Problème virus Winupgro.exe [Résolu]

############################## | FindyKill V5.038 |

# User : mss (Administrateurs) # NOM-8FC0C0A046C
# Update on 15/03/2010 by El Desaparecido
# Start at: 20:49:05 | 18/04/2010
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Contact : FindyKill.Contact@gmail.com

# Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Disabled
# AV : BitDefender Antivirus 13.0.20 [ Enabled | Updated ]
# AV : avast! antivirus 4.8.1368 [VPS 000000-0] 4.8.1368 [ (!) Disabled | (!) Outdated ]
# FW : BitDefender Pare-feu[ Enabled ]13.0.20

# C:\ # Disque fixe local # 64,73 Go (3,9 Go free) # NTFS
# D:\ # Disque fixe local # 43,14 Go (19,42 Go free) [DATA] # FAT32
# E:\ # Disque CD-ROM

################## | Eléments infectieux |

C:\Documents and Settings\mss\Application Data\drivers
C:\Documents and Settings\mss\Application Data\drivers\downld
C:\Documents and Settings\mss\Application Data\drivers\winupgro.exe

################## | Registre |

[HKCU\Software\bisoft]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "drvsyskit"
[HKU\S-1-5-21-3168603327-1517592925-3570700814-1005\Software\Microsoft\Windows\CurrentVersion\Run] "drvsyskit"
[HKU\S-1-5-21-3168603327-1517592925-3570700814-1005\Software\bisoft]
[HKCU\Software\Local AppWizard-Generated Applications\key_generator]
[HKCU\Software\Local AppWizard-Generated Applications\winupgro]
[HKU\S-1-5-21-3168603327-1517592925-3570700814-1005\Software\Local AppWizard-Generated Applications\key_generator]
[HKU\S-1-5-21-3168603327-1517592925-3570700814-1005\Software\Local AppWizard-Generated Applications\winupgro]

################## | Etat |

# Affichage des fichiers cachés : OK

Clé manquante : HKLM\...\SafeBoot | Mode sans echec non fonctionnel !

# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 3 ( Good = 2 | Bad = 4 )
# Ip6Fw -> Start = 3 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )

################## | ! Fin du rapport # FindyKill V5.038 ! |

Mais ce logiciel findykill est-il fiable? Car avant meme de demander de l'aide ici, en lancant la fonction "recherche" sur mon ordinateur et en tapant "winupgro" j'ai trouvé un fichier winupgro.exe dans un dossier se nommant justement "Fyk" que j'ai supprimé car je ne savais pas ce que c'était. Et je n'avais pas encore installé Findykill.... Là je viens de regarder: pareil. Dans ce logiciel findykill il y a un fichier winupgro... louche.

n'y a-t-il pas un moyen de supprimer le virus "manuellement" à partir du moment ou je sais ou il est? J'ai pensé au mode sans échec mais est-ce sans risque ? Et la restauration de systeme pourrait-elle marcher selon vous? Merci d'avance.

d'accord. Mais alors juste 3 questions avant que je le fasse:
La plus importante: Pourquoi est ce que dans mon dossier findykill j'ai un fichier qui se prénomme WinupGro??
2: est ce que lancer une restauration du systeme ne serait pas plus simple?
3: j'ai lu sur d'autres forums qu'apparement findykill fait restaurer enmode sans échec mais qu'aussi il été arriver a plusieurs personnes de se retrouver coincées dans ce mode sans échec et Findykill ne supprimait pas le virus... :S est ce vrai?

et encore une question: puisque findykill fait redémarrer l'ordi en mode sans echec, je peux le faire aussi par moi même en appuyant sur la touche F8 puisque je sais où se trouve le virus non?

ok bon bah alors option deux mais si findykill lance mon ordi en MSE j'espere que celà va fonctionner meme si tu me dis que je ne peux plu le démarrer en MSE.. :S :S

pourquoi veux tu qu'il redémarre en MSE ?

Ui c'est vrai que je n'en sais rien en fait , c'est ce que j'ai lu sur d'autre forums qui est arrivé à d'autres personnes. Mais effectivement là j'ai pas le choix mon MSE n'est plus fonctionnel, la resto ne servirait à rien ... Donc je vais lancé l'option 2. En fait j'ai du mal a faire confiance à des applis/logiciels, quand ceci est deja là cause de mon virus (en l'occurence ici le téléchargement d'un logiciel crack) Je préfère la suppression manuelle. Mais là manuellement je n'y arrive pas donc je vais tenté ça,merci. Je reviens ici quand c'est fait.

vas y en confiance

nous sommes toute une équipe ici qui ne faisons que ca , on arrivera bien à t'aider à nous tous
(sourire)

C'est encore melodiane, je me suis connecté d'un autre ordinateur car j'aiun soucis: le scan s'est stoppé. Il est depuis 20 bonnes minutes sur un fichier et pourtant c'est un fichier tout simple (une image). Je voudrais savoir comment l'arreter du coup? Je pense que de toute faço le virus est dejà supprimer car s'il s'y prend dans l'ordre alphabétique il a dejà passé le dossier documents and settings où est situé le virus. Donc comment le stopper pr attérir sur mon bureau sans pour autant annulé ce qui a été fait? Merci d'avance

Je fais un petit up, help, je sais pas quoi faire avec mon ordinateur il est toujours bloqué sur la meme chose (analyse d'un fichier,le meme depuis tout a l'heure)

j'ai oublié de préciser le nom du fichier sur lequel il bloque excusez-moi:
C:\ProgramFiles\OpenOffice.org3\Basis\share\config\images_classic.zip

J'ai finalement cliqué sur ctrl Alt suppr pour arréter le scan. J'ai ensuite relancé une recherche (option 1 sur findykill) . Voilà le rapport:


############################## | FindyKill V5.038 |

# User : mss (Administrateurs) # NOM-8FC0C0A046C
# Update on 15/03/2010 by El Desaparecido
# Start at: 00:14:05 | 19/04/2010
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Contact : FindyKill.Contact@gmail.com

# Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Disabled
# AV : BitDefender Antivirus 13.0.20 [ Enabled | Updated ]
# AV : avast! antivirus 4.8.1368 [VPS 000000-0] 4.8.1368 [ (!) Disabled | (!) Outdated ]
# FW : BitDefender Pare-feu[ Enabled ]13.0.20

# C:\ # Disque fixe local # 64,73 Go (3,91 Go free) # NTFS
# D:\ # Disque fixe local # 43,14 Go (19,42 Go free) [DATA] # FAT32
# E:\ # Disque CD-ROM

################## | Eléments infectieux |


################## | Registre |

[HKCU\Software\bisoft]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "drvsyskit"
[HKU\S-1-5-21-3168603327-1517592925-3570700814-1005\Software\Microsoft\Windows\CurrentVersion\Run] "drvsyskit"
[HKU\S-1-5-21-3168603327-1517592925-3570700814-1005\Software\bisoft]
[HKCU\Software\Local AppWizard-Generated Applications\key_generator]
[HKCU\Software\Local AppWizard-Generated Applications\winupgro]
[HKU\S-1-5-21-3168603327-1517592925-3570700814-1005\Software\Local AppWizard-Generated Applications\key_generator]
[HKU\S-1-5-21-3168603327-1517592925-3570700814-1005\Software\Local AppWizard-Generated Applications\winupgro]

################## | Etat |

# Affichage des fichiers cachés : OK

Clé manquante : HKLM\...\SafeBoot | Mode sans echec non fonctionnel !

# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 3 ( Good = 2 | Bad = 4 )
# Ip6Fw -> Start = 3 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )

################## | ! Fin du rapport # FindyKill V5.038 ! |


Je ne suis pas très douée pour l'informatique mais il me semble que le virus a été supprimé. Cependant il y a une chose qui me gene toujours: le mode sans echec est encore marqué comme non fonctionnel,comment ça se fait? Est ce que celà veut tout simplement dire qu'actuellement je ne suis pas en MSE?
Que faire maintenant de findykill? Je le désinstalle? (car ce fichier winupgro à l'intérieur du dossier findykill me perturbe quand meme... Je n'aime pas voir ce nom il me sors par les yeux! ^^ )

ah, meme sans éléments infectés? Bon bah je vais recommencer... En éspérant qu'il ne se coince pas à nouveau sur un fichier.

il y a encore des éléments infectés

si ca coince dis le on fera autrement

effectivement ça coince encore sur le meme fichier. Mince je croyais en etre débarassé... -_-'

List'em by g3n-h@ckm@n 1.7.1.3

User : mss (Administrateurs)
Update on 19/04/2010 by g3n-h@ckm@n ::::: 14.00
Start at: 21:00:31 | 19/04/2010
Today it's my birthday !!! :^)
Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : BitDefender Antivirus 13.0.20 [ Enabled | Updated ]
AV : avast! antivirus 4.8.1368 [VPS 000000-0] 4.8.1368 [ (!) Disabled | (!) Outdated ]
FW : BitDefender Pare-feu[ Enabled ]13.0.20

C:\ -> Disque fixe local | 64,73 Go (3,73 Go free) | NTFS
D:\ -> Disque fixe local | 43,14 Go (19,42 Go free) [DATA] | FAT32
E:\ -> Disque CD-ROM

Boot: Normal

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\DllHost.exe
c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\TeamViewer\Version5\TeamViewer.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\ASUS\PowerForPhone\PowerForPhone.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ACEngSvr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Documents and Settings\mss\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\List_Kill'em\pv.exe

======================
Keys "Run"
======================

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
VeohPlugin REG_SZ "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
TomTomHOME.exe REG_SZ "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
drvsyskit REG_SZ C:\Documents and Settings\mss\Application Data\drivers\winupgro.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
HControl REG_SZ C:\WINDOWS\ATK0100\HControl.exe
ehTray REG_SZ C:\WINDOWS\ehome\ehtray.exe
SMSERIAL REG_SZ C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PowerForPhone REG_SZ C:\Program Files\ASUS\PowerForPhone\PowerForPhone.exe
ASUS Live Update REG_SZ C:\Program Files\ASUS\ASUS Live Update\ALU.exe
CognizanceTS REG_SZ rundll32.exe c:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule
ACMON REG_SZ C:\Program Files\ASUS\Splendid\ACMON.exe
Wireless Console 2 REG_SZ C:\Program Files\Wireless Console 2\wcourier.exe
SynTPEnh REG_SZ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
ABLKSR REG_SZ C:\WINDOWS\ABLKSR\ABLKSR.exe
RemoteControl REG_SZ "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
NeroFilterCheck REG_SZ C:\WINDOWS\system32\NeroCheck.exe
ATICCC REG_SZ "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
Power_Gear REG_SZ C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
IntelZeroConfig REG_SZ "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
IntelWireless REG_SZ "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
LVCOMSX REG_SZ C:\WINDOWS\system32\LVCOMSX.EXE
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
LogitechVideoTray REG_SZ C:\Program Files\Logitech\Video\LogiTray.exe
LogitechGalleryRepair REG_SZ C:\Program Files\Logitech\Video\ISStart.exe
KernelFaultCheck REG_EXPAND_SZ %systemroot%\system32\dumprep 0 -k
RTHDCPL REG_SZ RTHDCPL.EXE
Alcmtr REG_SZ ALCMTR.EXE
HP Software Update REG_SZ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
BitDefender Antiphishing Helper REG_SZ "C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe"
BDAgent REG_SZ "C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe"
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=====================
Other Keys
=====================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
EnableLUA REG_DWORD 0 (0x0)

===============

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 145 (0x91)

===============

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting REG_DWORD 1 (0x1)

===============

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ APSHook.dll

===============

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell REG_DWORD 1 (0x1)
DefaultUserName REG_SZ mss
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD -1 (0xffffffff)
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 1 (0x1)
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 1 (0x1)
Background REG_SZ 0 0 0
DefaultPassword REG_SZ
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0 (0x0)
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
ShowLogonOptions REG_DWORD 0 (0x0)
AltDefaultUserName REG_SZ mss
AltDefaultDomainName REG_SZ NOM-8FC0C0A046C
DefaultDomainName REG_SZ NOM-8FC0C0A046C
ChangePasswordUseKerberos REG_DWORD 1 (0x1)

===============

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AtiExtEvent]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

===============

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ

===============

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe REG_SZ C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player
C:\Program Files\MSN Messenger\livecall.exe REG_SZ C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
C:\Program Files\Messenger\msmsgs.exe REG_SZ C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
C:\Program Files\ma-config.com\maconfservice.exe REG_SZ C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
C:\Program Files\TeamViewer\Version5\TeamViewer.exe REG_SZ C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
C:\Program Files\HP\Digital Imaging\bin\hposid01.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe
C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe
C:\Program Files\HP\HP Software Update\HPWUCli.exe REG_SZ C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe REG_SZ C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe
C:\Program Files\Skype\Phone\Skype.exe REG_SZ C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\MSN Messenger\livecall.exe REG_SZ C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
C:\Program Files\HP\Digital Imaging\bin\hposid01.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe
C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe
C:\Program Files\HP\HP Software Update\HPWUCli.exe REG_SZ C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe REG_SZ C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

===============
ActivX controls
===============

[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{0CCA191D-13A6-4E29-B746-314DEE697D83}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5D637FAD-E202-48D1-8F18-5B9C459BD1E3}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8100D56A-5661-482C-BEE8-AFECE305D968}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{867E13F2-7F31-44FB-AC97-CD38E0DC46EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E77F23EB-E7AB-4502-8F37-247DBAF1A147}]

===============
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\KB910393]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{407408d4-94ed-4d86-ab69-a7f649d112ee}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]


Merci beaucoup de l'aide que vous m'apportez.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BDE0FA43-6952-4BA8-8C58-09AF690F88E1}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E8EA5BD6-D931-4001-ABF6-81BAA500360A}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EA29D410-CE41-4953-A862-2DE706A1DAD7}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{FDC11A6F-17D1-48f9-9EA3-9051954BAA24}]

==============
BHO :
======

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0347C33E-8762-4905-BF09-768834316C61}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{F0626A63-410B-45E2-99A1-3F2475B2D695}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]

===
DNS
===

HKLM\SYSTEM\CCS\Services\Tcpip\..\{A95642E2-6FE6-4936-BFFE-129782D66384}: DhcpNameServer=86.64.233.85 109.0.64.243
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A95642E2-6FE6-4936-BFFE-129782D66384}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{A95642E2-6FE6-4936-BFFE-129782D66384}: DhcpNameServer=86.64.233.85 109.0.64.243
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=86.64.233.85 109.0.64.243
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=86.64.233.85 109.0.64.243

================
Internet Explorer :
================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ http://www.nixud.com/
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Default_Search_URL REG_SZ http://go.microsoft.com/fwlink/?LinkId=54896
Default_Page_URL REG_SZ http://www.cherche.us
Search Page REG_SZ http://www.cherche.us

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ http://www.orange.fr/
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Search Page REG_SZ http://www.cherche.us

========
Services
========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
SharedAccess : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )

========
Safemode
========


=========
Atapi.sys
=========

C:\WINDOWS\$NtServicePackUninstall$\atapi.sys :
MD5 :: [cdfe4411a69c224bd1d11b2da92dac51]
SHA256 :: [0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d]

C:\WINDOWS\ServicePackFiles\i386\atapi.sys :
MD5 :: [9f3a2f5aa6875c72bf062c712cfa2674]
SHA256 :: [b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]

C:\WINDOWS\system32\drivers\atapi.sys :
MD5 :: [9f3a2f5aa6875c72bf062c712cfa2674]
SHA256 :: [b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]

C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys :
MD5 :: [cdfe4411a69c224bd1d11b2da92dac51]
SHA256 :: [0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d]

Référence :
==========

Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
Windows 7_32b_Ultimate : 338c86357871c167a96ab976519bf59e

=======
Drive :
=======

Défragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

Rapport d'analyse
64,73 Go total, 3,73 Go libre (5%), 25% fragmenté (fragmentation du fichier 45%)

Vous devriez défragmenter ce volume.

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Present !! : C:\Program Files\AskBarDis
Present !! : C:\Program Files\Fast Browser Search
Present !! : C:\Program Files\SGPSA
Present !! : C:\WINDOWS\002744_.tmp
Present !! : C:\WINDOWS\DUMP7668.tmp
Present !! : C:\WINDOWS\kb913800.exe
Present !! : C:\WINDOWS\System32\*_.exe
Present !! : C:\WINDOWS\System32\__c00*.exe
Present !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Present !! : C:\WINDOWS\System32\pc_*.dat
Present !! : C:\Documents and Settings\mss\Local Settings\Temp\~21.tmp
Present !! : C:\Documents and Settings\mss\Local Settings\Temp\~5A.tmp
Present !! : C:\Documents and Settings\mss\LOCAL Settings\Temp\Perflib_Perfdata_1038.dat
Present !! : C:\Documents and Settings\mss\LOCAL Settings\Temp\Perflib_Perfdata_103c.dat
Present !! : C:\Documents and Settings\mss\LOCAL Settings\Temp\Perflib_Perfdata_1044.dat
Present !! : C:\Documents and Settings\mss\LOCAL Settings\Temp\Perflib_Perfdata_1078.dat
Present !! : C:\Documents and Settings\mss\LOCAL Settings\Temp\Perflib_Perfdata_107c.dat
Present !! : C:\Documents and Settings\mss\LOCAL Settings\Temp\Perflib_Perfdata_1270.dat
Present !! : C:\Documents and Settings\mss\LOCAL Settings\Temp\Perflib_Perfdata_14ec.dat
Present !! : C:\Documents and Settings\mss\LOCAL Settings\Temp\Perflib_Perfdata_15ac.dat
Present !! : C:\Documents and Settings\mss\LOCAL Settings\Temp\Perflib_Perfdata_15b4.dat
Present !! : C:\Documents and Settings\mss\LOCAL Settings\Temp\Perflib_Perfdata_16a8.dat
Present !! : C:\Documents and Settings\mss\LOCAL Settings\Temp\Perflib_Perfdata_16dc.dat
Present !! : C:\Documents and Settings\mss\LOCAL Settings\Temp\Perflib_Perfdata_16e4.dat
Present !! : C:\Documents and Settings\mss\LOCAL Settings\Temp\Perflib_Perfdata_16f0.dat
Present !! : C:\Documents and Settings\mss\LOCAL Settings\Temp\Perflib_Perfdata_44c.dat
Present !! : C:\Documents and Settings\mss\LOCAL Settings\Temp\Perflib_Perfdata_540.dat
Present !! : C:\Documents and Settings\mss\LOCAL Settings\Temp\Perflib_Perfdata_5fc.dat
Present !! : C:\Documents and Settings\mss\LOCAL Settings\Temp\Perflib_Perfdata_92c.dat
Present !! : C:\Documents and Settings\mss\LOCAL Settings\Temp\Perflib_Perfdata_c64.dat
Present !! : C:\Documents and Settings\mss\LOCAL Settings\Temp\Perflib_Perfdata_d28.dat
Present !! : C:\Documents and Settings\mss\LOCAL Settings\Temp\Perflib_Perfdata_d54.dat
Present !! : C:\Documents and Settings\mss\LOCAL Settings\Temp\Perflib_Perfdata_d9c.dat
Present !! : C:\Documents and Settings\mss\LOCAL Settings\Temp\Perflib_Perfdata_e5c.dat
Present !! : C:\Documents and Settings\mss\LOCAL Settings\Temp\Perflib_Perfdata_ecc.dat
Present !! : C:\Documents and Settings\mss\LOCAL Settings\Temp\Perflib_Perfdata_fc0.dat
Present !! : C:\Documents and Settings\mss\LOCAL Settings\Temp\report.dat
Present !! : C:\Documents and Settings\mss\Local Settings\Temporary Internet Files\SuggestedSites.dat

¤¤¤¤¤¤¤¤¤¤ Keys :

Present !! : HKCU\Software\Microsoft\Windows\CurrentVersion\Run\drvsyskit
Present !! : HKU\S-1-5-21-3168603327-1517592925-3570700814-1005\Software\Microsoft\Windows\CurrentVersion\Run\drvsyskit
Present !! : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr
Present !! : "HKCU\Software\Local AppWizard-Generated Applications\winupgro"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File execution Options\Arrakis3.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File execution Options\bdagent.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File execution Options\bdreinit.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File execution Options\bdsubwiz.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File execution Options\bdwizreg.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File execution Options\livesrv.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File execution Options\seccenter.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File execution Options\uiscan.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File execution Options\upgrepl.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File execution Options\vsserv.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0626A63-410B-45E2-99A1-3F2475B2D695}"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}"
Present !! : HKCR\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}
Present !! : HKCR\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}
Present !! : HKCR\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
Present !! : HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}
Present !! : HKCR\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
Present !! : HKCR\CLSID\{ca3eb689-8f09-4026-aa10-b9534c691ce0}
Present !! : HKCR\Interface\{4897bba6-48d9-468c-8efa-846275d7701b}
Present !! : HKCR\TypeLib\{4509d3cc-b642-4745-b030-645b79522c6d}
Present !! : HKCR\urlsearchhook.toolbarurlsearchhook
Present !! : HKCR\urlsearchhook.toolbarurlsearchhook.1
Present !! : HKCU\Software\AppDataLow\AskBarDis
Present !! : HKCU\Software\bisoft
Present !! : HKLM\Software\Classes\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}
Present !! : HKLM\Software\Classes\CLSID\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Present !! : HKLM\Software\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
Present !! : HKLM\Software\Classes\CLSID\{622fd888-4e91-4d68-84d4-7262fd0811bf}
Present !! : HKLM\Software\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Present !! : HKLM\Software\Classes\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
Present !! : HKLM\Software\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
Present !! : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TBSB07183.TBSB07183Toolbar

============

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-19 21:57:59
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled REG_DWORD 1 (0x1)
AntiVirusDisableNotify REG_DWORD 0 (0x0)
FirewallDisableNotify REG_DWORD 0 (0x0)
UpdatesDisableNotify REG_DWORD 0 (0x0)
AntiVirusOverride REG_DWORD 0 (0x0)
FirewallOverride REG_DWORD 0 (0x0)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

End of scan : 21:58:01,14


Et voila la deuxieme partie!

Kill'em by g3n-h@ckm@n 1.7.1.3

User : mss (Administrateurs)
Update on 19/04/2010 by g3n-h@ckm@n ::::: 14.00
Start at: 23:34:00 | 19/04/2010
Today it's my birthday !!! :^)
Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : BitDefender Antivirus 13.0.20 [ Enabled | Updated ]
AV : avast! antivirus 4.8.1368 [VPS 000000-0] 4.8.1368 [ (!) Disabled | (!) Outdated ]
FW : BitDefender Pare-feu[ Enabled ]13.0.20

C:\ -> Disque fixe local | 64,73 Go (3,85 Go free) | NTFS
D:\ -> Disque fixe local | 43,14 Go (19,42 Go free) [DATA] | FAT32
E:\ -> Disque CD-ROM


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\DllHost.exe
c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\TeamViewer\Version5\TeamViewer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\List_Kill'em\ERUNT.EXE
C:\Program Files\List_Kill'em\pv.exe

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Quarantined & Deleted !! : C:\Program Files\AskBarDis
Quarantined & Deleted !! : C:\Program Files\Fast Browser Search
Quarantined & Deleted !! : C:\Program Files\SGPSA
Quarantined & Deleted !! : C:\WINDOWS\002744_.tmp
Quarantined & Deleted !! : C:\WINDOWS\DUMP7668.tmp
Quarantined & Deleted !! : C:\WINDOWS\kb913800.exe

Quarantined & Deleted !! : C:\WINDOWS\System32\SynSvc_.exe
Quarantined & Deleted !! : C:\WINDOWS\System32\__c0018BE.exe
Quarantined & Deleted !! : C:\WINDOWS\System32\__c0029.exe
Quarantined & Deleted !! : C:\WINDOWS\System32\__c004823.exe
Quarantined & Deleted !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Quarantined & Deleted !! : C:\WINDOWS\System32\pc_drugs.dat
Quarantined & Deleted !! : C:\WINDOWS\System32\pc_gambling.dat
Quarantined & Deleted !! : C:\WINDOWS\System32\pc_games.dat
Quarantined & Deleted !! : C:\WINDOWS\System32\pc_hate.dat
Quarantined & Deleted !! : C:\WINDOWS\System32\pc_illegal.dat
Quarantined & Deleted !! : C:\WINDOWS\System32\pc_im.dat
Quarantined & Deleted !! : C:\WINDOWS\System32\pc_news.dat
Quarantined & Deleted !! : C:\WINDOWS\System32\pc_onlinedating.dat
Quarantined & Deleted !! : C:\WINDOWS\System32\pc_onlinepay.dat
Quarantined & Deleted !! : C:\WINDOWS\System32\pc_onlineshop.dat
Quarantined & Deleted !! : C:\WINDOWS\System32\pc_pornography.dat
Quarantined & Deleted !! : C:\WINDOWS\System32\pc_regionaltlds.dat
Quarantined & Deleted !! : C:\WINDOWS\System32\pc_searchengines.dat
Quarantined & Deleted !! : C:\WINDOWS\System32\pc_socialnetworks.dat
Quarantined & Deleted !! : C:\WINDOWS\System32\pc_tabloids.dat
Quarantined & Deleted !! : C:\WINDOWS\System32\pc_video.dat
Quarantined & Deleted !! : C:\WINDOWS\System32\pc_webproxy.dat
Quarantined & Deleted !! : C:\Documents and Settings\mss\Local Settings\Temp\~21.tmp
Quarantined & Deleted !! : C:\Documents and Settings\mss\Local Settings\Temp\~5A.tmp
Quarantined & Deleted !! : C:\Documents and Settings\mss\LOCAL Settings\Temp\Perflib_Perfdata_103c.dat
Quarantined & Deleted !! : C:\Documents and Settings\mss\LOCAL Settings\Temp\Perflib_Perfdata_1078.dat
Quarantined & Deleted !! : C:\Documents and Settings\mss\LOCAL Settings\Temp\Perflib_Perfdata_107c.dat
Quarantined & Deleted !! : C:\Documents and Settings\mss\LOCAL Settings\Temp\Perflib_Perfdata_1270.dat
Quarantined & Deleted !! : C:\Documents and Settings\mss\LOCAL Settings\Temp\Perflib_Perfdata_14ec.dat
Quarantined & Deleted !! : C:\Documents and Settings\mss\LOCAL Settings\Temp\Perflib_Perfdata_15ac.dat
Quarantined & Deleted !! : C:\Documents and Settings\mss\LOCAL Settings\Temp\Perflib_Perfdata_15b4.dat
Quarantined & Deleted !! : C:\Documents and Settings\mss\LOCAL Settings\Temp\Perflib_Perfdata_16a8.dat
Quarantined & Deleted !! : C:\Documents and Settings\mss\LOCAL Settings\Temp\Perflib_Perfdata_16dc.dat
Quarantined & Deleted !! : C:\Documents and Settings\mss\LOCAL Settings\Temp\Perflib_Perfdata_16e4.dat
Quarantined & Deleted !! : C:\Documents and Settings\mss\LOCAL Settings\Temp\Perflib_Perfdata_16f0.dat
Quarantined & Deleted !! : C:\Documents and Settings\mss\LOCAL Settings\Temp\Perflib_Perfdata_44c.dat
Quarantined & Deleted !! : C:\Documents and Settings\mss\LOCAL Settings\Temp\Perflib_Perfdata_5fc.dat
Quarantined & Deleted !! : C:\Documents and Settings\mss\LOCAL Settings\Temp\Perflib_Perfdata_92c.dat
Quarantined & Deleted !! : C:\Documents and Settings\mss\LOCAL Settings\Temp\Perflib_Perfdata_c64.dat
Quarantined & Deleted !! : C:\Documents and Settings\mss\LOCAL Settings\Temp\Perflib_Perfdata_d28.dat
Quarantined & Deleted !! : C:\Documents and Settings\mss\LOCAL Settings\Temp\Perflib_Perfdata_d54.dat
Quarantined & Deleted !! : C:\Documents and Settings\mss\LOCAL Settings\Temp\Perflib_Perfdata_d9c.dat
Quarantined & Deleted !! : C:\Documents and Settings\mss\LOCAL Settings\Temp\Perflib_Perfdata_ecc.dat
Quarantined & Deleted !! : C:\Documents and Settings\mss\LOCAL Settings\Temp\Perflib_Perfdata_fc0.dat
Quarantined & Deleted !! : C:\Documents and Settings\mss\LOCAL Settings\Temp\report.dat
Quarantined & Deleted !! : C:\Documents and Settings\mss\Local Settings\Temporary Internet Files\SuggestedSites.dat
Deleted !! : C:\RECYCLED\Dc1.url
Deleted !! : C:\RECYCLED\Dc10.mp3
Deleted !! : C:\RECYCLED\Dc11.ppt
Deleted !! : C:\RECYCLED\Dc12.odp
Deleted !! : C:\RECYCLED\Dc13.ppt
Deleted !! : C:\RECYCLED\Dc14.JPG
Deleted !! : C:\RECYCLED\Dc15.JPG
Deleted !! : C:\RECYCLED\Dc16.JPG
Deleted !! : C:\RECYCLED\Dc17.JPG
Deleted !! : C:\RECYCLED\Dc18.JPG
Deleted !! : C:\RECYCLED\Dc19.JPG
Deleted !! : C:\RECYCLED\Dc2.odt
Deleted !! : C:\RECYCLED\Dc3.odt
Deleted !! : C:\RECYCLED\Dc4.doc
Deleted !! : C:\RECYCLED\Dc5.url
Deleted !! : C:\RECYCLED\Dc6.url
Deleted !! : C:\RECYCLED\Dc7.url
Deleted !! : C:\RECYCLED\Dc8.mp3
Deleted !! : C:\RECYCLED\Dc9.mp3

==============
host file OK !
==============

========
Registry
========

Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run\drvsyskit
Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr
Deleted : "HKCU\Software\Local AppWizard-Generated Applications\winupgro"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0626A63-410B-45E2-99A1-3F2475B2D695}"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}"
Deleted : HKCR\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}
Deleted : HKCR\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}
Deleted : HKCR\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
Deleted : HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}
Deleted : HKCR\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
Deleted : HKCR\CLSID\{ca3eb689-8f09-4026-aa10-b9534c691ce0}
Deleted : HKCR\Interface\{4897bba6-48d9-468c-8efa-846275d7701b}
Deleted : HKCR\TypeLib\{4509d3cc-b642-4745-b030-645b79522c6d}
Deleted : HKCR\urlsearchhook.toolbarurlsearchhook
Deleted : HKCR\urlsearchhook.toolbarurlsearchhook.1
Deleted : HKCU\Software\AppDataLow\AskBarDis
Deleted : HKCU\Software\bisoft
Deleted : HKLM\Software\Classes\CLSID\{622fd888-4e91-4d68-84d4-7262fd0811bf}
Deleted : HKLM\Software\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TBSB07183.TBSB07183Toolbar
=================
Internet Explorer
=================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ http://go.microsoft.com/fwlink/?LinkId=69157
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Default_Search_URL REG_SZ http://go.microsoft.com/fwlink/?LinkId=54896
Default_Page_URL REG_SZ http://go.microsoft.com/fwlink/?LinkId=69157
Search Page REG_SZ http://go.microsoft.com/fwlink/?LinkId=54896

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ http://www.google.com/
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

===============
Security Center
===============

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled REG_DWORD 1 (0x1)
AntiVirusDisableNotify REG_DWORD 0 (0x0)
FirewallDisableNotify REG_DWORD 0 (0x0)
UpdatesDisableNotify REG_DWORD 0 (0x0)
AntiVirusOverride REG_DWORD 1 (0x1)
FirewallOverride REG_DWORD 1 (0x1)

========
Services
=========

Ndisuio : Start = 3
EapHost : Start = 2
Ip6Fw : Start = 2
SharedAccess : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2

============
Disk Cleaned
============

=================
anti-ver blaster : OK !!
=================

================
Prefetch cleaned
================



¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

voila le rapport de fin de scan. Je relance l'option de findykill maintenant.

j'ai relancé l'option 2 de findykill et elle bloque TOUJOURS sur le meme fichier! Je desespere de le supprimer un jour....!!! je poste le rapport findykill avec l'option 1 :

############################## | FindyKill V5.038 |

# User : mss (Administrateurs) # NOM-8FC0C0A046C
# Update on 15/03/2010 by El Desaparecido
# Start at: 01:44:58 | 20/04/2010
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Contact : FindyKill.Contact@gmail.com

# Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Disabled
# AV : BitDefender Antivirus 13.0.20 [ Enabled | Updated ]
# AV : avast! antivirus 4.8.1368 [VPS 000000-0] 4.8.1368 [ (!) Disabled | (!) Outdated ]
# FW : BitDefender Pare-feu[ Enabled ]13.0.20

# C:\ # Disque fixe local # 64,73 Go (3,82 Go free) # NTFS
# D:\ # Disque fixe local # 43,14 Go (19,42 Go free) [DATA] # FAT32
# E:\ # Disque CD-ROM

################## | Eléments infectieux |


################## | Registre |

[HKCU\Software\Local AppWizard-Generated Applications\key_generator]
[HKU\S-1-5-21-3168603327-1517592925-3570700814-1005\Software\Local AppWizard-Generated Applications\key_generator]

################## | Etat |

# Affichage des fichiers cachés : OK

Clé manquante : HKLM\...\SafeBoot | Mode sans echec non fonctionnel !

# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 2 ( Good = 2 | Bad = 4 )
# Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )

################## | ! Fin du rapport # FindyKill V5.038 ! |

Devrais je supprimer le fichier sur lequel il bloque?? Je ne comprend pas pourquoi il ne trouve aucun élément infecté mais le MSE est toujours non fonctionnel? Help :(

bah je n'en sais rien a vrai dire mais c'est ce que le rapport dit non??

ah d'accord merci c'est gentil. J'ai vraiment du mal à l'éliminer ce virus.... :(

mince :S Mais j'ai l'impression comme ça qu'il n'y a plus de virus car sur le résumé de recher il y a marqué aucun éléments infectés et mon ordinateur fonctionne correctement (excépté qu'il met du temps au démarrage je trouve... mais ce n'est peut etre qu'une impression) Mais on m'a dit sur ce post que mon ordi est encore infecté :S et c'est vrai que quand findykill analyse (option recherche ) sur l'écran de recherche je vois apparaitre "bagle: (et un nom de fichier) " plusieurs fois et pourtant apres sur le rapport: aucun éléments infectés. Comment ça se fait?

essaie de ne pas redemarrer le pc

salut Gen et melodiane

je sais où contacter le concepteur

je lui laisse un message immédiatement

D'accord je peux le laisser tourner longtemps mais là je crois qu'il va rester vraiment TRES longtemps... ou alors... comme c'est sur un fichier openoffice que ça bloque je peux désinstaller openoffice(et je le réinstallerai apres) non? En espérant qu'il ne bloque pas sur d'autres fichiers apres.

Oui non il n'y a rien à faire il reste vraiement coincé sur ce dossier zippé... Je voulais savoir: ce qui reste du virus est-il virulent? Puis je consulter mes comptes en banque par exemple et taper mes codes sans rien risquer?

c'est quoi ce dossier zippé ?

d'où l'interet de le shooter si pas utile..

salut GEN

hello mdg ^^

certes....

oulah... traduction : je supprime openoffice le temps de la suprression?

tu sais ce qu'il y a dedans dans ce dossier openoffice ?

bah apparement c'est des images types icones de oppenoffice . Je pense que je vais essayer de supprimer ce dossier et relancer voir ce que ça donne.

ok

fais ca et dis nous...

j'ai supprimer le fichier zip sur lequel il bloquait et j'ai relancé l'option 2 . Le problèm ec'est qu'à présent il bloque sur un AUTRE fichier zip (qui n'a rien a voir avec oppenoffice cette fois) comment faire??

D'accord je vais essayer ça mais avant je voulais préciser quelque chose qui m'inquiete: j'ai regardé le nom du fichier zip sur lequel il coince cette fois. Et le problème c'est que ce dossier n'existe pas ! il s'appelle :C/recycler/ [une suite je ne sais plus laquelle] mais je n'ai aucun dossier nommé "Recycler" dans mon disque C ... (et pourtant j'ai coché l'option montrer les fichiers et dossiers cachés) Comment ça se fait??

on va voir ca avec le prochain rapport attendu

voila le lien du rapport: http://www.cijoint.fr/cjlink.php?file=cj201004/cij8TPtRUB.txt

euh je fais les 3 ? ou bienje choisis un des 3?

(sourire)

non tu fais les trois et postes les rapports au fur et à mesure

je passe au 2eme

postes les rapports au fur et à mesure

############################## | UsbFix V6.106 |

User : mss (Administrateurs) # NOM-8FC0C0A046C
Update on 19/04/2010 by El Desaparecido , C_XX & Chimay8
Start at: 21:58:02 | 21/04/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : BitDefender Antivirus 13.0.20 [ Enabled | Updated ]
AV : avast! antivirus 4.8.1368 [VPS 000000-0] 4.8.1368 [ (!) Disabled | (!) Outdated ]
FW : BitDefender Pare-feu[ Enabled ]13.0.20

C:\ -> Disque fixe local # 64,73 Go (3,68 Go free) # NTFS
D:\ -> Disque fixe local # 43,14 Go (19,42 Go free) [DATA] # FAT32
E:\ -> Disque CD-ROM

################## | Elements infectieux |

Supprimé ! C:\Recycler\S-1-5-21-3168603327-1517592925-3570700814-1005

################## | Registre |


################## | Mountpoints2 |

Supprimé ! HKCU\...\Explorer\MountPoints2\{40c44fcb-ab74-11de-aa8e-0018de884e3b}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{b6fe3b19-6985-11de-aa24-0018de884e3b}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{c8966374-0fd9-11de-a969-0018f371974c}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{e51dd520-fce9-11dd-a941-0018de884e3b}\Shell\AutoRun\Command

################## | Listing des fichiers présent |

[21/09/2005 04:19|--a------|35] C:\ASUSDVD.LOG
[20/04/2010 00:41|--a------|4] C:\AUTOEXEC.BAT
[19/04/2010 13:06|--a------|21770] C:\bdlog.txt
[04/02/2009 12:16|-rahs----|209] C:\boot.ini
[24/03/2006 20:00|-rahs----|4952] C:\Bootfont.bin
[27/10/2006 09:28|--a------|869262] C:\ciam_install.log
[27/10/2006 09:28|--a------|43702] C:\ciam_install_1027-0928.log
[27/10/2006 08:52|--a------|0] C:\CONFIG.SYS
[27/10/2006 09:58|--a------|15610] C:\devlist.txt
[10/08/2006 19:41|--a------|524288] C:\F3Ja.BIN
[05/09/2006 05:23|--a------|7] C:\F3Ja_F3Jp.20
[30/08/2006 20:54|--a------|524288] C:\F3Jp.BIN
[27/10/2006 09:58|--a------|9] C:\Finish.log
[21/04/2010 21:25|--a------|1620] C:\FyK.txt
[?|?|?] C:\hiberfil.sys
[27/10/2006 08:52|-rahs----|0] C:\IO.SYS
[19/04/2010 21:58|--a------|39057] C:\List'em.txt
[16/02/2009 22:32|--a------|91] C:\LogiSetup.log
[27/10/2006 08:52|-rahs----|0] C:\MSDOS.SYS
[30/07/2009 22:18|--a------|90802] C:\MSIInstall.log
[04/11/2004 06:57|--a------|14] C:\NERO.LOG
[27/06/2005 01:32|--a------|10] C:\NIS_FRN.LOG
[24/03/2006 20:00|-rahs----|47564] C:\NTDETECT.COM
[28/04/2009 17:12|-rahs----|252240] C:\ntldr
[27/10/2006 09:35|--a------|909608] C:\nwe_install.log
[29/02/2004 17:44|--a------|52576] C:\orange.bmp
[?|?|?] C:\pagefile.sys
[27/10/2006 09:22|--a------|347] C:\RHDSetup.log
[27/10/2006 09:26|--a------|86] C:\setup.log
[27/10/2006 09:35|--a------|54567] C:\SHORTCUT_DEBUG_DELETE_Nero 6 Demo.txt
[27/10/2006 09:35|--a------|17492] C:\SHORTCUT_DEBUG_Nero 6 Demo.txt
[27/10/2006 09:35|--a------|18657] C:\SHORTCUT_DEBUG_Nero OEM.txt
[03/09/2006 21:56|--a------|3] C:\SP2B.TXT
[21/04/2010 22:05|--a------|3174] C:\UsbFix.txt
[16/05/2005 17:15|--a------|14] C:\XPMF2005.FRN
[25/09/2009 20:23|--a------|725448158] D:\tlmdily.up.by.radiant.avi
[10/02/2010 20:00|--a------|735340544] D:\Sherlock.Holmes.FRENCH.DVDSCR.REPACK.1CD.LD.XviD.avi
[27/02/2010 22:34|--a------|731842560] D:\Rocky.Balboa.FRENCH.DVDRiP.XviD-ROCKYBALBOA-ANGE.[emule-island.com].avi
[27/02/2010 23:22|--a------|736180896] D:\The_Patriot-FR-(Le_chemin_de_la_liberté)(Mel.Gibson)-(DivX502Pro-frronlro).[emule-island.com].avi
[01/02/2010 19:18|--a------|1469810688] D:\INTO.THE.WILD.DVDRIP.FR.VVF.COOLI.[emule-island.com].avi
[28/02/2010 19:08|--a------|731674624] D:\Little.Miss.Sunshine.FRENCH.DVDRiP.XViD-TuX-AceBot.[emule-island.com].avi
[28/02/2010 19:34|--a------|732209152] D:\Un.Homme.D'exception.TRUEFRENCH.DVDRIP.AC3.XVID-LcKtM.CD1.[emule-island.com].avi
[07/03/2010 20:53|--a------|732235776] D:\Fr - Le Chemin De La Liberté (Rabbit Proof Fence, 2003) - De Phillip Noyce Fr.avi

################## | Vaccination |

# C:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# D:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).

################## | Upload |

Veuillez envoyer le fichier : C:\UsbFix_Upload_Me_NOM-8FC0C0A046C.zip : http://chiquitine.changelog.fr/Sample/Upload.php
Merci pour votre contribution .

################## | ! Fin du rapport # UsbFix V6.106 ! |

oui excusez moi je sais pas ce que j'ai fabriqué je pensais l'avoir posté. En élément supprimé on retrouve le fichier zip sur lequel il bloquait et que je ne trouvais pas

en ce qui concerne le deuxieme j'ai fait le nettoyage mais je ne retrouve pas le rapport :S :S

ça y est j'ai retrouvé le rapport! le voila:

======= RAPPORT D'AD-REMOVER 2.0.0.0,C | UNIQUEMENT XP/VISTA/7 =======
.
Mis à jour par C_XX le 21/04/10 à 13:40
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 22:32:48 le 21/04/2010 | Mode normal | Option: CLEAN
Exécuté de: C:\Ad-Remover\ADR.exe
SE: Microsoft® Windows XP(TM) Service Pack 3 - X86
Nom du PC: NOM-8FC0C0A046C
Utilisateur actuel: mss (Administrateur)
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
.
C:\Documents and Settings\mss\binternet.exe
C:\Documents and Settings\mss\Menu Démarrer\Programmes\Ask Search Assistant
C:\Program Files\Ask Search Assistant
C:\Program Files\Search Guard Plus

(!) -- Fichiers temporaires supprimés.
.
HKCU\Software\AskBarDis
HKCU\Software\FBSearch
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FCB5F1FE-833E-44C8-B72B-2BE2603C2D8E}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F0626A63-410B-45E2-99A1-3F2475B2D695}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0626A63-410B-45E2-99A1-3F2475B2D695}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
HKLM\Software\AskBarDis
HKLM\Software\Classes\AskIBar.PopSwatterBarButton
HKLM\Software\Classes\AskIBar.PopSwatterBarButton.1
HKLM\Software\Classes\AskIBar.PopSwatterSettingsControl
HKLM\Software\Classes\AskIBar.PopSwatterSettingsControl.1
HKLM\Software\Classes\AskToolBar.SettingsPlugin
HKLM\Software\Classes\AskToolBar.SettingsPlugin.1
HKLM\Software\Classes\CLSID\{08993A7C-E764-4172-9627-BFB5EA6897B2}
HKLM\Software\Classes\CLSID\{128A6C66-AC6A-4617-8268-AB7F47B7215E}
HKLM\Software\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
HKLM\Software\Classes\CLSID\{571715D7-3395-4DF0-B43C-784836209E60}
HKLM\Software\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
HKLM\Software\Classes\CLSID\{F0626A63-410B-45E2-99A1-3F2475B2D695}
HKLM\Software\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
HKLM\Software\Classes\ComObject.DeskbarEnabler
HKLM\Software\Classes\ComObject.DeskbarEnabler.1
HKLM\Software\Classes\Interface\{4634804A-F0B0-4A74-A550-FC0EEF8A4362}
HKLM\Software\Classes\Interface\{4C07EA4F-5F52-4222-B170-4CD9ED33BAEA}
HKLM\Software\Classes\Interface\{C44FEFF4-EF0C-4CF7-83D0-92B4266A32B9}
HKLM\Software\Classes\Interface\{F131923C-381D-4E4C-A472-4A17118FD742}
HKLM\Software\Classes\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}
HKLM\Software\Classes\TypeLib\{D2E5FA06-DCC7-46F9-BEFF-BFD06F69B9B2}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E6BF614-677A-4a20-8E96-06799927D7B5}
HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\AskSearchAsst.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Ask Toolbar_is1
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Ask.com Search Assistant
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
HKLM\Software\Microsoft\Internet Explorer\Toolbar|{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
.
(Orpheline) BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} (CLSID manquant)
(Orpheline) HKLM,Uninstall - ATI Display Driver - C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean (Fichier manquant)
(Orpheline) HKLM,Uninstall - HP Document Manager - C:\Program Files\HP\Digital Imaging\DocumentManager\hpzscr01.exe -datfile hpqbud18.dat (Fichier manquant)
(Orpheline) HKLM,Uninstall - HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat (Fichier manquant)
(Orpheline) HKLM,Uninstall - HPExtendedCapabilities - C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat (Fichier manquant)
(Orpheline) HKLM,Uninstall - Nero - Burning Rom!UninstallKey - C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL (Fichier manquant)
(Orpheline) HKLM,Uninstall - QcDrv - C:\Program Files\Fichiers communs\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT (Fichier manquant)
(Orpheline) HKLM,Uninstall - Shop for HP Supplies - C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat (Fichier manquant)
(Orpheline) HKLM,Uninstall - SMSERIAL - C:\Program Files\Asus\Asus MiVo Messenger\uninstall.exe /mdm (Fichier manquant)
(Orpheline) HKLM,Uninstall - SynTPDeinstKey - C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall (Fichier manquant)
(Orpheline) HKLM,Uninstall - Windows Media Format Runtime - C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll (Fichier manquant)
(Orpheline) HKLM,Uninstall - {15262012-213A-4f65-9019-C8A409EC0156} - C:\Program Files\HP\Digital Imaging\{15262012-213A-4f65-9019-C8A409EC0156}\setup\hpzscr01.exe -datfile hpwscr14.dat -forcereboot (Fichier manquant)
(Orpheline) HKLM,Uninstall - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E85CDE7661A53A6A.exe" /uninstall (Fichier manquant)
(Orpheline) HKLM,Uninstall - {2E47302B-8081-46D3-9FEA-BEB2E5F5C3EC} - C:\Program Files\InstallShield Installation Information\{2E47302B-8081-46D3-9FEA-BEB2E5F5C3EC}\setup.exe" -l0x40c anything (Fichier manquant)
(Orpheline) HKLM,Uninstall - {4462AD13-F2AA-4CBD-9F95-293C38EED870} - C:\Program Files\InstallShield Installation Information\{4462AD13-F2AA-4CBD-9F95-293C38EED870}\setup.exe" -l0x9 (Fichier manquant)
(Orpheline) HKLM,Uninstall - {6811CAA0-BF12-11D4-9EA1-0050BAE317E1} - C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall (Fichier manquant)
(Orpheline) HKLM,Uninstall - {83F73CB1-7705-49D1-9852-84D839CA2A45} - C:\Program Files\InstallShield Installation Information\{83F73CB1-7705-49D1-9852-84D839CA2A45}\setup.exe" -l0x9 -removeonly (Fichier manquant)
(Orpheline) HKLM,Uninstall - {89DDBCD4-B326-4545-9A05-26C7B16C1DEB} - C:\Program Files\InstallShield Installation Information\{89DDBCD4-B326-4545-9A05-26C7B16C1DEB}\SETUP.EXE" -l0x9 (Fichier manquant)
(Orpheline) HKLM,Uninstall - {9D48531D-2135-49FC-BC29-ACCDA5396A76} - C:\Program Files\InstallShield Installation Information\{9D48531D-2135-49FC-BC29-ACCDA5396A76}\SETUP.EXE" -l0x9 (Fichier manquant)
(Orpheline) HKLM,Uninstall - {9E78C42C-4FF9-4F41-BBC4-BF872606E79D}_is1 - C:\Program Files\Driver Robot\1.1.0.14\unins000.exe" (Fichier manquant)
(Orpheline) HKLM,Uninstall - {B7050CBDB2504B34BC2A9CA0A692CC29} - C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN (Fichier manquant)
(Orpheline) HKLM,Uninstall - {C0FC1C14-4824-4A73-87A6-9E888C9C3102} - C:\Program Files\InstallShield Installation Information\{C0FC1C14-4824-4A73-87A6-9E888C9C3102}\SETUP.exe" -l0x9 -removeonly (Fichier manquant)
(Orpheline) HKLM,Uninstall - {CB099890-1D5F-11D5-9EA9-0050BAE317E1} - C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" -uninstall (Fichier manquant)
(Orpheline) HKLM,Uninstall - {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595 - C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" (Fichier manquant)
(Orpheline) HKLM,Uninstall - {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707 - C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" (Fichier manquant)
(Orpheline) HKLM,Uninstall - {D83899AB-9964-4CFC-A246-F1BD430A455F} - c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\SetupHelper.dll",ExecMain /Uninstall {D83899AB-9964-4CFC-A246-F1BD430A455F} (Fichier manquant)
(Orpheline) HKLM,Uninstall - {DE10AB76-4756-4913-BE25-55D1C1051F9A} - C:\Program Files\InstallShield Installation Information\{DE10AB76-4756-4913-BE25-55D1C1051F9A}\setup.exe" -l0x9 (Fichier manquant)
(Orpheline) HKLM,Uninstall - {E657B243-9AD4-4ECC-BE81-4CCF8D667FD0} - C:\Program Files\InstallShield Installation Information\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}\setup.exe" -l0x9 (Fichier manquant)
(Orpheline) HKLM,Uninstall - {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} - C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly (Fichier manquant)
(Orpheline) HKCU,Uninstall - Notification de cadeaux MSN - C:\Documents and Settings\mss\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe /remove (Fichier manquant)
.
============== SCAN ADDITIONNEL ==============
.
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKCU\Software\Microsoft\Internet Explorer\Main]
.
AutoHide: yes
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
.
[HKLM\Software\Microsoft\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
.
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm
.
========================================
.
C:\DOCUME~1\mss\LOCALS~1\Temp: 9 Fichier(s), 48 Dossier(s)
C:\WINDOWS\temp: 3 Fichier(s), 71 Dossier(s)
Temporary Internet Files: 2 Fichier(s), 58 Dossier(s)
.
C:\Ad-Remover\Quarantine: 1 Fichier(s)
C:\Ad-Remover\Backup: 12 Fichier(s)
.
C:\Ad-Report-CLEAN[1].txt - 10263 Octet(s)
.
Fin à: 22:48:36, 21/04/2010
.
============== E.O.F - CLEAN[1] ==============

voila celui de malware:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Version de la base de données: 4017

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

22/04/2010 01:10:55
mbam-log-2010-04-22 (01-10-55).txt

Type d'examen: Examen complet (C:\|D:\|F:\|)
Elément(s) analysé(s): 214702
Temps écoulé: 1 heure(s), 23 minute(s), 38 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 16

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\System Volume Information\_restore{B93794E5-AE09-405E-A085-05685DC1DD2F}\RP234\A0055943.exe (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B93794E5-AE09-405E-A085-05685DC1DD2F}\RP234\A0055891.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B93794E5-AE09-405E-A085-05685DC1DD2F}\RP234\A0055923.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B93794E5-AE09-405E-A085-05685DC1DD2F}\RP234\A0055955.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B93794E5-AE09-405E-A085-05685DC1DD2F}\RP234\A0057128.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B93794E5-AE09-405E-A085-05685DC1DD2F}\RP234\A0057175.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B93794E5-AE09-405E-A085-05685DC1DD2F}\RP235\A0058295.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B93794E5-AE09-405E-A085-05685DC1DD2F}\RP235\A0058323.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B93794E5-AE09-405E-A085-05685DC1DD2F}\RP235\A0058368.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B93794E5-AE09-405E-A085-05685DC1DD2F}\RP236\A0058445.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B93794E5-AE09-405E-A085-05685DC1DD2F}\RP236\A0058471.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B93794E5-AE09-405E-A085-05685DC1DD2F}\RP237\A0058497.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B93794E5-AE09-405E-A085-05685DC1DD2F}\RP237\A0058540.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\UsbFix\Tools\sed.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\FyK\Quarantine\C\Documents and Settings\mss\Application Data\drivers\winupgro.exe.FindyKill (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\FyK\Tools\sed.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

############################## | FindyKill V5.038 |

# User : mss (Administrateurs) # NOM-8FC0C0A046C
# Update on 15/03/2010 by El Desaparecido
# Start at: 03:13:42 | 23/04/2010
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Contact : FindyKill.Contact@gmail.com

# Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Enabled
# AV : BitDefender Antivirus 13.0.20 [ Enabled | Updated ]
# AV : avast! antivirus 4.8.1368 [VPS 000000-0] 4.8.1368 [ (!) Disabled | (!) Outdated ]
# FW : BitDefender Pare-feu[ Enabled ]13.0.20

# C:\ # Disque fixe local # 64,73 Go (5,32 Go free) # NTFS
# D:\ # Disque fixe local # 43,14 Go (19,42 Go free) [DATA] # FAT32
# E:\ # Disque CD-ROM

################## | Eléments infectieux |


################## | MD5 ... |


################## | CRC32 ... |


################## | Registre |

Supprimé ! [HKCU\Software\Local AppWizard-Generated Applications\key_generator]

################## | Etat |

# Mode sans echec restauré !

# Affichage des fichiers cachés : OK

# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 2 ( Good = 2 | Bad = 4 )
# Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )

################## | Fichiers corrompus |

... OK !

################## | Upload |

Veuillez envoyer le fichier : C:\FindyKill_Upload_Me_NOM-8FC0C0A046C.zip : http://chiquitine.changelog.fr/Sample/Upload.php
Merci pour votre contribution .

################## | ! Fin du rapport # FindyKill V5.038 ! |




YES! je crois que cette fois-ci c'est bon! OUF! merci pour votre patience à m'aider en tout cas!

voila: http://www.cijoint.fr/cjlink.php?file=cj201004/cijt3XVPAF.txt

"si le PC va bien" ?? j'espere que ce que je dois faire avec ZHPfix ne risque pas de le planter^^ Il reste quelques traces de bagle concernant mon antivirus si je comprend bien c'est ça?

on finit de réactiver tes défenses

voila le rapport

ZHPFix v1.12.3091 by Nicolas Coolman - Rapport de suppression du 23/04/2010 19:01:47
Fichier d'export Registre : C:\ZHPExportRegistry-23-04-2010-19-01-47.txt
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html


Processus mémoire :
(Néant)

Module mémoire :
(Néant)

Clé du Registre :
HKCU\Software\AskSearchAsst => Clé supprimée avec succès
HKCU\Software\TBSB07183 => Clé supprimée avec succès

Valeur du Registre :
O15 - Trusted Zone: [HKCU\...\Domains\www] *.chat-land.org => Valeur absente

Elément de données du Registre :
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: Modified => Donnée supprimée avec succès
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: Modified => Donnée supprimée avec succès

Dossier :
(Néant)

Fichier :
(Néant)

Logiciel :
(Néant)

Script Registre :
(Néant)

Autre :
(Néant)


Récapitulatif :
Processus mémoire : 0
Module mémoire : 0
Clé du Registre : 2
Valeur du Registre : 1
Elément de données du Registre : 2
Dossier : 0
Fichier : 0
Logiciel : 0
Autre : 0


End of the scan


JE passe à hijackthis

voila le rapport hijackthis



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:05:49, on 23/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\TeamViewer\Version5\TeamViewer.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\ASUS\PowerForPhone\PowerForPhone.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
C:\Documents and Settings\mss\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Movie Maker\moviemk.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\ZHPDiag\ZHPDiag.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.cherche.us/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\ASUS\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\mss\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\mss\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe (User 'Default user')
O4 - .DEFAULT Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Default user')
O4 - Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\mss\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: MultiFrame.lnk = ?
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Afficher ou masquer l'HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O15 - Trusted Zone: *.chat-land.org
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader5.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/maconfig/MaConfig_3_5_3_0.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O20 - AppInit_DLLs: APSHook.dll
O20 - Winlogon Notify: OneCard - c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll
O23 - Service: BitDefender Serveur Arrakis (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe

je ne retrouve pas dans le scan le lien surligné en bleu

ah c'est bon j'ai retrouvé excusez moi. maintenant je poste le compte rendu de suppression java:

avaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Fri Apr 23 22:18:55 2010

Found and removed: C:\Program Files\Java\jre1.6.0_07

Found and removed: C:\Documents and Settings\mss\Application Data\Sun\Java\jre1.6.0_07

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_07

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_07

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610007

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610007

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160070}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\bin\

------------------------------------

Finished reporting.

okay c'est bon j'ai purger la restauration, mis a jour adobe et retirer tout ce que j'avais installé avec le nettoyeur de tools et manuellement pour ce qui n'a pas été nettoyé (catchme par exemple) . Je prends en note les conseils pour l'avenir:) Merci beaucoup en tout cas!!!

ah encore une chose: j'ai laissé malwarebytes et je vais le laisser. Par contre il reste findykill et quand je fais option 4 >> désinstaller il ne se désinstalle pas? Il me reste aussi dans le disque C un dossier nommé "kill"em" . je supprime?