-2850574897-1791980801-1005\Dc97.JPG
Deleted !! : C:\RECYCLER\S-1-5-21-1603951586-2850574897-1791980801-1005\Dc98.JPG
Deleted !! : C:\RECYCLER\S-1-5-21-1603951586-2850574897-1791980801-1005\Dc99.JPG

==============
host file OK !
==============

========
Registry
========

Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440}
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Deleted : HKCR\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d}
========
Services
=========

Ndisuio : Start = 3
Ip6Fw : Start = 2
SharedAccess : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2

============
Disk Cleaned
============

=================
anti-ver blaster : OK !!
=================

================
Prefetch cleaned
================



¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤


le 2°:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

Voila
Pat

Télécharge UsbFix de C_XX & Chiquitine29

http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe


(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

• Double clic sur "UsbFix.exe" présent sur ton bureau ( clic droit "exécuter en tant qu'administrateur" pour Vista & 7 )

• Choisis l'option F pour français et tape sur [entrée] .

• Choisis l'option 1 ( Recherche ) et tape sur [entrée] .

• Laisse travailler l'outil.

• Ensuite poste le rapport UsbFix.txt qui apparaitra.

• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

Ci joint le rapport:


############################## | UsbFix V6.098 |

User : MU (Administrateurs) # ADMINISTRATEUR
Update on 03/03/2010 by El Desaparecido , C_XX & Chimay8
Start at: 10:01:16 | 05/03/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Celeron(R) M CPU 430 @ 1.73GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : Avira AntiVir PersonalEdition 8.0.1.30 [ Enabled | Updated ]
FW : Norton Internet Worm Protection[ (!) Disabled ]2006

C:\ -> Disque fixe local # 55,89 Go (9,1 Go free) [H06564FRP01] # NTFS
D:\ -> Disque CD-ROM

################## | Elements infectieux |


################## | Registre |


################## | Mountpoints2 |

HKCU\..\..\Explorer\MountPoints2\{7ea3da68-5304-11dd-a653-0015b7055d58}
Shell\AutoRun\command =E:\AutoRunCardDetector.exe

################## | Vaccin |

(!) Cet ordinateur n'est pas vacciné !

################## | ! Fin du rapport # UsbFix V6.098 ! |


Merci
Pat

Suppression

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe......) susceptibles d'avoir été infectés sans les ouvrir

(1) Double clic sur le raccourci UsbFix présent sur ton bureau

(2) Choisi l option 2 ( Suppression )

Ton bureau disparaitra et le pc redémarrera .

Au redémarrage , UsbFix scannera ton pc , laisse travailler l outil.

Ensuite poste le rapport UsbFix.txt qui apparaitra avec le bureau .

Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )